RELENG_5 panic: mtx_lock() with ACPI

Thu Sep 23 18:34:58 PDT 2004

On Wednesday 22 September 2004 03:18 pm, John Baldwin wrote:
> On Tuesday 21 September 2004 06:14 pm, Anish Mistry wrote:
> > On Tuesday 21 September 2004 03:26 pm, you wrote:
> > > On Tuesday 21 September 2004 03:05 pm, Anish Mistry wrote:
> > > > On Monday 20 September 2004 04:00 pm, you wrote:
> > > > > Anish Mistry wrote:
> > > > > > On Monday 20 September 2004 03:35 pm, you wrote:
> > > > > >>Anish Mistry wrote:
> > > > > >>>On Monday 20 September 2004 03:01 pm, Anish Mistry wrote:
> > > > > >>>>I'm getting the following panic on boot only with ACPI enabled.
> > > > > >>>>On a verbose boot right after: start_init: trying /sbin/init
> > > > > >>>>panic: mtx_lock() of spin mutex(null) @
> > > > > >>>> /usr/src/sys/tty/tty.c:2809 Can't seem to get a dump even if
> > > > > >>>> dumpdev is set at the loader prompt.
> > > > > >>>>
> > > > > >>>>Verbose boot without ACPI enabled and ASL attached.
> > > > > >>>
> > > > > >>>Attachments got stripped.
> > > > > >>>http://am-productions.biz/debug/BIGGUY-dmesg.txt.gz
> > > > > >>>http://am-productions.biz/debug/bigguy.asl.gz
> > > > > >>
> > > > > >>Can you send a backtrace ("tr" from ddb)?
> > > > > >
> > > > > > It doesn't break to the ddb prompt.
> > > > >
> > > > > Can you enable options DDB?  If ddb is enabled, all panics should
> > > > > break to the debugger.
> > > >
> > > > Ok, I removed WITNESS and INVARIANTS from my kernel config, and now
> > > > it's dropping to a db> prompt.
> > >
> > > You want to keep INVARIANTS as it find problems sooner and in easier to
> > > debug locations.  Can you turn INVARIANTS back on at least and then get
> > > a trace?
> > >
> > > > BTW, is there a way to set the dump device at the loader that works.
> > >
> > > Not that I'm aware of.
> >
> > With INVARIANTS enabled:
> > panic: mtx_lock() of spin mutex(null) @ /usr/src/sys/tty/tty.c:2809
> > KDB: enter: panic
> > [thread 100063]
> > Stopped at kdb_enter+0x2c: leave
> > kdb_enter(c06288da,100,af9,c062c3f3,0) at kdb_enter+0x2c
> > _mtx_lock_flags(c0680f80,0,c062c3f4,af9,d0c3bb60) at _mtx_lock_flags+0x82
> > sysctl_kern_ttys(c065a160,0,0,d0c3bc04,c065a160) at sysctl_kern_ttys+0x22
> > sysctl_root(2,d0c3bc04,c13f04b0,1,0) at sysctl_root+0x83
> > userland_sysctl(c13f04b0,d0c3bc80,2,0,bfbfe4ac,0,0,0,d0c3bc7c,c067bdc0,0,
> >c0 62929c,4e7) at userland_sysctl+0xd8
> > __sysctl(c13f04b0,d0c3db14,6,0,292) at __sysctl+0x78
> > syscall(2f,2f,2f,2,bfbfe4ac) at syscall+0x127
> > Xint0x80_syscall() at Xint0x80_syscall+0x1f
> > -- syscall (202, FreeBSD ELF32, __sysctl), eip=0x280cb7c3,
> > esp=0xbfbfe41c, ebp+0xbfbfe458
>
> Looks like the ttys_list_mutex is busted.  Hmm:
>
> struct tty *
> ttymalloc(struct tty *tp)
> {
>         static int once;
>
>         if (!once) {
>                 mtx_init(&tty_list_mutex, "ttylist", NULL, MTX_DEF);
>                 once++;
>         }
>
> This code is not MP safe as multiple processors could attempt to call
> mtx_init() twice.  The mutex should probably be initialized via MTX_SYSINIT
> instead.  An alternative fix might be to change the code to work like this:
>
>  if (once != 2) {
>   if (atomic_cmpset_int(&once, 0, 1)) {
>    mtx_init(...);
>    atomic_store_rel_int(&once, 2);
>   } else while (once != 2)
>    cpu_spinwait();
>  }
>
> To ensure that 1) only one CPU can do the mtx_init() at a time and 2) that
> if any other CPU enters the function while another CPU is doing the
> mtx_init() it will wait until the mutex is initialized before proceeding.
Any futher progress on this that I could test out?

-- 
Anish Mistry
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-acpi/attachments/20040923/0e6a8142/attachment.bin