kernel_lock not locked

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

kernel_lock not locked

Laurence Tratt
>Synopsis: kernel_lock not locked
>Category: kernel
>Environment:
        System      : OpenBSD 6.3
        Details     : OpenBSD 6.3-current (GENERIC.MP) #55: Mon Jun 25 23:01:52 MDT 2018
                         [hidden email]:/usr/src/sys/arch/amd64/compile/GENERIC.MP

        Architecture: OpenBSD.amd64
        Machine     : amd64
>Description:
        I just hit the following kernel panic (a locking error in sched_bsd.c):

      https://imagebin.ca/v/46kV6Tfqe1sc

        I can hit this repeatedly by gdb'ing the new quodlibet 4.1.0 update that
        Stuart just pushed to ports. It crashes at load; exactly at the point I
        quit gdb the kernel panics. Here's the userland trace I get just before
        the kernel panic occurs:

          $ gdb /usr/local/bin/python3.6
          GNU gdb 6.3
          Copyright 2004 Free Software Foundation, Inc.
          GDB is free software, covered by the GNU General Public License, and you are
          welcome to change it and/or distribute copies of it under certain conditions.
          Type "show copying" to see the conditions.
          There is absolutely no warranty for GDB.  Type "show warranty" for details.
          This GDB was configured as "amd64-unknown-openbsd6.3"...
          (no debugging symbols found)
         
          (gdb) run /usr/local/bin/quodlibet
          Starting program: /usr/local/bin/python3.6 /usr/local/bin/quodlibet
          [New process 34894]
         
          Program received signal SIGTRAP, Trace/breakpoint trap.
          0x0000027d5fc0ba27 in _dl_debug_state ()
                  at /usr/src/libexec/ld.so/resolve.c:764
          764     {
          Current language:  auto; currently minimal
          (gdb) bt
          #0  0x0000027d5fc0ba27 in _dl_debug_state ()
                  at /usr/src/libexec/ld.so/resolve.c:764
          #1  0x0000027d5fc00e60 in dlopen (
                  libname=0x27d19bf9040 "libgdk_pixbuf-2.0.so.3200.1", flags=257)
                  at /usr/src/libexec/ld.so/dlfcn.c:76
          #2  0x0000027cf73a79c9 in g_module_open (
                  file_name=0x27d19bf9480 "libgdk_pixbuf-2.0.so.3200.1", flags=Variable "flags" is not available.
          )
                  at gmodule-dl.c:98
          #3  0x0000027d30429ead in g_typelib_symbol ()
                 from /usr/local/lib/libgirepository-1.0.so.3.0
          #4  0x0000027d30424dda in g_registered_type_info_get_g_type ()
                 from /usr/local/lib/libgirepository-1.0.so.3.0
          #5  0x0000027d9d0e88d8 in pygi_arg_interface_new_from_info ()
                 from /usr/local/lib/python3.6/site-packages/gi/_gi.so
          #6  0x0000027d9d0ee241 in pygi_arg_gobject_new_from_info ()
                 from /usr/local/lib/python3.6/site-packages/gi/_gi.so
          #7  0x0000027d9d0e8b71 in pygi_arg_cache_new ()
                 from /usr/local/lib/python3.6/site-packages/gi/_gi.so
          #8  0x0000027d9d0e9ae2 in _callable_cache_generate_args_cache_real ()
                 from /usr/local/lib/python3.6/site-packages/gi/_gi.so
          #9  0x0000027d9d0e9858 in _callable_cache_init ()
                 from /usr/local/lib/python3.6/site-packages/gi/_gi.so
          #10 0x0000027d9d0e8e9b in _function_cache_init ()
                 from /usr/local/lib/python3.6/site-packages/gi/_gi.so
