Re: A page fault in subr_turnstile.c:propogate_priority()

From: Igor Sysoev <is_at_rambler-co.ru>
Date: Wed, 3 Dec 2003 17:43:13 +0300 (MSK)
On Wed, 3 Dec 2003, Brian F. Feldman wrote:

> Igor Sysoev <is_at_rambler-co.ru> wrote:
> > I'd cvsup'ed 5.1-CURRENT from 2003.11.04.02.02.00 up to
> > 2003.11.28.00.00.00 with the turnstile support and it can still
> > causes sometimes a page fault in propogate_priority().
> > I have core dump and can send debug output.
> 
> Go ahead and load up kernel.debug and the core dump in gdb -k, and show us 
> the backtrace.  Also, do you have any idea about more specific circumstances 
> that will cause this problem?  Thanks!

It is SMP system 2xP4, HTT CPUs halted, 4BSD scheduler.
It panics sometimes when running in a cycle "make -j 64 buildworld"


panic: page fault
panic messages:
---
Fatal trap 12: page fault while in kernel mode
cpuid = 2; apic id = 02
fault virtual address   = 0xe5
fault code              = supervisor read, page not present
instruction pointer     = 0x8:0xc053f197
stack pointer           = 0x10:0xe3c21c80
frame pointer           = 0x10:0xe3c21ca0
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, def32 1, gran 1
processor eflags        = resume, IOPL = 0
current process         = 42 (irq29: ahd0)
trap number             = 12
panic: page fault
cpuid = 2; 
boot() called on cpu#2

syncing disks, buffers remaining... panic: bremfree: removing a buffer not on a queue
cpuid = 2; 
boot() called on cpu#2
Uptime: 1d2h4m15s
Dumping 2047 MB
 16 32 48 64 80 96 112 128 144 160 176 192 208 224 240 256 272 288 304 320 336 352 368 384 400 416 432 448 464 480 496 512 528 544 560 576 592 608 624 640 656 672 688 704 720 736 752 768 784 800 816 832 848 864 880 896 912 928 944 960 976 992 1008 1024 1040 1056 1072 1088 1104 1120 1136 1152 1168 1184 1200 1216 1232 1248 1264 1280 1296 1312 1328 1344 1360 1376 1392 1408 1424 1440 1456 1472 1488 1504 1520 1536 1552 1568 1584 1600 1616 1632 1648 1664 1680 1696 1712 1728 1744 1760 1776 1792 1808 1824 1840 1856 1872 1888 1904 1920 1936 1952 1968 1984 2000 2016 2032
---
#0  doadump () at ../../../kern/kern_shutdown.c:240
240             dumping++;
(kgdb) bt
#0  doadump () at ../../../kern/kern_shutdown.c:240
#1  0xc0517067 in boot (howto=260) at ../../../kern/kern_shutdown.c:372
#2  0xc0517480 in poweroff_wait (junk=0xc0666ee0, howto=-729086152)
    at ../../../kern/kern_shutdown.c:550
#3  0xc05614d1 in bremfreel (bp=0xe3c218f0) at ../../../kern/vfs_bio.c:647
#4  0xc05613db in bremfree (bp=0x0) at ../../../kern/vfs_bio.c:629
#5  0xc0565dd1 in getblk (vp=0xc8154000, blkno=131360, size=16384, slpflag=0, 
    slptimeo=0, flags=0) at ../../../kern/vfs_bio.c:2468
#6  0xc05615b2 in breadn (vp=0xc8154000, blkno=0, size=0, rablkno=0x0, 
    rabsize=0x0, cnt=0, cred=0x0, bpp=0x0) at ../../../kern/vfs_bio.c:700
#7  0xc056155c in bread (vp=0x0, blkno=0, size=0, cred=0x0, bpp=0x0)
    at ../../../kern/vfs_bio.c:682
#8  0xc05bba85 in ffs_update (vp=0xc815330c, waitfor=0)
    at ../../../ufs/ffs/ffs_inode.c:108
#9  0xc05d1802 in ffs_fsync (ap=0xe3c21af0) at ../../../ufs/ffs/ffs_vnops.c:325
#10 0xc05d06ca in ffs_sync (mp=0xc812a000, waitfor=2, cred=0xc3f00e80, 
    td=0xc06a5ca0) at vnode_if.h:627
#11 0xc057ab7e in sync (td=0xc06a5ca0, uap=0x0)
    at ../../../kern/vfs_syscalls.c:141
#12 0xc0516b75 in boot (howto=256) at ../../../kern/kern_shutdown.c:281
#13 0xc0517480 in poweroff_wait (junk=0xc066a837, howto=-1066983121)
    at ../../../kern/kern_shutdown.c:550
#14 0xc0636d5c in trap_fatal (frame=0xc066a837, eva=0)
    at ../../../i386/i386/trap.c:821
#15 0xc06363c3 in trap (frame=
      {tf_fs = -473825256, tf_es = -1068498928, tf_ds = -473825264, tf_edi = -938141248, tf_esi = -1066743576, tf_ebp = -473817952, tf_isp = -473818004, tf_ebx = -941495168, tf_edx = 0, tf_ecx = -941553792, tf_eax = -941495136, tf_trapno = 12, tf_err = 0, tf_eip = -1068240489, tf_cs = 8, tf_eflags = 65667, tf_esp = -941551444, tf_ss = 131}) at ../../../i386/i386/trap.c:250
#16 0xc0623228 in calltrap () at {standard input}:94
#17 0xc053f974 in turnstile_wait (ts=0xc81519c0, lock=0xc06a94a0, owner=0x0)
    at ../../../kern/subr_turnstile.c:509
#18 0xc050c655 in _mtx_lock_sleep (m=0xc06a94a0, opts=0, file=0x0, line=0)
    at ../../../kern/kern_mutex.c:476
#19 0xc0501405 in ithread_loop (arg=0xc7e05080)
    at ../../../kern/kern_intr.c:543
#20 0xc0500040 in fork_exit (callout=0xc0501240 <ithread_loop>, arg=0x0, 
    frame=0x0) at ../../../kern/kern_fork.c:793
(kgdb) disassemble 0xc053f197
Dump of assembler code for function propagate_priority:
0xc053f070 <propagate_priority>:        push   %ebp

