GENERIC HEAD from Dec 31 09:28 UTC + bmilekic@'s uma_core patch + alc's patch, vmcore.135
Panic after 2+02:03:50 of stress testing.

GDB: no debug ports present
KDB: debugger backends: ddb
KDB: current backend: ddb
Copyright (c) 1992-2004 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
        The Regents of the University of California. All rights reserved.
FreeBSD 6.0-CURRENT #0: Fri Dec 31 10:49:35 CET 2004
    pho@current.osted.lan:/usr/src/sys/i386/compile/PHO
WARNING: WITNESS option enabled, expect reduced performance.
Timecounter "i8254" frequency 1193182 Hz quality 0
CPU: Intel(R) Celeron(R) CPU 1.80GHz (1799.14-MHz 686-class CPU)
  Origin = "GenuineIntel"  Id = 0xf13  Stepping = 3
  Features=0x3febfbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CLFLUSH,DTS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM>
real memory  = 267583488 (255 MB)
avail memory = 252452864 (240 MB)
:
mount root from ufs:/dev/ad0s1a
WARNING: / was not properly dismounted
KDB: stack backtrace:
getdirtybuf(1,c6652b40,cf12a528,1,cf12a53c) at getdirtybuf+0x129
flush_deplist(cf12a528,c178a800,0,c229c200,1) at flush_deplist+0x39
flush_inodedep_deps(c093c284,9,cf12a588,325,c082e8c0) at flush_inodedep_deps+0x63
softdep_sync_metadata(cf12a6dc,1,0,0,4) at softdep_sync_metadata+0x4e
ffs_fsync(cf12a6dc,c091fb80,0,0,cf12a67c) at ffs_fsync+0x111
ffs_truncate(c1770cf0,a00,0,880,c18fd100,c1af8170) at ffs_truncate+0x886
ufs_direnter(c1770cf0,c1919bdc,cf12a928,cf12ac0c,0,c1dc3578,cf12ac0c,cf12a928) at ufs_direnter+0x870
ufs_makeinode(cf12abf8,cf12ac0c,c075f9d0,cf12ab2c,c06720f8) at ufs_makeinode+0x29b
ufs_create(cf12aa70,c1af8170,c07c286d,c16a4800,c08d2b20) at ufs_create+0x25
vn_open_cred(cf12abe4,cf12ace4,1b0,c18fd100,12) at vn_open_cred+0x4f0
vn_open(cf12abe4,cf12ace4,1b0,12,c08ed940,8,c08340fe,3bc) at vn_open+0x1e
kern_open(c1af8170,bfbfea24,0,602,1b0) at kern_open+0xd6
open(c1af8170,cf12ad14,3,f6,216) at open+0x18
syscall(bfbf002f,bfbf002f,bfbf002f,bfbfea24,bfbfea24) at syscall+0x128
Xint0x80_syscall() at Xint0x80_syscall+0x1f
--- syscall (5, FreeBSD ELF32, open), eip = 0x280bfc47, esp = 0xbfbfe9cc, ebp = 0xbfbfe9e8 ---
kernel trap 9 with interrupts disabled
kernel trap 9 with interrupts disabled
:
kernel trap 9 with interrupts disabled
KDB: stack backtrace:
getdirtybuf(1,c66742d0,cf292528,1,cf29253c) at getdirtybuf+0x129
flush_deplist(cf292528,c178a800,0,c1ac2700,1) at flush_deplist+0x39
flush_inodedep_deps(c093c16c,9,cf292588,325,c082e8c0) at flush_inodedep_deps+0x63
