subject:"fincore.c strikes again \(panic bremfree\: bp not locked\)"

Re: fincore.c strikes again (panic bremfree: bp not locked)

2002-12-12 Thread Tim Robbins

Here's a proposed patch for this problem:


Index: src/sys/i386/i386/pmap.c
===
RCS file: /x/freebsd/src/sys/i386/i386/pmap.c,v
retrieving revision 1.376
diff -u -r1.376 pmap.c
--- src/sys/i386/i386/pmap.c3 Dec 2002 04:00:42 -   1.376
+++ src/sys/i386/i386/pmap.c13 Dec 2002 02:54:44 -
@@ -3300,7 +3300,7 @@
 {
pt_entry_t *ptep, pte;
vm_page_t m;
-   int val = 0;
+   int refd, val = 0;

ptep = pmap_pte(pmap, addr);
if (ptep == 0) {
@@ -3337,9 +3337,17 @@
/*
 * Referenced by someone
 */
-   else if ((m->flags & PG_REFERENCED) || pmap_ts_referenced(m)) {
+   else if (m->flags & PG_REFERENCED) {
val |= MINCORE_REFERENCED_OTHER;
vm_page_flag_set(m, PG_REFERENCED);
+   } else {
+   vm_page_lock_queues();
+   refd = pmap_ts_referenced(m);
+   vm_page_unlock_queues();
+   if (refd) {
+   val |= MINCORE_REFERENCED_OTHER;
+   vm_page_flag_set(m, PG_REFERENCED);
+   }
}
} 
return val;

To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message

Re: fincore.c strikes again (panic bremfree: bp not locked)

2002-12-12 Thread Tim Robbins

On Thu, Dec 12, 2002 at 07:20:15PM -0500, Brian Fundakowski Feldman wrote:

> I don't have any more info since for some reason the kernel wasn't saved 
> when my system dumped core, but yet again fincore.c causes evidence that 
> -CURRENT has regressed again.  I can't find the old thread I'm thinking of, 
> but from a slightly different thread, bde knew what was going on.
[...]

I can reproduce the panic here. This is the message & backtrace, for anyone
who wants to help track it down:

GNU gdb 5.2.1 (FreeBSD)
Copyright 2002 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-undermydesk-freebsd"...
panic: from debugger
panic messages:
---
panic: mutex vm page queue mutex not owned at /usr/src/sys/i386/i386/pmap.c:3141
panic: from debugger
Uptime: 2h37m31s
Dumping 64 MB
ata0: resetting devices ..
done
 16 32 48
---
#0  doadump () at /usr/src/sys/kern/kern_shutdown.c:232
232 dumping++;
(kgdb) bt
#0  doadump () at /usr/src/sys/kern/kern_shutdown.c:232
#1  0xc0197bfc in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:364
#2  0xc0197e43 in panic () at /usr/src/sys/kern/kern_shutdown.c:517
#3  0xc01318d2 in db_panic () at /usr/src/sys/ddb/db_command.c:450
#4  0xc0131852 in db_command (last_cmdp=0xc02d73c0, cmd_table=0x0, 
aux_cmd_tablep=0xc02d20e4, aux_cmd_tablep_end=0xc02d20e8)
at /usr/src/sys/ddb/db_command.c:346
#5  0xc0131966 in db_command_loop () at /usr/src/sys/ddb/db_command.c:472
#6  0xc013465a in db_trap (type=3, code=0) at /usr/src/sys/ddb/db_trap.c:72
#7  0xc0287862 in kdb_trap (type=3, code=0, regs=0xc6279ba8)
at /usr/src/sys/i386/i386/db_interface.c:166
#8  0xc0298eef in trap (frame=
  {tf_fs = 24, tf_es = 16, tf_ds = 16, tf_edi = -1058181856, tf_esi = 256, tf_ebp 
= -970482700, tf_isp = -970482732, tf_ebx = 0, tf_edx = 0, tf_ecx = 32, tf_eax = 18, 
tf_trapno = 3, tf_err = 0, tf_eip = -107102, tf_cs = 8, tf_eflags = 646, tf_esp = 
-1070805470, tf_ss = -1070875346})
at /usr/src/sys/i386/i386/trap.c:603
#9  0xc0289048 in calltrap () at {standard input}:98
#10 0xc0197e2b in panic (fmt=0x0) at /usr/src/sys/kern/kern_shutdown.c:503
#11 0xc018eb3c in _mtx_assert (m=0xc02ef400, what=0, 
file=0xc02ce210 "/usr/src/sys/i386/i386/pmap.c", line=3141)
at /usr/src/sys/kern/kern_mutex.c:838
#12 0xc0296b24 in pmap_ts_referenced (m=0xc45)
at /usr/src/sys/i386/i386/pmap.c:3141
---Type  to continue, or q  to quit---
#13 0xc0296ec3 in pmap_mincore (pmap=0x0, addr=0)
at /usr/src/sys/i386/i386/pmap.c:3340
#14 0xc025d51c in mincore (td=0x3ab0405, uap=0x0)
at /usr/src/sys/vm/vm_mmap.c:874
#15 0xc02997f7 in syscall (frame=
  {tf_fs = 47, tf_es = 47, tf_ds = 47, tf_edi = -1077937044, tf_esi = -1077937032, 
tf_ebp = -1077937084, tf_isp = -970482316, tf_ebx = 2, tf_edx = 134524928, tf_ecx = 8, 
tf_eax = 78, tf_trapno = 12, tf_err = 2, tf_eip = 671813747, tf_cs = 31, tf_eflags = 
658, tf_esp = -1077937300, tf_ss = 47})
at /usr/src/sys/i386/i386/trap.c:1033
#16 0xc028909d in Xint0x80_syscall () at {standard input}:140
---Can't read userspace from dump, or kernel process---

(kgdb) frame 12
#12 0xc0296b24 in pmap_ts_referenced (m=0xc45)
at /usr/src/sys/i386/i386/pmap.c:3141
3141mtx_assert(&vm_page_queue_mtx, MA_OWNED);
(kgdb) print vm_page_queue_mtx
$1 = {mtx_object = {lo_class = 0xc02df5c0, 
lo_name = 0xc02ca52a "vm page queue mutex", 
lo_type = 0xc02ca52a "vm page queue mutex", lo_flags = 196608, lo_list = {
  tqe_next = 0xc02ef3a0, tqe_prev = 0xc030d10c}, lo_witness = 0xc0310148}, 
  mtx_lock = 4, mtx_recurse = 0, mtx_blocked = {tqh_first = 0x0, 
tqh_last = 0xc02ef424}, mtx_contested = {le_next = 0x0, le_prev = 0x0}, 
  mtx_acqtime = 0, mtx_filename = 0x0, mtx_lineno = 0}

This stuff probably is not useful:

(kgdb) frame 14
#14 0xc025d51c in mincore (td=0x3ab0405, uap=0x0)
at /usr/src/sys/vm/vm_mmap.c:874
874 mincoreinfo = pmap_mincore(pmap, addr);
(kgdb) print pmap
$2 = (struct pmap *) 0xc0609bdc
(kgdb) print addr
$3 = 672395264
(kgdb) print *pmap
$4 = {pm_pdir = 0xc62b7000, pm_pteobj = 0xc1048410, pm_pvlist = {
tqh_first = 0xc05c5188, tqh_last = 0xc05a8be0}, pm_active = 1, pm_stats = {
resident_count = 173, wired_count = 0}, pm_ptphint = 0xc0484368, 
  pm_list = {le_next = 0xc060962c, le_prev = 0xc02f56fc}}
(kgdb) frame 13
#13 0xc0296ec3 in pmap_mincore (pmap=0x0, addr=0)
at /usr/src/sys/i386/i386/pmap.c:3340
(kgdb) print m
$5 = (struct vm_page *) 0xc0543138
(kgdb) print *m
$6 = {pageq = {tqe_next = 0xc054a6c8, tqe_prev = 0xc04967a0}, listq = {
tqe_next = 0xc04fd580, tqe_prev = 0xc04806f8}, left = 0xc053df60, 
  right = 0xc04afc10, object = 0xc0435958, pindex = 6, phys_addr = 61538304, 
  md = {p

fincore.c strikes again (panic bremfree: bp not locked)

