John Baldwin wrote:
Still see this issue on today's -current. It's easily reproducible with a simple "cd ~sunhee" in a tcsh, where ~sunhee is on NFS:On 18-Oct-2002 Lars Eggert wrote:>John Baldwin wrote: > >>What is line 488 of src/sys/kern/kern_descrip.c? > >fhold(fp) in do_dup().
panic: mtx_lock() of spin mutex D\^QR\M-@\M-TR\M-@ \M^UV\M-@\^D @ /usr/src/sys/kern/kern_descrip.c:485
cpuid = 1; lapic.id = 02000000
panic: from debugger
cpuid = 1; lapic.id = 02000000
boot() called on cpu#1
Uptime: 2m28s
pfs_vncache_unload(): 3 entries remaining
Dumping 1023 MB
16 32 48 64 80 96 112 128 144 160 176 192 208 224 240 256 272 288 304 320 336 352 368 384 400 416 432 448 464 480 496 512 528 544 560 576 592 608 624 640 656 672 688 704 720 736 752 768 784 800 816 832 848 864 880 896 912 928 944 960 976 992 1008
---
#0 doadump () at /usr/src/sys/kern/kern_shutdown.c:233
233 dumpsys(&dumper);
(kgdb) bt
#0 doadump () at /usr/src/sys/kern/kern_shutdown.c:233
#1 0xc02c737e in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:364
#2 0xc02c7977 in panic (fmt=0xc0466524 "from debugger")
at /usr/src/sys/kern/kern_shutdown.c:517
#3 0xc01533d2 in db_panic () at /usr/src/sys/ddb/db_command.c:450
#4 0xc015320c in db_command (last_cmdp=0xc04d78a0, cmd_table=0x0,
aux_cmd_tablep=0xc04cede0, aux_cmd_tablep_end=0xc04cede4)
at /usr/src/sys/ddb/db_command.c:346
#5 0xc015344a in db_command_loop () at /usr/src/sys/ddb/db_command.c:472
#6 0xc01560e5 in db_trap (type=3, code=0) at /usr/src/sys/ddb/db_trap.c:72
#7 0xc0426547 in kdb_trap (type=3, code=0, regs=0xe0b40be8)
at /usr/src/sys/i386/i386/db_interface.c:166
#8 0xc043e63d in trap (frame=
{tf_fs = 24, tf_es = -1068957680, tf_ds = 16, tf_edi = -972412288, tf_esi = 256, tf_ebp = -525071308, tf_isp = -525071340, tf_ebx = 0, tf_edx = 0, tf_ecx = 0, tf_eax = 18, tf_trapno = 3, tf_err = 0, tf_eip = -1069389686, tf_cs = 8, tf_eflags = 642, tf_esp = -1068771002, tf_ss = -1068921887})
at /usr/src/sys/i386/i386/trap.c:603
#9 0xc0427d18 in calltrap () at {standard input}:99
#10 0xc02c795f in panic (fmt=0x0) at /usr/src/sys/kern/kern_shutdown.c:503
#11 0xc02bda97 in _mtx_lock_flags (m=0xc0521154, opts=0,
file=0xc0495d47 "/usr/src/sys/kern/kern_descrip.c", line=485)
at /usr/src/sys/kern/kern_mutex.c:325
#12 0xc02a93e6 in do_dup (td=0xc60a2a80, type=DUP_FIXED, old=-1, new=4,
retval=0xc60a2b18) at /usr/src/sys/kern/kern_descrip.c:485
#13 0xc02a8643 in dup2 (td=0x0, uap=0x0)
at /usr/src/sys/kern/kern_descrip.c:174
#14 0xc043f2c6 in syscall (frame=
{tf_fs = 47, tf_es = 47, tf_ds = -1078001617, tf_edi = 4, tf_esi = 135641600, tf_ebp = -1078050424, tf_isp = -525070988, tf_ebx = -1, tf_edx = -1078051696, tf_ecx = 135671808, tf_eax = 90, tf_trapno = 12, tf_err = 2, tf_eip = 134843455, tf_cs = 31, tf_eflags = 646, tf_esp = -1078051652, tf_ss = 47})
at /usr/src/sys/i386/i386/trap.c:1033
#15 0xc0427d6d in Xint0x80_syscall () at {standard input}:141
---Can't read userspace from dump, or kernel process---
(kgdb) up 12
(kgdb) list
480 *retval = new;
481 FILEDESC_UNLOCK(fdp);
482 return (0);
483 }
484 fp = fdp->fd_ofiles[old];
485 fhold(fp);
486
487 /*
488 * Expand the table for the new descriptor if needed. This may
489 * block and drop and reacquire the filedesc lock.
