Subject: kern/20257: i386 MP locking bug related ty SIGINFO / tty handling
To: None <gnats-bugs@gnats.netbsd.org>
From: None <he@netbsd.org>
List: netbsd-bugs
Date: 02/09/2003 02:30:43
>Number: 20257
>Category: kern
>Synopsis: i386 MP locking bug related to SIGINFO / tty handling
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: kern-bug-people
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Sat Feb 08 17:31:00 PST 2003
>Closed-Date:
>Last-Modified:
>Originator: Havard Eidnes
>Release: NetBSD 1.6N Feb 6 06:54 2003 UTC
>Organization:
Unorganized, Inc.
>Environment:
System: NetBSD splitter-pine.urc.uninett.no 1.6N NetBSD 1.6N (GENERIC.MPDEBUG) #11: Thu Feb 6 08:46:26 CET 2003 he@splitter-pine.urc.uninett.no:/sys/arch/i386/compile/GENERIC.MPDEBUG i386
Architecture: i386
Machine: i386
>Description:
Pressing ^T to e.g. cat triggers a panic with "locking
against myself", as shown here:
timeout delayed -12
timeout delayed -1
simple_lock_try: locking against myself
lock: 0xe420f488, currently at: ../../../../kern/tty.c:2341
on cpu 3
last locked: ../../../../kern/tty.c:656
last unlocked: ../../../../kern/tty_pty.c:743
tputchar(6c,e420f480,c030c214,c06fd888,52) at tputchar+0x49
putchar(6c,2,e420f480,c06fd888,52) at putchar+0x5a
kprintf(c057a5e6,2,e420f480,0,e5b52c30) at kprintf+0x97
ttyprintf(e420f480,c057a5e6,3,52,e420f488) at ttyprintf+0x1c
ttyinfo(e420f480,0,33d,c21a14cc,e420f488) at ttyinfo+0x64
ttyinput_wlock(14,e420f480,290,c030b2ff,0) at ttyinput_wlock+0x668
ttyinput(14,e420f480,2e7,0,e5839710) at ttyinput+0x39
ptcwrite(602,e5b52ed0,11,1,e5692550) at ptcwrite+0x257
spec_write(e5b52e3c,e5692550,e5692550,c057dac0,e5692550) at spec_write+0xc5
ufsspec_write(e5b52e3c,30002,2f9,e5839710,1) at ufsspec_write+0x33
VOP_WRITE(e5692550,e5b52ed0,11,c2135d80,e5b52f80) at VOP_WRITE+0x3b
vn_write(e5a54000,e5a54028,e5b52ed0,c2135d80,1) at vn_write+0x9f
dofilewrite(e5839710,4,e5a54000,80a6310,1) at dofilewrite+0x9b
sys_write(e581a484,e5b52f80,e5b52f78,c03bfa6b,e581a484) at sys_write+0x6b
syscall_plain(1f,1f,1f,1f,4) at syscall_plain+0xc0
Stopped in pid 15146.1 (xterm) at cpu_Debugger+0x4: leave
akkar% console splitter-pine
connected
(use (CR)~? for minimal help; also (CR)~q? and (CR)~s?)