          ---Type <return> to continue, or q <return> to quit---
          #11 0x0000027d9d0e9359 in pygi_method_cache_new ()
                 from /usr/local/lib/python3.6/site-packages/gi/_gi.so
          #12 0x0000027d9d0e858c in _wrap_g_callable_info_invoke ()
                 from /usr/local/lib/python3.6/site-packages/gi/_gi.so
          #13 0x0000027d9d0dd4ae in _callable_info_call ()
                 from /usr/local/lib/python3.6/site-packages/gi/_gi.so
          #14 0x0000027db5e99a02 in _PyObject_FastCallDict ()
                 from /usr/local/lib/libpython3.6m.so.0.0
          #15 0x0000027db5f66be1 in call_function ()
                 from /usr/local/lib/libpython3.6m.so.0.0
          #16 0x0000027db5f63ce9 in _PyEval_EvalFrameDefault ()
                 from /usr/local/lib/libpython3.6m.so.0.0
          #17 0x0000027db5f67dd0 in fast_function ()
                 from /usr/local/lib/libpython3.6m.so.0.0
          #18 0x0000027db5f66be8 in call_function ()
                 from /usr/local/lib/libpython3.6m.so.0.0
          #19 0x0000027db5f63ce9 in _PyEval_EvalFrameDefault ()
                 from /usr/local/lib/libpython3.6m.so.0.0
          #20 0x0000027db5f67529 in _PyEval_EvalCodeWithName ()
                 from /usr/local/lib/libpython3.6m.so.0.0
          #21 0x0000027db5f67d5c in fast_function ()
                 from /usr/local/lib/libpython3.6m.so.0.0
          #22 0x0000027db5f66be8 in call_function ()
                 from /usr/local/lib/libpython3.6m.so.0.0
          ---Type <return> to continue, or q <return> to quit---
          #23 0x0000027db5f63ce9 in _PyEval_EvalFrameDefault ()
                 from /usr/local/lib/libpython3.6m.so.0.0
          #24 0x0000027db5f67529 in _PyEval_EvalCodeWithName ()
                 from /usr/local/lib/libpython3.6m.so.0.0
          #25 0x0000027db5f68101 in _PyFunction_FastCallDict ()
                 from /usr/local/lib/libpython3.6m.so.0.0
          #26 0x0000027db5e99971 in _PyObject_FastCallDict ()
                 from /usr/local/lib/libpython3.6m.so.0.0
          #27 0x0000027db5e99b1a in _PyObject_Call_Prepend ()
                 from /usr/local/lib/libpython3.6m.so.0.0
          #28 0x0000027db5e997a6 in PyObject_Call ()
                 from /usr/local/lib/libpython3.6m.so.0.0
          #29 0x0000027d9d0e73fe in pygi_signal_closure_marshal ()
                 from /usr/local/lib/python3.6/site-packages/gi/_gi.so
          #30 0x0000027d45c4b5e3 in g_closure_invoke (closure=0x27dc11e7aa0,
                  return_value=0x0, n_param_values=2, param_values=0x7f7ffffc2110,
                  invocation_hint=Variable "invocation_hint" is not available.
          ) at gclosure.c:804
          #31 0x0000027d45c615c7 in signal_emit_unlocked_R () at gsignal.c:3635
          #32 0x0000027d45c623a5 in g_signal_emit_valist (instance=0x27dccce7f00,
                  signal_id=Variable "signal_id" is not available.
          ) at gsignal.c:3391
          #33 0x0000027d45c62a7f in g_signal_emit (instance=Variable "instance" is not available.
          ) at gsignal.c:3447
          #34 0x0000027d45c55ba1 in g_object_dispatch_properties_changed (
                  object=0x27dccce7f00, n_pspecs=Variable "n_pspecs" is not available.
          ) at gobject.c:1082
          #35 0x0000027d45c50fe1 in g_object_notify (object=0x27dccce7f00, property_name=Variable "property_name" is not available.
         
