kern/71827: Running java applications causes kernel panic.

Wade Klaver archeron at wavefire.com
Wed Sep 22 16:50:32 PDT 2004


The following reply was made to PR kern/71827; it has been noted by GNATS.

From: Wade Klaver <archeron at wavefire.com>
To: freebsd-gnats-submit at FreeBSD.org, archeron at wavefire.com
Cc:  
Subject: Re: kern/71827: Running java applications causes kernel panic.
Date: Wed, 22 Sep 2004 16:44:55 -0700

 New developments.
 First, this box has been updated:
 
 Second, I finally have a proper core and backtrace:
 root at -/:savecore /opt/crash/ /dev/ad0s1b
 savecore: reboot after panic: sched_add: kse 0xc6983cb4 (java) already in run 
 queue
 savecore: unable to open bounds file, using 0
 savecore: writing core to vmcore.0
 ...
 Script started on Wed Sep 22 16:40:09 2004
 bash-2.05b# ls 
 -l /opt/crash/opt/crashsavecore /opt/crash/ /dev/ad0s1b
 bash-2.05b# ls /opt/crash-l /opt/crash
 bash-2.05b# kgdb kernel.debug /opt/crash/vmcore.0
 [GDB will not be able to debug user-mode threads: /usr/lib/libthread_db.so: 
 Undefined symbol "ps_pglobal_lookup"]
 GNU gdb 6.1.1 [FreeBSD]
 Copyright 2004 Free Software Foundation, Inc.
 GDB is free software, covered by the GNU General Public License, and you are
 welcome to change it and/or distribute copies of it under certain conditions.
 Type "show copying" to see the conditions.
 There is absolutely no warranty for GDB.  Type "show warranty" for details.
 This GDB was configured as "i386-marcel-freebsd".
 doadump () at pcpu.h:159
 (kgdb) bt full
 #0  doadump () at pcpu.h:159
 No locals.
 #1  0xc0454b7e in db_fncall (dummy1=0, dummy2=0, dummy3=-1065307904, 
 dummy4=0xe7795898 "´XyçÔ\204PÀ")
     at /usr/src/sys/ddb/db_command.c:531
 	fn_addr = -1068434840
 	args = {0 <repeats 11 times>}
 	nargs = 11
 	retval = 0
 	func = (fcn_10args_t *) 0xc050fa68 <doadump>
 	t = 0
 #2  0xc045498c in db_command (last_cmdp=0xc07b4d64, cmd_table=0x0, 
 aux_cmd_tablep=0xc0778be8, aux_cmd_tablep_end=0xc0778bec)
     at /usr/src/sys/ddb/db_command.c:349
 	cmd = (struct command *) 0xc077f660
 	t = 0
 	modif = "´XyçÔ\204PÀ\000±\200À\001\000\000\000
 ´Xyçø\003\000\000äXyç\000\000\000\000ÐXyçø\003\000\000ÔXyçýÏgÀø\003\000\000ø\003\000\000\r\000\000\000üXyç\002ÒgÀäXyçø\003\000\000\001\000\017\003x\000\000\000`V{À\000\000\000\000\020YyçÜhEÀóþtÀLfEÀ\000\000\000\000`V{Àþ]EÀ"
 	addr = 0
 	count = -1065307904
 	have_addr = 0
 	result = 0
 #3  0xc0454a54 in db_command_loop () at /usr/src/sys/ddb/db_command.c:455
 No locals.
 #4  0xc04565b9 in db_trap (type=3, code=0) at /usr/src/sys/ddb/db_main.c:221
 	jb = {{_jb = {-411477680, -411477700, -411477628, -1018255328, 0, 
 -1069193902, 2, -1018255328, 0, -411477624, 
       -1068309664, 2}}}
 	prev_jb = (void *) 0x0
 	bkpt = 0
 #5  0xc05278bf in kdb_trap (type=3, code=0, tf=0x1) 
 at /usr/src/sys/kern/subr_kdb.c:418
 	did_stop_cpus = 1
 	handled = -1018255328
 #6  0xc069da60 in trap (frame=
       {tf_fs = -411500520, tf_es = -1068367856, tf_ds = -1066074096, tf_edi = 
 -1066069624, tf_esi = 1, tf_ebp = -411477480, tf_isp = -411477500, tf_ebx = 
 -411477436, tf_edx = 0, tf_ecx = -1056882688, tf_eax = 18, tf_trapno = 3, 
 tf_err = 0, tf_eip = -1068337629, tf_cs = 8, tf_eflags = 134, tf_esp = 
 -411477448, tf_ss = -1068432621}) at /usr/src/sys/i386/i386/trap.c:576
 	td = (struct thread *) 0xc34ea820
 	p = (struct proc *) 0xc68f1a80
 	sticks = 3883489752
 	i = 0
 	ucode = 0
 	type = 3
 	code = 0
 	eva = 0
 #7  0xc068e27a in calltrap () at /usr/src/sys/i386/i386/exception.s:140
 No locals.
 #8  0xe7790018 in ?? ()
 No symbol table info available.
 #9  0xc0520010 in sched_class (kg=0xc0751188, class=256) 
 at /usr/src/sys/kern/sched_ule.c:1433
 	kseq = (struct kseq *) 0x1
 	ke = (struct td_sched *) 0x0
 	td = (struct thread *) 0xe7795a44
 	nclass = 0
 	oclass = 3
 #10 0xc0510313 in panic (fmt=0x86 <Address 0x86 out of bounds>) 
 at /usr/src/sys/kern/kern_shutdown.c:537
 ---Type <return> to continue, or q <return> to quit---
 	td = (struct thread *) 0xc34ea820
 	bootopt = 256
 	newpanic = 8
 	ap = 0xc0527623 "\220ÉÃ\211öU\211åWVSÇ\005Ào|À"
 	buf = "sched_add: kse 0xc6983cb4 (java) already in run queue", '\0' <repeats 
 202 times>
 #11 0xc052054d in sched_add_internal (td=0xc6983b60, preemptive=1) 
 at /usr/src/sys/kern/sched_ule.c:1692
 	kseq = (struct kseq *) 0xc07c0260
 	kg = (struct ksegrp *) 0x0
 	ke = (struct td_sched *) 0xc6983cb4
 	canmigrate = -1065622656
 	class = 0
 #12 0xc05204d8 in sched_add (td=0x0, flags=0) 
 at /usr/src/sys/kern/sched_ule.c:1672
 No locals.
 #13 0xc0520b61 in slot_fill (kg=0xc68f2af0) at kern_switch.c:217
 	td = (struct thread *) 0x0
 #14 0xc051fcb8 in sched_switch (td=0xc34ea820, newtd=0x0, flags=1) 
 at /usr/src/sys/kern/sched_ule.c:1277
 	ke = (struct td_sched *) 0xc34ea974
 #15 0xc0515ee4 in mi_switch (flags=1, newtd=0x0) 
 at /usr/src/sys/kern/kern_synch.c:340
 	new_switchtime = {sec = 109174, frac = 7524514413860760694}
 	td = (struct thread *) 0xc34ea820
 	p = (struct proc *) 0xc68f1a80
 	__func__ = "mi_switch"
 #16 0xc052fa9c in turnstile_wait (ts=0xc2aec0c0, lock=0xc07be3c0, 
 owner=0xc23799c0) at /usr/src/sys/kern/subr_turnstile.c:562
 	tc = (struct turnstile_chain *) 0xc07c9938
 	td = (struct thread *) 0xc34ea820
 	td1 = (struct thread *) 0xc34eab60
 #17 0xc05086fb in _mtx_lock_sleep (m=0xc07be3c0, td=0xc34ea820, opts=0, 
 file=0xc074c79b "/usr/src/sys/kern/kern_condvar.c", 
     line=334) at /usr/src/sys/kern/kern_mutex.c:551
 	ts = (struct turnstile *) 0xc2aec0c0
 	owner = (struct thread *) 0xc23799c0
 	v = 0
 #18 0xc05082e9 in _mtx_lock_flags (m=0xc07be3c0, opts=0, file=0xc074c79b 
 "/usr/src/sys/kern/kern_condvar.c", line=334)
     at /usr/src/sys/kern/kern_mutex.c:264
 No locals.
 #19 0xc04efb36 in cv_timedwait_sig (cvp=0xc07ee8c4, mp=0xc07ee8a0, timo=90001) 
 at /usr/src/sys/kern/kern_condvar.c:334
 	_giantcnt = 0
 	Giant__wf = 0xc0753b81 "/usr/src/sys/kern/sys_generic.c"
 	Giant__wl = 864
 	sq = (struct sleepqueue *) 0xc3736220
 	td = (struct thread *) 0xc34ea820
 	rval = 0
 	sig = 0
 	mp__wf = 0xc0753b81 "/usr/src/sys/kern/sys_generic.c"
 	mp__wl = 912
 	__func__ = "cv_timedwait_sig"
 #20 0xc0533a4b in poll (td=0xc34ea820, uap=0xe7795d14) 
 at /usr/src/sys/kern/sys_generic.c:937
 	bits = (struct pollfd *) 0xe7795be0
 	smallbits = {{fd = 119, events = 9, revents = 0}, {fd = -1068463931, events = 
 -7296, revents = -16261}, {fd = 0, 
     events = -3832, revents = -16268}, {fd = 711, events = -7232, revents = 
 -16261}, {fd = 762, events = 24891, 
     revents = -16267}, {fd = -411476948, events = -31844, revents = -16304}, 
 {fd = -1065622592, events = 0, revents = 0}, {
     fd = -1066049221, events = 762, revents = 0}, {fd = 0, events = 23756, 
 revents = -6279}, {fd = -1018255328, 
     events = 23676, revents = -6279}, {fd = -411476936, events = -23360, 
 revents = -16241}, {fd = -411476884, 
     events = 31919, revents = -16303}, {fd = -1064247360, events = -14608, 
 revents = 26849}, {fd = 42608563, 
     events = -12974, revents = -10772}, {fd = -411476796, events = 23692, 
 revents = -6279}, {fd = 1091337, events = 7936, 
 ---Type <return> to continue, or q <return> to quit---
     revents = -16263}, {fd = -411476852, events = -22496, revents = -15538}, 
 {fd = -1028354832, events = 23680, 
     revents = -6279}, {fd = -1068401236, events = 23692, revents = -6279}, {fd 
 = -411476808, events = -22496, 
     revents = -15538}, {fd = -411476832, events = 32261, revents = -16303}, 
 {fd = -411476852, events = 6784, 
     revents = -14705}, {fd = -1028354832, events = -22496, revents = -15538}, 
 {fd = -1068500367, events = 23736, 
     revents = -6279}, {fd = 134546372, events = 8, revents = 0}, {fd = 
 -411476808, events = 0, revents = 0}, {fd = 0, 
     events = 10992, revents = -14705}, {fd = 1095893493, events = 11994, 
 revents = 353}, {fd = 0, events = 6784, 
     revents = -14705}, {fd = 0, events = -22496, revents = -15538}, {fd = 
 -963700096, events = 23872, revents = -6279}, {
     fd = -1068500705, events = -1717, revents = -16305}}
 	atv = {tv_sec = 110072, tv_usec = 962453}
 	rtv = {tv_sec = 109172, tv_usec = 962453}
 	ttv = {tv_sec = 900, tv_usec = 0}
 	error = 0
 	timo = 90001
 	ncoll = 15592
 	nfds = 1
 	ni = 8
 #21 0xc069e1f7 in syscall (frame=
       {tf_fs = 138149935, tf_es = 47, tf_ds = -1082523601, tf_edi = 139359744, 
 tf_esi = 139359232, tf_ebp = -1095568936, tf_isp = -411476620, tf_ebx = 
 1208629308, tf_edx = 136764896, tf_ecx = 0, tf_eax = 209, tf_trapno = 22, 
 tf_err = 2, tf_eip = 1208956675, tf_cs = 31, tf_eflags = 642, tf_esp = 