softdep_sync_metadata(cf2926dc,1,0,0,4) at softdep_sync_metadata+0x4e
ffs_fsync(cf2926dc,c091fb80,0,0,cf29267c) at ffs_fsync+0x111
ffs_truncate(c2c62228,600,0,880,c18fd100,c20882e0) at ffs_truncate+0x886
ufs_direnter(c2c62228,c2b47228,cf292928,cf292c0c,0,c2703c94,cf292c0c,cf292928) at ufs_direnter+0x870
ufs_makeinode(cf292bf8,cf292c0c,c075f9d0,cf292b2c,c06720f8) at ufs_makeinode+0x29b
ufs_create(cf292a70,c20882e0,c08ff5f0,c16a4800,c08d2b20) at ufs_create+0x25
vn_open_cred(cf292be4,cf292ce4,1b0,c18fd100,3) at vn_open_cred+0x4f0
vn_open(cf292be4,cf292ce4,1b0,3,c08ed940,8,c08340fe,3bc) at vn_open+0x1e
kern_open(c20882e0,bfbfea24,0,602,1b0) at kern_open+0xd6
open(c20882e0,cf292d14,3,5b,216) at open+0x18
syscall(bfbf002f,bfbf002f,bfbf002f,bfbfea24,bfbfea24) at syscall+0x128
Xint0x80_syscall() at Xint0x80_syscall+0x1f
--- syscall (5, FreeBSD ELF32, open), eip = 0x280bfc47, esp = 0xbfbfe9cc, ebp = 0xbfbfe9e8 ---
KDB: stack backtrace:
getdirtybuf(1,c665dea0,cf569528,1,cf56953c) at getdirtybuf+0x129
flush_deplist(cf569528,c178a800,0,c1e94080,1) at flush_deplist+0x39
flush_inodedep_deps(c093c1dc,9,cf569588,325,c082e8c0) at flush_inodedep_deps+0x63
softdep_sync_metadata(cf5696dc,1,0,0,4) at softdep_sync_metadata+0x4e
ffs_fsync(cf5696dc,c091fb80,0,0,cf56967c) at ffs_fsync+0x111
ffs_truncate(c2c6478c,800,0,880,c18fd100,c27ee730) at ffs_truncate+0x886
ufs_direnter(c2c6478c,c2957e04,cf569928,cf569c0c,0,c2a20118,cf569c0c,cf569928) at ufs_direnter+0x870
ufs_makeinode(cf569bf8,cf569c0c,c075f9d0,cf569b2c,c06720f8) at ufs_makeinode+0x29b
ufs_create(cf569a70,c27ee730,c07bec31,c16a4800,c08d2b20) at ufs_create+0x25
vn_open_cred(cf569be4,cf569ce4,1b0,c18fd100,1c) at vn_open_cred+0x4f0
vn_open(cf569be4,cf569ce4,1b0,1c,c08ed940,8,c08340fe,3bc) at vn_open+0x1e
kern_open(c27ee730,bfbfea24,0,602,1b0) at kern_open+0xd6
open(c27ee730,cf569d14,3,3f,216) at open+0x18
syscall(2f,2f,2f,bfbfea24,bfbfea24) at syscall+0x128
Xint0x80_syscall() at Xint0x80_syscall+0x1f
--- syscall (5, FreeBSD ELF32, open), eip = 0x280bfc47, esp = 0xbfbfe9cc, ebp = 0xbfbfe9e8 ---
KDB: stack backtrace:
getdirtybuf(1,c6633500,cf1f3528,1,cf1f353c) at getdirtybuf+0x129
flush_deplist(cf1f3528,c178a800,0,c23ef180,1) at flush_deplist+0x39
flush_inodedep_deps(c093bb84,9,cf1f3588,325,c082e8c0) at flush_inodedep_deps+0x63
softdep_sync_metadata(cf1f36dc,1,0,0,4) at softdep_sync_metadata+0x4e
ffs_fsync(cf1f36dc,c091fb80,0,0,cf1f367c) at ffs_fsync+0x111
ffs_truncate(c1dfe33c,c00,0,880,c18fd100,c1dfa000) at ffs_truncate+0x886