          ---Type <return> to continue, or q <return> to quit---
          ) at gobject.c:1175
          #36 0x0000027d45c4b5e3 in g_closure_invoke (closure=0x27d96c35920,
                  return_value=0x0, n_param_values=2, param_values=0x7f7ffffc2540,
                  invocation_hint=Variable "invocation_hint" is not available.
          ) at gclosure.c:804
          #37 0x0000027d45c615c7 in signal_emit_unlocked_R () at gsignal.c:3635
          #38 0x0000027d45c623a5 in g_signal_emit_valist (instance=0x27db4312410,
                  signal_id=Variable "signal_id" is not available.
          ) at gsignal.c:3391
          #39 0x0000027d45c62a7f in g_signal_emit (instance=Variable "instance" is not available.
          ) at gsignal.c:3447
          #40 0x0000027d45c55ba1 in g_object_dispatch_properties_changed (
                  object=0x27db4312410, n_pspecs=Variable "n_pspecs" is not available.
          ) at gobject.c:1082
          #41 0x0000027d45c50fe1 in g_object_notify (object=0x27db4312410, property_name=Variable "property_name" is not available.
         
          ) at gobject.c:1175
          #42 0x0000027d0f2d7006 in gtk_plug_filter_func (gdk_xevent=Variable "gdk_xevent" is not available.
          ) at gtkplug.c:945
          #43 0x0000027d4f17cba0 in _gdk_x11_display_queue_events (display=Variable "display" is not available.
          )
                  at gdkeventsource.c:79
          #44 0x0000027d4f138794 in gdk_display_get_event (display=0x27d0e7720f0)
                  at gdkdisplay.c:438
          #45 0x0000027d4f17d254 in gdk_event_source_dispatch (source=Variable "source" is not available.
          )
                  at gdkeventsource.c:363
          #46 0x0000027d3fdd9039 in g_main_context_dispatch (context=Variable "context" is not available.
          ) at gmain.c:3177
          #47 0x0000027d3fdd9413 in g_main_context_iterate () at gmain.c:3903
          #48 0x0000027d3fdd977f in g_main_loop_run (loop=0x27d075f8d30) at gmain.c:4099
          #49 0x0000027d0f0fce08 in gtk_main () at gtkmain.c:1323
          #50 0x0000027dbe9a69fc in ffi_call_unix64 () from /usr/local/lib/libffi.so.1.2
          ---Type <return> to continue, or q <return> to quit---
          #51 0x0000027dbe9a5ef8 in ffi_call () from /usr/local/lib/libffi.so.1.2
          #52 0x0000027d9d0e7f5f in pygi_invoke_c_callable ()
                 from /usr/local/lib/python3.6/site-packages/gi/_gi.so
          #53 0x0000027d9d0e8fe5 in pygi_function_cache_invoke ()
                 from /usr/local/lib/python3.6/site-packages/gi/_gi.so
          #54 0x0000027db5e997a6 in PyObject_Call ()
                 from /usr/local/lib/libpython3.6m.so.0.0
          #55 0x0000027db5f64004 in _PyEval_EvalFrameDefault ()
                 from /usr/local/lib/libpython3.6m.so.0.0
          #56 0x0000027db5f67529 in _PyEval_EvalCodeWithName ()
                 from /usr/local/lib/libpython3.6m.so.0.0
          #57 0x0000027db5f67d5c in fast_function ()
                 from /usr/local/lib/libpython3.6m.so.0.0
          #58 0x0000027db5f66be8 in call_function ()
                 from /usr/local/lib/libpython3.6m.so.0.0
          #59 0x0000027db5f63ce9 in _PyEval_EvalFrameDefault ()
                 from /usr/local/lib/libpython3.6m.so.0.0
          #60 0x0000027db5f67529 in _PyEval_EvalCodeWithName ()
                 from /usr/local/lib/libpython3.6m.so.0.0
          #61 0x0000027db5f67d5c in fast_function ()
                 from /usr/local/lib/libpython3.6m.so.0.0
          #62 0x0000027db5f66be8 in call_function ()
                 from /usr/local/lib/libpython3.6m.so.0.0
          #63 0x0000027db5f63d80 in _PyEval_EvalFrameDefault ()
          ---Type <return> to continue, or q <return> to quit---
                 from /usr/local/lib/libpython3.6m.so.0.0
          #64 0x0000027db5f67529 in _PyEval_EvalCodeWithName ()
                 from /usr/local/lib/libpython3.6m.so.0.0
          #65 0x0000027db5f67d5c in fast_function ()
                 from /usr/local/lib/libpython3.6m.so.0.0
          #66 0x0000027db5f66be8 in call_function ()
                 from /usr/local/lib/libpython3.6m.so.0.0
          #67 0x0000027db5f63ce9 in _PyEval_EvalFrameDefault ()
                 from /usr/local/lib/libpython3.6m.so.0.0
          #68 0x0000027db5f67529 in _PyEval_EvalCodeWithName ()
                 from /usr/local/lib/libpython3.6m.so.0.0
          #69 0x0000027db5f5d0b3 in PyEval_EvalCode ()
                 from /usr/local/lib/libpython3.6m.so.0.0
          #70 0x0000027db5f9243f in PyRun_FileExFlags ()
                 from /usr/local/lib/libpython3.6m.so.0.0
          #71 0x0000027db5f91a12 in PyRun_SimpleFileExFlags ()
                 from /usr/local/lib/libpython3.6m.so.0.0
          #72 0x0000027db5fada91 in Py_Main () from /usr/local/lib/libpython3.6m.so.0.0
          #73 0x0000027aea3006ea in main () from /usr/local/bin/python3.6

    Unfortunately ddb doesn't respond to keypresses after the panic, so I've
        only got the above screenshot to go on.


dmesg:
OpenBSD 6.3-current (GENERIC.MP) #55: Mon Jun 25 23:01:52 MDT 2018
    [hidden email]:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 17028538368 (16239MB)
avail mem = 16372199424 (15613MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 3.0 @ 0xc3202000 (89 entries)
bios0: vendor American Megatrends Inc. version "3402" date 07/10/2017
bios0: ASUSTeK COMPUTER INC. Z170M-PLUS
acpi0 at bios0: rev 2
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP APIC FPDT BGRT MCFG SSDT FIDT SSDT SSDT HPET SSDT SSDT UEFI SSDT LPIT WSMT SSDT SSDT DBGP DBG2
acpi0: wakeup devices PEGP(S4) PEG0(S4) PEGP(S4) PEG1(S4) PEGP(S4) PEG2(S4) SIO1(S3) UAR1(S4) PXSX(S4) RP09(S4) PXSX(S4) RP10(S4) PXSX(S4) RP11(S4) PXSX(S4) RP12(S4) [...]
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee00000: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM) i7-6700K CPU @ 4.00GHz, 4011.42 MHz
cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,SGX,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,SENSOR,ARAT,XSAVEOPT,XSAVEC,XGETBV1,XSAVES,MELTDOWN
cpu0: 256KB 64b/line 8-way L2 cache
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
cpu0: apic clock running at 23MHz
cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4.1, IBE
cpu1 at mainbus0: apid 2 (application processor)
cpu1: Intel(R) Core(TM) i7-6700K CPU @ 4.00GHz, 4009.90 MHz
cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,SGX,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,SENSOR,ARAT,XSAVEOPT,XSAVEC,XGETBV1,XSAVES,MELTDOWN
cpu1: 256KB 64b/line 8-way L2 cache
cpu1: smt 0, core 1, package 0
cpu2 at mainbus0: apid 4 (application processor)
cpu2: Intel(R) Core(TM) i7-6700K CPU @ 4.00GHz, 4009.90 MHz
cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,SGX,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,SENSOR,ARAT,XSAVEOPT,XSAVEC,XGETBV1,XSAVES,MELTDOWN
cpu2: 256KB 64b/line 8-way L2 cache
cpu2: smt 0, core 2, package 0
cpu3 at mainbus0: apid 6 (application processor)
cpu3: Intel(R) Core(TM) i7-6700K CPU @ 4.00GHz, 4009.90 MHz
cpu3: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,SGX,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,SENSOR,ARAT,XSAVEOPT,XSAVEC,XGETBV1,XSAVES,MELTDOWN
cpu3: 256KB 64b/line 8-way L2 cache
cpu3: smt 0, core 3, package 0
ioapic0 at mainbus0: apid 2 pa 0xfec00000, version 20, 120 pins
acpimcfg0 at acpi0 addr 0xf8000000, bus 0-63
acpihpet0 at acpi0: 23999999 Hz
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus -1 (PEG0)
acpiprt2 at acpi0: bus -1 (PEG1)
acpiprt3 at acpi0: bus -1 (PEG2)
acpiprt4 at acpi0: bus 4 (RP09)
acpiprt5 at acpi0: bus -1 (RP10)
acpiprt6 at acpi0: bus -1 (RP11)
acpiprt7 at acpi0: bus -1 (RP12)
acpiprt8 at acpi0: bus -1 (RP13)
acpiprt9 at acpi0: bus 3 (RP01)
acpiprt10 at acpi0: bus -1 (RP02)
acpiprt11 at acpi0: bus -1 (RP03)
acpiprt12 at acpi0: bus -1 (RP04)
acpiprt13 at acpi0: bus -1 (RP05)
acpiprt14 at acpi0: bus -1 (RP06)
acpiprt15 at acpi0: bus -1 (RP07)
acpiprt16 at acpi0: bus -1 (RP08)
acpiprt17 at acpi0: bus 1 (RP17)
acpiprt18 at acpi0: bus -1 (RP18)
acpiprt19 at acpi0: bus -1 (RP19)
acpiprt20 at acpi0: bus 2 (RP20)
acpiprt21 at acpi0: bus -1 (RP21)
acpiprt22 at acpi0: bus -1 (RP22)
acpiprt23 at acpi0: bus -1 (RP23)
acpiprt24 at acpi0: bus -1 (RP24)
acpiprt25 at acpi0: bus -1 (RP14)
acpiprt26 at acpi0: bus -1 (RP15)
acpiprt27 at acpi0: bus -1 (RP16)
acpiec0 at acpi0: not present
acpicpu0 at acpi0: C1(@1 halt!), PSS
acpicpu1 at acpi0: C1(@1 halt!), PSS
acpicpu2 at acpi0: C1(@1 halt!), PSS
acpicpu3 at acpi0: C1(@1 halt!), PSS
acpipwrres0 at acpi0: PG00, resource for PEG0
acpipwrres1 at acpi0: PG01, resource for PEG1
acpipwrres2 at acpi0: PG02, resource for PEG2
acpipwrres3 at acpi0: WRST
acpipwrres4 at acpi0: WRST
acpipwrres5 at acpi0: WRST
acpipwrres6 at acpi0: WRST
acpipwrres7 at acpi0: WRST
acpipwrres8 at acpi0: WRST
acpipwrres9 at acpi0: WRST
acpipwrres10 at acpi0: WRST
acpipwrres11 at acpi0: WRST
acpipwrres12 at acpi0: WRST
acpipwrres13 at acpi0: WRST
acpipwrres14 at acpi0: WRST
acpipwrres15 at acpi0: WRST
acpipwrres16 at acpi0: WRST
acpipwrres17 at acpi0: WRST
acpipwrres18 at acpi0: WRST
acpipwrres19 at acpi0: WRST
acpipwrres20 at acpi0: WRST
acpipwrres21 at acpi0: WRST
acpipwrres22 at acpi0: WRST
acpipwrres23 at acpi0: FN00, resource for FAN0
acpipwrres24 at acpi0: FN01, resource for FAN1
acpipwrres25 at acpi0: FN02, resource for FAN2
acpipwrres26 at acpi0: FN03, resource for FAN3
acpipwrres27 at acpi0: FN04, resource for FAN4
acpitz0 at acpi0: critical temperature is 119 degC
acpitz1 at acpi0: critical temperature is 119 degC
acpicmos0 at acpi0
"INT3F0D" at acpi0 not configured
"PNP0C14" at acpi0 not configured
acpibtn0 at acpi0: SLPB
"INT33A1" at acpi0 not configured
acpibtn1 at acpi0: PWRB
"INT340E" at acpi0 not configured
"PNP0C0B" at acpi0 not configured
"PNP0C0B" at acpi0 not configured
"PNP0C0B" at acpi0 not configured
"PNP0C0B" at acpi0 not configured
"PNP0C0B" at acpi0 not configured
"PNP0C14" at acpi0 not configured
acpivideo0 at acpi0: GFX0
cpu0: Enhanced SpeedStep 4011 MHz: speeds: 4001, 4000, 3800, 3500, 3300, 3100, 2900, 2600, 2400, 2200, 1900, 1700, 1500, 1300, 1000, 800 MHz
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 "Intel Core 6G Host" rev 0x07
inteldrm0 at pci0 dev 2 function 0 "Intel HD Graphics 530" rev 0x06
drm0 at inteldrm0
inteldrm0: msi
error: [drm:pid0:i915_firmware_load_error_print] *ERROR* failed to load firmware i915/skl_dmc_ver1.bin (-22)
error: [drm:pid0:i915_gem_init_hw] *ERROR* Failed to initialize GuC, error -8 (ignored)
inteldrm0: 1920x1200, 32bpp
WARNING !wm_changed failed at /usr/src/sys/dev/pci/drm/i915/intel_pm.c:3609
wsdisplay0 at inteldrm0 mux 1: console (std, vt100 emulation)
wsdisplay0: screen 1-5 added (std, vt100 emulation)
xhci0 at pci0 dev 20 function 0 "Intel 100 Series xHCI" rev 0x31: msi, xHCI 1.0
usb0 at xhci0: USB revision 3.0
uhub0 at usb0 configuration 1 interface 0 "Intel xHCI root hub" rev 3.00/1.00 addr 1
"Intel 100 Series MEI" rev 0x31 at pci0 dev 22 function 0 not configured
ahci0 at pci0 dev 23 function 0 "Intel 100 Series AHCI" rev 0x31: msi, AHCI 1.3.1
ahci0: PHY offline on port 0
ahci0: PHY offline on port 1
ahci0: PHY offline on port 2
ahci0: PHY offline on port 3
ahci0: PHY offline on port 4
ahci0: port 5: 1.5Gb/s
scsibus1 at ahci0: 32 targets
cd0 at scsibus1 targ 5 lun 0: <ATAPI, iHAS124 F, CL98> ATAPI 5/cdrom removable
ppb0 at pci0 dev 27 function 0 "Intel 100 Series PCIE" rev 0xf1
pci1 at ppb0 bus 1
ppb1 at pci0 dev 27 function 3 "Intel 100 Series PCIE" rev 0xf1: msi
pci2 at ppb1 bus 2
iwm0 at pci2 dev 0 function 0 "Intel Dual Band Wireless AC 7260" rev 0x73, msi
ppb2 at pci0 dev 28 function 0 "Intel 100 Series PCIE" rev 0xf1
pci3 at ppb2 bus 3
ppb3 at pci0 dev 29 function 0 "Intel 100 Series PCIE" rev 0xf1: msi
pci4 at ppb3 bus 4
nvme0 at pci4 dev 0 function 0 "Samsung SM951/PM951 NVMe" rev 0x01: msi, NVMe 1.1
nvme0: SAMSUNG MZVLV512HCJH-00000, firmware BXV7000Q, serial S2J6NX0H701663
scsibus2 at nvme0: 1 targets
sd0 at scsibus2 targ 0 lun 0: <NVMe, SAMSUNG MZVLV512, BXV7> SCSI4 0/direct fixed
sd0: 488386MB, 512 bytes/sector, 1000215216 sectors
pcib0 at pci0 dev 31 function 0 "Intel Z170 LPC" rev 0x31
