From owner-freebsd-current Tue Nov 26 12:37:28 2002 Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DA5F037B401; Tue, 26 Nov 2002 12:37:21 -0800 (PST) Received: from boreas.isi.edu (boreas.isi.edu [128.9.160.161]) by mx1.FreeBSD.org (Postfix) with ESMTP id 47A7543EC2; Tue, 26 Nov 2002 12:37:21 -0800 (PST) (envelope-from larse@ISI.EDU) Received: from isi.edu (nik.isi.edu [128.9.168.58]) by boreas.isi.edu (8.11.6/8.11.2) with ESMTP id gAQKbFC12338; Tue, 26 Nov 2002 12:37:15 -0800 (PST) Message-ID: <3DE3DB7A.3050505@isi.edu> Date: Tue, 26 Nov 2002 12:37:14 -0800 From: Lars Eggert User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.2b) Gecko/20021125 X-Accept-Language: en-us, de-de MIME-Version: 1.0 To: John Baldwin Cc: current Subject: Re: panic: mtx_lock() of spin mutex References: In-Reply-To: Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="------------ms040301050009000004030101" Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG This is a cryptographically signed message in MIME format. --------------ms040301050009000004030101 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit John Baldwin wrote: > On 18-Oct-2002 Lars Eggert wrote: > > >John Baldwin wrote: > > > >>What is line 488 of src/sys/kern/kern_descrip.c? > > > >fhold(fp) in do_dup(). Still see this issue on today's -current. It's easily reproducible with a simple "cd ~sunhee" in a tcsh, where ~sunhee is on NFS: panic: mtx_lock() of spin mutex D\^QR\M-@\M-TR\M-@ \M^UV\M-@\^D @ /usr/src/sys/kern/kern_descrip.c:485 cpuid = 1; lapic.id = 02000000 panic: from debugger cpuid = 1; lapic.id = 02000000 boot() called on cpu#1 Uptime: 2m28s pfs_vncache_unload(): 3 entries remaining Dumping 1023 MB 16 32 48 64 80 96 112 128 144 160 176 192 208 224 240 256 272 288 304 320 336 352 368 384 400 416 432 448 464 480 496 512 528 544 560 576 592 608 624 640 656 672 688 704 720 736 752 768 784 800 816 832 848 864 880 896 912 928 944 960 976 992 1008 --- #0 doadump () at /usr/src/sys/kern/kern_shutdown.c:233 233 dumpsys(&dumper); (kgdb) bt #0 doadump () at /usr/src/sys/kern/kern_shutdown.c:233 #1 0xc02c737e in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:364 #2 0xc02c7977 in panic (fmt=0xc0466524 "from debugger") at /usr/src/sys/kern/kern_shutdown.c:517 #3 0xc01533d2 in db_panic () at /usr/src/sys/ddb/db_command.c:450 #4 0xc015320c in db_command (last_cmdp=0xc04d78a0, cmd_table=0x0, aux_cmd_tablep=0xc04cede0, aux_cmd_tablep_end=0xc04cede4) at /usr/src/sys/ddb/db_command.c:346 #5 0xc015344a in db_command_loop () at /usr/src/sys/ddb/db_command.c:472 #6 0xc01560e5 in db_trap (type=3, code=0) at /usr/src/sys/ddb/db_trap.c:72 #7 0xc0426547 in kdb_trap (type=3, code=0, regs=0xe0b40be8) at /usr/src/sys/i386/i386/db_interface.c:166 #8 0xc043e63d in trap (frame= {tf_fs = 24, tf_es = -1068957680, tf_ds = 16, tf_edi = -972412288, tf_esi = 256, tf_ebp = -525071308, tf_isp = -525071340, tf_ebx = 0, tf_edx = 0, tf_ecx = 0, tf_eax = 18, tf_trapno = 3, tf_err = 0, tf_eip = -1069389686, tf_cs = 8, tf_eflags = 642, tf_esp = -1068771002, tf_ss = -1068921887}) at /usr/src/sys/i386/i386/trap.c:603 #9 0xc0427d18 in calltrap () at {standard input}:99 #10 0xc02c795f in panic (fmt=0x0) at /usr/src/sys/kern/kern_shutdown.c:503 #11 0xc02bda97 in _mtx_lock_flags (m=0xc0521154, opts=0, file=0xc0495d47 "/usr/src/sys/kern/kern_descrip.c", line=485) at /usr/src/sys/kern/kern_mutex.c:325 #12 0xc02a93e6 in do_dup (td=0xc60a2a80, type=DUP_FIXED, old=-1, new=4, retval=0xc60a2b18) at /usr/src/sys/kern/kern_descrip.c:485 #13 0xc02a8643 in dup2 (td=0x0, uap=0x0) at /usr/src/sys/kern/kern_descrip.c:174 #14 0xc043f2c6 in syscall (frame= {tf_fs = 47, tf_es = 47, tf_ds = -1078001617, tf_edi = 4, tf_esi = 135641600, tf_ebp = -1078050424, tf_isp = -525070988, tf_ebx = -1, tf_edx = -1078051696, tf_ecx = 135671808, tf_eax = 90, tf_trapno = 12, tf_err = 2, tf_eip = 134843455, tf_cs = 31, tf_eflags = 646, tf_esp = -1078051652, tf_ss = 47}) at /usr/src/sys/i386/i386/trap.c:1033 #15 0xc0427d6d in Xint0x80_syscall () at {standard input}:141 ---Can't read userspace from dump, or kernel process--- (kgdb) up 12 (kgdb) list 480 *retval = new; 481 FILEDESC_UNLOCK(fdp); 482 return (0); 483 } 484 fp = fdp->fd_ofiles[old]; 485 fhold(fp); 486 487 /* 488 * Expand the table for the new descriptor if needed. This may 489 * block and drop and reacquire the filedesc lock. The console log has some additional messages anout mutexes, interrupts, before it spirals down an endless loop of "xlock already held" messages: panic: mtx_lock() of spin mutex D^QR@TR@ ^UV@^D @ /usr/src/sys/kern/kern_descrip.c:485 cpuid = 1; lapic.id = 02000000 Debugger("panic") Stopped at Debugger+0x5a: xchgl %ebx,in_Debugger.0 db> trace Debugger(c0498be1,2000000,c0497e25,e0b40c70,1) at Debugger+0x5a panic(c0497e25,c0520f94,c0495d47,1e5,e0b40cb4) at panic+0x12f _mtx_lock_flags(c0521154,0,c0495d47,1e5,c7078500) at _mtx_lock_flags+0xa7 do_dup(c60a2a80,1,ffffffff,4,c60a2b18) at do_dup+0xe6 dup2(c60a2a80,e0b40d10,c04bff99,407,c65db418) at dup2+0x33 syscall(2f,2f,bfbf002f,4,815ba00) at syscall+0x3c6 Xint0x80_syscall() at Xint0x80_syscall+0x1d --- syscall (90, FreeBSD ELF32, dup2), eip = 0x8098c3f, esp = 0xbfbe3cbc, ebp = 0xbfbe4188 --- db> panic panic: from debugger cpuid = 1; lapic.id = 02000000 boot() called on cpu#1 Uptime: 2m28s pfs_vncache_unload(): 3 entries remaining Dumping 1023 MB 16 32 48 64 80 96 112 128 144 160 176 192 208 224 240 256 272 288 304 320 336 352 368 384 400 416 432 448 464 480 496 512 528 544 560 576 592 608 624 640 656 672 688 704 720 736 752 768 784 800 816 832 848 864 880 896 912 928 944 960 976 992 1008 Dump complete Terminate ACPI panic: absolutely cannot call smp_ipi_shootdown with interrupts already disabled cpuid = 1; lapic.id = 02000000 boot() called on cpu#1 Uptime: 2m28s mpt0: soft reset failed: device not running mpt1: soft reset failed: device not running pfs_vncache_unload(): 3 entries remaining panic: witness_destroy: lock (sleep mutex) pseudofs_vncache is not initialized cpuid = 1; lapic.id = 02000000 boot() called on cpu#1 Uptime: 2m28s panic: _sx_xlock (shutdown_post_sync): xlock already held @ /usr/src/sys/kern/kern_shutdown.c:360 cpuid = 1; lapic.id = 02000000 boot() called on cpu#1 Uptime: 2m28s panic: _sx_xlock (shutdown_post_sync): xlock already held @ /usr/src/sys/kern/kern_shutdown.c:360 cpuid = 1; lapic.id = 02000000 boot() called on cpu#1 Uptime: 2m28s panic: _sx_xlock (shutdown_post_sync): xlock already held @ /usr/src/sys/kern/kern_shutdown.c:360 cpuid = 1; lapic.id = 02000000 boot() called on cpu#1 Uptime: 2m28s Lars -- Lars Eggert USC Information Sciences Institute --------------ms040301050009000004030101 Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIJtjCC AzgwggKhoAMCAQICEGZFcrfMdPXPY3ZFhNAukQEwDQYJKoZIhvcNAQEEBQAwgdExCzAJBgNV BAYTAlpBMRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEaMBgG A1UEChMRVGhhd3RlIENvbnN1bHRpbmcxKDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2Vydmlj ZXMgRGl2aXNpb24xJDAiBgNVBAMTG1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBDQTErMCkG CSqGSIb3DQEJARYccGVyc29uYWwtZnJlZW1haWxAdGhhd3RlLmNvbTAeFw0wMDA4MzAwMDAw MDBaFw0wNDA4MjcyMzU5NTlaMIGSMQswCQYDVQQGEwJaQTEVMBMGA1UECBMMV2VzdGVybiBD YXBlMRIwEAYDVQQHEwlDYXBlIFRvd24xDzANBgNVBAoTBlRoYXd0ZTEdMBsGA1UECxMUQ2Vy dGlmaWNhdGUgU2VydmljZXMxKDAmBgNVBAMTH1BlcnNvbmFsIEZyZWVtYWlsIFJTQSAyMDAw LjguMzAwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAN4zMqZjxwklRT7SbngnZ4HF2ogZ gpcO40QpimM1Km1wPPrcrvfudG8wvDOQf/k0caCjbZjxw0+iZdsN+kvx1t1hpfmFzVWaNRqd knWoJ67Ycvm6AvbXsJHeHOmr4BgDqHxDQlBRh4M88Dm0m1SKE4f/s5udSWYALQmJ7JRr6aFp AgMBAAGjTjBMMCkGA1UdEQQiMCCkHjAcMRowGAYDVQQDExFQcml2YXRlTGFiZWwxLTI5NzAS BgNVHRMBAf8ECDAGAQH/AgEAMAsGA1UdDwQEAwIBBjANBgkqhkiG9w0BAQQFAAOBgQAxsUtH XfkBceX1U2xdedY9mMAmE2KBIqcS+CKV6BtJtyd7BDm6/ObyJOuR+r3sDSo491BVqGz3Da1M G7wD9LXrokefbKIMWI0xQgkRbLAaadErErJAXWr5edDqLiXdiuT82w0fnQLzWtvKPPZE6iZp h39Ins6ln+eE2MliYq0FxjCCAzkwggKioAMCAQICAwglQTANBgkqhkiG9w0BAQQFADCBkjEL MAkGA1UEBhMCWkExFTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3du MQ8wDQYDVQQKEwZUaGF3dGUxHTAbBgNVBAsTFENlcnRpZmljYXRlIFNlcnZpY2VzMSgwJgYD VQQDEx9QZXJzb25hbCBGcmVlbWFpbCBSU0EgMjAwMC44LjMwMB4XDTAyMDgyNDE4NTMzOVoX DTAzMDgyNDE4NTMzOVowVDEPMA0GA1UEBBMGRWdnZXJ0MQ0wCwYDVQQqEwRMYXJzMRQwEgYD VQQDEwtMYXJzIEVnZ2VydDEcMBoGCSqGSIb3DQEJARYNbGFyc2VAaXNpLmVkdTCCASIwDQYJ KoZIhvcNAQEBBQADggEPADCCAQoCggEBANI2Rrt4ggaQ/IrOsDeOm2H4/R5FRIL6JjDY3StE aogp1r23WKniQ1Vj98Nu5WxlaZ3Iam3Jen5T66H8u7rtMNpK4qAeAGoBsVeyVr1+CTFeuv+m xCh7BvBJwhLdm0zDaoDT05YKYZaqtsT+F286FWJQg31Xtf+vTKLVVrHcsafnteyal2NEt7Ac yZZfjsVLwxp2Lq3cwYfRQRoo7/yCVzS7HsgM6jmbO4taEMo4yC2rpnUbWEUCDTaCYgpAXzAl oiNk7GDh0wz2s5ZSnHRvNSBMAjCmpNtSYHfXFI1ANwrrrHIJ7Ei83+XN32PWY4OPzO3iown9 VR+vM+8lNx9OX28CAwEAAaNWMFQwKgYFK2UBBAEEITAfAgEAMBowGAIBBAQTTDJ1TXlmZkJO VWJOSkpjZFoyczAYBgNVHREEETAPgQ1sYXJzZUBpc2kuZWR1MAwGA1UdEwEB/wQCMAAwDQYJ KoZIhvcNAQEEBQADgYEAXcrIlKmPLM/r8r3oz2ZLPLaT1AyMjYTZY2qq/R7SUtFa9BNlTIFh DG78QKfJ9lo2LMzTPQqMZgNLmj95GbNPI8P8OIq2K6MeCZWz08ROackqTFP6xWbIFIfXcBVR 1dZnDDyDKBBh05KkvyTPawSQyOBUeNBfQUyO4TE+3o58U8UwggM5MIICoqADAgECAgMIJUEw DQYJKoZIhvcNAQEEBQAwgZIxCzAJBgNVBAYTAlpBMRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUx EjAQBgNVBAcTCUNhcGUgVG93bjEPMA0GA1UEChMGVGhhd3RlMR0wGwYDVQQLExRDZXJ0aWZp Y2F0ZSBTZXJ2aWNlczEoMCYGA1UEAxMfUGVyc29uYWwgRnJlZW1haWwgUlNBIDIwMDAuOC4z MDAeFw0wMjA4MjQxODUzMzlaFw0wMzA4MjQxODUzMzlaMFQxDzANBgNVBAQTBkVnZ2VydDEN