Bug 67538 - Giant-owned panic when compiling with lang/compaq-cc
Summary: Giant-owned panic when compiling with lang/compaq-cc
Status: Closed FIXED
Alias: None
Product: Base System
Classification: Unclassified
Component: alpha (show other bugs)
Version: 5.2-CURRENT
Hardware: Any Any
: Normal Affects Only Me
Assignee: freebsd-alpha (Nobody)
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2004-06-03 17:40 UTC by ntarmos
Modified: 2022-11-04 08:53 UTC (History)
1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description ntarmos 2004-06-03 17:40:24 UTC 
Compiling a C program with lang/compaq-cc on my 164SX (PCA56) panics the machine with:
panic: mutex Giant owned at /vinum/usr.cur/src/sys/kern/kern_thread.c:1445
at line 742 in file /vinum/usr.cur/src/sys/kern/kern_mutex.c
Stack backtrace:
db_print_backtrace() at 0xfffffc0000573418 = db_print_backtrace+0x18
backtrace() at 0xfffffc000043f52c = backtrace+0x2c
__panic() at 0xfffffc000043f690 = __panic+0x150
_mtx_assert() at 0xfffffc0000433e0c = _mtx_assert+0xec
thread_wait() at 0xfffffc0000450650 = thread_wait+0x30
kern_wait() at 0xfffffc0000423b90 = kern_wait+0x430
linux_wait4() at 0xfffffe0002ab9550 = linux_wait4+0x58
syscall() at 0xfffffc00005831dc = syscall+0x35c
XentSys() at 0xfffffc0000573f50 = XentSys+0x64
--- syscall (365) ---
--- user mode ---
panic

Calling doadump() after this produces a seemingly irrelevant dump:
[root@Gatekeeper]:/var/crash# gdb -k /boot/kernel/kernel.debug vmcore.0
GNU gdb 5.2.1 (FreeBSD)
Copyright 2002 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "alpha-undermydesk-freebsd"...
panic: mutex Giant owned at /vinum/usr.cur/src/sys/kern/kern_thread.c:1445
panic messages:
---
---
Reading symbols from /boot/kernel/vinum.ko...done.
Loaded symbols for /boot/kernel/vinum.ko
Reading symbols from /boot/kernel/osf1.ko...done.
Loaded symbols for /boot/kernel/osf1.ko
Reading symbols from /boot/kernel/linux.ko...done.
Loaded symbols for /boot/kernel/linux.ko
#0  0xfffffc000043f008 in doadump ()
    at /vinum/usr.cur/src/sys/kern/kern_shutdown.c:235
235             savectx(&dumppcb);
(kgdb) bt
#0  0xfffffc000043f008 in doadump ()
    at /vinum/usr.cur/src/sys/kern/kern_shutdown.c:235
#1  0xfffffc0000387660 in db_fncall (dummy1=0, dummy2=0, dummy3=0, dummy4=0x0)
    at /vinum/usr.cur/src/sys/ddb/db_command.c:551
#2  0xfffffc0000387284 in db_command (last_cmdp=0xfffffc00006b3c00,
    cmd_table=0x0, aux_cmd_tablep=0xfffffc0000666af8,
    aux_cmd_tablep_end=0xfffffc0000666b18)
    at /vinum/usr.cur/src/sys/ddb/db_command.c:348
#3  0xfffffc0000387438 in db_command_loop ()
    at /vinum/usr.cur/src/sys/ddb/db_command.c:475
#4  0xfffffc000038bb08 in db_trap (type=0, code=0)
    at /vinum/usr.cur/src/sys/ddb/db_trap.c:73
#5  0xfffffc0000572b40 in kdb_trap (a0=1, a1=0, a2=0, entry=3,
    regs=0xfffffe0012c8d948)
    at /vinum/usr.cur/src/sys/alpha/alpha/db_interface.c:208
#6  0xfffffc0000582db8 in trap (a0=1, a1=10, a2=28704, entry=3,
    framep=0xfffffe0012c8d948) at /vinum/usr.cur/src/sys/alpha/alpha/trap.c:378
#7  0xfffffc0000572cb8 in Debugger (msg=)
    at /vinum/usr.cur/src/sys/alpha/alpha/db_interface.c:277
(kgdb)

How-To-Repeat: Try compiling the following source code using lang/compaq-cc:
-- begin source code --