"Intel 100 Series PMC" rev 0x31 at pci0 dev 31 function 2 not configured
azalia0 at pci0 dev 31 function 3 "Intel 100 Series HD Audio" rev 0x31: msi
azalia0: codecs: Realtek/0x0887, Intel/0x2809, using Realtek/0x0887
audio0 at azalia0
ichiic0 at pci0 dev 31 function 4 "Intel 100 Series SMBus" rev 0x31: apic 2 int 16
iic0 at ichiic0
iic0: addr 0x20 01=2a 02=2a 03=13 04=11 05=13 06=e0 07=fc 08=fc 09=fc 0a=fc 0b=22 0c=22 0d=dd 0e=dd 0f=44 10=44 13=73 15=ab 16=32 17=d4 19=8a 1a=50 1b=68 1c=22 1d=3f 1e=3c 20=70 21=70 22=45 23=44 29=24 2a=3e 2b=fc 2c=fc 2d=22 2e=dd 2f=44 31=73 33=ab 34=03 35=62 37=8a 38=50 39=3f 3a=3c 3b=45 3c=44 43=43 44=3e 48=03 92=0b b2=29 words 00=00ff 01=2aff 02=2aff 03=13ff 04=11ff 05=13ff 06=e0ff 07=fcff
em0 at pci0 dev 31 function 6 "Intel I219-V" rev 0x31: msi, address XXX
isa0 at pcib0
isadma0 at isa0
com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
pckbc0 at isa0 port 0x60/5 irq 1 irq 12
pckbd0 at pckbc0 (kbd slot)
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pcppi0 at isa0 port 0x61
spkr0 at pcppi0
lpt0 at isa0 port 0x378/4 irq 7
vmm0 at mainbus0: VMX/EPT
efifb at mainbus0 not configured
uhub1 at uhub0 port 1 configuration 1 interface 0 "ATEN International product 0x7000" rev 1.10/1.00 addr 2
uhidev0 at uhub1 port 1 configuration 1 interface 0 "ATEN Advance Tech Inc. CS-1764 V1.4.132" rev 1.10/1.00 addr 3
uhidev0: iclass 3/1
ukbd0 at uhidev0: 8 variable keys, 6 key codes
wskbd1 at ukbd0 mux 1
wskbd1: connecting to wsdisplay0
uhidev1 at uhub1 port 1 configuration 1 interface 1 "ATEN Advance Tech Inc. CS-1764 V1.4.132" rev 1.10/1.00 addr 3
uhidev1: iclass 3/1
ums0 at uhidev1: 5 buttons, Z dir
wsmouse0 at ums0 mux 0
uhidev2 at uhub1 port 4 configuration 1 interface 0 "MALTRON USB Multimedia Keyboard" rev 1.10/1.22 addr 4
uhidev2: iclass 3/1
ukbd1 at uhidev2: 8 variable keys, 6 key codes, country code 13
wskbd2 at ukbd1 mux 1
wskbd2: connecting to wsdisplay0
uhidev3 at uhub1 port 4 configuration 1 interface 1 "MALTRON USB Multimedia Keyboard" rev 1.10/1.22 addr 4
uhidev3: iclass 3/0, 3 report ids
uhid0 at uhidev3 reportid 2: input=1, output=0, feature=0
uhid1 at uhidev3 reportid 3: input=2, output=0, feature=0
uhidev4 at uhub0 port 14 configuration 1 interface 0 "Logitech USB Receiver" rev 2.00/12.03 addr 5
uhidev4: iclass 3/1
ukbd2 at uhidev4: 8 variable keys, 6 key codes
wskbd3 at ukbd2 mux 1
wskbd3: connecting to wsdisplay0
uhidev5 at uhub0 port 14 configuration 1 interface 1 "Logitech USB Receiver" rev 2.00/12.03 addr 5
uhidev5: iclass 3/1, 8 report ids
ums1 at uhidev5 reportid 2: 16 buttons, Z and W dir
wsmouse1 at ums1 mux 0
uhid2 at uhidev5 reportid 3: input=4, output=0, feature=0
uhid3 at uhidev5 reportid 4: input=1, output=0, feature=0
uhid4 at uhidev5 reportid 8: input=1, output=0, feature=0
uhidev6 at uhub0 port 14 configuration 1 interface 2 "Logitech USB Receiver" rev 2.00/12.03 addr 5
uhidev6: iclass 3/0, 33 report ids
uhid5 at uhidev6 reportid 16: input=6, output=6, feature=0
uhid6 at uhidev6 reportid 17: input=19, output=19, feature=0
uhid7 at uhidev6 reportid 32: input=14, output=14, feature=0
uhid8 at uhidev6 reportid 33: input=31, output=31, feature=0
vscsi0 at root
scsibus3 at vscsi0: 256 targets
softraid0 at root
scsibus4 at softraid0: 256 targets
softraid0: sd1 was not shutdown properly
sd1 at scsibus4 targ 1 lun 0: <OPENBSD, SR CRYPTO, 006> SCSI2 0/direct fixed
sd1: 488381MB, 512 bytes/sector, 1000205348 sectors
root on sd1a (8b259cd1e1220bab.a) swap on sd1b dump on sd1b
WARNING: / was not properly unmounted
iwm0: hw rev 0x140, fw ver 16.242414.0, address XXX

