On Tuesday 21 July 2009 6:59:36 am Kamigishi Rei wrote: > Hello, hope you're having a good day, > > I've been researching the issue I mentioned in my last message in > "r194546 amd64: kernel panic in tcp_sack.c" thread since July 07 and > here are some of the findings: > The fatal trap triggers inside mtx_lock_sleep() during a dereference of > a pointer (owner, points to struct thread _at_ m->mtx_lock & > ~MTX_FLAGMASK). The code goes like this (shortened): > > v = m->mtx_lock; > if (v == MTX_UNOWNED) { turnstile_cancel(ts); continue; } > owner = (struct thread *)(v & ~MTX_FLAGMASK); > if (TD_IS_RUNNING(owner)) { turnstile_cancel(ts); continue; } > > Everything goes fine until - under heavy load on an interface, usually - > we reach a point where: > > 1. m->mtx_lock is 4 (== MTX_UNOWNED). > 2. v is assigned mtx_lock's value (4 == MTX_UNOWNED). > 3. condition (v == MTX_UNOWNED) fails. This will not happen. If you look at the disassembly you will see this can't happen either. Do you have a crashdump from a crash? -- John BaldwinReceived on Tue Jul 21 2009 - 11:43:56 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:52 UTC