ufs_direnter(c1dfe33c,c2ffacf0,cf1f3928,cf1f3c0c,0,c1b1871c,cf1f3c0c,cf1f3928) at ufs_direnter+0x870
ufs_makeinode(cf1f3bf8,cf1f3c0c,c075f9d0,cf1f3b2c,c06720f8) at ufs_makeinode+0x29b
ufs_create(cf1f3a70,c1dfa000,c08ff5f0,c16a4800,c08d2b20) at ufs_create+0x25
vn_open_cred(cf1f3be4,cf1f3ce4,1b0,c18fd100,3) at vn_open_cred+0x4f0
vn_open(cf1f3be4,cf1f3ce4,1b0,3,c08ed940,8,c08340fe,3bc) at vn_open+0x1e
kern_open(c1dfa000,bfbfea24,0,602,1b0) at kern_open+0xd6
open(c1dfa000,cf1f3d14,3,7f,216) at open+0x18
syscall(bfbf002f,bfbf002f,bfbf002f,bfbfea24,bfbfea24) at syscall+0x128
Xint0x80_syscall() at Xint0x80_syscall+0x1f
--- syscall (5, FreeBSD ELF32, open), eip = 0x280bfc47, esp = 0xbfbfe9cc, ebp = 0xbfbfe9e8 ---
KDB: stack backtrace:
getdirtybuf(1,c093c364,9,cf6dd588,c1d66700) at getdirtybuf+0x129
softdep_sync_metadata(cf6dd6dc,1,0,0,4) at softdep_sync_metadata+0x64a
ffs_fsync(cf6dd6dc,c091fb80,0,0,cf6dd67c) at ffs_fsync+0x111
ffs_truncate(c2e2c564,600,0,880,c18fd100,c2793170) at ffs_truncate+0x886
ufs_direnter(c2e2c564,c2888000,cf6dd928,cf6ddc0c,0,c1b6c690,cf6ddc0c,cf6dd928) at ufs_direnter+0x870
ufs_makeinode(cf6ddbf8,cf6ddc0c,c075f9d0,cf6ddb2c,c06720f8) at ufs_makeinode+0x29b
ufs_create(cf6dda70,c2793170,c08ff5f0,c16a4800,c08d2b20) at ufs_create+0x25
vn_open_cred(cf6ddbe4,cf6ddce4,1b0,c18fd100,3) at vn_open_cred+0x4f0
vn_open(cf6ddbe4,cf6ddce4,1b0,3,c08ed940,8,c08340fe,3bc) at vn_open+0x1e
kern_open(c2793170,bfbfea24,0,602,1b0) at kern_open+0xd6
open(c2793170,cf6ddd14,3,27,216) at open+0x18
syscall(2f,2f,2f,bfbfea24,bfbfea24) at syscall+0x128
Xint0x80_syscall() at Xint0x80_syscall+0x1f
--- syscall (5, FreeBSD ELF32, open), eip = 0x280bfc47, esp = 0xbfbfe9cc, ebp = 0xbfbfe9e8 ---
KDB: stack backtrace:
getdirtybuf(1,c667d4e0,cf0c1528,1,cf0c153c) at getdirtybuf+0x129
flush_deplist(cf0c1528,c178a800,0,c250f880,1) at flush_deplist+0x39
flush_inodedep_deps(c093b36c,9,cf0c1588,325,c082e8c0) at flush_inodedep_deps+0x63
softdep_sync_metadata(cf0c16dc,1,0,0,4) at softdep_sync_metadata+0x4e
ffs_fsync(cf0c16dc,c091fb80,0,0,cf0c167c) at ffs_fsync+0x111
ffs_truncate(c2990bdc,800,0,880,c18fd100,c18b9730) at ffs_truncate+0x886
ufs_direnter(c2990bdc,c2bf1cf0,cf0c1928,cf0c1c0c,0,c2c35dac,cf0c1c0c,cf0c1928) at ufs_direnter+0x870
ufs_makeinode(cf0c1bf8,cf0c1c0c,c075f9d0,cf0c1b2c,c06720f8) at ufs_makeinode+0x29b
ufs_create(cf0c1a70,c18b9730,c07bec31,c16a4800,c08d2b20) at ufs_create+0x25
vn_open_cred(cf0c1be4,cf0c1ce4,1b0,c18fd100,10) at vn_open_cred+0x4f0
vn_open(cf0c1be4,cf0c1ce4,1b0,10,c08ed940,8,c08340fe,3bc) at vn_open+0x1e
kern_open(c18b9730,bfbfea24,0,602,1b0) at kern_open+0xd6
open(c18b9730,cf0c1d14,3,10,216) at open+0x18
syscall(2f,2f,2f,bfbfea24,bfbfea24) at syscall+0x128
Xint0x80_syscall() at Xint0x80_syscall+0x1f
--- syscall (5, FreeBSD ELF32, open), eip = 0x280bfc47, esp = 0xbfbfe9cc, ebp = 0xbfbfe9e8 ---
suser: thread 0xc30355c0 (7247 run) != curthread 0xc1f10b80 (7235 gdb)
KDB: stack backtrace:
suser(c30355c0,c30355c0,0,c1d753f0,cf677b90) at suser+0x4f
set_dbregs(c30355c0,cf677c30,c30355c0,cf677c10,c0639698) at set_dbregs+0x4b
proc_write_dbregs(c30355c0,cf677c30,c1d75458,c1d71068,c1d75458) at proc_write_dbregs+0x3d
kern_ptrace(c1f10b80,26,1c4f,cf677c30,0) at kern_ptrace+0x3e8
ptrace(c1f10b80,cf677d14,4,e,206) at ptrace+0x4b
syscall(2f,2829002f,bfbf002f,bfbfe3c0,0) at syscall+0x128
Xint0x80_syscall() at Xint0x80_syscall+0x1f
--- syscall (26, FreeBSD ELF32, ptrace), eip = 0x282fc67b, esp = 0xbfbfe3ac, ebp = 0xbfbfe3f8 ---
suser: thread 0xc30355c0 (7247 run) != curthread 0xc1f10b80 (7235 gdb)
KDB: stack backtrace:
suser(c30355c0,c30355c0,0,c1d753f0,cf677b90) at suser+0x4f
set_dbregs(c30355c0,cf677c30,c30355c0,cf677c10,c0639698) at set_dbregs+0x4b
proc_write_dbregs(c30355c0,cf677c30,c1d75458,c1d71068,c1d75458) at proc_write_dbregs+0x3d
kern_ptrace(c1f10b80,26,1c4f,cf677c30,0) at kern_ptrace+0x3e8
ptrace(c1f10b80,cf677d14,4,69,206) at ptrace+0x4b
syscall(2f,2829002f,bfbf002f,bfbfe3c0,7) at syscall+0x128
Xint0x80_syscall() at Xint0x80_syscall+0x1f
--- syscall (26, FreeBSD ELF32, ptrace), eip = 0x282fc67b, esp = 0xbfbfe3ac, ebp = 0xbfbfe3f8 ---
suser: thread 0xc30355c0 (7247 run) != curthread 0xc1f10b80 (7235 gdb)
KDB: stack backtrace:
suser(c30355c0,c30355c0,0,c1d753f0,cf677b90) at suser+0x4f
set_dbregs(c30355c0,cf677c30,c30355c0,cf677c10,c0639698) at set_dbregs+0x4b
proc_write_dbregs(c30355c0,cf677c30,c1d75458,c1d71068,c1d75458) at proc_write_dbregs+0x3d
kern_ptrace(c1f10b80,26,1c4f,cf677c30,0) at kern_ptrace+0x3e8
ptrace(c1f10b80,cf677d14,4,c5,206) at ptrace+0x4b
syscall(2f,2829002f,bfbf002f,bfbfe3c0,1) at syscall+0x128
Xint0x80_syscall() at Xint0x80_syscall+0x1f
--- syscall (26, FreeBSD ELF32, ptrace), eip = 0x282fc67b, esp = 0xbfbfe3ac, ebp = 0xbfbfe3f8 ---
suser: thread 0xc30355c0 (7247 run) != curthread 0xc1f10b80 (7235 gdb)
KDB: stack backtrace:
suser(c30355c0,c30355c0,0,c1d753f0,cf677b90) at suser+0x4f
set_dbregs(c30355c0,cf677c30,c30355c0,cf677c10,c0639698) at set_dbregs+0x4b
