From owner-freebsd-bugs@FreeBSD.ORG Sun Feb 8 22:37:53 2009 Return-Path: Delivered-To: freebsd-bugs@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E09A91065729; Sun, 8 Feb 2009 22:37:53 +0000 (UTC) (envelope-from to.my.trociny@gmail.com) Received: from fg-out-1718.google.com (fg-out-1718.google.com [72.14.220.152]) by mx1.freebsd.org (Postfix) with ESMTP id 17C358FC08; Sun, 8 Feb 2009 22:37:52 +0000 (UTC) (envelope-from to.my.trociny@gmail.com) Received: by fg-out-1718.google.com with SMTP id l26so830704fgb.35 for ; Sun, 08 Feb 2009 14:37:52 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:to:cc:subject:references :organization:from:date:in-reply-to:message-id:user-agent :mime-version:content-type; bh=L6kTO86CavoNBv9t7mQgd1MSIs8x6k+2ba9Dd0gj0oo=; b=awZCC+QET3jb2rzZZ+5gm2ME6o1SYca7KLkXt9p5Q3sut/nUPGHNRt/jHVMQ5H08kj x2FToyzP6EeBEhmVyirhUldfDaARbn2qWiyxShIMN8fS1eh3KLVCEiUs1K/oiWqecqOP OxflCRybrA9mtJ/thWW0T6A4jMY+EBJq6pU8Y= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=to:cc:subject:references:organization:from:date:in-reply-to :message-id:user-agent:mime-version:content-type; b=NWpmf55TfonCjxcq77BU1sOAaayCDFnod2vyFL6Ni/u2EX5N/TJtneBCxDICYy+q40 oTPNvf/wXRSa+hhZNLlhcd85ikF+cqaawQ8GS1HGdrS76kHnfzxBsMgcZGkBDw9TA8rc k9XyLwrEt6bjcyPecvMIEMmLV5lcfLIFJ+PBA= Received: by 10.86.70.3 with SMTP id s3mr2359985fga.78.1234132672007; Sun, 08 Feb 2009 14:37:52 -0800 (PST) Received: from localhost ([195.69.244.128]) by mx.google.com with ESMTPS id e20sm1340204fga.16.2009.02.08.14.37.50 (version=TLSv1/SSLv3 cipher=RC4-MD5); Sun, 08 Feb 2009 14:37:51 -0800 (PST) To: remko@FreeBSD.org References: <200902081836.n18IaWut021698@freefall.freebsd.org> Organization: TOA Ukraine From: Mikolaj Golub Date: Mon, 09 Feb 2009 00:37:46 +0200 In-Reply-To: <200902081836.n18IaWut021698@freefall.freebsd.org> (remko@freebsd.org's message of "Sun\, 8 Feb 2009 18\:36\:32 GMT") Message-ID: <86ocxcwo5h.fsf@kopusha.onet> User-Agent: Gnus/5.11 (Gnus v5.11) Emacs/22.1 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: ad.sergey@gmail.com, freebsd-bugs@FreeBSD.org Subject: Re: kern/131290: [hang]: How to completely freeze FreeBSD 7.1 under a non-privileged user X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 08 Feb 2009 22:37:55 -0000 On Sun, 8 Feb 2009 18:36:32 GMT remko@FreeBSD.org wrote: r> Old Synopsis: How to completely freeze FreeBSD 7.1 under a non-privileged user r> New Synopsis: [hang]: How to completely freeze FreeBSD 7.1 under a non-privileged user r> State-Changed-From-To: closed->open r> State-Changed-By: remko r> State-Changed-When: Sun Feb 8 18:35:10 UTC 2009 r> State-Changed-Why: r> Reopen the ticket: r> Debugging info from Mikolaj Golub r> GNU gdb 6.1.1 [FreeBSD] r> Copyright 2004 Free Software Foundation, Inc. r> GDB is free software, covered by the GNU General Public License, and you are r> welcome to change it and/or distribute copies of it under certain conditions. r> Type "show copying" to see the conditions. r> There is absolutely no warranty for GDB. Type "show warranty" for details. r> This GDB was configured as "i386-marcel-freebsd"... r> Unread portion of the kernel message buffer: r> panic: Bad link elm 0xc4f0c1f0 next->prev != elm r> cpuid = 0 r> KDB: enter: panic r> exclusive sleep mutex sellck r = 0 (0xc0cc7204) locked @ /usr/src/sys/kern/sys_generic.c:1127 r> exclusive sleep mutex pipe mutex r = 0 (0xc4f0c2fc) locked @ /usr/src/sys/kern/sys_pipe.c:1132 r> panic: from debugger r> cpuid = 0 r> Uptime: 38m7s r> Physical memory: 1003 MB r> Dumping 116 MB: 101 85 69 53 37 21 5 r> Reading symbols from /boot/kernel/acpi.ko...Reading symbols from /boot/kernel/acpi.ko.symbols...done. r> done. r> Loaded symbols for /boot/kernel/acpi.ko r> Reading symbols from /boot/kernel/pf.ko...Reading symbols from /boot/kernel/pf.ko.symbols...done. r> done. r> Loaded symbols for /boot/kernel/pf.ko r> Reading symbols from /boot/kernel/smbfs.ko...Reading symbols from /boot/kernel/smbfs.ko.symbols...done. r> done. r> Loaded symbols for /boot/kernel/smbfs.ko r> Reading symbols from /boot/kernel/libiconv.ko...Reading symbols from /boot/kernel/libiconv.ko.symbols...done. r> done. r> Loaded symbols for /boot/kernel/libiconv.ko r> Reading symbols from /boot/kernel/libmchain.ko...Reading symbols from /boot/kernel/libmchain.ko.symbols...done. r> done. r> Loaded symbols for /boot/kernel/libmchain.ko r> Reading symbols from /boot/kernel/linux.ko...Reading symbols from /boot/kernel/linux.ko.symbols...done. r> done. r> Loaded symbols for /boot/kernel/linux.ko r> Reading symbols from /boot/kernel/logo_saver.ko...Reading symbols from /boot/kernel/logo_saver.ko.symbols...done. r> done. r> Loaded symbols for /boot/kernel/logo_saver.ko r> Reading symbols from /boot/kernel/ng_socket.ko...Reading symbols from /boot/kernel/ng_socket.ko.symbols...done. r> done. r> Loaded symbols for /boot/kernel/ng_socket.ko r> Reading symbols from /boot/kernel/netgraph.ko...Reading symbols from /boot/kernel/netgraph.ko.symbols...done. r> done. r> Loaded symbols for /boot/kernel/netgraph.ko r> Reading symbols from /boot/kernel/if_bridge.ko...Reading symbols from /boot/kernel/if_bridge.ko.symbols...done. r> done. r> Loaded symbols for /boot/kernel/if_bridge.ko r> Reading symbols from /boot/kernel/bridgestp.ko...Reading symbols from /boot/kernel/bridgestp.ko.symbols...done. r> done. r> Loaded symbols for /boot/kernel/bridgestp.ko r> #0 doadump () at pcpu.h:196 r> 196 pcpu.h: No such file or directory. r> in pcpu.h r> (kgdb) backtrace r> #0 doadump () at pcpu.h:196 r> #1 0xc079a07e in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:418 r> #2 0xc079a352 in panic (fmt=Variable "fmt" is not available. r> ) at /usr/src/sys/kern/kern_shutdown.c:574 r> #3 0xc0493a07 in db_panic (addr=Could not find the frame base for "db_panic". r> ) at /usr/src/sys/ddb/db_command.c:446 r> #4 0xc049440c in db_command (last_cmdp=0xc0c48114, cmd_table=0x0, dopager=1) r> at /usr/src/sys/ddb/db_command.c:413 r> #5 0xc049451a in db_command_loop () at /usr/src/sys/ddb/db_command.c:466 r> #6 0xc0495d0d in db_trap (type=3, code=0) at /usr/src/sys/ddb/db_main.c:228 r> #7 0xc07c3866 in kdb_trap (type=3, code=0, tf=0xe69ceac8) r> at /usr/src/sys/kern/subr_kdb.c:524 r> #8 0xc0a9fb5b in trap (frame=0xe69ceac8) at /usr/src/sys/i386/i386/trap.c:688 r> #9 0xc0a8541b in calltrap () at /usr/src/sys/i386/i386/exception.s:159 r> #10 0xc07c39ea in kdb_enter_why (why=0xc0b42038 "panic", r> msg=0xc0b42038 "panic") at cpufunc.h:60 r> #11 0xc079a336 in panic (fmt=0xc0af1d18 "Bad link elm %p next->prev != elm") r> at /usr/src/sys/kern/kern_shutdown.c:557 r> #12 0xc07d4b3b in doselwakeup (sip=0xc4f0c1f0, pri=88) r> at /usr/src/sys/kern/sys_generic.c:1138 r> #13 0xc07d4c1e in selwakeuppri (sip=0xc4f0c1f0, pri=88) r> at /usr/src/sys/kern/sys_generic.c:1114 r> #14 0xc07d9c8e in pipe_write (fp=0xc42b95f0, uio=0xe69cec60, r> active_cred=0xc4aa8800, flags=0, td=0xc4bc8aa0) r> at /usr/src/sys/kern/sys_pipe.c:528 r> ---Type to continue, or q to quit---#15 0xc07d6095 in dofilewrite (td=0xc4bc8aa0, fd=4, fp=0xc42b95f0, r> auio=0xe69cec60, offset=-1, flags=0) at file.h:256 r> #16 0xc07d6318 in kern_writev (td=0xc4bc8aa0, fd=4, auio=0xe69cec60) r> at /usr/src/sys/kern/sys_generic.c:401 r> #17 0xc07d638f in write (td=0xc4bc8aa0, uap=0xe69cecfc) r> at /usr/src/sys/kern/sys_generic.c:317 r> #18 0xc0a9f2d3 in syscall (frame=0xe69ced38) r> at /usr/src/sys/i386/i386/trap.c:1090 r> #19 0xc0a85480 in Xint0x80_syscall () r> at /usr/src/sys/i386/i386/exception.s:255 r> #20 0x00000033 in ?? () r> Previous frame inner to this frame (corrupt stack?) r> (kgdb) list *0xc07d4b3b r> 0xc07d4b3b is in doselwakeup (/usr/src/sys/kern/sys_generic.c:1138). r> 1133 } r> 1134 if (td == NULL) { r> 1135 mtx_unlock(&sellock); r> 1136 return; r> 1137 } r> 1138 TAILQ_REMOVE(&td->td_selq, sip, si_thrlist); r> 1139 sip->si_thread = NULL; r> 1140 thread_lock(td); r> 1141 td->td_flags &= ~TDF_SELECT; r> 1142 thread_unlock(td); r> (kgdb) Some more data from the debugger session: (kgdb) frame 12 #12 0xc07d4b3b in doselwakeup (sip=0xc4f0c1f0, pri=88) at /usr/src/sys/kern/sys_generic.c:1138 1138 TAILQ_REMOVE(&td->td_selq, sip, si_thrlist); (kgdb) p *sip $2 = {si_thrlist = {tqe_next = 0xc5137d50, tqe_prev = 0xc4682ce0}, si_thread = 0xc4682cc0, si_note = { kl_list = {slh_first = 0x0}, kl_lock = 0xc0770070 , kl_unlock = 0xc07700a0 , kl_locked = 0xc0773640 , kl_lockarg = 0xc4f0c2fc}, si_flags = 0} (kgdb) p *sip->si_thrlist.tqe_next $6 = {si_thrlist = {tqe_next = 0x0, tqe_prev = 0x0}, si_thread = 0x0, si_note = {kl_list = { slh_first = 0x0}, kl_lock = 0xc0770070 , kl_unlock = 0xc07700a0 , kl_locked = 0xc0773640 , kl_lockarg = 0xc5137d74}, si_flags = 0} (kgdb) p **sip->si_thrlist.tqe_prev $12 = {si_thrlist = {tqe_next = 0xc5137d50, tqe_prev = 0xc4682ce0}, si_thread = 0xc4682cc0, si_note = { kl_list = {slh_first = 0x0}, kl_lock = 0xc0770070 , kl_unlock = 0xc07700a0 , kl_locked = 0xc0773640 , kl_lockarg = 0xc4f0c2fc}, si_flags = 0} Also, I tried FreeBSD 8.0-CURRENT kernel (with 7STABLE userland). When I run /usr/local/etc/rc.d/ejabberd stop it panics too with the same message. Architecture: i386 Architecture Version: 1 Dump Length: 187904B (0 MB) Blocksize: 512 Dumptime: Sun Feb 8 23:47:58 2009 Hostname: zhuzha.ua1 Magic: FreeBSD Text Dump Version String: FreeBSD 8.0-CURRENT #0 r188297: Sun Feb 8 22:39:36 EET 2009 root@zhuzha.ua1:/home/golub/freebsd/build/obj/home/golub/freebsd/src/sys/DEBUG Panic String: Bad link elm 0xc5005a80 prev->next != elm Dump Parity: 1084020072 Bounds: 2 Dump Status: good -- Mikolaj Golub