From owner-freebsd-current@FreeBSD.ORG Sat Nov 15 10:21:03 2003 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D1B3716A4CF; Sat, 15 Nov 2003 10:21:03 -0800 (PST) Received: from fafoe.narf.at (chello212186121237.14.vie.surfer.at [212.186.121.237]) by mx1.FreeBSD.org (Postfix) with ESMTP id C699943FB1; Sat, 15 Nov 2003 10:21:01 -0800 (PST) (envelope-from stefan@fafoe.narf.at) Received: from wombat.fafoe.narf.at (wombat.fafoe.narf.at [192.168.1.42]) by fafoe.narf.at (Postfix) with ESMTP id 0351E3FA8; Sat, 15 Nov 2003 19:20:43 +0100 (CET) Received: by wombat.fafoe.narf.at (Postfix, from userid 1001) id 3819D1BC; Sat, 15 Nov 2003 19:20:41 +0100 (CET) Date: Sat, 15 Nov 2003 19:20:41 +0100 From: Stefan Farfeleder To: current@freebsd.org Message-ID: <20031115182021.GB1023@wombat.fafoe.narf.at> Mail-Followup-To: current@freebsd.org, jhb@freebsd.org Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit User-Agent: Mutt/1.5.4i Subject: panic: Assertion td->td_turnstile != NULL failed X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 15 Nov 2003 18:21:03 -0000 Hi, this panic just happened on an i386 SMP box that was idle except for generating tons of "checking stopevent 2 with the following non-sleepable locks held" messages. Its sources are are just a few hours old. %% checking stopevent 2 with the following non-sleepable locks held: exclusive sleep mutex sigacts r = 0 (0xc6b6caa8) locked @ /freebsd/frog/src/sys/kern/subr_trap.c:260 panic: Assertion td->td_turnstile != NULL failed at /freebsd/frog/src/sys/kern/subr_turnstile.c:437 cpuid = 0; Debugger("panic") Stopped at Debugger+0x4e: xchgl %ebx,in_Debugger.0 db> t Debugger(c070b63e,0,c070ab4a,e041ca58,100) at Debugger+0x4e panic(c070ab4a,c070e631,c070e401,1b5,c0793a40) at panic+0x148 turnstile_wait(c6938240,c078f4a0,c68bc140,1cc,c078f4a0) at turnstile_wait+0x29c _mtx_lock_sleep(c078f4a0,0,c0723748,df,c29a8b04) at _mtx_lock_sleep+0x111 _mtx_lock_flags(c078f4a0,0,c0723748,df,bf800000) at _mtx_lock_flags+0x98 vm_fault(c078be80,0,2,8,c29a9780) at vm_fault+0x5a trap_pfault(e041cc2c,0,0,e041cc1c,0) at trap_pfault+0xf6 trap(18,10,10,0,e041cca8) at trap+0x2f3 calltrap() at calltrap+0x5 --- trap 0xc, eip = 0xc06babb3, esp = 0xe041cc6c, ebp = 0xe041cc90 --- intr_execute_handlers(c07782a4,e041cca8,e041ccec,c06ccc4e,7) at intr_execute_handlers+0x23 atpic_handle_intr(7) at atpic_handle_intr+0x41 Xatpic_intr7() at Xatpic_intr7+0x1e --- interrupt, eip = 0xc06befe5, esp = 0xe041ccec, ebp = 0xe041ccec --- cpu_idle_default(e041cd14,c0528bcc,c078f4a0,2,c07092f6) at cpu_idle_default+0x5 cpu_idle(c078f4a0,2,c07092f6,53,c0528b90) at cpu_idle+0x28 idle_proc(0,e041cd48,c070919e,311,0) at idle_proc+0x3c fork_exit(c0528b90,0,e041cd48) at fork_exit+0xb4 fork_trampoline() at fork_trampoline+0x8 --- trap 0x1, eip = 0, esp = 0xe041cd7c, ebp = 0 --- db> call doadump Dumping 1023 MB 16 32 48 64 80 96 112 128 144 160 176 192 208 224 240 256 272 288 304 320 336 352 368 384 400 416 432 448 464 480 496 512 528 544 560 576 592 608 624 640 656 672 688 704 720 736 752 