proc_write_dbregs(c30355c0,cf677c30,c1d75458,c1d71068,c1d75458) at proc_write_dbregs+0x3d
kern_ptrace(c1f10b80,26,1c4f,cf677c30,0) at kern_ptrace+0x3e8
ptrace(c1f10b80,cf677d14,4,134,206) at ptrace+0x4b
syscall(2f,2829002f,bfbf002f,bfbfe3c0,7) at syscall+0x128
Xint0x80_syscall() at Xint0x80_syscall+0x1f
--- syscall (26, FreeBSD ELF32, ptrace), eip = 0x282fc67b, esp = 0xbfbfe3ac, ebp = 0xbfbfe3f8 ---
suser: thread 0xc30355c0 (7247 run) != curthread 0xc1f10b80 (7235 gdb)
KDB: stack backtrace:
suser(c30355c0,c30355c0,0,c1d753f0,cf677b90) at suser+0x4f
set_dbregs(c30355c0,cf677c30,c30355c0,cf677c10,c0639698) at set_dbregs+0x4b
proc_write_dbregs(c30355c0,cf677c30,c1d75458,c1d71068,c1d75458) at proc_write_dbregs+0x3d
kern_ptrace(c1f10b80,26,1c4f,cf677c30,0) at kern_ptrace+0x3e8
ptrace(c1f10b80,cf677d14,4,1a4,206) at ptrace+0x4b
syscall(2f,2829002f,bfbf002f,bfbfe390,7) at syscall+0x128
Xint0x80_syscall() at Xint0x80_syscall+0x1f
--- syscall (26, FreeBSD ELF32, ptrace), eip = 0x282fc67b, esp = 0xbfbfe37c, ebp = 0xbfbfe3c8 ---
suser: thread 0xc30355c0 (7247 run) != curthread 0xc1f10b80 (7235 gdb)
KDB: stack backtrace:
suser(c30355c0,c30355c0,0,c1d753f0,cf677b90) at suser+0x4f
set_dbregs(c30355c0,cf677c30,c30355c0,cf677c10,c0639698) at set_dbregs+0x4b
proc_write_dbregs(c30355c0,cf677c30,c1d75458,c1d71068,c1d75458) at proc_write_dbregs+0x3d
kern_ptrace(c1f10b80,26,1c4f,cf677c30,0) at kern_ptrace+0x3e8
ptrace(c1f10b80,cf677d14,4,1fd,206) at ptrace+0x4b
syscall(2f,2829002f,bfbf002f,bfbfe390,0) at syscall+0x128
Xint0x80_syscall() at Xint0x80_syscall+0x1f
--- syscall (26, FreeBSD ELF32, ptrace), eip = 0x282fc67b, esp = 0xbfbfe37c, ebp = 0xbfbfe3c8 ---
suser: thread 0xc30355c0 (7247 run) != curthread 0xc1f10b80 (7235 gdb)
KDB: stack backtrace:
suser(c30355c0,c30355c0,0,c1d753f0,cf677b90) at suser+0x4f
set_dbregs(c30355c0,cf677c30,c30355c0,cf677c10,c0639698) at set_dbregs+0x4b
proc_write_dbregs(c30355c0,cf677c30,c1d75458,c1d71068,c1d75458) at proc_write_dbregs+0x3d
kern_ptrace(c1f10b80,26,1c4f,cf677c30,0) at kern_ptrace+0x3e8
ptrace(c1f10b80,cf677d14,4,256,206) at ptrace+0x4b
syscall(2f,2829002f,bfbf002f,bfbfe390,7) at syscall+0x128
Xint0x80_syscall() at Xint0x80_syscall+0x1f
--- syscall (26, FreeBSD ELF32, ptrace), eip = 0x282fc67b, esp = 0xbfbfe37c, ebp = 0xbfbfe3c8 ---
suser: thread 0xc30355c0 (7247 run) != curthread 0xc1f10b80 (7235 gdb)
KDB: stack backtrace:
suser(c30355c0,c30355c0,0,c1d753f0,cf677b90) at suser+0x4f
set_dbregs(c30355c0,cf677c30,c30355c0,cf677c10,c0639698) at set_dbregs+0x4b
