From owner-freebsd-current@FreeBSD.ORG Wed Dec 3 07:59:03 2003 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6E22116A50B for ; Wed, 3 Dec 2003 07:59:03 -0800 (PST) Received: from park.rambler.ru (park.rambler.ru [81.19.64.101]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4FA0C43FAF for ; Wed, 3 Dec 2003 07:59:01 -0800 (PST) (envelope-from is@rambler-co.ru) Received: from is (is.park.rambler.ru [81.19.64.102]) by park.rambler.ru (8.12.6/8.12.6) with ESMTP id hB3Fx0WU010671 for ; Wed, 3 Dec 2003 18:59:00 +0300 (MSK) (envelope-from is@rambler-co.ru) Date: Wed, 3 Dec 2003 17:43:13 +0300 (MSK) From: Igor Sysoev X-Sender: is@is To: "Brian F. Feldman" In-Reply-To: <200312031419.hB3EJTT3004151@green.bikeshed.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII ReSent-Date: Wed, 3 Dec 2003 18:58:43 +0300 (MSK) Resent-From: Igor Sysoev Resent-To: freebsd-current@freebsd.org ReSent-Subject: Re: A page fault in subr_turnstile.c:propogate_priority() ReSent-Message-ID: Subject: Re: A page fault in subr_turnstile.c:propogate_priority() X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Dec 2003 15:59:03 -0000 On Wed, 3 Dec 2003, Brian F. Feldman wrote: > Igor Sysoev wrote: > > I'd cvsup'ed 5.1-CURRENT from 2003.11.04.02.02.00 up to > > 2003.11.28.00.00.00 with the turnstile support and it can still > > causes sometimes a page fault in propogate_priority(). > > I have core dump and can send debug output. > > Go ahead and load up kernel.debug and the core dump in gdb -k, and show us > the backtrace. Also, do you have any idea about more specific circumstances > that will cause this problem? Thanks! It is SMP system 2xP4, HTT CPUs halted, 4BSD scheduler. It panics sometimes when running in a cycle "make -j 64 buildworld" panic: page fault panic messages: --- Fatal trap 12: page fault while in kernel mode cpuid = 2; apic id = 02 fault virtual address = 0xe5 fault code = supervisor read, page not present instruction pointer = 0x8:0xc053f197 stack pointer = 0x10:0xe3c21c80 frame pointer = 0x10:0xe3c21ca0 code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, def32 1, gran 1 processor eflags = resume, IOPL = 0 current process = 42 (irq29: ahd0) trap number = 12 panic: page fault cpuid = 2; boot() called on cpu#2 syncing disks, buffers remaining... panic: bremfree: removing a buffer not on a queue cpuid = 2; boot() called on cpu#2 Uptime: 1d2h4m15s Dumping 2047 MB 16 32 48 64 80 96 112 128 144 160 176 192 208 224 240 256 272 288 304 320 336 352 368 384 400 416 432 448 464 480 496 512 528 544 560 576 592 608 624 640 656 672 688 704 720 736 752 768 784 800 816 832 848 864 880 896 912 928 944 960 976 992 1008 1024 1040 1056 1072 1088 1104 1120 1136 1152 1168 1184 1200 1216 1232 1248 1264 1280 1296 1312 1328 1344 1360 1376 1392 1408 1424 1440 1456 1472 1488 1504 1520 1536 1552 1568 1584 1600 1616 1632 1648 1664 1680 1696 1712 1728 1744 1760 1776 1792 1808 1824 1840 1856 1872 1888 1904 1920 1936 1952 1968 1984 2000 2016 2032 --- #0 doadump () at ../../../kern/kern_shutdown.c:240 240 dumping++; (kgdb) bt #0 doadump () at ../../../kern/kern_shutdown.c:240 #1 0xc0517067 in boot (howto=260) at ../../../kern/kern_shutdown.c:372 #2 0xc0517480 in poweroff_wait (junk=0xc0666ee0, howto=-729086152) at ../../../kern/kern_shutdown.c:550 #3 0xc05614d1 in bremfreel (bp=0xe3c218f0) at ../../../kern/vfs_bio.c:647 #4 0xc05613db in bremfree (bp=0x0) at ../../../kern/vfs_bio.c:629 #5 0xc0565dd1 in getblk (vp=0xc8154000, blkno=131360, size=16384, slpflag=0, slptimeo=0, flags=0) at ../../../kern/vfs_bio.c:2468 #6 0xc05615b2 in breadn (vp=0xc8154000, blkno=0, size=0, rablkno=0x0, rabsize=0x0, cnt=0, cred=0x0, bpp=0x0) at ../../../kern/vfs_bio.c:700 #7 0xc056155c in bread (vp=0x0, blkno=0, size=0, cred=0x0, bpp=0x0) at ../../../kern/vfs_bio.c:682 #8 0xc05bba85 in ffs_update (vp=0xc815330c, waitfor=0) at ../../../ufs/ffs/ffs_inode.c:108 #9 0xc05d1802 in ffs_fsync (ap=0xe3c21af0) at ../../../ufs/ffs/ffs_vnops.c:325 #10 0xc05d06ca in ffs_sync (mp=0xc812a000, waitfor=2, cred=0xc3f00e80, td=0xc06a5ca0) at vnode_if.h:627 #11 0xc057ab7e in sync (td=0xc06a5ca0, uap=0x0) at ../../../kern/vfs_syscalls.c:141 #12 0xc0516b75 in boot (howto=256) at ../../../kern/kern_shutdown.c:281 #13 0xc0517480 in poweroff_wait (junk=0xc066a837, howto=-1066983121) at ../../../kern/kern_shutdown.c:550 #14 0xc0636d5c in trap_fatal (frame=0xc066a837, eva=0) at ../../../i386/i386/trap.c:821 #15 0xc06363c3 in trap (frame= {tf_fs = -473825256, tf_es = -1068498928, tf_ds = -473825264, tf_edi = -938141248, tf_esi = -1066743576, tf_ebp = -473817952, tf_isp = -473818004, tf_ebx = -941495168, tf_edx = 0, tf_ecx = -941553792, tf_eax = -941495136, tf_trapno = 12, tf_err = 0, tf_eip = -1068240489, tf_cs = 8, tf_eflags = 65667, tf_esp = -941551444, tf_ss = 131}) at ../../../i386/i386/trap.c:250 #16 0xc0623228 in calltrap () at {standard input}:94 #17 0xc053f974 in turnstile_wait (ts=0xc81519c0, lock=0xc06a94a0, owner=0x0) at ../../../kern/subr_turnstile.c:509 #18 0xc050c655 in _mtx_lock_sleep (m=0xc06a94a0, opts=0, file=0x0, line=0) at ../../../kern/kern_mutex.c:476 #19 0xc0501405 in ithread_loop (arg=0xc7e05080) at ../../../kern/kern_intr.c:543 #20 0xc0500040 in fork_exit (callout=0xc0501240 , arg=0x0, frame=0x0) at ../../../kern/kern_fork.c:793 (kgdb) disassemble 0xc053f197 Dump of assembler code for function propagate_priority: 0xc053f070 : push %ebp [ skipped ] 0xc053f0d7 : call 0xc052da60 0xc053f0dc : jmp 0xc053f2b2 0xc053f0e1 : movzbl 0xfffffff0(%ebp),%eax 0xc053f0e5 : mov %al,0xe5(%ebx) 0xc053f0eb : mov 0x60(%ebx),%edi 0xc053f0ee : mov 0x24(%edi),%eax 0xc053f0f1 : shr $0x8,%eax 0xc053f0f4 : and $0x7f,%eax 0xc053f0f7 : lea (%eax,%eax,4),%eax 0xc053f0fa : lea 0xc06ac820(,%eax,8),%esi 0xc053f101 : call 0xc051e650 0xc053f106 : mov %fs:0x0,%edx 0xc053f10d : mov $0x4,%eax 0xc053f112 : lock cmpxchg %edx,0x20(%esi) 0xc053f117 : sete %al 0xc053f11a : movzbl %al,%eax 0xc053f11d : test %eax,%eax 0xc053f11f : jne 0xc053f160 0xc053f121 : mov %fs:0x0,%edx 0xc053f128 : mov 0x20(%esi),%eax 0xc053f12b : cmp %edx,%eax 0xc053f12d : jne 0xc053f138 0xc053f12f : mov 0x24(%esi),%eax 0xc053f132 : inc %eax 0xc053f133 : mov %eax,0x24(%esi) 0xc053f136 : jmp 0xc053f160 0xc053f138 : movl $0x0,0xc(%esp,1) 0xc053f140 : movl $0x0,0x8(%esp,1) 0xc053f148 : movl $0x0,0x4(%esp,1) 0xc053f150 : lea 0x4(%esi),%eax 0xc053f153 : mov %eax,(%esp,1) 0xc053f156 : call 0xc050c680 <_mtx_lock_spin> 0xc053f15b : nop 0xc053f15c : lea 0x0(%esi,1),%esi 0xc053f160 : cmpl $0x0,(%edi) 0xc053f163 : jne 0xc053f187 0xc053f165 : mov 0x24(%esi),%eax 0xc053f168 : test %eax,%eax 0xc053f16a : je 0xc053f175 0xc053f16c : mov 0x24(%esi),%eax 0xc053f16f : dec %eax 0xc053f170 : mov %eax,0x24(%esi) 0xc053f173 : jmp 0xc053f17d 0xc053f175 : mov $0x4,%eax 0xc053f17a : xchg %eax,0x20(%esi) 0xc053f17d : call 0xc051e680 0xc053f182 : jmp 0xc053f2b2 0xc053f187 : cmp (%edi),%ebx 0xc053f189 : je 0xc053f290 0xc053f18f : mov 0x24(%ebx),%eax 0xc053f192 : mov 0x4(%eax),%eax 0xc053f195 : mov (%eax),%edx [ FAULT ] 0xc053f197 : movzbl 0xe5(%edx),%eax 0xc053f19e : cmp 0xfffffff0(%ebp),%eax 0xc053f1a1 : jle 0xc053f290 0xc053f1a7 : call 0xc051e650 0xc053f1ac : mov %fs:0x0,%edx 0xc053f1b3 : mov $0x4,%eax 0xc053f1b8 : lock cmpxchg %edx,0xc06ac7fc 0xc053f1c0 : sete %al 0xc053f1c3 : movzbl %al,%eax 0xc053f1c6 : test %eax,%eax 0xc053f1c8 : jne 0xc053f210 0xc053f1ca : mov %fs:0x0,%edx Igor Sysoev http://sysoev.ru/en/