Re: sleeping thread panic?

On Sun, Jul 08, 2012 at 09:46:09AM -0400, Michael Butler wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> On 07/08/12 09:34, Konstantin Belousov wrote:
> > On Sun, Jul 08, 2012 at 08:46:32AM -0400, Michael Butler wrote:
> >> Sorry, no symbols but this happened twice last night while being the
> >> target of a dump over NFS ..
> >>
> >> root_at_mail:/var/crash # less info.0
> >> Dump header from device /dev/ada0s1
> >>   Architecture: i386
> >>   Architecture Version: 2
> >>   Dump Length: 252809216B (241 MB)
> >>   Blocksize: 512
> >>   Dumptime: Sun Jul  8 00:21:23 2012
> >>   Hostname: mail.auburn.protected-networks.net
> >>   Magic: FreeBSD Kernel Dump
> >>   Version String: FreeBSD 10.0-CURRENT #87: Sat Jul  7 22:39:55 EDT 2012
> >>     root_at_mail.auburn.protected-networks.net:/usr/obj/usr/src/sys/AUBURN
> >>   Panic String: sleeping thread
> >>   Dump Parity: 2996346376
> >>   Bounds: 0
> >>   Dump Status: good
> >>
> >>
> >> (kgdb) bt
> >> #0  0xc07530cd in doadump ()
> >> #1  0xc0753656 in kern_reboot ()
> >> #2  0xc0753cfc in panic ()
> >> #3  0xc079a34e in propagate_priority ()
> >> #4  0xc079b5e4 in turnstile_wait ()
> >> #5  0xc073ea71 in _mtx_lock_sleep ()
> >> #6  0xc09c4772 in vm_page_unwire ()
> >> #7  0xc07db039 in vfs_vmio_release ()
> >> #8  0xc07dd476 in getnewbuf ()
> >> #9  0xc07de50b in getblk ()
> >> #10 0xc0966d99 in ffs_balloc_ufs2 ()
> >> #11 0xc099281e in ffs_write ()
> >> #12 0xc0a38b05 in VOP_WRITE_APV ()
> >> #13 0xc068a65e in nfsvno_write ()
> >> #14 0xc06882e7 in nfsrvd_write ()
> >> #15 0xc066ea05 in nfsrvd_dorpc ()
> >> #16 0xc067d42f in nfssvc_program ()
> >> #17 0xc09356e2 in svc_run_internal ()
> >> #18 0xc0935b70 in svc_thread_start ()
> >> #19 0xc07204fb in fork_exit ()
> >> #20 0xc09fe7a4 in fork_trampoline ()
> > 
> > You need to provide:
> > 1. exact version of your kernel sources
> 
> This is the CVS equivalent of SVN r238221
> 
> > 2. complete panic message. There should be backtrace of the 'sleeping
> > thread', not the paniced thread, right after the panic message.
> > 
> 
> Sorry, that is the entire info file - nothing more than I've posted is
> logged,
Catch it next time ? This should be quite reproducable, if real.

Actually, try this.

diff --git a/sys/vm/vm_pageout.c b/sys/vm/vm_pageout.c
index 9485fdd..de33afc 100644
--- a/sys/vm/vm_pageout.c
+++ b/sys/vm/vm_pageout.c
_at__at_ -1030,7 +1030,6 _at__at_ rescan0:
 					++pageout_lock_miss;
 					if (object->flags & OBJ_MIGHTBEDIRTY)
 						vnodes_skipped++;
-					vm_page_lock_queues();
 					goto unlock_and_continue;
 				}
 				KASSERT(mp != NULL,
_at__at_ -1041,7 +1040,6 _at__at_ rescan0:
 				if (vget(vp, LK_EXCLUSIVE | LK_TIMELOCK,
 				    curthread)) {
 					VM_OBJECT_LOCK(object);
-					vm_page_lock_queues();
 					++pageout_lock_miss;
 					if (object->flags & OBJ_MIGHTBEDIRTY)
 						vnodes_skipped++;
_at__at_ -1082,15 +1080,17 _at__at_ rescan0:
 				 * If the page has become held it might
 				 * be undergoing I/O, so skip it
 				 */
+				KASSERT(queues_locked, ("unlocked queues 2"));
+				mtx_assert(&vm_page_queue_mtx, MA_OWNED);
 				if (m->hold_count) {
-					vm_page_lock_queues();
-					queues_locked = TRUE;
 					vm_page_unlock(m);
 					vm_page_requeue(m);
 					if (object->flags & OBJ_MIGHTBEDIRTY)
 						vnodes_skipped++;
 					goto unlock_and_continue;
 				}
+				vm_page_unlock_queues();
+				queues_locked = FALSE;
 			}
 
 			/*