Date: Tue, 26 Nov 2002 12:37:14 -0800 From: Lars Eggert <larse@ISI.EDU> To: John Baldwin <jhb@FreeBSD.org> Cc: current <current@FreeBSD.org> Subject: Re: panic: mtx_lock() of spin mutex Message-ID: <3DE3DB7A.3050505@isi.edu> In-Reply-To: <XFMail.20021018123309.jhb@FreeBSD.org>
index | next in thread | previous in thread | raw e-mail
[-- Attachment #1 --]
John Baldwin wrote:
> On 18-Oct-2002 Lars Eggert wrote:
>
> >John Baldwin wrote:
> >
> >>What is line 488 of src/sys/kern/kern_descrip.c?
> >
> >fhold(fp) in do_dup().
Still see this issue on today's -current. It's easily reproducible with
a simple "cd ~sunhee" in a tcsh, where ~sunhee is on NFS:
panic: mtx_lock() of spin mutex D\^QR\M-@\M-TR\M-@ \M^UV\M-@\^D @
/usr/src/sys/kern/kern_descrip.c:485
cpuid = 1; lapic.id = 02000000
panic: from debugger
cpuid = 1; lapic.id = 02000000
boot() called on cpu#1
Uptime: 2m28s
pfs_vncache_unload(): 3 entries remaining
Dumping 1023 MB
16 32 48 64 80 96 112 128 144 160 176 192 208 224 240 256 272 288 304
320 336 352 368 384 400 416 432 448 464 480 496 512 528 544 560 576 592
608 624 640 656 672 688 704 720 736 752 768 784 800 816 832 848 864 880
896 912 928 944 960 976 992 1008
---
#0 doadump () at /usr/src/sys/kern/kern_shutdown.c:233
233 dumpsys(&dumper);
(kgdb) bt
#0 doadump () at /usr/src/sys/kern/kern_shutdown.c:233
#1 0xc02c737e in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:364
#2 0xc02c7977 in panic (fmt=0xc0466524 "from debugger")
at /usr/src/sys/kern/kern_shutdown.c:517
#3 0xc01533d2 in db_panic () at /usr/src/sys/ddb/db_command.c:450
#4 0xc015320c in db_command (last_cmdp=0xc04d78a0, cmd_table=0x0,
aux_cmd_tablep=0xc04cede0, aux_cmd_tablep_end=0xc04cede4)
at /usr/src/sys/ddb/db_command.c:346
#5 0xc015344a in db_command_loop () at /usr/src/sys/ddb/db_command.c:472
#6 0xc01560e5 in db_trap (type=3, code=0) at /usr/src/sys/ddb/db_trap.c:72
#7 0xc0426547 in kdb_trap (type=3, code=0, regs=0xe0b40be8)
at /usr/src/sys/i386/i386/db_interface.c:166
#8 0xc043e63d in trap (frame=
{tf_fs = 24, tf_es = -1068957680, tf_ds = 16, tf_edi =
-972412288, tf_esi = 256, tf_ebp = -525071308, tf_isp = -525071340,
tf_ebx = 0, tf_edx = 0, tf_ecx = 0, tf_eax = 18, tf_trapno = 3, tf_err =
0, tf_eip = -1069389686, tf_cs = 8, tf_eflags = 642, tf_esp =
-1068771002, tf_ss = -1068921887})
at /usr/src/sys/i386/i386/trap.c:603
#9 0xc0427d18 in calltrap () at {standard input}:99
#10 0xc02c795f in panic (fmt=0x0) at /usr/src/sys/kern/kern_shutdown.c:503
#11 0xc02bda97 in _mtx_lock_flags (m=0xc0521154, opts=0,
file=0xc0495d47 "/usr/src/sys/kern/kern_descrip.c", line=485)
at /usr/src/sys/kern/kern_mutex.c:325
#12 0xc02a93e6 in do_dup (td=0xc60a2a80, type=DUP_FIXED, old=-1, new=4,
retval=0xc60a2b18) at /usr/src/sys/kern/kern_descrip.c:485
#13 0xc02a8643 in dup2 (td=0x0, uap=0x0)
at /usr/src/sys/kern/kern_descrip.c:174
#14 0xc043f2c6 in syscall (frame=
{tf_fs = 47, tf_es = 47, tf_ds = -1078001617, tf_edi = 4, tf_esi
= 135641600, tf_ebp = -1078050424, tf_isp = -525070988, tf_ebx = -1,
tf_edx = -1078051696, tf_ecx = 135671808, tf_eax = 90, tf_trapno = 12,
tf_err = 2, tf_eip = 134843455, tf_cs = 31, tf_eflags = 646, tf_esp =
-1078051652, tf_ss = 47})
at /usr/src/sys/i386/i386/trap.c:1033
#15 0xc0427d6d in Xint0x80_syscall () at {standard input}:141
---Can't read userspace from dump, or kernel process---
(kgdb) up 12
(kgdb) list
480 *retval = new;
481 FILEDESC_UNLOCK(fdp);
482 return (0);
483 }
484 fp = fdp->fd_ofiles[old];
485 fhold(fp);
486
487 /*
488 * Expand the table for the new descriptor if needed. This may
489 * block and drop and reacquire the filedesc lock.
The console log has some additional messages anout mutexes, interrupts,
before it spirals down an endless loop of "xlock already held" messages:
panic: mtx_lock() of spin mutex D^QR@TR@ ^UV@^D @
/usr/src/sys/kern/kern_descrip.c:485
cpuid = 1; lapic.id = 02000000
Debugger("panic")
Stopped at Debugger+0x5a: xchgl %ebx,in_Debugger.0
db> trace
Debugger(c0498be1,2000000,c0497e25,e0b40c70,1) at Debugger+0x5a
panic(c0497e25,c0520f94,c0495d47,1e5,e0b40cb4) at panic+0x12f
_mtx_lock_flags(c0521154,0,c0495d47,1e5,c7078500) at _mtx_lock_flags+0xa7
do_dup(c60a2a80,1,ffffffff,4,c60a2b18) at do_dup+0xe6
dup2(c60a2a80,e0b40d10,c04bff99,407,c65db418) at dup2+0x33
syscall(2f,2f,bfbf002f,4,815ba00) at syscall+0x3c6
Xint0x80_syscall() at Xint0x80_syscall+0x1d
--- syscall (90, FreeBSD ELF32, dup2), eip = 0x8098c3f, esp =
0xbfbe3cbc, ebp = 0xbfbe4188 ---
db> panic
panic: from debugger
cpuid = 1; lapic.id = 02000000
boot() called on cpu#1
Uptime: 2m28s
pfs_vncache_unload(): 3 entries remaining
Dumping 1023 MB
16 32 48 64 80 96 112 128 144 160 176 192 208 224 240 256 272 288 304
320 336 352 368 384 400 416 432 448 464 480 496 512 528 544 560 576 592
608 624 640 656 672 688 704 720 736 752 768 784 800 816 832 848 864 880
896 912 928 944 960 976 992 1008
Dump complete
Terminate ACPI
panic: absolutely cannot call smp_ipi_shootdown with interrupts already
disabled
cpuid = 1; lapic.id = 02000000
boot() called on cpu#1
Uptime: 2m28s
mpt0: soft reset failed: device not running
mpt1: soft reset failed: device not running
pfs_vncache_unload(): 3 entries remaining
panic: witness_destroy: lock (sleep mutex) pseudofs_vncache is not
initialized
cpuid = 1; lapic.id = 02000000
boot() called on cpu#1
Uptime: 2m28s
panic: _sx_xlock (shutdown_post_sync): xlock already held @
/usr/src/sys/kern/kern_shutdown.c:360
cpuid = 1; lapic.id = 02000000
boot() called on cpu#1
Uptime: 2m28s
panic: _sx_xlock (shutdown_post_sync): xlock already held @
/usr/src/sys/kern/kern_shutdown.c:360
cpuid = 1; lapic.id = 02000000
boot() called on cpu#1
Uptime: 2m28s
panic: _sx_xlock (shutdown_post_sync): xlock already held @
/usr/src/sys/kern/kern_shutdown.c:360
cpuid = 1; lapic.id = 02000000
boot() called on cpu#1
