From owner-freebsd-current@FreeBSD.ORG  Sat Aug 14 06:40:13 2004
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 9E5B716A4CE
	for <current@freebsd.org>; Sat, 14 Aug 2004 06:40:13 +0000 (GMT)
Received: from relay.pair.com (relay.pair.com [209.68.1.20])
	by mx1.FreeBSD.org (Postfix) with SMTP id 3101E43D58
	for <current@freebsd.org>; Sat, 14 Aug 2004 06:40:13 +0000 (GMT)
	(envelope-from pho@holm.cc)
Received: (qmail 8109 invoked from network); 14 Aug 2004 06:40:11 -0000
Received: from 0x50a43fc7.hknxx1.adsl-dhcp.tele.dk (HELO peter.osted.lan)
	(80.164.63.199)
	by relay.pair.com with SMTP; 14 Aug 2004 06:40:11 -0000
X-pair-Authenticated: 80.164.63.199
Received: from peter.osted.lan (localhost [127.0.0.1])
	by peter.osted.lan (8.12.10/8.12.10) with ESMTP id i7E6eARf033149
	for <current@freebsd.org>; Sat, 14 Aug 2004 08:40:10 +0200 (CEST)
	(envelope-from pho@peter.osted.lan)
Received: (from pho@localhost)
	by peter.osted.lan (8.12.10/8.12.10/Submit) id i7E6eA8l033148
	for current@freebsd.org; Sat, 14 Aug 2004 08:40:10 +0200 (CEST)
	(envelope-from pho)
Date: Sat, 14 Aug 2004 08:40:10 +0200
From: Peter Holm <peter@holm.cc>
To: current@freebsd.org
Message-ID: <20040814064010.GA79126@peter.osted.lan>
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="rwEMma7ioTxnRzrJ"
Content-Disposition: inline
User-Agent: Mutt/1.4.1i
Subject: Fatal trap 12 in kern/kern_kse.c:998
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 14 Aug 2004 06:40:13 -0000


--rwEMma7ioTxnRzrJ
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

Fatal trap 12: page fault while in kernel mode
cpuid = 0; apic id = 00
fault virtual address   = 0x10
fault code              = supervisor write, page not present
instruction pointer     = 0x8:0xc064fdd0
stack pointer           = 0x10:0xd1818c84
frame pointer           = 0x10:0xd1818ca4
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, def32 1, gran 1
processor eflags        = resume, IOPL = 0
current process         = 1399 (pthread)
[thread 100689]
Stopped at      thread_update_usr_ticks+0x108:  orl     $0x1,0x10(%eax)

(kgdb) l *0xc064fdd0
0xc064fdd0 is in thread_update_usr_ticks (../../../kern/kern_kse.c:998).
993                     }
994             }
995             kg = td->td_ksegrp;
996             if (kg->kg_upquantum && ticks >= kg->kg_nextupcall) {
997                     mtx_lock_spin(&sched_lock);
998                     td->td_upcall->ku_flags |= KUF_DOUPCALL;
999                     mtx_unlock_spin(&sched_lock);
1000            }
1001            return (0);
1002    }

I've included a patch suggestion, that seems to do the trick for me.
-- 
Peter Holm

--rwEMma7ioTxnRzrJ
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename="kern_kse.diff"

--- kern_kse.c~	Tue Aug 10 03:16:17 2004
+++ kern_kse.c	Fri Aug 13 22:23:25 2004
@@ -995,7 +995,9 @@
 	kg = td->td_ksegrp;
 	if (kg->kg_upquantum && ticks >= kg->kg_nextupcall) {
 		mtx_lock_spin(&sched_lock);
-		td->td_upcall->ku_flags |= KUF_DOUPCALL;
+		/* fuword can block, check again */
+		if (td->td_upcall)
+			td->td_upcall->ku_flags |= KUF_DOUPCALL;
 		mtx_unlock_spin(&sched_lock);
 	}
 	return (0);

--rwEMma7ioTxnRzrJ--