MAsGA1UEKhMETGFyczEUMBIGA1UEAxMLTGFycyBFZ2dlcnQxHDAaBgkqhkiG9w0BCQEWDWxh cnNlQGlzaS5lZHUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDSNka7eIIGkPyK zrA3jpth+P0eRUSC+iYw2N0rRGqIKda9t1ip4kNVY/fDbuVsZWmdyGptyXp+U+uh/Lu67TDa SuKgHgBqAbFXsla9fgkxXrr/psQoewbwScIS3ZtMw2qA09OWCmGWqrbE/hdvOhViUIN9V7X/ r0yi1Vax3LGn57XsmpdjRLewHMmWX47FS8Madi6t3MGH0UEaKO/8glc0ux7IDOo5mzuLWhDK OMgtq6Z1G1hFAg02gmIKQF8wJaIjZOxg4dMM9rOWUpx0bzUgTAIwpqTbUmB31xSNQDcK66xy CexIvN/lzd9j1mODj8zt4qMJ/VUfrzPvJTcfTl9vAgMBAAGjVjBUMCoGBStlAQQBBCEwHwIB ADAaMBgCAQQEE0wydU15ZmZCTlViTkpKY2RaMnMwGAYDVR0RBBEwD4ENbGFyc2VAaXNpLmVk dTAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3DQEBBAUAA4GBAF3KyJSpjyzP6/K96M9mSzy2k9QM jI2E2WNqqv0e0lLRWvQTZUyBYQxu/ECnyfZaNizM0z0KjGYDS5o/eRmzTyPD/DiKtiujHgmV s9PETmnJKkxT+sVmyBSH13AVUdXWZww8gygQYdOSpL8kz2sEkMjgVHjQX0FMjuExPt6OfFPF MYID1TCCA9ECAQEwgZowgZIxCzAJBgNVBAYTAlpBMRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUx EjAQBgNVBAcTCUNhcGUgVG93bjEPMA0GA1UEChMGVGhhd3RlMR0wGwYDVQQLExRDZXJ0aWZp Y2F0ZSBTZXJ2aWNlczEoMCYGA1UEAxMfUGVyc29uYWwgRnJlZW1haWwgUlNBIDIwMDAuOC4z MAIDCCVBMAkGBSsOAwIaBQCgggIPMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZI hvcNAQkFMQ8XDTAyMTEyNjIwMzcxNFowIwYJKoZIhvcNAQkEMRYEFJZVVDYjiBYiz5ySWXhz zLibs1AbMFIGCSqGSIb3DQEJDzFFMEMwCgYIKoZIhvcNAwcwDgYIKoZIhvcNAwICAgCAMA0G CCqGSIb3DQMCAgFAMAcGBSsOAwIHMA0GCCqGSIb3DQMCAgEoMIGrBgkrBgEEAYI3EAQxgZ0w gZowgZIxCzAJBgNVBAYTAlpBMRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNh cGUgVG93bjEPMA0GA1UEChMGVGhhd3RlMR0wGwYDVQQLExRDZXJ0aWZpY2F0ZSBTZXJ2aWNl czEoMCYGA1UEAxMfUGVyc29uYWwgRnJlZW1haWwgUlNBIDIwMDAuOC4zMAIDCCVBMIGtBgsq hkiG9w0BCRACCzGBnaCBmjCBkjELMAkGA1UEBhMCWkExFTATBgNVBAgTDFdlc3Rlcm4gQ2Fw ZTESMBAGA1UEBxMJQ2FwZSBUb3duMQ8wDQYDVQQKEwZUaGF3dGUxHTAbBgNVBAsTFENlcnRp ZmljYXRlIFNlcnZpY2VzMSgwJgYDVQQDEx9QZXJzb25hbCBGcmVlbWFpbCBSU0EgMjAwMC44 LjMwAgMIJUEwDQYJKoZIhvcNAQEBBQAEggEAhUrmSQqsCxJrNzAASviN29bfHaRLTXFGZ81P ITuHcfuWxND7ZQ+HgV8kpHvJiJ/YfPP6zs/mBXEm2XqDMTOOeCu3gucxASeMBeG9kRLoauq3 j69Js5EItKmujVPeaKG2ckP3+qD7eoQ6RiH64erEfVnDQ/cUA3Yr+jVq1FnirdHKfzAcb4Lo kH4aXsAf5K4Fho5Qdh3Woefbl/h5Dbv6VjwAOmQTS8Asr8EsaYKQERCtrbLCmzOmh6H+Wpii ByEtMZ5n3dL1ccJTrVCveHkWX1ou95Yw8OqF35Ua5bd1wiiAxj3jpE+ePVC2m4v6LyRPMQHY /KzLiSIUeZjTb8UGWwAAAAAAAA== --------------ms040301050009000004030101-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message