Uptime: 2m28s
Lars
--
Lars Eggert <larse@isi.edu> USC Information Sciences Institute
[-- Attachment #2 --]
0 *H
01
0 +�0 *H
�� 080fErtcvE.0
*H
�01
0 UZA10U
Western Cape10U Cape Town10U
Thawte Consulting1(0&U
Certification Services Division1$0"UThawte Personal Freemail CA1+0) *H
personal-freemail@thawte.com0
000830000000Z
040827235959Z01
0 UZA10U
Western Cape10U Cape Town10
U
Thawte1
0U
Certificate Services1(0&U Personal Freemail RSA 2000.8.3000
*H
��0�32c %E>nx'gڈD)c5*mp<ܮto034qmOe
KaU5u'rװ
|CBPQ<9TIf�- ki�N0L0)U
"0
0
10UPrivateLabel1-2970U
0�0
U
0
*H
��1KG]qSl]y=&b""I'{9$
*8PUl
LGl
X1B li+@]jy.%݊
Z<D&iHΥbb090%A0
*H
�01
0 UZA10U
Western Cape10U Cape Town10
U
Thawte1
0U
Certificate Services1(0&U Personal Freemail RSA 2000.8.300
020824185339Z
030824185339Z0T10
UEggert1
0
U*Lars10U
Lars Eggert1
0 *H
larse@isi.edu0"0
*H
��0
�6Fxΰ7a
ED&0+Dj)ֽXCUcnleijmz~S0J
�jWV~ 1^({IݛLjӖ
ao:bP}WLVܱ욗cD
ɖ_Kv.A(W4
9;Z8-uXE
6b
@_0%#d`
Rto5 L0R`w@7
r Hcc U 3%7 N_o�V0T0*+e!0 �00L2uMyffBNUbNJJcdZ2s0U
0
larse@isi.edu0
U
0�0
*H
��]Ȕ,fK<
cj
RZeLa
n@Z6,=
fK?yO#8+
Ni*LSfpQg
<(aӒ$kTx_AL1>ގ|S090%A0
*H
�01
0 UZA10U
Western Cape10U Cape Town10
U
Thawte1
0U
Certificate Services1(0&U Personal Freemail RSA 2000.8.300
020824185339Z
030824185339Z0T10
UEggert1
0
U*Lars10U
Lars Eggert1
0 *H
larse@isi.edu0"0
*H
��0
�6Fxΰ7a
ED&0+Dj)ֽXCUcnleijmz~S0J
�jWV~ 1^({IݛLjӖ
ao:bP}WLVܱ욗cD
ɖ_Kv.A(W4
9;Z8-uXE
6b
@_0%#d`
Rto5 L0R`w@7
r Hcc U 3%7 N_o�V0T0*+e!0 �00L2uMyffBNUbNJJcdZ2s0U
0
larse@isi.edu0
U
0�0
*H
��]Ȕ,fK<
cj
RZeLa
n@Z6,=
fK?yO#8+
Ni*LSfpQg
<(aӒ$kTx_AL1>ގ|S10001
0 UZA10U
Western Cape10U Cape Town10
U
Thawte1
0U
Certificate Services1(0&U Personal Freemail RSA 2000.8.30%A0 +�0 *H
1
*H
0
*H
1
021126203714Z0# *H
1UT6#"ϜYxs̸P0R *H
1E0C0
*H
0*H
�0
*H
@0+0
*H
(0 +71001
0 UZA10U
Western Cape10U Cape Town10
U
Thawte1
0U
Certificate Services1(0&U Personal Freemail RSA 2000.8.30%A0
*H
101
0 UZA10U
Western Cape10U Cape Town10
U
Thawte1
0U
Certificate Services1(0&U Personal Freemail RSA 2000.8.30%A0
*H
��JI
k70�J
KMqFgO!;qe_${Ɉ|q&z13x+1'ὑj귏IShrCz:F!}YCv+5jY0
o~^ Pv
֡ۗy
V<�:dK,,i3Z!-1gqSPxy_Z.0ߕu(=O=P/$O1ˉ"yo[������
help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3DE3DB7A.3050505>