netbsd-bugs: kern/21927: SA/pthread-related phoenix panic: remrunqueue

Subject: kern/21927: SA/pthread-related phoenix panic: remrunqueue
To: None <gnats-bugs@gnats.netbsd.org>
From: None <dogcow@babymeat.com>
List: netbsd-bugs
Date: 06/18/2003 09:58:51
>Number:         21927
>Category:       kern
>Synopsis:       SA/pthread-related phoenix panic: remrunqueue
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Wed Jun 18 16:59:00 UTC 2003
>Closed-Date:
>Last-Modified:
>Originator:     Tom Spindler
>Release:        NetBSD 1.6T, 14 Jun 2003
>Organization:
	
>Environment:
	
	
System: NetBSD beefcake.babymeat.com 1.6T NetBSD 1.6T (DEBUGBEEFCAKE) #8: Sun Jun 15 00:50:48 PDT 2003 dogcow@beefcake.babymeat.com:/usr/src/sys/arch/i386/compile/DEBUGBEEFCAKE i386
Architecture: i386
Machine: i386
>Description:
After letting phoenix stay idle for an hour or three, I started typing
in the window, and kaboom, a panic in remrunqueue.

(gdb) bt
#0  0x1 in ?? ()
#1  0xc02308af in cpu_reboot (howto=256, bootstr=0x0)
    at ../../../../arch/i386/i386/machdep.c:879
#2  0xc01d5cbf in panic () at ../../../../kern/subr_prf.c:246
#3  0xc01ca2d1 in remrunqueue (l=0xd3b97e84)
    at ../../../../kern/kern_synch.c:1210
#4  0xc01c9ea0 in mi_switch (l=0xd3b97884, newl=0xd3b97e84)
    at ../../../../kern/kern_synch.c:923
#5  0xc01c45c2 in sa_switch (l=0xd3b97884, type=2)
    at ../../../../kern/kern_sa.c:599
#6  0xc01c9655 in ltsleep (ident=0xc034a848, priority=280, 
    wmesg=0xc02cee00 "select", timo=0, interlock=0x0)
    at ../../../../kern/kern_synch.c:493
#7  0xc01dac7c in sys_poll (l=0xd3b97884, v=0xd3c4df80, retval=0xd3c4df78)
    at ../../../../kern/sys_generic.c:906
#8  0xc0238273 in syscall_plain (frame={tf_gs = 43, tf_fs = 43, tf_es = 43, 
      tf_ds = 43, tf_edi = -1, tf_esi = -1139539968, tf_ebp = -1139278768, 
      tf_ebx = -1116151260, tf_edx = 1, tf_ecx = 1, tf_eax = 209, 
      tf_trapno = 3, tf_err = 2, tf_eip = -1116792929, tf_cs = 35, 
      tf_eflags = 663, tf_esp = -1139278828, tf_ss = 43, tf_vm86_es = 0, 
      tf_vm86_ds = 0, tf_vm86_fs = 0, tf_vm86_gs = 0})
    at ../../../../arch/i386/i386/syscall.c:156
#9  0xc0100b17 in syscall1 ()
can not access 0xbc17fc50, invalid translation (invalid PDE)
can not access 0xbc17fc50, invalid translation (invalid PDE)
Cannot access memory at address 0xbc17fc50
(gdb) up
#1  0xc02308af in cpu_reboot (howto=256, bootstr=0x0)
    at ../../../../arch/i386/i386/machdep.c:879
879                     dumpsys();
(gdb) 
#2  0xc01d5cbf in panic () at ../../../../kern/subr_prf.c:246
246             cpu_reboot(bootopt, NULL);
(gdb) 
#3  0xc01ca2d1 in remrunqueue (l=0xd3b97e84)
    at ../../../../kern/kern_synch.c:1210
1210                    panic("remrunqueue");
(gdb) 
#4  0xc01c9ea0 in mi_switch (l=0xd3b97884, newl=0xd3b97e84)
    at ../../../../kern/kern_synch.c:923
923                     remrunqueue(newl);
(gdb) print newl
$1 = (struct lwp *) 0xd3b97e84
(gdb) print *newl
$2 = {l_forw = 0x0, l_back = 0x0, l_list = {le_next = 0xd3b97b04, 
    le_prev = 0xd3b9788c}, l_zlist = {le_next = 0xdeadbeef, 
    le_prev = 0xdeadbeef}, l_proc = 0xd3bf6014, l_sibling = {
    le_next = 0xd3b97b04, le_prev = 0xd3bf606c}, l_cpu = 0xc0321260, 
  l_flag = 8388612, l_stat = 8, l_lid = 2, l_swtime = 8406, l_slptime = 0, 
  l_wchan = 0xc056cfcc, l_tsleep_ch = {c_list = {cq_next = 0xc032c860, 
      cq_prev = 0xd3aaac30}, c_func = 0xc01c97e4 <endtsleep>, 
    c_arg = 0xd3b97e84, c_time = 5603880, c_flags = 0}, 
  l_wmesg = 0xc02d6f94 "anonget2", l_holdcnt = 0, l_ctxlink = 0x0, 
  l_priority = 4 '\004', l_usrpri = 60 '<', l_private = 0xdeadbeef, 
  l_locks = -559038735, l_addr = 0xd3f4d000, l_md = {md_regs = 0xd3f50fa8, 
    md_flags = 1, md_tss_sel = 616}}
(gdb) up
#5  0xc01c45c2 in sa_switch (l=0xd3b97884, type=2)
    at ../../../../kern/kern_sa.c:599
599             mi_switch(l, l2);
(gdb) print l
$3 = (struct lwp *) 0xd3b97884
(gdb) print *l
$4 = {l_forw = 0x0, l_back = 0x0, l_list = {le_next = 0xd3b97e84, 
    le_prev = 0xd3b97a0c}, l_zlist = {le_next = 0xdeadbeef, 
    le_prev = 0xdeadbeef}, l_proc = 0xd3bf6014, l_sibling = {le_next = 0x0, 
    le_prev = 0xd3b97b20}, l_cpu = 0xc0321260, l_flag = 15728772, l_stat = 8, 
  l_lid = 3, l_swtime = 8236, l_slptime = 0, l_wchan = 0xc034a848, 
  l_tsleep_ch = {c_list = {cq_next = 0xc0319e50, cq_prev = 0xc032c860}, 
    c_func = 0xc01c97e4 <endtsleep>, c_arg = 0xd3b97884, c_time = 5604042, 
    c_flags = 4}, l_wmesg = 0xc02cee00 "select", l_holdcnt = 0, 
  l_ctxlink = 0x0, l_priority = 24 '\030', l_usrpri = 66 'B', 
  l_private = 0xdeadbeef, l_locks = -559038736, l_addr = 0xd3c4a000, l_md = {
    md_regs = 0xd3c4dfa8, md_flags = 1, md_tss_sel = 552}}
(gdb) up
#6  0xc01c9655 in ltsleep (ident=0xc034a848, priority=280, 
    wmesg=0xc02cee00 "select", timo=0, interlock=0x0)
    at ../../../../kern/kern_synch.c:493
493                     sa_switch(l, SA_UPCALL_BLOCKED);

obviously, I have a kcore file.
	
>How-To-Repeat:
I've gotten remrunqueu panics before, but not consistently.
	
>Fix:
	
unknown.
>Release-Note:
>Audit-Trail:
>Unformatted: