From owner-freebsd-bugs@FreeBSD.ORG  Sun Jun 10 11:30:12 2007
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
X-Original-To: freebsd-bugs@hub.freebsd.org
Delivered-To: freebsd-bugs@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id D42BF16A469
	for <freebsd-bugs@hub.freebsd.org>;
	Sun, 10 Jun 2007 11:30:12 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org [69.147.83.40])
	by mx1.freebsd.org (Postfix) with ESMTP id B619913C487
	for <freebsd-bugs@hub.freebsd.org>;
	Sun, 10 Jun 2007 11:30:12 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1])
	by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id l5ABUCLt004081
	for <freebsd-bugs@freefall.freebsd.org>; Sun, 10 Jun 2007 11:30:12 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.13.4/8.13.4/Submit) id l5ABUC1o004080;
	Sun, 10 Jun 2007 11:30:12 GMT (envelope-from gnats)
Resent-Date: Sun, 10 Jun 2007 11:30:12 GMT
Resent-Message-Id: <200706101130.l5ABUC1o004080@freefall.freebsd.org>
Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer)
Resent-To: freebsd-bugs@FreeBSD.org
Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org,
	"moose@opera.com"<moose@opera.com>
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id AE0F416A400
	for <freebsd-gnats-submit@FreeBSD.org>;
	Sun, 10 Jun 2007 11:27:51 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [69.147.83.33])
	by mx1.freebsd.org (Postfix) with ESMTP id 8636E13C465
	for <freebsd-gnats-submit@FreeBSD.org>;
	Sun, 10 Jun 2007 11:27:51 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.13.1/8.13.1) with ESMTP id l5ABRpMU062364
	for <freebsd-gnats-submit@FreeBSD.org>; Sun, 10 Jun 2007 11:27:51 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.13.1/8.13.1/Submit) id l5ABRpAY062363;
	Sun, 10 Jun 2007 11:27:51 GMT (envelope-from nobody)
Message-Id: <200706101127.l5ABRpAY062363@www.freebsd.org>
Date: Sun, 10 Jun 2007 11:27:51 GMT
From: "moose@opera.com"<moose@opera.com>
To: freebsd-gnats-submit@FreeBSD.org
X-Send-Pr-Version: www-3.0
Cc: 
Subject: kern/113517: panic on SMP build with ULE2
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 10 Jun 2007 11:30:12 -0000


>Number:         113517
>Category:       kern
>Synopsis:       panic on SMP build with ULE2
>Confidential:   no
>Severity:       serious
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Jun 10 11:30:12 GMT 2007
>Closed-Date:
>Last-Modified:
>Originator:     moose@opera.com
>Release:        FreeBSD 7.0-CURRENT
>Organization:
Opera Software
>Environment:
FreeBSD 7.0-CURRENT #0: Sun Jun 10 11:41:43 CEST 2007     moose@evangelista:/usr/obj/usr/src/sys/EVANGELISTA  amd64
>Description:
Kernel panics during both buildworld and buildkernel, only if -j8 flagg is added to make. Always reproducible with the following options: PREEMPTION, SCHED_ULE, SMP. I cannot do a dump as I have way more memory than swap. With the following enabled:

makeoptions     DEBUG=-g
options         KDB
options         DDB

what follows is the output (after which I ran show reg and trace):

kernel trap 12 with interrupts disabled
Fatal trap 12: page fault while in kernel mode
cpuid = 3; apic id = 03
fault virtual address   = 0x140
fault code              = supervisor write data, page not present
instruction pointer     = 0x8:0xffffffff80414c18
frame pointer           = 0x10:0xffffffffaee9da00
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DFL 0, pres 1, long 1, def32 0, gran 1
processor eflags        = resume, IOPL = 0
current process         = 30708
[thread pid 30708 tid 100245]
Stopped at      cpu+throw+ox18: lock btrl       %eax,0x140(%rdx)

db>show reg
cs                     0x8
ss                    0x10
rax                    0x3
rcx                    0xb4
rdx                      0
rbx                0x5d5e0
rsp             0xffffffffaee9da00
rbp             0xffffffffaee9da40
rsi             0xffffff0061d04000
rdi             0xffffff006abb3a20
r8                 0x1ec00
r9                 0x5d5e0
r10                    0xb
r11                      0
r12             0xffffff006abb3a20
r13             0xffffff000afc8000
r14             0xffffff000afc8000
r15                      0
rip             0xffffffff80414c18
rflags             0x10082
cpu_throw+0x18:     lock btrl           %eax,0x140(%rdx)

db>trace
Tracing pid 30708 tid 100245 td 0xffffff006abb3020
cpu_throw()     at      cpu_throw+0x18
thread_exit()   at      thread_exit+0x30f
exit1()         at      exit1+0xb09
sys_exit()      at      sys_exit+0xe
syscall()       at      syscall+0x257
Xfast_syscall() at Xfast_syscall+0xab
--- syscall (1, FreeBSD ELF64, sys_exit), rip=0x8311bc, rsp=0x7fffffffe128, rbp=0x7fffffffe240 ---


I can always reproduce this on a 4-core opteron system. I can do it again on demand.
>How-To-Repeat:
Enable SCHED_ULE and SMP in the kernel. 
make -j8 buildworld [or]
make -j8 buildkernel ...
--> panic
>Fix:


>Release-Note:
>Audit-Trail:
>Unformatted: