From owner-freebsd-current@FreeBSD.ORG Sat Nov 29 13:08:12 2003 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 754F816A4CE for ; Sat, 29 Nov 2003 13:08:12 -0800 (PST) Received: from pandora.afflictions.org (asylum.afflictions.org [64.7.134.90]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8E16D43FCB for ; Sat, 29 Nov 2003 13:08:10 -0800 (PST) (envelope-from dgerow@afflictions.org) Received: from dementia.afflictions.org (dementia [172.16.0.56]) by pandora.afflictions.org (Postfix) with ESMTP id 91BD75E950 for ; Sat, 29 Nov 2003 16:25:03 -0500 (EST) Received: by dementia.afflictions.org (Postfix, from userid 1001) id 4FB0B6D447; Sat, 29 Nov 2003 16:07:45 -0500 (EST) Date: Sat, 29 Nov 2003 16:07:44 -0500 From: Damian Gerow To: current@freebsd.org Message-ID: <20031129210742.GA3234@afflictions.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline X-Operating-System: FreeBSD 5.2-BETA on a i386 X-GPG-Fingerprint: B3D7 D901 A53A 1A99 BFD6 E6DF 9F3B 742B C288 9CC9 User-Agent: Mutt/1.5.5.1i Subject: Fatal double fault with 20031116-JPSNAP X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 29 Nov 2003 21:08:12 -0000 A couple days ago, I downloaded 20031116-JPSNAP to install on a new system -- this box had been running 5.1-R without issues for some time, but wasn't doing anything particular, and I had mucked up the 5.1 -> 5.2 upgrade (statfs stuff). Whenever I boot the system into multi-user mode, I see a *lot* of this: checking stopevent 2 with the following non-sleepable locks held: exclusive sleep mutex sigacts r = 0 (0xc48f9aa8) locked @ /usr/src/sys/kern/kern_synch.c:293 checking stopevent 2 with the following non-sleepable locks held: exclusive sleep mutex sigacts r = 0 (0xc48f9aa8) locked @ /usr/src/sys/kern/subr_trap.c:260 checking stopevent 2 with the following non-sleepable locks held: exclusive sleep mutex sigacts r = 0 (0xc48f9aa8) locked @ /usr/src/sys/kern/subr_trap.c:260 over and over and over -- it makes the console essentially unusable. Thinking an update might fix it, I booted into single user mode, cvsup'ed, and started building. However, six buildworlds later, it appears that I'm constantly getting a fatal double fault, but in differing places. This looks like the turnstile double-panic outlined in 5.2R-TODO -- I hope this is enough information. Anyhow, here's what I see (I don't know how to use the debugger, so I've just guessed at commands): panic: Duplicate free of item 0xc1cda71c from zone 0xc103b780(PV ENTRY) cpuid = 0; Debugger("panic") Stopped at Debugger+0x55: xchgl %ebx,in_Debugger.0 db> trace Debugger(c0895cb8,0,c08ae388,d8a48c04,100) at Debugger+0x55 panic(c08ae388,c1cc72bc,c103b780,c08b3233,6d0) at panic+0x156 uma_dbg_free(c103b780,0,c1cc72bc,6d0,0) at uma_dbg_free+0x111 uma_zfree_arg(c103b780,c1cc72bc,0,a2f,c0893811) at uma_zfree_arg+0x123 pmap_remove_pages(c1d0d364,0,bfc00000,11a,c0893811) at pmap_remove_pages+0x209 exit1(c4796c80,0,c0893811,65,d8a48d40) at exit1+0x68c sys_exit(c4796c80,d8a48d10,c08b38d0,3ee,1) at sys_exit+0x41 syscall(2f,2f,2f,bfbfece0,0) at syscall+0x2e0 Xint0x80_syscall() at Xint0x80_syscall+0x1d --- syscall (1, FreeBSD ELF32, sys_exit), eip = 0x806427b, esp = 0xbfbfec9c, ebp = 0xbfbfecb8 --- db> match After 6 instructions (0 loads, 0 stores), Stopped at Debugger+0x66: ret db> match syncing disks, buffers remaining... panic: sleeping thread (pid 14015) owns a non-sleepable lock cpuid = 0; Debugger("panic") Uptime: 18m4s panic: Assertion td->td_turnstile != NULL failed at /usr/src/sys/kern/subr_turnstile.c:437 [the above four lines, thirteen times] Fatal double fault: eip = 0xc08118c0 esp = 0xd77ba000 ebp = 0xd77ba020 cpuid = 0; apic id = 00 panic: double fault cpuid = 0; Debugger("panic") Fatal trap 3: breakpoint instruction fault while in kernel mode cpuid = 0; apic id = 00 instruction pointer = 0x8:0xc0811a85 stack pointer = 0x10:0xc09bb2dc frame pointer = 0x10:0xc09bb2e8 code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, def32 1, gran 1 processor eflags = nested task, IOPL = 0 current process = 27 (swi8: tty:sio clock) And on the next buildworld, in a different place: panic: Duplicate free of item 0xc4bc221c from zone 0xc103b6c0(MAP ENTRY) cpuid = 0; Debugger("panic") Stopped at Debugger+0x55: xchgl %ebx,in_Debugger.0 db> trace Debugger(c0895cb8,0,c08ae388,d8a05b8c,100) at Debugger+0x55 panic(c08ae388,c4bc221c,c103b6c0,c08ac694,6d0) at panic+0x156 uma_dbg_free(c103b6c0,0,c4bc221c,6d0,0) at uma_dbg_free+0x111 uma_zfree_arg(c103b6c0,c4bc221c,0,d8a05c34,c07d9f6c) at uma_zfree_arg+0x123 vm_map_entry_dispose(c1d0d84c,c4bc221c,c08ac714,829,c08ac714) at vm_map_entry_dispose+0x3d vm_map_entry_delete(c1d0d84c,c4bc221c,c08ac714,884,c1d0d888) at vm_map_entry_delete+0x1ac vm_map_delete(c1d0d84c,0,bfc00000,c1d0d84c,c48b8900) at vm_map_delete+0x228 vm_map_remove(c1d0d84c,0,bfc00000,11d,c0893811) at vm_map_remove+0x58 exit1(c4704780,0,c0893811,65,d8a05d40) at exit1+0x6c6 sys_exit(c4704780,d8a05d10,c08b38d0,3ee,1) at sys_exit+0x41 syscall(2f,2f,2f,bfbfec40,0) at syscall+0x2e0 Xint0x80_syscall() at Xint0x80_syscall+0x1d --- syscall (1, FreeBSD ELF32, sys_exit), eip = 0x806427b, esp = 0xbfbfebfc, ebp = 0xbfbfec18 --- db> match After 6 instructions (0 loads, 0 stores), Stopped at Debugger+0x66: ret db> match Uptime: 35m13s panic: Assertion td->td_turnstile != NULL failed at /usr/src/sys/kern/subr_turnstile.c:437 cpuid = 0; Debugger("panic") [the above four lines thirteen times] Fatal double fault: eip = 0xc048a39f esp = 0xd89f8000 ebp = 0xd89f800c cpuid = 0; apic id = 00 panic: double fault cpuid = 0; Debugger("panic") Fatal trap 3: breakpoint instruction fault while in kernel mode cpuid = 0; apic id = 00 instruction pointer = 0x8:0xc0811a85 stack pointer = 0x10:0xc09bb2dc frame pointer = 0x10:0xc09bb2e8 code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, def32 1, gran 1 processor eflags = nested task, IOPL = 0 current process = 4 (g_down) The system is a C3 Nehemiah chip on a DFI CD70-SC (VIA Apollo Pro 266 chipset), and was working fine with 5.1-R. In trying to reproduce a third panic, buildworld is about 75% complete. Fingers crossed I'll be able to build into 5.2-BETA.