proc_write_dbregs(c30355c0,cf677c30,c1d75458,c1d71068,c1d75458) at proc_write_dbregs+0x3d
kern_ptrace(c1f10b80,26,1c4f,cf677c30,0) at kern_ptrace+0x3e8
ptrace(c1f10b80,cf677d14,4,2c0,206) at ptrace+0x4b
syscall(2f,2829002f,bfbf002f,bfbfe390,1) at syscall+0x128
Xint0x80_syscall() at Xint0x80_syscall+0x1f
--- syscall (26, FreeBSD ELF32, ptrace), eip = 0x282fc67b, esp = 0xbfbfe37c, ebp = 0xbfbfe3c8 ---
kernel trap 9 with interrupts disabled
kernel trap 9 with interrupts disabled
:
kernel trap 9 with interrupts disabled
kernel trap 9 with interrupts disabled
freebsd4_sigreturn: eflags = 0x0
freebsd4_sigreturn: eflags = 0x0
freebsd4_sigreturn: eflags = 0x2000000
freebsd4_sigreturn: eflags = 0x0
freebsd4_sigreturn: eflags = 0x0
freebsd4_sigreturn: eflags = 0xbf850f0c
Limiting icmp unreach response from 211 to 200 packets/sec
Limiting icmp unreach response from 215 to 200 packets/sec
Limiting icmp unreach response from 221 to 200 packets/sec
Limiting icmp unreach response from 215 to 200 packets/sec
Limiting icmp unreach response from 211 to 200 packets/sec
Limiting icmp unreach response from 209 to 200 packets/sec
Limiting icmp unreach response from 230 to 200 packets/sec
Limiting icmp unreach response from 206 to 200 packets/sec
Limiting icmp unreach response from 214 to 200 packets/sec
Limiting icmp unreach response from 223 to 200 packets/sec
Limiting icmp unreach response from 219 to 200 packets/sec
Limiting icmp unreach response from 214 to 200 packets/sec
Limiting icmp unreach response from 205 to 200 packets/sec
Limiting icmp unreach response from 209 to 200 packets/sec
panic: Assertion td->td_sleepqueue != NULL failed at ../../../kern/subr_sleepqueue.c:270
cpuid = 0
KDB: enter: panic
[thread pid 1 tid 100003 ]
Stopped at      kdb_enter+0x2c: leave
db> where
Tracing pid 1 tid 100003 td 0xc151e450
kdb_enter(c082b141,100,c151e450,c151e450,10e0) at kdb_enter+0x2c
panic(c0827c46,c082dd18,c082dc8d,10e,c08f4660) at panic+0x190
sleepq_add(c08eec90,c08ee6e8,c082a9bf,1,c08ee6e8,0,c0827ca9,7d) at sleepq_add+0x156
cv_wait(c08eec90,c08ee6e8,c151de30,0,ffffffff) at cv_wait+0x100
_sx_xlock(c08eec60,c0828867,247,0,c151ddc8) at _sx_xlock+0x59
kern_wait(c151e450,ffffffff,cbc67c90,0,0) at kern_wait+0x4b
wait4(c151e450,cbc67d14,4,3f8,282) at wait4+0x29
syscall(2f,2f,bfbf002f,2,0) at syscall+0x128
Xint0x80_syscall() at Xint0x80_syscall+0x1f
--- syscall (7, FreeBSD ELF32, wait4), eip = 0x805170b, esp = 0xbfbfedbc, ebp = 0xbfbfedd8 ---
db> show pcpu
cpuid        = 0
curthread    = 0xc151e450: pid 1 "init"
curpcb       = 0xcbc67da0
fpcurthread  = none
idlethread   = 0xc151e5c0: pid 11 "idle: cpu0"
APIC ID      = 0
currentldt   = 0x30
spin locks held:
db> call doadump
Dumping 255 MB
 16 32 48 64 80 96 112 128 144 160 176 192 208 224 240
Dump complete
0xfffffff8
db> reset

#9  0xc0611cc0 in panic (fmt=0xc0827c46 "Assertion %s failed at %s:%d") at ../../../kern/kern_shutdown.c:548
#10 0xc062ebd2 in sleepq_add (wchan=0xc08eec90, lock=0xc08ee6e8, wmesg=0xc082a9bf "proctree", flags=0x1)
    at ../../../kern/subr_sleepqueue.c:305
#11 0xc05efa30 in cv_wait (cvp=0xc08eec90, mp=0xc08ee6e8) at ../../../kern/kern_condvar.c:127
#12 0xc061765d in _sx_xlock (sx=0xc08eec60, file=0xc0828867 "../../../kern/kern_exit.c", line=0x247) at ../../../kern/kern_sx.c:175
#13 0xc05fc923 in kern_wait (td=0xc151e450, pid=0xffffffff, status=0xcbc67c90, options=0x0, rusage=0x0) at ../../../kern/kern_exit.c:583
#14 0xc05fcefd in wait4 (td=0xc151e450, uap=0xcbc67d14) at ../../../kern/kern_exit.c:558
#15 0xc07c04f0 in syscall (frame=
      {tf_fs = 0x2f, tf_es = 0x2f, tf_ds = 0xbfbf002f, tf_edi = 0x2, tf_esi = 0x0, tf_ebp = 0xbfbfedd8, tf_isp = 0xcbc67d74, tf_ebx = 0x0, tf_edx = 0x0, tf_ecx = 0x3, tf_eax = 0x7, tf_trapno = 0x0, tf_err = 0x2, tf_eip = 0x805170b, tf_cs = 0x1f, tf_eflags = 0x282, tf_esp = 0xbfbfedbc, tf_ss = 0x2f}) at ../../../i386/i386/trap.c:951
#16 0xc07aeb3f in Xint0x80_syscall () at ../../../i386/i386/exception.s:200
#17 0x0000002f in ?? ()
:
#44 0xc2deaa10 in ?? ()
#45 0xc0622c03 in sched_switch (td=0x0, newtd=0x0, flags=Cannot access memory at address 0xbfbfede8
) at ../../../kern/sched_4bsd.c:963
Previous frame inner to this frame (corrupt stack?)
(kgdb) frame 10
#10 0xc062ebd2 in sleepq_add (wchan=0xc08eec90, lock=0xc08ee6e8, wmesg=0xc082a9bf "proctree", flags=0x1)
    at ../../../kern/subr_sleepqueue.c:305
305                     MPASS((flags & SLEEPQ_TYPE) == sq->sq_type);
(kgdb) l
300                     sq->sq_type = flags & SLEEPQ_TYPE;
301     #endif
302             } else {
303                     MPASS(wchan == sq->sq_wchan);
304                     MPASS(lock == sq->sq_lock);
305                     MPASS((flags & SLEEPQ_TYPE) == sq->sq_type);
306                     LIST_INSERT_HEAD(&sq->sq_free, td->td_sleepqueue, sq_hash);
307             }
308             TAILQ_INSERT_TAIL(&sq->sq_blocked, td, td_slpq);
309             td->td_sleepqueue = NULL;
(kgdb) p *td
No symbol "td" in current context.
(kgdb) p *(struct thread*)0xc151e450
$1 = {td_proc = 0xc151ddc8, td_ksegrp = 0xc1524c60, td_plist = {tqe_next = 0x0, tqe_prev = 0xc151ddd8}, td_kglist = {tqe_next = 0x0,
    tqe_prev = 0xc1524c6c}, td_slpq = {tqe_next = 0x0, tqe_prev = 0xc27982f8}, td_lockq = {tqe_next = 0xc30375c0, tqe_prev = 0xcfd526d4},
  td_runq = {tqe_next = 0x0, tqe_prev = 0x0}, td_selq = {tqh_first = 0x0, tqh_last = 0x0}, td_sleepqueue = 0x0, td_turnstile = 0xc2567c00,
  td_tid = 0x186a3, td_flags = 0x1000000, td_inhibitors = 0x0, td_pflags = 0x0, td_dupfd = 0x0, td_wchan = 0xc08eec90,
  td_wmesg = 0xc082a9bf "proctree", td_lastcpu = 0x0, td_oncpu = 0x0, td_locks = 0xf7b7, td_blocked = 0x0, td_ithd = 0x0,
  td_lockname = 0x0, td_contested = {lh_first = 0x0}, td_sleeplocks = 0x0, td_intr_nesting_level = 0x0, td_pinned = 0x0, td_mailbox = 0x0,
  td_ucred = 0xc151b780, td_standin = 0x0, td_upcall = 0x0, td_sticks = 0x3f8, td_uuticks = 0x0, td_usticks = 0x0, td_intrval = 0x0,
  td_oldsigmask = {__bits = {0x0, 0x0, 0x0, 0x0}}, td_sigmask = {__bits = {0x9e7c9054, 0xffffffff, 0xffffffff, 0xffffffff}}, td_siglist = {
    __bits = {0x0, 0x0, 0x0, 0x0}}, td_waitset = 0x0, td_umtxq = 0x0, td_generation = 0xf083, td_sigstk = {ss_sp = 0x0, ss_size = 0x0,
    ss_flags = 0x4}, td_kflags = 0x0, td_xsig = 0x0, td_profil_addr = 0x0, td_profil_ticks = 0x0, td_base_pri = 0x5c, td_priority = 0x5c,
  td_pcb = 0xcbc67da0, td_state = TDS_RUNNING, td_retval = {0x0, 0x0}, td_slpcallout = {c_links = {sle = {sle_next = 0x0}, tqe = {
        tqe_next = 0x0, tqe_prev = 0xc65b5968}}, c_time = 0xab8ad19, c_arg = 0xc151e450, c_func = 0, c_flags = 0x8}, td_frame = 0xcbc67d48,
  td_kstack_obj = 0xc105ad68, td_kstack = 0xcbc66000, td_kstack_pages = 0x2, td_altkstack_obj = 0x0, td_altkstack = 0x0,
  td_altkstack_pages = 0x0, td_critnest = 0x2, td_md = {md_savecrit = 0x246}, td_sched = 0xc151e59c}

(kgdb) info loc
sc = (struct sleepqueue_chain *) 0xc08f4660
sq = (struct sleepqueue *) 0x0
(kgdb) p *sc
$2 = {sc_queues = {lh_first = 0xc354c420}, sc_lock = {mtx_object = {lo_class = 0xc088af5c, lo_name = 0xc082dc80 "sleepq chain",
      lo_type = 0xc082dc80 "sleepq chain", lo_flags = 0x30000, lo_list = {tqe_next = 0xc08f468c, tqe_prev = 0xc08f464c}, lo_witness = 0x0},
    mtx_lock = 0xc151e450, mtx_recurse = 0x0}}