2002-12-12 Thread Brian Fundakowski Feldman

I don't have any more info since for some reason the kernel wasn't saved 
when my system dumped core, but yet again fincore.c causes evidence that 
-CURRENT has regressed again.  I can't find the old thread I'm thinking of, 
but from a slightly different thread, bde knew what was going on.  For 
further reference:


#include 
#include 
#include 
#include 
#include 
#include 
#include 
#include 
#include 

/*
** print pages of file in core
*/

void usage(char *name)
{
printf("Usage: %s [-ns] files...\n",name);
printf("\t-n\t\tDo not print filename\n");
printf("\t-o\t\tOnly print files with at least one page in core\n");
printf("\t-s\t\tDo not print file size in pages\n");
}

main(int ac,char **av)
{
int c;
int print_name = 1;
int print_sizepages = 1;
int only_nonzero = 0;
int status = 0;

while((c = getopt(ac,av,"nos")) != -1) {
switch(c) {
case 'n':
print_name = 0;
break;
case 'o':
only_nonzero = 1;
break;
case 's':
print_sizepages = 0;
break;
default:
usage(av[0]);
exit(1);
}
}
for(; optind < ac ; optind++) {
int fd;
int pind,pcount;
caddr_t addr;
struct stat statbuf;
size_t len;
size_t numpages;
char *pvec;

if (stat(av[optind],&statbuf)) {
perror("stat");
status = 1;
continue;
}
if (!S_ISREG(statbuf.st_mode)) {
close(fd);
continue;
}
if ((fd = open(av[optind],O_RDONLY)) < 0) {
perror(av[optind]);
status = 1;
continue;
}
if (fstat(fd,&statbuf)) {
perror("fstat");
close(fd);
status = 1;
continue;
}
if (!S_ISREG(statbuf.st_mode)) {
close(fd);
continue;
}
len = statbuf.st_size;
numpages = len/PAGE_SIZE + ((len % PAGE_SIZE) != 0);

if (! (statbuf.st_mode & (S_IFREG|S_IFCHR))) {
pcount = 0;
} else if (len) {
if ((addr = mmap(0,len,PROT_READ,MAP_SHARED,fd,0)) == 
MAP_FAILED) {
fprintf(stderr, "mmap (%s): %s\n", av[optind],
strerror(errno));
close(fd);
status = 1;
continue;
}
pvec = malloc(numpages);
if (mincore(addr,len,pvec))
{
perror("mincore");
exit(1);
}
for(pcount = 0,pind = 0 ; pind < numpages ; pind++) {
if (pvec[pind]) pcount++;
}
free(pvec);
if (munmap(addr,len)) {
perror("munmap");
exit(1);
}
} else {
pcount = 0;
}
if (pcount || !only_nonzero) {
if (print_name) printf("%s: ",av[optind]);
printf("%d",pcount);
if (print_sizepages) printf("/%d",numpages);
printf("\n");
}
close(fd);
}
exit(status);
}

-- 
Brian Fundakowski Feldman   \'[ FreeBSD ]''\
  <> [EMAIL PROTECTED]  <> [EMAIL PROTECTED]  \  The Power to Serve! \
 Opinions expressed are my own.   \,,\



To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message

Re: fincore.c strikes again (panic bremfree: bp not locked)

Re: fincore.c strikes again (panic bremfree: bp not locked)

fincore.c strikes again (panic bremfree: bp not locked)

3 matches

Site Navigation

Mail list logo

Footer information