kern/131290: [hang]: How to completely freeze FreeBSD 7.1 under
a non-privileged user
Mikolaj Golub
to.my.trociny at gmail.com
Sun Feb 8 14:37:55 PST 2009
On Sun, 8 Feb 2009 18:36:32 GMT remko at FreeBSD.org wrote:
r> Old Synopsis: How to completely freeze FreeBSD 7.1 under a non-privileged user
r> New Synopsis: [hang]: How to completely freeze FreeBSD 7.1 under a non-privileged user
r> State-Changed-From-To: closed->open
r> State-Changed-By: remko
r> State-Changed-When: Sun Feb 8 18:35:10 UTC 2009
r> State-Changed-Why:
r> Reopen the ticket:
r> Debugging info from Mikolaj Golub <to.my.trociny at gmail.com>
r> GNU gdb 6.1.1 [FreeBSD]
r> Copyright 2004 Free Software Foundation, Inc.
r> GDB is free software, covered by the GNU General Public License, and you are
r> welcome to change it and/or distribute copies of it under certain conditions.
r> Type "show copying" to see the conditions.
r> There is absolutely no warranty for GDB. Type "show warranty" for details.
r> This GDB was configured as "i386-marcel-freebsd"...
r> Unread portion of the kernel message buffer:
r> panic: Bad link elm 0xc4f0c1f0 next->prev != elm
r> cpuid = 0
r> KDB: enter: panic
r> exclusive sleep mutex sellck r = 0 (0xc0cc7204) locked @ /usr/src/sys/kern/sys_generic.c:1127
r> exclusive sleep mutex pipe mutex r = 0 (0xc4f0c2fc) locked @ /usr/src/sys/kern/sys_pipe.c:1132
r> panic: from debugger
r> cpuid = 0
r> Uptime: 38m7s
r> Physical memory: 1003 MB
r> Dumping 116 MB: 101 85 69 53 37 21 5
r> Reading symbols from /boot/kernel/acpi.ko...Reading symbols from /boot/kernel/acpi.ko.symbols...done.
r> done.
r> Loaded symbols for /boot/kernel/acpi.ko
r> Reading symbols from /boot/kernel/pf.ko...Reading symbols from /boot/kernel/pf.ko.symbols...done.
r> done.
r> Loaded symbols for /boot/kernel/pf.ko
r> Reading symbols from /boot/kernel/smbfs.ko...Reading symbols from /boot/kernel/smbfs.ko.symbols...done.
r> done.
r> Loaded symbols for /boot/kernel/smbfs.ko
r> Reading symbols from /boot/kernel/libiconv.ko...Reading symbols from /boot/kernel/libiconv.ko.symbols...done.
r> done.
r> Loaded symbols for /boot/kernel/libiconv.ko
r> Reading symbols from /boot/kernel/libmchain.ko...Reading symbols from /boot/kernel/libmchain.ko.symbols...done.
r> done.
r> Loaded symbols for /boot/kernel/libmchain.ko
r> Reading symbols from /boot/kernel/linux.ko...Reading symbols from /boot/kernel/linux.ko.symbols...done.
r> done.
r> Loaded symbols for /boot/kernel/linux.ko
r> Reading symbols from /boot/kernel/logo_saver.ko...Reading symbols from /boot/kernel/logo_saver.ko.symbols...done.
r> done.
r> Loaded symbols for /boot/kernel/logo_saver.ko
r> Reading symbols from /boot/kernel/ng_socket.ko...Reading symbols from /boot/kernel/ng_socket.ko.symbols...done.
r> done.
r> Loaded symbols for /boot/kernel/ng_socket.ko
r> Reading symbols from /boot/kernel/netgraph.ko...Reading symbols from /boot/kernel/netgraph.ko.symbols...done.
r> done.
r> Loaded symbols for /boot/kernel/netgraph.ko
r> Reading symbols from /boot/kernel/if_bridge.ko...Reading symbols from /boot/kernel/if_bridge.ko.symbols...done.
r> done.
r> Loaded symbols for /boot/kernel/if_bridge.ko
r> Reading symbols from /boot/kernel/bridgestp.ko...Reading symbols from /boot/kernel/bridgestp.ko.symbols...done.
r> done.
r> Loaded symbols for /boot/kernel/bridgestp.ko
r> #0 doadump () at pcpu.h:196
r> 196 pcpu.h: No such file or directory.
r> in pcpu.h
r> (kgdb) backtrace
r> #0 doadump () at pcpu.h:196
r> #1 0xc079a07e in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:418
r> #2 0xc079a352 in panic (fmt=Variable "fmt" is not available.
r> ) at /usr/src/sys/kern/kern_shutdown.c:574
r> #3 0xc0493a07 in db_panic (addr=Could not find the frame base for "db_panic".
r> ) at /usr/src/sys/ddb/db_command.c:446
r> #4 0xc049440c in db_command (last_cmdp=0xc0c48114, cmd_table=0x0, dopager=1)
r> at /usr/src/sys/ddb/db_command.c:413
r> #5 0xc049451a in db_command_loop () at /usr/src/sys/ddb/db_command.c:466
r> #6 0xc0495d0d in db_trap (type=3, code=0) at /usr/src/sys/ddb/db_main.c:228
r> #7 0xc07c3866 in kdb_trap (type=3, code=0, tf=0xe69ceac8)
r> at /usr/src/sys/kern/subr_kdb.c:524
r> #8 0xc0a9fb5b in trap (frame=0xe69ceac8) at /usr/src/sys/i386/i386/trap.c:688
r> #9 0xc0a8541b in calltrap () at /usr/src/sys/i386/i386/exception.s:159
r> #10 0xc07c39ea in kdb_enter_why (why=0xc0b42038 "panic",
r> msg=0xc0b42038 "panic") at cpufunc.h:60
r> #11 0xc079a336 in panic (fmt=0xc0af1d18 "Bad link elm %p next->prev != elm")
r> at /usr/src/sys/kern/kern_shutdown.c:557
r> #12 0xc07d4b3b in doselwakeup (sip=0xc4f0c1f0, pri=88)
r> at /usr/src/sys/kern/sys_generic.c:1138
r> #13 0xc07d4c1e in selwakeuppri (sip=0xc4f0c1f0, pri=88)
r> at /usr/src/sys/kern/sys_generic.c:1114
r> #14 0xc07d9c8e in pipe_write (fp=0xc42b95f0, uio=0xe69cec60,
r> active_cred=0xc4aa8800, flags=0, td=0xc4bc8aa0)
r> at /usr/src/sys/kern/sys_pipe.c:528
r> ---Type <return> to continue, or q <return> to quit---#15 0xc07d6095 in dofilewrite (td=0xc4bc8aa0, fd=4, fp=0xc42b95f0,
r> auio=0xe69cec60, offset=-1, flags=0) at file.h:256
r> #16 0xc07d6318 in kern_writev (td=0xc4bc8aa0, fd=4, auio=0xe69cec60)
r> at /usr/src/sys/kern/sys_generic.c:401
r> #17 0xc07d638f in write (td=0xc4bc8aa0, uap=0xe69cecfc)
r> at /usr/src/sys/kern/sys_generic.c:317
r> #18 0xc0a9f2d3 in syscall (frame=0xe69ced38)
r> at /usr/src/sys/i386/i386/trap.c:1090
r> #19 0xc0a85480 in Xint0x80_syscall ()
r> at /usr/src/sys/i386/i386/exception.s:255
r> #20 0x00000033 in ?? ()
r> Previous frame inner to this frame (corrupt stack?)
r> (kgdb) list *0xc07d4b3b
r> 0xc07d4b3b is in doselwakeup (/usr/src/sys/kern/sys_generic.c:1138).
r> 1133 }
r> 1134 if (td == NULL) {
r> 1135 mtx_unlock(&sellock);
r> 1136 return;
r> 1137 }
r> 1138 TAILQ_REMOVE(&td->td_selq, sip, si_thrlist);
r> 1139 sip->si_thread = NULL;
r> 1140 thread_lock(td);
r> 1141 td->td_flags &= ~TDF_SELECT;
r> 1142 thread_unlock(td);
r> (kgdb)
Some more data from the debugger session:
(kgdb) frame 12
#12 0xc07d4b3b in doselwakeup (sip=0xc4f0c1f0, pri=88) at /usr/src/sys/kern/sys_generic.c:1138
1138 TAILQ_REMOVE(&td->td_selq, sip, si_thrlist);
(kgdb) p *sip
$2 = {si_thrlist = {tqe_next = 0xc5137d50, tqe_prev = 0xc4682ce0}, si_thread = 0xc4682cc0, si_note = {
kl_list = {slh_first = 0x0}, kl_lock = 0xc0770070 <knlist_mtx_lock>,
kl_unlock = 0xc07700a0 <knlist_mtx_unlock>, kl_locked = 0xc0773640 <knlist_mtx_locked>,
kl_lockarg = 0xc4f0c2fc}, si_flags = 0}
(kgdb) p *sip->si_thrlist.tqe_next
$6 = {si_thrlist = {tqe_next = 0x0, tqe_prev = 0x0}, si_thread = 0x0, si_note = {kl_list = {
slh_first = 0x0}, kl_lock = 0xc0770070 <knlist_mtx_lock>,
kl_unlock = 0xc07700a0 <knlist_mtx_unlock>, kl_locked = 0xc0773640 <knlist_mtx_locked>,
kl_lockarg = 0xc5137d74}, si_flags = 0}
(kgdb) p **sip->si_thrlist.tqe_prev
$12 = {si_thrlist = {tqe_next = 0xc5137d50, tqe_prev = 0xc4682ce0}, si_thread = 0xc4682cc0, si_note = {
kl_list = {slh_first = 0x0}, kl_lock = 0xc0770070 <knlist_mtx_lock>,
kl_unlock = 0xc07700a0 <knlist_mtx_unlock>, kl_locked = 0xc0773640 <knlist_mtx_locked>,
kl_lockarg = 0xc4f0c2fc}, si_flags = 0}
Also, I tried FreeBSD 8.0-CURRENT kernel (with 7STABLE userland). When I run
/usr/local/etc/rc.d/ejabberd stop it panics too with the same message.
Architecture: i386
Architecture Version: 1
Dump Length: 187904B (0 MB)
Blocksize: 512
Dumptime: Sun Feb 8 23:47:58 2009
Hostname: zhuzha.ua1
Magic: FreeBSD Text Dump
Version String: FreeBSD 8.0-CURRENT #0 r188297: Sun Feb 8 22:39:36 EET 2009
root at zhuzha.ua1:/home/golub/freebsd/build/obj/home/golub/freebsd/src/sys/DEBUG
Panic String: Bad link elm 0xc5005a80 prev->next != elm
Dump Parity: 1084020072
Bounds: 2
Dump Status: good
--
Mikolaj Golub
More information about the freebsd-bugs
mailing list