kern/113517: panic on SMP build with ULE2

moose at opera.com moose at opera.com
Sun Jun 10 11:30:12 UTC 2007 

>Number:         113517
>Category:       kern
>Synopsis:       panic on SMP build with ULE2
>Confidential:   no
>Severity:       serious
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Jun 10 11:30:12 GMT 2007
>Closed-Date:
>Last-Modified:
>Originator:     moose at opera.com
>Release:        FreeBSD 7.0-CURRENT
>Organization:
Opera Software
>Environment:
FreeBSD 7.0-CURRENT #0: Sun Jun 10 11:41:43 CEST 2007     moose at evangelista:/usr/obj/usr/src/sys/EVANGELISTA  amd64
>Description:
Kernel panics during both buildworld and buildkernel, only if -j8 flagg is added to make. Always reproducible with the following options: PREEMPTION, SCHED_ULE, SMP. I cannot do a dump as I have way more memory than swap. With the following enabled:

makeoptions     DEBUG=-g
options         KDB
options         DDB

what follows is the output (after which I ran show reg and trace):

kernel trap 12 with interrupts disabled
Fatal trap 12: page fault while in kernel mode
cpuid = 3; apic id = 03
fault virtual address   = 0x140
fault code              = supervisor write data, page not present
instruction pointer     = 0x8:0xffffffff80414c18
frame pointer           = 0x10:0xffffffffaee9da00
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DFL 0, pres 1, long 1, def32 0, gran 1
processor eflags        = resume, IOPL = 0
current process         = 30708
[thread pid 30708 tid 100245]
Stopped at      cpu+throw+ox18: lock btrl       %eax,0x140(%rdx)

db>show reg
cs                     0x8
ss                    0x10
rax                    0x3
rcx                    0xb4
rdx                      0
rbx                0x5d5e0
rsp             0xffffffffaee9da00
rbp             0xffffffffaee9da40
rsi             0xffffff0061d04000
rdi             0xffffff006abb3a20
r8                 0x1ec00
r9                 0x5d5e0
r10                    0xb
r11                      0
r12             0xffffff006abb3a20
r13             0xffffff000afc8000
r14             0xffffff000afc8000
r15                      0
rip             0xffffffff80414c18
rflags             0x10082
cpu_throw+0x18:     lock btrl           %eax,0x140(%rdx)

db>trace
Tracing pid 30708 tid 100245 td 0xffffff006abb3020
cpu_throw()     at      cpu_throw+0x18
thread_exit()   at      thread_exit+0x30f
exit1()         at      exit1+0xb09
sys_exit()      at      sys_exit+0xe
syscall()       at      syscall+0x257
Xfast_syscall() at Xfast_syscall+0xab
--- syscall (1, FreeBSD ELF64, sys_exit), rip=0x8311bc, rsp=0x7fffffffe128, rbp=0x7fffffffe240 ---


I can always reproduce this on a 4-core opteron system. I can do it again on demand.
>How-To-Repeat:
Enable SCHED_ULE and SMP in the kernel. 
make -j8 buildworld [or]
make -j8 buildkernel ...
--> panic
>Fix:


>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-bugs mailing list