Re: Fatal trap 12 in kern/kern_switch.c:436

On Wednesday 11 August 2004 04:52 am, Peter Holm wrote:
> While stress testing with kern.threads.virtual_cpu=256 I got this
> fault after a kill -9 of a hung test program.

Do you have PREEMPTION turned on?  This is the same type of bug that people 
were seeing with PREEMPTION turned on.

> GDB: no debug ports present
> KDB: debugger backends: ddb
> KDB: current backend: ddb
> Copyright (c) 1992-2004 The FreeBSD Project.
> Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
> 	The Regents of the University of California. All rights reserved.
> FreeBSD 5.2-CURRENT #0: Wed Aug 11 04:23:56 CEST 2004
>     root_at_peter.osted.lan:/usr/src/sys/i386/compile/PHO
> WARNING: WITNESS option enabled, expect reduced performance.
> ACPI APIC Table: <A M I  OEMAPIC >
> Timecounter "i8254" frequency 1193182 Hz quality 0
> CPU: Intel(R) Celeron(R) CPU 1.80GHz (1799.14-MHz 686-class CPU)
>   Origin = "GenuineIntel"  Id = 0xf13  Stepping = 3
>  
> Features=0x3febfbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MC
>A,CMOV,PAT,PSE36,CLFLUSH,DTS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM> real memory 
> = 267583488 (255 MB)
> avail memory = 252190720 (240 MB)
>
> ata1-master: DMA limited to UDMA33, non-ATA66 cable or device
> acd0: CDROM <SONY CD-ROM CDU5261/C200SNS> at ata1-master UDMA33
> Mounting root from ufs:/dev/ad0s1a
> kernel trap 12 with interrupts disabled
>
>
> Fatal trap 12: page fault while in kernel mode
> cpuid = 0; apic id = 00
> fault virtual address	= 0x54
> fault code		= supervisor write, page not present
> instruction pointer	= 0x8:0xc066ab08
> stack pointer	        = 0x10:0xd25c1c50
> frame pointer	        = 0x10:0xd25c1c70
> code segment		= base 0x0, limit 0xfffff, type 0x1b
> 			= DPL 0, pres 1, def32 1, gran 1
> processor eflags	= resume, IOPL = 0
> current process		= 539 (pthread_setconcurre)
> [thread 101883]
> Stopped at      setrunqueue+0x1e8:      movl    %edi,0x54(%edx)
> db> where
> setrunqueue(c1bac2c0,c1a957d0,c08b1292,484,c065038e) at setrunqueue+0x1e8
> sched_switch(c1bac2c0,0,c08b06b2,123,d3526cf3) at sched_switch+0xa4
> mi_switch(2,0,c08b2b56,f5,10000) at mi_switch+0x29f
> ast(d25c1d48) at ast+0x3fb
> doreti_ast() at doreti_ast+0x17
> db> call doadump
> Dumping 255 MB
> panic: blockable sleep lock (sleep mutex) taskqueue _at_
> kern/subr_taskqueue.c:132 cpuid = 0;
> Uptime: 34m36s
> panic: cv_wait: not TDS_RUNNING
> cpuid = 0;
> KDB: enter: panic
> [thread 101883]
> Stopped at      kdb_enter+0x30: leave
> db>
>
> (kgdb) l *0xc066ab08
> 0xc066ab08 is in setrunqueue (../../../kern/kern_switch.c:436).
> 431                              * put the new kse on whatever is next,
> 432                              * which may or may not be us.
> 433                              */
> 434                             td2 = TAILQ_NEXT(tda, td_runq);
> 435                             kg->kg_last_assigned = td2;
> 436                             td2->td_kse = ke;
> 437                             ke->ke_thread = td2;
> 438                     }
> 439                     sched_add(ke->ke_thread);
> 440             } else {
> (kgdb)

-- 
John Baldwin <jhb_at_FreeBSD.org>  <><  http://www.FreeBSD.org/~jhb/
"Power Users Use the Power to Serve!"  -  http://www.FreeBSD.org/