The console log has some additional messages anout mutexes, interrupts, before it spirals down an endless loop of "xlock already held" messages:
panic: mtx_lock() of spin mutex D^QR@TR@ ^UV@^D @ /usr/src/sys/kern/kern_descrip.c:485
cpuid = 1; lapic.id = 02000000
Debugger("panic")
Stopped at Debugger+0x5a: xchgl %ebx,in_Debugger.0
db> trace
Debugger(c0498be1,2000000,c0497e25,e0b40c70,1) at Debugger+0x5a
panic(c0497e25,c0520f94,c0495d47,1e5,e0b40cb4) at panic+0x12f
_mtx_lock_flags(c0521154,0,c0495d47,1e5,c7078500) at _mtx_lock_flags+0xa7
do_dup(c60a2a80,1,ffffffff,4,c60a2b18) at do_dup+0xe6
dup2(c60a2a80,e0b40d10,c04bff99,407,c65db418) at dup2+0x33
syscall(2f,2f,bfbf002f,4,815ba00) at syscall+0x3c6
Xint0x80_syscall() at Xint0x80_syscall+0x1d
--- syscall (90, FreeBSD ELF32, dup2), eip = 0x8098c3f, esp = 0xbfbe3cbc, ebp = 0xbfbe4188 ---
db> panic
panic: from debugger
cpuid = 1; lapic.id = 02000000
boot() called on cpu#1
Uptime: 2m28s
pfs_vncache_unload(): 3 entries remaining
Dumping 1023 MB
16 32 48 64 80 96 112 128 144 160 176 192 208 224 240 256 272 288 304 320 336 352 368 384 400 416 432 448 464 480 496 512 528 544 560 576 592 608 624 640 656 672 688 704 720 736 752 768 784 800 816 832 848 864 880 896 912 928 944 960 976 992 1008
Dump complete
Terminate ACPI
panic: absolutely cannot call smp_ipi_shootdown with interrupts already disabled
cpuid = 1; lapic.id = 02000000
boot() called on cpu#1
Uptime: 2m28s
mpt0: soft reset failed: device not running
mpt1: soft reset failed: device not running
pfs_vncache_unload(): 3 entries remaining
panic: witness_destroy: lock (sleep mutex) pseudofs_vncache is not initialized
cpuid = 1; lapic.id = 02000000
boot() called on cpu#1
Uptime: 2m28s
panic: _sx_xlock (shutdown_post_sync): xlock already held @ /usr/src/sys/kern/kern_shutdown.c:360
cpuid = 1; lapic.id = 02000000
boot() called on cpu#1
Uptime: 2m28s
panic: _sx_xlock (shutdown_post_sync): xlock already held @ /usr/src/sys/kern/kern_shutdown.c:360
cpuid = 1; lapic.id = 02000000
boot() called on cpu#1
Uptime: 2m28s
panic: _sx_xlock (shutdown_post_sync): xlock already held @ /usr/src/sys/kern/kern_shutdown.c:360
cpuid = 1; lapic.id = 02000000
boot() called on cpu#1
Uptime: 2m28s
Lars
--
Lars Eggert <[EMAIL PROTECTED]> USC Information Sciences Institute
smime.p7s
Description: S/MIME Cryptographic Signature