#include <unistd.h>
#include <stdlib.h>
      
#define MAXARRAY 250000
      
struct shr_data {
  unsigned long int   Pinakas[MAXARRAY];
};
  
void QUICKSORT( struct shr_data *array,
                unsigned long int l,
                unsigned long int r )
{
  unsigned long int tmp, i = l + 1, k = r - 1;

  while( i <= k ) { 
    if ( array->Pinakas[ i ] < array->Pinakas[ l ] )
      i ++;
    else {
      tmp = array->Pinakas[ i ];
      array->Pinakas[ i ] = array->Pinakas[ k ];
      array->Pinakas[ k ] = tmp;
      k --;
    }
  }   

  k ++;
  i --;
  
  tmp = array->Pinakas[ l ];
  array->Pinakas[ l ] = array->Pinakas[ i ];
  array->Pinakas[ i ] = tmp;
                
  if ( l < i ) QUICKSORT( array, l, i );
  if ( r > k ) QUICKSORT( array, k, r );
}
      
int main()
{
  struct shr_data* array;
  unsigned long i;
      
  srandom( getpid() );
  array = (struct shr_data*)malloc(sizeof(struct shr_data));
  
  for ( i = 0; i < 250000; i ++ )
    array->Pinakas[ i ] = random();
  
  QUICKSORT( array, 0, 250000 );
  
  free(array);
  return 0;
}

-- end source code --
I'll try to narrow down the source code that results in the crash. Just send-pr'ed this to add a data-point (and probably get some feedback). IMO this is a linux-emu-related problem. If I manage to get a working core (why does ddb get borked?), I'll follow-up to this.
Comment 1 John Baldwin freebsd_committer freebsd_triage 2004-06-04 14:53:09 UTC 
State Changed
From-To: open->feedback

Fix committed to CURRENT to mark linux_wait4() as MP safe.  Please verify 
that this fixes the problem, thanks.
Comment 2 ntarmos 2004-06-07 13:05:01 UTC 
Hi there.

The problems seems to be fixed -- at least I can't reproduce it
locally. Thanks :)

\n\n

-- 
 Nikos "Noth" Ntarmos    | < ntarmos at ceid dot upatras dot gr >
 NetCINS Lab. @ C.E.I.D. | [ http://{noth,p2p}.ceid.upatras.gr/ ]
 U. of Patras - Greece   | ( 38.2594N, 21.7428E ) ( 1024D / CF95160A )
Comment 3 John Baldwin freebsd_committer freebsd_triage 2004-06-07 15:12:07 UTC 
State Changed
From-To: feedback->closed

Submitter reports that the problem is now fixed.
Comment 4 commit-hook freebsd_committer freebsd_triage 2022-11-04 08:52:43 UTC 
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=16ee2eafa863c9a9e44704da57ac232eb08e252a

commit 16ee2eafa863c9a9e44704da57ac232eb08e252a
Author:     Emmanuel Vadot <manu@FreeBSD.org>
AuthorDate: 2022-11-03 19:58:49 +0000
Commit:     Emmanuel Vadot <manu@FreeBSD.org>
CommitDate: 2022-11-04 08:47:37 +0000

    x11/pixman: Update to 0.42.2

    Release notes (0.42.0): https://lists.freedesktop.org/archives/pixman/2022-October/004993.html
    Release notes (0.42.2): https://lists.freedesktop.org/archives/pixman/2022-November/004994.html

    For now disable neon on aarch64, it's borked.

    PR:             67538
    Security:       CVE-2022-44638
    Sponsored by:   Beckhoff Automation GmbH & Co. KG

 x11/pixman/Makefile  | 5 +++--
 x11/pixman/distinfo  | 6 +++---
 x11/pixman/pkg-plist | 2 +-
 3 files changed, 7 insertions(+), 6 deletions(-)
Comment 5 commit-hook freebsd_committer freebsd_triage 2022-11-04 08:53:45 UTC 
A commit in branch 2022Q4 references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=3573adac89f2d4f479856995afa435f2c205d19c

commit 3573adac89f2d4f479856995afa435f2c205d19c
Author:     Emmanuel Vadot <manu@FreeBSD.org>
AuthorDate: 2022-11-03 19:58:49 +0000
Commit:     Emmanuel Vadot <manu@FreeBSD.org>
CommitDate: 2022-11-04 08:53:13 +0000

    x11/pixman: Update to 0.42.2

    Release notes (0.42.0): https://lists.freedesktop.org/archives/pixman/2022-October/004993.html
    Release notes (0.42.2): https://lists.freedesktop.org/archives/pixman/2022-November/004994.html

    For now disable neon on aarch64, it's borked.

    PR:             67538
    Security:       CVE-2022-44638
    Sponsored by:   Beckhoff Automation GmbH & Co. KG

    (cherry picked from commit 16ee2eafa863c9a9e44704da57ac232eb08e252a)

 x11/pixman/Makefile  | 5 +++--
 x11/pixman/distinfo  | 6 +++---
 x11/pixman/pkg-plist | 2 +-
 3 files changed, 7 insertions(+), 6 deletions(-)