768 784 800 816 832 848 864 880 896 912 928 944 960 976 992 1008 Dump complete 0xf db> r cpu_reset called on cpu#0 %% GDB tells this: %% GNU gdb 5.2.1 (FreeBSD) Copyright 2002 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "i386-undermydesk-freebsd"... panic: Assertion td->td_turnstile != NULL failed at /freebsd/frog/src/sys/kern/subr_turnstile.c:437 panic messages: --- panic: Assertion td->td_turnstile != NULL failed at /freebsd/frog/src/sys/kern/subr_turnstile.c:437 cpuid = 0; Dumping 1023 MB 16 32 48 64 80 96 112 128 144 160 176 192 208 224 240 256 272 288 304 320 336 352 368 384 400 416 432 448 464 480 496 512 528 544 560 576 592 608 624 640 656 672 688 704 720 736 752 768 784 800 816 832 848 864 880 896 912 928 944 960 976 992 1008 --- #0 doadump () at /freebsd/frog/src/sys/kern/kern_shutdown.c:240 240 dumping++; (kgdb) bt #0 doadump () at /freebsd/frog/src/sys/kern/kern_shutdown.c:240 #1 0xc046ea8d in db_fncall (dummy1=1016, dummy2=0, dummy3=331, dummy4=0xe041c894 "") at /freebsd/frog/src/sys/ddb/db_command.c:548 #2 0xc046e82a in db_command (last_cmdp=0xc077c140, cmd_table=0x0, aux_cmd_tablep=0xc072fe2c, aux_cmd_tablep_end=0xc072fe30) at /freebsd/frog/src/sys/ddb/db_command.c:346 #3 0xc046e938 in db_command_loop () at /freebsd/frog/src/sys/ddb/db_command.c:472 #4 0xc0471679 in db_trap (type=3, code=0) at /freebsd/frog/src/sys/ddb/db_trap.c:73 #5 0xc06b5343 in kdb_trap (type=3, code=0, regs=0xe041c9d4) at /freebsd/frog/src/sys/i386/i386/db_interface.c:171 #6 0xc06c9eae in trap (frame= {tf_fs = 24, tf_es = 16, tf_ds = 16, tf_edi = -1066357942, tf_esi = 1, tf_ebp = -532559328, tf_isp = -532559360, tf_ebx = 0, tf_edx = 0, tf_ecx = 1, tf_eax = 18, tf_trapno = 3, tf_err = 0, tf_eip = -1066707410, tf_cs = 8, tf_eflags = 134, tf_esp = -1066237866, tf_ss = -1066355138}) at /freebsd/frog/src/sys/i386/i386/trap.c:580 #7 0xc06b6c48 in calltrap () at {standard input}:94 #8 0xc053cd18 in panic (fmt=0xc070ab4a "Assertion %s failed at %s:%d") at /freebsd/frog/src/sys/kern/kern_shutdown.c:534 #9 0xc0561a6c in turnstile_wait (ts=0xc6938240, lock=0xc078f4a0, owner=0xc68bc140) at /freebsd/frog/src/sys/kern/subr_turnstile.c:469 ---Type to continue, or q to quit--- #10 0xc05338a1 in _mtx_lock_sleep (m=0xc078f4a0, opts=0, file=0xc0723748 "/freebsd/frog/src/sys/vm/vm_fault.c", line=223) at /freebsd/frog/src/sys/kern/kern_mutex.c:476 #11 0xc0533458 in _mtx_lock_flags (m=0xc078f4a0, opts=0, file=0xc0723748 "/freebsd/frog/src/sys/vm/vm_fault.c", line=223) at /freebsd/frog/src/sys/kern/kern_mutex.c:218 #12 0xc067811a in vm_fault (map=0xc078be80, vaddr=0, fault_type=2 '\002', fault_flags=8) at /freebsd/frog/src/sys/vm/vm_fault.c:223 #13 0xc06ca096 in trap_pfault (frame=0xe041cc2c, usermode=0, eva=0) at /freebsd/frog/src/sys/i386/i386/trap.c:711 #14 0xc06c9d33 in trap (frame= {tf_fs = 24, tf_es = 16, tf_ds = 16, tf_edi = 0, tf_esi = -532558680, tf_ebp = -532558704, tf_isp = -532558760, tf_ebx = -1030059368, tf_edx = 0, tf_ecx = 0, tf_eax = 1, tf_trapno = 12, tf_err = 2, tf_eip = -1066685517, tf_cs = 8, tf_eflags = 65538, tf_esp = -1030091636, tf_ss = -1068393691}) at /freebsd/frog/src/sys/i386/i386/trap.c:420 #15 0xc06b6c48 in calltrap () at {standard input}:94 #16 0xc06cc9b1 in atpic_handle_intr (iframe= {if_vec = 7, if_fs = 24, if_es = 16, if_ds = 16, if_edi = 0, if_esi = -1030056064, if_ebp = -532558612, if_ebx = -1030059368, if_edx = -1065806176, if_ecx = 0, if_eax = 0, if_eip = -1066668059, if_cs = 8, if_eflags = 582, if_esp = -532558604, if_ss = -1066668008}) at /freebsd/frog/src/sys/i386/isa/atpic.c:335 #17 0xc06ccc4e in Xatpic_intr7 () at {standard input}:39 ---Type to continue, or q to quit--- #18 0xc06bf018 in cpu_idle () at /freebsd/frog/src/sys/i386/i386/machdep.c:1071 #19 0xc0528bcc in idle_proc (dummy=0x0) at /freebsd/frog/src/sys/kern/kern_idle.c:86 #20 0xc05288d4 in fork_exit (callout=0xc0528b90 , arg=0x0, frame=0x0) at /freebsd/frog/src/sys/kern/kern_fork.c:793 (kgdb) f 9 #9 0xc0561a6c in turnstile_wait (ts=0xc6938240, lock=0xc078f4a0, owner=0xc68bc140) at /freebsd/frog/src/sys/kern/subr_turnstile.c:469 469 MPASS(owner == ts->ts_owner); (kgdb) l 464 else 465 TAILQ_INSERT_TAIL(&ts->ts_blocked, td, td_lockq); 466 mtx_unlock_spin(&td_contested_lock); 467 MPASS(td->td_turnstile != NULL); 468 LIST_INSERT_HEAD(&ts->ts_free, td->td_turnstile, ts_hash); 469 MPASS(owner == ts->ts_owner); 470 } 471 #ifdef INVARIANTS 472 td->td_turnstile = NULL; 473 #endif (kgdb) p *td $1 = {td_proc = 0xc29a8a98, td_ksegrp = 0xc29adc80, td_plist = { tqe_next = 0x0, tqe_prev = 0xc29a8aa8}, td_kglist = {tqe_next = 0x0, tqe_prev = 0xc29adc9c}, td_slpq = {tqe_next = 0x0, tqe_prev = 0x0}, td_lockq = {tqe_next = 0xc29aa640, tqe_prev = 0xc29aa160}, td_runq = { tqe_next = 0x0, tqe_prev = 0x0}, td_selq = {tqh_first = 0x0, tqh_last = 0x0}, td_turnstile = 0x0, td_flags = 65568, td_inhibitors = 8, td_pflags = 0, td_last_kse = 0xc29abe00, td_kse = 0xc29abe00, td_dupfd = 0, td_wchan = 0x0, td_wmesg = 0x0, td_lastcpu = 0 '\0', td_oncpu = 0 '\0', td_locks = 0, td_blocked = 0xc6938240, td_ithd = 0x0, td_lockname = 0xc070ad83 "Giant", td_contested = {lh_first = 0x0}, td_sleeplocks = 0x0, td_intr_nesting_level = 1, td_pinned = 0, td_mailbox = 0x0, td_ucred = 0xc2996e80, td_standin = 0x0, td_prticks = 0, td_upcall = 0x0, td_sticks = 9712, td_uuticks = 0, td_usticks = 0, td_intrval = 0, td_oldsigmask = {__bits = {0, 0, 0, 0}}, td_sigmask = { __bits = {0, 0, 0, 0}}, td_siglist = {__bits = {0, 0, 0, 0}}, td_waitset = 0x0, td_umtx = {tqe_next = 0x0, tqe_prev = 0x0}, td_generation = 8792, td_base_pri = 160 ' ', td_priority = 68 'D', td_pcb = 0xe041cda0, td_state = TDS_RUNNING, td_retval = {0, 0}, td_slpcallout = {c_links = {sle = {sle_next = 0x0}, tqe = {tqe_next = 0x0, tqe_prev = 0x0}}, c_time = 0, c_arg = 0x0, c_func = 0, c_flags = 8}, td_frame = 0xe041cd48, td_kstack_obj = 0xc1032bdc, td_kstack = 3762401280, td_kstack_pages = 2, td_altkstack_obj = 0x0, td_altkstack = 0, td_altkstack_pages = 0, td_critnest = 1, td_md = {md_savecrit = 582}, ---Type to continue, or q to quit--- td_sched = 0xc29a98b8} %% Stefan