usbdevs:
Controller /dev/usb0:
addr 1: super speed, self powered, config 1, xHCI root hub(0x0000), Intel(0x8086), rev 1.00
 port 1 addr 2: full speed, self powered, config 1, product 0x7000(0x7000), ATEN International(0x0557), rev 1.00
  port 1 addr 3: low speed, self powered, config 1, CS-1764 V1.4.132(0x2227), ATEN Advance Tech Inc.(0x0557), rev 1.00
  port 2 powered
  port 3 powered
  port 4 addr 4: low speed, power 50 mA, config 1, USB Multimedia Keyboard(0x9410), MALTRON(0x058f), rev 1.22, iSerialNumber USB Multimedia Keyboard
 port 2 disabled
 port 3 disabled
 port 4 disabled
 port 5 disabled
 port 6 disabled
 port 7 disabled
 port 8 disabled
 port 9 disabled
 port 10 disabled
 port 11 disabled
 port 12 disabled
 port 13 disabled
 port 14 addr 5: full speed, power 98 mA, config 1, USB Receiver(0xc52b), Logitech(0x046d), rev 12.03
 port 15 disabled
 port 16 disabled

Reply | Threaded
Open this post in threaded view
|

Re: kernel_lock not locked

Landry Breuil-5
On Wed, Jun 27, 2018 at 05:37:54PM +0100, Laurence Tratt wrote:

> >Synopsis: kernel_lock not locked
> >Category: kernel
> >Environment:
> System      : OpenBSD 6.3
> Details     : OpenBSD 6.3-current (GENERIC.MP) #55: Mon Jun 25 23:01:52 MDT 2018
> [hidden email]:/usr/src/sys/arch/amd64/compile/GENERIC.MP
>
> Architecture: OpenBSD.amd64
> Machine     : amd64
> >Description:
> I just hit the following kernel panic (a locking error in sched_bsd.c):
>
>       https://imagebin.ca/v/46kV6Tfqe1sc
>
> I can hit this repeatedly by gdb'ing the new quodlibet 4.1.0 update that
> Stuart just pushed to ports. It crashes at load; exactly at the point I
> quit gdb the kernel panics. Here's the userland trace I get just before
> the kernel panic occurs:

Fwiw, i've hit a similar panic (kernel_lock not locked) this weekend (on an up
to date kernel) when using egdb on ... firefox, of course.

Reply | Threaded
Open this post in threaded view
|

Re: kernel_lock not locked

Visa Hankala-2
On Wed, Jun 27, 2018 at 08:46:04PM +0200, Landry Breuil wrote:

> On Wed, Jun 27, 2018 at 05:37:54PM +0100, Laurence Tratt wrote:
> > >Synopsis: kernel_lock not locked
> > >Category: kernel
> > >Environment:
> > System      : OpenBSD 6.3
> > Details     : OpenBSD 6.3-current (GENERIC.MP) #55: Mon Jun 25 23:01:52 MDT 2018
> > [hidden email]:/usr/src/sys/arch/amd64/compile/GENERIC.MP
> >
> > Architecture: OpenBSD.amd64
> > Machine     : amd64
> > >Description:
> > I just hit the following kernel panic (a locking error in sched_bsd.c):
> >
> >       https://imagebin.ca/v/46kV6Tfqe1sc
> >
> > I can hit this repeatedly by gdb'ing the new quodlibet 4.1.0 update that
> > Stuart just pushed to ports. It crashes at load; exactly at the point I
> > quit gdb the kernel panics. Here's the userland trace I get just before
> > the kernel panic occurs:
>
> Fwiw, i've hit a similar panic (kernel_lock not locked) this weekend (on an up
> to date kernel) when using egdb on ... firefox, of course.

There is a locking bug that gets triggered when a traced and stopped
multithreaded process is forced to exit. When the bug hits, a thread
calls exit1() with the kernel locked recursively:

sched_exit
exit1
single_thread_check
single_thread_set
issignal  <-- KERNEL_LOCK()
userret  <-- KERNEL_LOCK()
syscall
Xsyscall_untramp

sched_exit() assumes that a single KERNEL_UNLOCK() releases the lock
completely. However, the assumption is wrong in the above case.
sched_exit() switches to the CPU's idle thread, which in turn calls
mi_switch(). Then, mi_switch() tries to release the kernel lock (which
is bound to the CPU, and which should not be locked in the first place).
That causes a panic with WITNESS because WITNESS had associated the lock
with the exiting thread and the lock is not found in the idle thread's
lock list. That is why the panic's stack trace looks peculiar:

panic
witness_unlock
___mp_release_all
mi_switch
sched_idle

Without WITNESS, the system would hang soon instead.

The bug can be fixed by making sched_exit() release the kernel lock
completely. That would also make exit1() more agnostic with regard to
the state of the lock. As an alternative, issignal() could avoid the
recursive locking.

Comments? OK?

