Bug #303
closed
spinlock crash
0%
Description
Received a panic today from -HEAD from sources dated August 16th.
kernel and core (.12) is being uploaded to leaf. Should take another 2
hours or so before the core uploads.
--Peter
- uname -a
DragonFly box.theshell.com 1.7.0-DEVELOPMENT DragonFly 1.7.0-DEVELOPMENT #0: Wed Aug 16 14:37:12 MST 2006 root@box.theshell.com:/usr/obj/usr/src/sys/BOX i386
panic: spin_lock: 0xef0e3bfc, indefinite wait!
mp_lock = 00000000; cpuid = 0; lapic.id = 00000000
boot() called on cpu#0
syncing disks... spin_lock: 0xef0e3bfc, indefinite wait!
5
done
Uptime: 7d20h49m34s
dumping to dev #da/0x20001, offset 378927
(kgdb) bt
#0 dumpsys () at thread.h:83
#1 0xc0193885 in boot (howto=256) at /usr/src/sys/kern/kern_shutdown.c:335
#2 0xc0193ed0 in panic (fmt=0xc0310550 "spin_lock: %p, indefinite wait!\n") at /usr/src/sys/kern/kern_shutdown.c:684
#3 0xc019f3bd in exponential_backoff (bo=0xeb6c5a78) at /usr/src/sys/kern/kern_spinlock.c:284
#4 0xc019f11e in spin_lock_wr_contested (mtx=0xef0e3bfc, value=-2147483648) at /usr/src/sys/kern/kern_spinlock.c:157
#5 0xc0180b48 in allfiles_scan_exclusive (callback=0xc01cd16c <unp_gc_checkrefs>, data=0xeb6c5ac4) at spinlock2.h:113
#6 0xc01cd0f6 in unp_gc () at /usr/src/sys/kern/uipc_usrreq.c:1191
#7 0xc01cc386 in unp_detach (unp=0xe959af00) at /usr/src/sys/kern/uipc_usrreq.c:581
#8 0xc01cbb8e in uipc_detach (so=0x0) at /usr/src/sys/kern/uipc_usrreq.c:186
#9 0xc01c43fd in netmsg_pru_detach (msg=0xeb6c5b60) at msgport2.h:106
#10 0xc01f6b63 in netmsg_sync_putport (port=0x0, lmsg=0xeb6c5b60) at /usr/src/sys/net/netisr.c:159
#11 0xc019cd72 in lwkt_domsg (port=0x0, msg=0xeb6c5b60) at msgport2.h:92
#12 0xc01c3dd4 in so_pru_detach (so=0xdaa0d800) at /usr/src/sys/kern/uipc_msg.c:213
#13 0xc01c4cc9 in soclose (so=0xdaa0d800, fflag=3) at /usr/src/sys/kern/uipc_socket.c:363
#14 0xc01b602e in soo_close (fp=0xc3e00540) at /usr/src/sys/kern/sys_socket.c:244
#15 0xc0180772 in fdrop (fp=0xc3e00540) at file2.h:120
#16 0xc0180640 in closef (fp=0xc3e00540, td=0x0) at /usr/src/sys/kern/kern_descrip.c:2078
#17 0xc017e66a in kern_close (fd=3) at /usr/src/sys/kern/kern_descrip.c:833
#18 0xc017e569 in sys_close (uap=0x0) at /usr/src/sys/kern/kern_descrip.c:788
#19 0xc02dc686 in syscall2 (frame=
{tf_fs = -1078001617, tf_es = 673579055, tf_ds = -1078001617, tf_edi = -1077948104, tf_esi = -1077948104, tf_ebp = -1077948744, tf_isp = -345219724, tf_ebx = -1077948776, tf_edx = 677416980, tf_ecx = 7, tf_eax = 6, tf_trapno = 22, tf_err = 2, tf_eip = 676924664, tf_cs = 31, tf_eflags = 662, tf_esp = -1077948804, tf_ss = 47})
at /usr/src/sys/i386/i386/trap.c:1399
#20 0xc02c655a in Xint0x80_syscall () at /usr/src/sys/i386/i386/exception.s:852
#21 0x0000001f in ?? ()
#22 0x0000002f in ?? ()
#23 0x00000000 in ?? ()
#24 0x00000000 in ?? ()
#25 0x00000000 in ?? ()
#26 0x00000000 in ?? ()
#27 0x4ba99000 in ?? ()
#28 0xff800000 in ?? ()
#29 0xe9629d00 in ?? ()
#30 0xeb6c5984 in ?? ()
#31 0xeb6c5954 in ?? ()
#32 0xd3676800 in ?? ()
#33 0xc019a9a4 in lwkt_switch () at /usr/src/sys/kern/lwkt_thread.c:740
Previous frame inner to this frame (corrupt stack?)
Updated by dillon about 18 years ago
:Received a panic today from -HEAD from sources dated August 16th.
:kernel and core (.12) is being uploaded to leaf. Should take another 2
:hours or so before the core uploads.
:
:--Peter
Got it. It looks like a self-deadlock during the scan. I think the
bug is in unp_mark(), it is returning early without unlocking the
spinlock.Try this patch.-MattIndex: kern/uipc_usrreq.c
===================================================================
RCS file: /cvs/src/sys/kern/uipc_usrreq.c,v
retrieving revision 1.27
diff u -r1.27 uipc_usrreq.c kern/uipc_usrreq.c 12 Aug 2006 00:26:20 -0000 1.27
--
+++ kern/uipc_usrreq.c 31 Aug 2006 00:18:27 -0000@ -1380,10 +1380,10 @
if (info->locked_fp != fp)
spin_lock_wr(&fp->f_spin);
- if (fp->f_flag & FMARK)
- return;
- +info->defer;
- fp->f_flag |= (FMARK|FDEFER);
if ((fp->f_flag & FMARK) == 0) {
+ +info->defer;
fp->f_flag |= (FMARK|FDEFER);
+ }
if (info->locked_fp != fp)
spin_unlock_wr(&fp->f_spin);
}