From owner-freebsd-hackers Tue Aug 24 13:29:47 1999 Delivered-To: freebsd-hackers@freebsd.org Received: from mercury.inktomi.com (mercury.inktomi.com [209.1.32.126]) by hub.freebsd.org (Postfix) with ESMTP id 18F441512D for ; Tue, 24 Aug 1999 13:29:44 -0700 (PDT) (envelope-from jplevyak@inktomi.com) Received: from proxydev.inktomi.com (proxydev.inktomi.com [209.1.32.44]) by mercury.inktomi.com (8.9.1a/8.9.1) with ESMTP id NAA19348 for ; Tue, 24 Aug 1999 13:29:44 -0700 (PDT) Received: (from jplevyak@localhost) by proxydev.inktomi.com (8.8.5/8.7.3) id NAA18561 for freebsd-hackers@freebsd.org; Tue, 24 Aug 1999 13:29:43 -0700 (PDT) Date: Tue, 24 Aug 1999 13:29:43 -0700 From: John Plevyak To: freebsd-hackers@freebsd.org Subject: K6/3 on 3.2-STABLE Message-ID: <19990824132943.B11107@proxydev.inktomi.com> Mail-Followup-To: freebsd-hackers@freebsd.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95.5i Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I am experiencing reproducible crashes with FreeBSD (3.2-STABLE) on a K6/3-450 running on an ASUS P5S-VM motherboard. The problem is highly repeatable (happens about 1/4 of the way through compiling the kernel) and goes away if a K6/2-450 is substituted for the K6/3-450 with all other things held equal. The problem shows up in sys/kern/vfs_bio.c on line 757 in brelse: if ((bp->b_flags & B_INVAL) || (bp->b_flags & (B_LOCKED|B_DELWRI)) == 0) { if (bp->b_flags & B_DELWRI) { --numdirtybuffers; bp->b_flags &= ~B_DELWRI; } vfs_bio_need_satisfy(); } The corresponding assembly code is: .stabn 68,0,757,.LM335-brelse .LM335: testb $32,37(%esi) jne .L560 testl $16512,36(%esi) jne .L559 .L560: .stabn 68,0,759,.LM336-brelse .LM336: cmpb $0,36(%esi) jge .L561 .stabn 68,0,760,.LM337-brelse .LM337: decl numdirtybuffers The problem is that the K6/3 ends up *between* instructions. In the image this code corresponds to : 0xc017ed35 : movl %ebx,0xc02d681c 0xc017ed3b : testb $0x20,0x25(%esi) 0xc017ed3f : jne 0xc017ed4a 0xc017ed41 : testl $0x4080,0x24(%esi) 0xc017ed48 : jne 0xc017ed62 0xc017ed4a : cmpb $0x0,0x24(%esi) 0xc017ed4e : jnl 0xc017ed5d 0xc017ed50 : decl 0xc030680c 0xc017ed56 : andl $0xffffff7f,0x24(%esi) 0xc017ed5d : call 0xc017e720 But the kernel crashes with the $pc == 0xc017ed46 which corresponds to : (gdb) x/10i 0xc017ed46 0xc017ed46 : addb %al,(%eax) 0xc017ed48 : jne 0xc017ed62 0xc017ed4a : cmpb $0x0,0x24(%esi) 0xc017ed4e : jnl 0xc017ed5d 0xc017ed50 : decl 0xc030680c and since eax is 0, this results in a protection fault. This is very repeatable, as I said, it happens about 1/4 of the way through building the kernel. It is next to impossible to get through an entire build of the kernel. Swapping out the K6/3 for a K6/2 solved the problem as does running the same binaries on Intel hardware. Has anyone else had any similar experience with the K6/3? Has anyone had success with the K6/3? On further note: recompiling the kernel with egcs-1.1.2 causes the problem to go away (probably different instruction selection/scheduling) but a problem remains in libc (in the 'free' function) which prevents reliable operation. 'make world' with egcs-1.1.2 requuires a number of changes, so I haven't tried that yet, but in any case I don't feel comfortable with changing out the compiler and hoping that the bug doesn't just move somewhere else. Any ideas/pointers appreciated. john -- John Bradley Plevyak, PhD, jplevyak@inktomi.com, PGP KeyID: 051130BD Inktomi Corporation, 1900 S. Norfolk Street, Suite 310, San Mateo, CA 94403 W:(650)653-2830 F:(650)653-2889 P:(888)491-1332/5103192436.4911332@pagenet.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message