[ skipped ]

0xc053f0d7 <propagate_priority+103>:    call   0xc052da60 <sched_prio>
0xc053f0dc <propagate_priority+108>:
    jmp    0xc053f2b2 <propagate_priority+578>
0xc053f0e1 <propagate_priority+113>:    movzbl 0xfffffff0(%ebp),%eax
0xc053f0e5 <propagate_priority+117>:    mov    %al,0xe5(%ebx)
0xc053f0eb <propagate_priority+123>:    mov    0x60(%ebx),%edi
0xc053f0ee <propagate_priority+126>:    mov    0x24(%edi),%eax
0xc053f0f1 <propagate_priority+129>:    shr    $0x8,%eax
0xc053f0f4 <propagate_priority+132>:    and    $0x7f,%eax
0xc053f0f7 <propagate_priority+135>:    lea    (%eax,%eax,4),%eax
0xc053f0fa <propagate_priority+138>:    lea    0xc06ac820(,%eax,8),%esi
0xc053f101 <propagate_priority+145>:    call   0xc051e650 <critical_enter>
0xc053f106 <propagate_priority+150>:    mov    %fs:0x0,%edx
0xc053f10d <propagate_priority+157>:    mov    $0x4,%eax
0xc053f112 <propagate_priority+162>:    lock cmpxchg %edx,0x20(%esi)
0xc053f117 <propagate_priority+167>:    sete   %al
0xc053f11a <propagate_priority+170>:    movzbl %al,%eax
0xc053f11d <propagate_priority+173>:    test   %eax,%eax
0xc053f11f <propagate_priority+175>:
    jne    0xc053f160 <propagate_priority+240>
0xc053f121 <propagate_priority+177>:    mov    %fs:0x0,%edx
0xc053f128 <propagate_priority+184>:    mov    0x20(%esi),%eax
0xc053f12b <propagate_priority+187>:    cmp    %edx,%eax
0xc053f12d <propagate_priority+189>:
    jne    0xc053f138 <propagate_priority+200>
0xc053f12f <propagate_priority+191>:    mov    0x24(%esi),%eax
0xc053f132 <propagate_priority+194>:    inc    %eax
0xc053f133 <propagate_priority+195>:    mov    %eax,0x24(%esi)
0xc053f136 <propagate_priority+198>:
    jmp    0xc053f160 <propagate_priority+240>
0xc053f138 <propagate_priority+200>:    movl   $0x0,0xc(%esp,1)
0xc053f140 <propagate_priority+208>:    movl   $0x0,0x8(%esp,1)
0xc053f148 <propagate_priority+216>:    movl   $0x0,0x4(%esp,1)
0xc053f150 <propagate_priority+224>:    lea    0x4(%esi),%eax
0xc053f153 <propagate_priority+227>:    mov    %eax,(%esp,1)
0xc053f156 <propagate_priority+230>:    call   0xc050c680 <_mtx_lock_spin>
0xc053f15b <propagate_priority+235>:    nop    
0xc053f15c <propagate_priority+236>:    lea    0x0(%esi,1),%esi
0xc053f160 <propagate_priority+240>:    cmpl   $0x0,(%edi)
0xc053f163 <propagate_priority+243>:
    jne    0xc053f187 <propagate_priority+279>
0xc053f165 <propagate_priority+245>:    mov    0x24(%esi),%eax
0xc053f168 <propagate_priority+248>:    test   %eax,%eax
0xc053f16a <propagate_priority+250>:
    je     0xc053f175 <propagate_priority+261>
0xc053f16c <propagate_priority+252>:    mov    0x24(%esi),%eax
0xc053f16f <propagate_priority+255>:    dec    %eax
0xc053f170 <propagate_priority+256>:    mov    %eax,0x24(%esi)
0xc053f173 <propagate_priority+259>:
    jmp    0xc053f17d <propagate_priority+269>
0xc053f175 <propagate_priority+261>:    mov    $0x4,%eax
0xc053f17a <propagate_priority+266>:    xchg   %eax,0x20(%esi)
0xc053f17d <propagate_priority+269>:    call   0xc051e680 <critical_exit>
0xc053f182 <propagate_priority+274>:
    jmp    0xc053f2b2 <propagate_priority+578>
0xc053f187 <propagate_priority+279>:    cmp    (%edi),%ebx
0xc053f189 <propagate_priority+281>:
    je     0xc053f290 <propagate_priority+544>
0xc053f18f <propagate_priority+287>:    mov    0x24(%ebx),%eax
0xc053f192 <propagate_priority+290>:    mov    0x4(%eax),%eax
0xc053f195 <propagate_priority+293>:    mov    (%eax),%edx

[ FAULT ]

0xc053f197 <propagate_priority+295>:    movzbl 0xe5(%edx),%eax
0xc053f19e <propagate_priority+302>:    cmp    0xfffffff0(%ebp),%eax
0xc053f1a1 <propagate_priority+305>:
    jle    0xc053f290 <propagate_priority+544>
0xc053f1a7 <propagate_priority+311>:    call   0xc051e650 <critical_enter>
0xc053f1ac <propagate_priority+316>:    mov    %fs:0x0,%edx
0xc053f1b3 <propagate_priority+323>:    mov    $0x4,%eax
0xc053f1b8 <propagate_priority+328>:    lock cmpxchg %edx,0xc06ac7fc
0xc053f1c0 <propagate_priority+336>:    sete   %al
0xc053f1c3 <propagate_priority+339>:    movzbl %al,%eax
0xc053f1c6 <propagate_priority+342>:    test   %eax,%eax
0xc053f1c8 <propagate_priority+344>:
    jne    0xc053f210 <propagate_priority+416>
0xc053f1ca <propagate_priority+346>:    mov    %fs:0x0,%edx


Igor Sysoev
http://sysoev.ru/en/
Received on Wed Dec 03 2003 - 06:59:03 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:37:32 UTC