Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 25 Feb 2006 17:42:19 -0500
From:      Kris Kennaway <kris@obsecurity.org>
To:        Kris Kennaway <kris@obsecurity.org>
Cc:        jroberson@chesapeake.net, stable@FreeBSD.org, jhb@FreeBSD.org
Subject:   Re: panic: thread with borrowed priority returning to userland
Message-ID:  <20060225224219.GA70406@xor.obsecurity.org>
In-Reply-To: <20060225141729.GK84519@xor.obsecurity.org>
References:  <20060225141729.GK84519@xor.obsecurity.org>
next in thread | previous in thread | raw e-mail | index | archive | help 

--IS0zKkzwUGydFO0o
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sat, Feb 25, 2006 at 09:17:30AM -0500, Kris Kennaway wrote:
> Panic on 6.1-PRERELEASE (package build machine):
>=20
> db> wh
> Tracing pid 85657 tid 100133 td 0xc2612600
> kdb_enter(c06cabdd,c07250c0,c06cc327,cdca4cac,100) at kdb_enter+0x30
> panic(c06cc327,2,c06cc3bf,267,2814d4e8) at panic+0xd5
> sched_userret(c2612600,c04e290d,c0724dc0,1,2814d4e8) at sched_userret+0x21
> userret(c2612600,cdca4d38,63,100,1010000) at userret+0xd8
> ast(cdca4d38) at ast+0x556
> doreti_ast() at doreti_ast+0x17
>=20
> Core available.

The only other process active was:

85837 c239d000    0 85836 73099 0004000 [LOCK vnode interlock c23cae40] pkg=
_add

which is holding a lock:

db> show lockedvnods
Locked vnodes

0xc2d09000: tag devfs, type VDIR
    usecount 2, writecount 0, refcount 2 mountedhere 0
    flags (VV_ROOT)
     lock type devfs: EXCL (count 1) by thread 0xc1f1fc00 (pid 85837)
db> wh 85837
Tracing pid 85837 tid 100077 td 0xc1f1fc00
sched_switch(c1f1fc00,0,1,118,8948ac5f) at sched_switch+0x190
mi_switch(1,0,c06cdf0d,253,c07293a8) at mi_switch+0x2e6
turnstile_wait(c3192d3c,c2612600,c06c9e64,225,c2612602) at turnstile_wait+0=
x3b6
_mtx_lock_sleep(c3192d3c,c1f1fc00,0,c06d264c,797) at _mtx_lock_sleep+0x137
_mtx_lock_flags(c3192d3c,0,c06d264c,797,2) at _mtx_lock_flags+0x9b
vget(c3192cc0,2,c1f1fc00,c23e8405,c2a2ce60) at vget+0x47
devfs_allocv(c2a2ce00,c1f5c400,cc9e8bd8,c1f1fc00,cc9e88a8) at devfs_allocv+=
0x43
devfs_lookupx(cc9e8998,c06c3419,23f,c06f89c0,cc9e8998) at devfs_lookupx+0x5=
69
devfs_lookup(cc9e8998,cc9e8998,c2d09000,c2d09000,0) at devfs_lookup+0x3e
VOP_LOOKUP_APV(c06f89c0,cc9e8998,cc9e8984,c1f1fc00,0) at VOP_LOOKUP_APV+0xb4
lookup(cc9e8bc4,0,c06d1dd1,b6,1b2) at lookup+0x488
namei(cc9e8bc4,c33bf660,c1f1fc00,cc9e8a58,c05529ed) at namei+0x468
vn_open_cred(cc9e8bc4,cc9e8cc4,0,c2c5e700,3) at vn_open_cred+0x2d8
vn_open(cc9e8bc4,cc9e8cc4,0,3,0) at vn_open+0x33
kern_open(c1f1fc00,2827b19f,0,1,0) at kern_open+0xc8
open(c1f1fc00,cc9e8d04,c,41d,3) at open+0x36
syscall(3b,3b,3b,bfbfd6f0,bfbfd705) at syscall+0x2c0
Xint0x80_syscall() at Xint0x80_syscall+0x1f
--- syscall (5, FreeBSD ELF32, open), eip =3D 0x28264eab, esp =3D 0xbfbfb7b=
c, ebp =3D 0xbfbfb8b8 ---
db>

Interestingly, almost the same trace appeared in an amd64 7.0 panic
overnight, on a machine with DEBUG_VFS_LOCKS enabled:

VNASSERT failed
0xffffff03067c13b0: tag none, type VBAD
    usecount 0, writecount 0, refcount 1 mountedhere 0
    flags (VI_DOOMED)
 VI_LOCKed
panic: No vop_lock(0xffffff03067c13b0, 0xffffffffae46c330)
cpuid =3D 3
KDB: enter: panic
[thread pid 5883 tid 100224 ]
Stopped at      kdb_enter+0x31: leave
db> wh
Tracing pid 5883 tid 100224 td 0xffffff0310aa97e0
kdb_enter() at kdb_enter+0x31
panic() at panic+0x1e6
VOP_LOCK_APV() at VOP_LOCK_APV+0xb4
vn_lock() at vn_lock+0xc8
vget() at vget+0xf0
devfs_allocv() at devfs_allocv+0x60
devfs_lookupx() at devfs_lookupx+0x53b
devfs_lookup() at devfs_lookup+0x43
VOP_LOOKUP_APV() at VOP_LOOKUP_APV+0xbb
lookup() at lookup+0x4b5
namei() at namei+0x3fb
vn_open_cred() at vn_open_cred+0x95
vn_open() at vn_open+0x17
kern_open() at kern_open+0xe6
open() at open+0x28
syscall() at syscall+0x350
Xfast_syscall() at Xfast_syscall+0xa8
--- syscall (5, FreeBSD ELF64, open), rip =3D 0x800979dec, rsp =3D 0x7fffff=
ffc4e8, rbp =3D 0x5c2dd0 ---
db>

Kris

--IS0zKkzwUGydFO0o
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.1 (FreeBSD)

iD8DBQFEAN1KWry0BWjoQKURAo6RAKCC6LsNhdV6ydRIXHgBDD0W92YCbgCg+pxy
wS/O+mzN69ODv035XIfoghA=
=XMSx
-----END PGP SIGNATURE-----

--IS0zKkzwUGydFO0o--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060225224219.GA70406>