Index: kern/kern_sched.c
===================================================================
RCS file: src/sys/kern/kern_sched.c,v
retrieving revision 1.48
diff -u -p -r1.48 kern_sched.c
--- kern/kern_sched.c 19 Jun 2018 19:29:52 -0000 1.48
+++ kern/kern_sched.c 28 Jun 2018 13:47:28 -0000
@@ -218,8 +218,11 @@ sched_exit(struct proc *p)
 
  LIST_INSERT_HEAD(&spc->spc_deadproc, p, p_hash);
 
+#ifdef MULTIPROCESSOR
  /* This process no longer needs to hold the kernel lock. */
- KERNEL_UNLOCK();
+ KERNEL_ASSERT_LOCKED();
+ __mp_release_all(&kernel_lock);
+#endif
 
  SCHED_LOCK(s);
  idle = spc->spc_idleproc;

Reply | Threaded
Open this post in threaded view
|

Re: kernel_lock not locked

Martin Pieuchot
On 28/06/18(Thu) 14:53, Visa Hankala wrote:

> On Wed, Jun 27, 2018 at 08:46:04PM +0200, Landry Breuil wrote:
> > On Wed, Jun 27, 2018 at 05:37:54PM +0100, Laurence Tratt wrote:
> > > >Synopsis: kernel_lock not locked
> > > >Category: kernel
> > > >Environment:
> > > System      : OpenBSD 6.3
> > > Details     : OpenBSD 6.3-current (GENERIC.MP) #55: Mon Jun 25 23:01:52 MDT 2018
> > > [hidden email]:/usr/src/sys/arch/amd64/compile/GENERIC.MP
> > >
> > > Architecture: OpenBSD.amd64
> > > Machine     : amd64
> > > >Description:
> > > I just hit the following kernel panic (a locking error in sched_bsd.c):
> > >
> > >       https://imagebin.ca/v/46kV6Tfqe1sc
> > >
> > > I can hit this repeatedly by gdb'ing the new quodlibet 4.1.0 update that
> > > Stuart just pushed to ports. It crashes at load; exactly at the point I
> > > quit gdb the kernel panics. Here's the userland trace I get just before
> > > the kernel panic occurs:
> >
> > Fwiw, i've hit a similar panic (kernel_lock not locked) this weekend (on an up
> > to date kernel) when using egdb on ... firefox, of course.
>
> There is a locking bug that gets triggered when a traced and stopped
> multithreaded process is forced to exit. When the bug hits, a thread
> calls exit1() with the kernel locked recursively:
>
> sched_exit
> exit1
> single_thread_check
> single_thread_set
> issignal  <-- KERNEL_LOCK()
> userret  <-- KERNEL_LOCK()
> syscall
> Xsyscall_untramp
>
> sched_exit() assumes that a single KERNEL_UNLOCK() releases the lock
> completely. However, the assumption is wrong in the above case.
> sched_exit() switches to the CPU's idle thread, which in turn calls
> mi_switch(). Then, mi_switch() tries to release the kernel lock (which
> is bound to the CPU, and which should not be locked in the first place).
> That causes a panic with WITNESS because WITNESS had associated the lock
> with the exiting thread and the lock is not found in the idle thread's
> lock list. That is why the panic's stack trace looks peculiar:
>
> panic
> witness_unlock
> ___mp_release_all
> mi_switch
> sched_idle
>
> Without WITNESS, the system would hang soon instead.
>
> The bug can be fixed by making sched_exit() release the kernel lock
> completely. That would also make exit1() more agnostic with regard to
> the state of the lock. As an alternative, issignal() could avoid the
> recursive locking.
>
> Comments? OK?

Thanks for your analyze.  So this is a regression introduced by the fix
for the previous TOCTOU race.

The kernel is currently grabbing the KERNEL_LOCK() in userret() to
serialize access to `ps_sigact'.  In the future we'll want to use finer
locks.  So my question is which fix goes in that direction?  The one
you posted or not grabbing the KERNEL_LOCK() in userret()?

If it doesn't matter, then I believe you should commit your fix, it is
ok mpi@.

> Index: kern/kern_sched.c
> ===================================================================
> RCS file: src/sys/kern/kern_sched.c,v
> retrieving revision 1.48
> diff -u -p -r1.48 kern_sched.c
> --- kern/kern_sched.c 19 Jun 2018 19:29:52 -0000 1.48
> +++ kern/kern_sched.c 28 Jun 2018 13:47:28 -0000
> @@ -218,8 +218,11 @@ sched_exit(struct proc *p)
>  
>   LIST_INSERT_HEAD(&spc->spc_deadproc, p, p_hash);
>  
> +#ifdef MULTIPROCESSOR
>   /* This process no longer needs to hold the kernel lock. */
> - KERNEL_UNLOCK();
> + KERNEL_ASSERT_LOCKED();
> + __mp_release_all(&kernel_lock);
> +#endif
>  
>   SCHED_LOCK(s);
>   idle = spc->spc_idleproc;
>