Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 11 Sep 2006 19:47:40 +0200
From:      Alexander Leidinger <Alexander@Leidinger.net>
To:        Pawel Jakub Dawidek <pjd@freebsd.org>
Cc:        current@freebsd.org, Kris Kennaway <kris@obsecurity.org>
Subject:   Re: panic: System call old.recv returning with 1 locks held
Message-ID:  <20060911194740.0c671c28@Magellan.Leidinger.net>
In-Reply-To: <20060911100117.GA92022@garage.freebsd.pl>
References:  <20060910194536.1b699733@Magellan.Leidinger.net> <20060910184359.GA7152@xor.obsecurity.org> <20060910230003.28fbc780@Magellan.Leidinger.net> <20060910211556.GA9924@xor.obsecurity.org> <20060911100117.GA92022@garage.freebsd.pl>

next in thread | previous in thread | raw e-mail | index | archive | help
Quoting Pawel Jakub Dawidek <pjd@FreeBSD.org> (Mon, 11 Sep 2006 12:01:18 +0200):

> In HEAD (not sure if it was MFCed) jhb@ added code to track number of
> mutexes/sx-locks acquired/released. So bascially this panic can happen
> when you leak a lock of any kind.
> 
> 'show alllocks' has to show them when the kernel (and modules) is
> compiled with WITNESS.

exclusive sleep mutex so_snd r=0 (0xc2b204c4) locked @ kern/uipc_socket.c:984

---snip---
(kgdb) bt
#0  doadump () at pcpu.h:166
During symbol reading, Incomplete CFI data; unspecified registers at
0xc049569e.#1  0xc043c4a5 in db_fncall (dummy1=0xc04b058b, dummy2=0x0,
dummy3=0xffffffff, dummy4=0xd5f34a7c "")
at ../../../ddb/db_command.c:481 #2  0xc043c77c in db_command_loop ()
at ../../../ddb/db_command.c:396 #3  0xc043dfce in db_trap (type=0x3,
code=0x0) at ../../../ddb/db_main.c:221 #4  0xc04b08d7 in kdb_trap
(type=0x3, code=0x0, tf=0x0) at ../../../kern/subr_kdb.c:502 #5
0xc058e1a4 in trap (frame= {tf_fs = 0x8, tf_es = 0x28, tf_ds = 0x28,
tf_edi = 0x100, tf_esi = 0xc05b4a30, tf_ebp = 0xd5f34c3c, tf_isp =
0xd5f34c28, tf_ebx = 0xd5f34c64, tf_edx = 0xc05b03be, tf_ecx =
0xc05b2a79, tf_eax = 0xc05b2a69, tf_trapno = 0x3, tf_err = 0x0, tf_eip
= 0xc04b058b, tf_cs = 0x20, tf_eflags = 0x282, tf_esp = 0xd5f34c58,
tf_ss = 0xc0495870}) at ../../../i386/i386/trap.c:620 #6  0xc057fefa in
calltrap () at ../../../i386/i386/exception.s:138 #7  0xc04b058b in
kdb_enter (msg=0xc05b2a69 "KDB: enter: %s\n") at cpufunc.h:60 #8
0xc0495870 in panic (fmt=0xc05b4a30 "witness_warn")
at ../../../kern/kern_shutdown.c:549 #9  0xc04bac2e in witness_warn
(flags=0x1, lock=0x0, fmt=0xc05cc56b "System call %s returning")
at ../../../kern/subr_witness.c:1358 #10 0xc058e61f in syscall (frame=
{tf_fs = 0x3b, tf_es = 0x3b, tf_ds = 0x3b, tf_edi = 0x28060ca0, tf_esi
= 0x0, tf_ebp = 0xbfbfea28, tf_isp = 0xd5f34d64, tf_ebx = 0x9, tf_edx =
0x2817bff4, tf_ecx = 0xbfbfea00, tf_eax = 0xffffffa6, tf_trapno = 0xc,
tf_err = 0x2, tf_eip = 0x28120706, tf_cs = 0x33, tf_eflags = 0x247,
tf_esp = 0xbfbfe9fc, tf_ss = 0x3b}) at ../../../i386/i386/trap.c:1055
#11 0xc057ff4f in Xint0x80_syscall ()
at ../../../i386/i386/exception.s:191 #12 0x00000033 in ?? () Previous
frame inner to this frame (corrupt stack?)
---snip---

How to track this down?

The LTP test which causes this is send01 ("Verify that send() returns
the proper errno for various failure cases") executed as a linux
program:
http://ltp.cvs.sourceforge.net/ltp/ltp/testcases/kernel/syscalls/send/send01.c?revision=1.6&view=markup

Bye,
Alexander.

-- 
Love sometimes expresses itself in sacrifice.
		-- Kirk, "Metamorphosis", stardate 3220.3
http://www.Leidinger.net  Alexander @ Leidinger.net: PGP ID = B0063FE7
http://www.FreeBSD.org     netchild @ FreeBSD.org  : PGP ID = 72077137



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060911194740.0c671c28>