[authorized]
[he@/dev/ttyp2 connected]
db{3}> trace
cpu_Debugger(e420f488,e420f480,0,c21ca000,0) at cpu_Debugger+0x4
_simple_lock_try(e420f488,c057a56a,925,c072bf40,e420f480) at _simple_lock_try+0x
114
tputchar(6c,e420f480,c030c214,c06fd888,52) at tputchar+0x49
putchar(6c,2,e420f480,c06fd888,52) at putchar+0x5a
kprintf(c057a5e6,2,e420f480,0,e5b52c30) at kprintf+0x97
ttyprintf(e420f480,c057a5e6,3,52,e420f488) at ttyprintf+0x1c
ttyinfo(e420f480,0,33d,c21a14cc,e420f488) at ttyinfo+0x64
ttyinput_wlock(14,e420f480,290,c030b2ff,0) at ttyinput_wlock+0x668
ttyinput(14,e420f480,2e7,0,e5839710) at ttyinput+0x39
ptcwrite(602,e5b52ed0,11,1,e5692550) at ptcwrite+0x257
spec_write(e5b52e3c,e5692550,e5692550,c057dac0,e5692550) at spec_write+0xc5
ufsspec_write(e5b52e3c,30002,2f9,e5839710,1) at ufsspec_write+0x33
VOP_WRITE(e5692550,e5b52ed0,11,c2135d80,e5b52f80) at VOP_WRITE+0x3b
vn_write(e5a54000,e5a54028,e5b52ed0,c2135d80,1) at vn_write+0x9f
dofilewrite(e5839710,4,e5a54000,80a6310,1) at dofilewrite+0x9b
sys_write(e581a484,e5b52f80,e5b52f78,c03bfa6b,e581a484) at sys_write+0x6b
syscall_plain(1f,1f,1f,1f,4) at syscall_plain+0xc0
db{3}> show reg
ds 0x10
es 0x10
fs 0x30
gs 0x10
edi 0x925
esi 0x3
ebp 0xe5b52ae0
ebx 0xe420f488
edx 0xe5b52a0c
ecx 0xc0746878 end+0x34
eax 0xbfbff2f0
eip 0xc03acde0 cpu_Debugger+0x4
cs 0x8
eflags 0x202
esp 0xe5b52ae0
ss 0x10
cpu_Debugger+0x4: leave
db{3}> machine cpu 0
using cpu 0
db{3}> show reg
ds 0x10
es 0x10
fs 0x30
gs 0x10
edi 0xd
esi 0
ebp 0xe4a7bd50
ebx 0xc0728c20 kernel_lock
edx 0xc1f56000 end+0x180f7bc
ecx 0
eax 0x400400 gdt_desc+0x3fe2d4
eip 0xc030b6c0 _spinlock_acquire_count+0x164
cs 0x8
eflags 0x202
esp 0xe4a7bd28
ss 0x10
_spinlock_acquire_count+0x164: testl %esi,%esi
db{3}> trace
_spinlock_acquire_count(c0728c20,1,c0576ba9,3be,e4a2d500) at _spinlock_acquire_c
ount+0x164
mi_switch(e4a2d500,0,1a8,c0329837,e4a2d500) at mi_switch+0x2c4
ltsleep(c072ab48,118,c0579ac0,0,0) at ltsleep+0x3bb
sys_poll(e4a2d500,e4a7bf80,e4a7bf78,c03bfa6b,e4a2d500) at sys_poll+0x280
syscall_plain(806001f,1f,4811001f,bfbf001f,bfbffc53) at syscall_plain+0xc0
db{3}> machine cpu 1
using cpu 1
db{3}> show reg
ds 0x10
es 0x10
fs 0x30
gs 0x10
edi 0xe581a384
esi 0
ebp 0xe5845f00
ebx 0xc0728c20 kernel_lock
edx 0xc1f59800 end+0x1812fbc
ecx 0
eax 0x400400 gdt_desc+0x3fe2d4
eip 0xc030a71b _lockmgr+0xa3f
cs 0x8
eflags 0x202
esp 0xe5845eb8
ss 0x10
_lockmgr+0xa3f: jnz _lockmgr+0xadc
db{3}> trace
_lockmgr(c0728c20,400002,0,c0573f2c,533) at _lockmgr+0xa3f
_kernel_proc_lock(e581a384,e5845f80,c,19e8c,0) at _kernel_proc_lock+0x56
syscall_plain(10001f,3001f,3001f,bfbf001f,10) at syscall_plain+0xaf
db{3}> machine cpu 2
using cpu 2
db{3}> show reg
ds 0x10
es 0x10
fs 0x30
gs 0x10
edi 0xe581a784
esi 0
ebp 0xe58bbf00
ebx 0xc0728c20 kernel_lock
edx 0xc1f59000 end+0x18127bc
ecx 0
eax 0x400400 gdt_desc+0x3fe2d4
eip 0xc030a7b8 _lockmgr+0xadc
cs 0x8
eflags 0x206
esp 0xe58bbeb8
ss 0x10
_lockmgr+0xadc: movl 0x1c(%ebx),%eax
db{3}> trace
_lockmgr(c0728c20,400002,0,c0573f2c,533) at _lockmgr+0xadc
_kernel_proc_lock(e581a784,e58bbf80,14,c03c0395,0) at _kernel_proc_lock+0x56
syscall_plain(2b,bfbf002b,2b,bfbf002b,bfbff2e8) at syscall_plain+0xaf
db{3}> call cpu_reset
>How-To-Repeat:
Run GENERIC.MPDEBUG kernel on an i386 MP system, type
^T at cat. Watch kernel panic.
>Fix:
Sorry, don't know.
>Release-Note:
>Audit-Trail:
>Unformatted: