netbsd-bugs: kern/25738: panic: cpu0: stuck on lock@f3556074

Subject: kern/25738: panic: cpu0: stuck on lock@f3556074
To: None <gnats-bugs@gnats.NetBSD.org>
From: Manuel Bouyer <Manuel.Bouyer@lip6.fr>
List: netbsd-bugs
Date: 05/28/2004 17:37:43
>Number:         25738
>Category:       kern
>Synopsis:       panic: cpu0: stuck on lock@f3556074
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Fri May 28 15:38:00 UTC 2004
>Closed-Date:
>Last-Modified:
>Originator:     
>Release:        NetBSD 2.0_BETA, source from a few days ago
>Organization:
>Environment:
NetBSD 2.0_BETA (REGGAE.MP) #2: Fri May 28 14:51:22 CEST 2004
        bouyer@pop.lip6.fr:/local/pop1/bouyer/tmp/sparc/obj/local/pop1/bouyer/netbsd-2-0/src/sys/arch/sparc/compile/REGGAE.MP
total memory = 97520 KB
avail memory = 92616 KB
bootpath: /iommu@f,e0000000/sbus@f,e0001000/espdma@f,400000/esp@f,800000/sd@3,0
mainbus0 (root): SUNW,Axil-311 : hostid 7297169c
cpu0 at mainbus0: mid 8: TMS390Z50 v0 or TMS390Z55 @ 50 MHz, on-chip FPU
cpu0: physical 20K instruction (64 b/l), 16K data (32 b/l), 1024K external (32 b/l): cache enabled
cpu1 at mainbus0: mid 10: TMS390Z50 v0 or TMS390Z55 @ 50 MHz, on-chip FPU
cpu1: physical 20K instruction (64 b/l), 16K data (32 b/l), 1024K external (32 b/l): cache enabled

>Description:
	This dual-CPU ss10 clone box panic with "cpu0: stuck on lock@xxxx" when
	starting a SunOS4 binary. This is 100% reproductible.
	ddb shows:
panic: cpu0: stuck on lock@f3556074
Stopped in pid 632.1 (lmgrd) at netbsd:cpu_Debugger+0x4:        or              %
o7, %g0, %g1
db{0}> tr
cpu_Debugger(0xf0008b18, 0x0, 0xf3556074, 0x408000e7, 0x100, 0xf01dcc00) at netb
sd:__cpu_simple_lock+0x40
__cpu_simple_lock(0xf3556074, 0xff, 0xffffffff, 0x0, 0x40100, 0xffc00000) at net
bsd:fd_getfile+0x28
fd_getfile(0xf3556040, 0x3, 0x3e, 0x0, 0xf355bf28, 0x480) at netbsd:compat_43_sy
s_fstat+0x10
compat_43_sys_fstat(0x9, 0xf355bf28, 0xf355bf20, 0x0, 0xf355bf28, 0x10059000) at
 netbsd:syscall+0x1d0
syscall(0x3e, 0xf355bfb0, 0x1005d354, 0x3cd4, 0x0, 0xf355bf28) at 0xf0006500
db{0}> mach cpu 1
using CPU 1
db{0}> tr
nmi_soft(0xf29fcfb0, 0x80000000, 0xe00, 0xf016fd18, 0x40401fc4, 0xf5c00) at netb
sd:ft_want_ast+0x1b8
ft_want_ast(0x107b60, 0x3a, 0x87e60, 0x81010001, 0xeffff24f, 0x39002c) at netbsd
:acquire+0x5c
acquire(0xf021b9e4, 0xf3471e4c, 0x400000, 0x0, 0x600, 0x100ef018) at netbsd:lock
mgr+0x4c8
lockmgr(0xf021b9e4, 0x400002, 0x400000, 0x2020002, 0x0, 0xf7800) at netbsd:_kern
el_proc_lock+0x14
_kernel_proc_lock(0xf3219908, 0xf3471f28, 0xfffffffc, 0x3, 0x128000, 0x4040000) a
t netbsd:syscall+0x284
syscall(0x85, 0xf3471fb0, 0x1020c7f0, 0x260400, 0x400, 0xf3471f28) at 0xf0006500

db{0}> reboot(0x104)
Frame pointer is at 0xf355b6c0
Call traceback:
  pc = 0xf01712a0  args = (0x1, 0xffffffff, 0x0, 0x0, 0xf355b7e0, 0x1, 0xf355b728) fp = 0xf355b728
  pc = 0xf00a25b4  args = (0x104, 0x0, 0x0, 0x0, 0xf355b944, 0x4, 0xf355b798) fp = 0xf355b798
  pc = 0xf00a200c  args = (0x1, 0x0, 0xffffffff, 0xf355b878, 0x10, 0x2, 0xf355b808) fp = 0xf355b808
  pc = 0xf00a1cd0  args = (0xf01da7a0, 0x0, 0x0, 0x0, 0xc1f83fe0, 0xc1fbe000, 0xf355b8f8) fp = 0xf355b8f8
  pc = 0xf00a5974  args = (0xf017ba38, 0x0, 0x1, 0xf3572171, 0xf044cf30, 0x2, 0xf355b970) fp = 0xf355b970
  pc = 0xf017bcc0  args = (0xf0222000, 0x0, 0x60, 0x5003, 0xffff, 0xf01f7bb8, 0xf355b9e0) fp = 0xf355b9e0
  pc = 0xf0179c58  args = (0x81, 0xf355bc30, 0xe00, 0x408000e4, 0xf355bcc8, 0x66, 0xf355baf8) fp = 0xf355baf8
  pc = 0xf00063d0  args = (0x81, 0x400000c5, 0xf017ba30, 0xf355bc30, 0xf355bcc8, 0x1, 0xf355bbd0) fp = 0xf355bbd0
  pc = 0xf00e7204  args = (0xf01abd60, 0xf355bd30, 0x1d80714, 0x2333, 0xffff, 0xf01f7bb8, 0xf355bc80) fp = 0xf355bc80
  pc = 0xf0008b10  args = (0xf0008b18, 0x0, 0xf3556074, 0x408000e7, 0x100, 0xf01dcc00, 0xf355bce8) fp = 0xf355bce8
  pc = 0xf00b9d2c  args = (0xf3556074, 0xff, 0xffffffff, 0x0, 0x40100, 0xffc00000, 0xf355bd48) fp = 0xf355bd48
  pc = 0xf018bf80  args = (0xf3556040, 0x3, 0x3e, 0x0, 0xf355bf28, 0x480, 0xf355bdb0) fp = 0xf355bdb0
  pc = 0xf017ad80  args = (0x9, 0xf355bf28, 0xf355bf20, 0x0, 0xf355bf28, 0x10059000, 0xf355bec0) fp = 0xf355bec0
  pc = 0xf0006500  args = (0x3e, 0xf355bfb0, 0x1005d354, 0x3cd4, 0x0, 0xf355bf28, 0xf355bf50) fp = 0xf355bf50
  pc = 0x1005cd40  args = (0x3, 0xefffa110, 0x3fffff, 0xbe08, 0x6ee2c, 0x0, 0xefffa0b0) fp = 0xefffa0b0

I have the source tree with netbsd.gdb of this kernel available.

>How-To-Repeat:
	Try to run lmgrd SunOS binary on a dual-CPU NetBSD/sparc32 box.
>Fix:
	Unknown. locking botch in the emulation code ?
>Release-Note:
>Audit-Trail:
>Unformatted: