From owner-freebsd-current@FreeBSD.ORG Sun Sep 10 18:44:01 2006 Return-Path: X-Original-To: current@freebsd.org Delivered-To: freebsd-current@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5622416A415 for ; Sun, 10 Sep 2006 18:44:01 +0000 (UTC) (envelope-from kris@obsecurity.org) Received: from elvis.mu.org (elvis.mu.org [192.203.228.196]) by mx1.FreeBSD.org (Postfix) with ESMTP id E2C4843D6A for ; Sun, 10 Sep 2006 18:44:00 +0000 (GMT) (envelope-from kris@obsecurity.org) Received: from obsecurity.dyndns.org (elvis.mu.org [192.203.228.196]) by elvis.mu.org (Postfix) with ESMTP id 807AF1A3C20; Sun, 10 Sep 2006 11:44:00 -0700 (PDT) Received: by obsecurity.dyndns.org (Postfix, from userid 1000) id B3CDC513F0; Sun, 10 Sep 2006 14:43:59 -0400 (EDT) Date: Sun, 10 Sep 2006 14:43:59 -0400 From: Kris Kennaway To: Alexander Leidinger Message-ID: <20060910184359.GA7152@xor.obsecurity.org> References: <20060910194536.1b699733@Magellan.Leidinger.net> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="WIyZ46R2i8wDzkSu" Content-Disposition: inline In-Reply-To: <20060910194536.1b699733@Magellan.Leidinger.net> User-Agent: Mutt/1.4.2.2i Cc: current@freebsd.org Subject: Re: panic: System call old.recv returning with 1 locks held X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 10 Sep 2006 18:44:01 -0000 --WIyZ46R2i8wDzkSu Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sun, Sep 10, 2006 at 07:45:36PM +0200, Alexander Leidinger wrote: > Hi, >=20 > while running the Linux Test Project (ltp.sf.net) testsuite to check > for bugs in our linuxolator, I got the panic mentioned in the subject. >=20 > LTP was executing the semop5 testcase. >=20 > The kernel dump doesn't look as if it is helpful: > ---snip--- > Unread portion of the kernel message buffer: > panic: System call old.recv returning with 1 locks held > Uptime: 3h51m44s > Physical memory: 503 MB > Dumping 101 MB: 86 70 54 (CTRL-C to abort) (CTRL-C to abort) (CTRL-C to= abort) 38 (CTRL-C to abort) (CTRL-C to abort) (CTRL-C to abort) 22 6 >=20 > #0 doadump () at pcpu.h:166 > 166 __asm __volatile("movl %%fs:0,%0" : "=3Dr" (td)); > (kgdb) kldsyms > add symbol table from file > "/big/usr/src/sys/i386/compile/WORK/modules/big/usr/src/sys/modules/accf_= data/accf_data.ko.debug" > at .text_addr =3D 0xc078e498 > [...] > add symbol table from file > "/big/usr/src/sys/i386/compile/WORK/modules/big/usr/src/sys/modules/sysvi= pc/sysvmsg/sysvmsg.ko.debug" > at .text_addr =3D 0xc07e33dc .data_addr =3D 0xc07e5900 > .bss_addr =3D 0xc07e5e88 > add symbol table from file > "/big/usr/src/sys/i386/compile/WORK/modules/big/usr/src/sys/modules/sysvi= pc/sysvsem/sysvsem.ko.debug" > at .text_addr =3D 0xc07e9790 .data_addr =3D 0xc07ec280 > .bss_addr =3D 0xc07ec8a4 > add symbol table from file > "/big/usr/src/sys/i386/compile/WORK/modules/big/usr/src/sys/modules/sysvi= pc/sysvshm/sysvshm.ko.debug" > at .text_addr =3D 0xc07ef4dc .data_addr =3D 0xc07f16a0 > .bss_addr =3D 0xc07f1c6c > [...] > add symbol table from file > "/big/usr/src/sys/i386/compile/WORK/modules/big/usr/src/sys/modules/linux= /linux.ko.debug" > at .text_addr =3D 0xc2a2b248 .data_addr =3D 0xc2a3b000 > .bss_addr =3D 0xc2a3d780 > [...] > (kgdb) bt > #0 doadump () at pcpu.h:166 > During symbol reading, Incomplete CFI data; unspecified registers at > 0xc04945a2.#1 0xc0494c72 in boot (howto=3D0x104) > at ../../../kern/kern_shutdown.c:409 #2 0xc04947c1 in panic > (fmt=3D0xc05c43b9 "System call %s returning with %d locks held") > at ../../../kern/kern_shutdown.c:565 #3 0xc0588f7b in syscall (frame=3D > {tf_fs =3D 0x3b, tf_es =3D 0x3b, tf_ds =3D 0x3b, tf_edi =3D 0x28060ca0, t= f_esi > =3D 0x0, tf_ebp =3D 0xbfbfea28, tf_isp =3D 0xd5b4ed64, tf_ebx =3D 0x9, tf= _edx =3D > 0x2817bff4, tf_ecx =3D 0xbfbfea00, tf_eax =3D 0xffffffa6, tf_trapno =3D 0= xc, > tf_err =3D 0x2, tf_eip =3D 0x28120706, tf_cs =3D 0x33, tf_eflags =3D 0x24= 7, > tf_esp =3D 0xbfbfe9fc, tf_ss =3D 0x3b}) at ../../../i386/i386/trap.c:1060 > #4 0xc057a7ff in Xint0x80_syscall () > at ../../../i386/i386/exception.s:191 #5 0x00000033 in ?? () Previous > frame inner to this frame (corrupt stack?) > ---snip--- >=20 > Any ideas how to get more helpful info out of this? Enable DEBUG_LOCKS and DEBUG_VFS_LOCKS then run 'show lockedvnods' from DDB to find out where the lockmgr lock was acquired. Kris --WIyZ46R2i8wDzkSu Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (FreeBSD) iD8DBQFFBFzvWry0BWjoQKURAnufAKCr/vDi8eiszgYVwUAquSez+QhjUgCghSjK GbhlxiTDEIObwClYHaeOQ70= =7wOv -----END PGP SIGNATURE----- --WIyZ46R2i8wDzkSu--