 -1095568980, tf_ss = 47}) at /usr/src/sys/i386/i386/trap.c:1001
 	params = 0xbeb2f1b0 <Address 0xbeb2f1b0 out of bounds>
 	callp = (struct sysent *) 0xc078cc88
 	td = (struct thread *) 0xc34ea820
 	p = (struct proc *) 0xc68f1a80
 	orig_tf_eflags = 642
 	sticks = 5
 	error = 0
 	narg = 3
 	args = {-1095568880, 1, 900000, 0, 0, 0, 5, -963700096}
 	code = 209
 #22 0xc068e2cf in Xint0x80_syscall () 
 at /usr/src/sys/i386/i386/exception.s:201
 No locals.
 #23 0x083c002f in ?? ()
 No symbol table info available.
 #24 0x0000002f in ?? ()
 No symbol table info available.
 #25 0xbf7a002f in ?? ()
 No symbol table info available.
 #26 0x084e7600 in ?? ()
 No symbol table info available.
 #27 0x084e7400 in ?? ()
 No symbol table info available.
 #28 0xbeb2f1d8 in ?? ()
 No symbol table info available.
 #29 0xe7795d74 in ?? ()
 No symbol table info available.
 #30 0x480a383c in ?? ()
 No symbol table info available.
 #31 0x0826dde0 in ?? ()
 No symbol table info available.
 #32 0x00000000 in ?? ()
 No symbol table info available.
 #33 0x000000d1 in ?? ()
 No symbol table info available.
 ---Type <return> to continue, or q <return> to quit---
 #34 0x00000016 in ?? ()
 No symbol table info available.
 #35 0x00000002 in ?? ()
 No symbol table info available.
 #36 0x480f3703 in ?? ()
 No symbol table info available.
 #37 0x0000001f in ?? ()
 No symbol table info available.
 #38 0x00000282 in ?? ()
 No symbol table info available.
 #39 0xbeb2f1ac in ?? ()
 No symbol table info available.
 #40 0x0000002f in ?? ()
 No symbol table info available.
 #41 0x00000000 in ?? ()
 No symbol table info available.
 #42 0x00000000 in ?? ()
 No symbol table info available.
 #43 0x00000000 in ?? ()
 No symbol table info available.
 #44 0x00000000 in ?? ()
 No symbol table info available.
 #45 0x12031000 in ?? ()
 No symbol table info available.
 #46 0xc34ea974 in ?? ()
 No symbol table info available.
 #47 0xc32a3000 in ?? ()
 No symbol table info available.
 #48 0xe7795a98 in ?? ()
 No symbol table info available.
 #49 0xe7795a80 in ?? ()
 No symbol table info available.
 #50 0xc34ea820 in ?? ()
 No symbol table info available.
 #51 0xc051fcff in sched_switch (td=0x480a383c, newtd=0x84e7400, flags=Cannot 
 access memory at address 0xbeb2f1e8
 ) at /usr/src/sys/kern/sched_ule.c:1286
 	ke = (struct td_sched *) 0x84e7600
 Previous frame inner to this frame (corrupt stack?)
 (kgdb) q
 bash-2.05b# exit
 
 Script done on Wed Sep 22 16:40:43 2004
 
 
 FreeBSD arch.wavefire.com 5.3-BETA5 FreeBSD 5.3-BETA5 #2: Mon Sep 20 17:10:46 
 PDT 2004     root at arch.wavefire.com:/usr/obj/usr/src/sys/WORKSTATION-5.0-SMP  
 i386
 
 I am hearing that sched_ule is not a priority for now so I shall leave this as 
 my final post on this subject.  If anyone wants more info, please let me 
 know.
 
  -Wade Klaver


More information about the freebsd-bugs mailing list