From nobody@FreeBSD.org Tue May 2 12:30:50 2006 Return-Path: Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B963B16A404 for ; Tue, 2 May 2006 12:30:50 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (www.freebsd.org [216.136.204.117]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7044243D49 for ; Tue, 2 May 2006 12:30:50 +0000 (GMT) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (localhost [127.0.0.1]) by www.freebsd.org (8.13.1/8.13.1) with ESMTP id k42CUoAU034042 for ; Tue, 2 May 2006 12:30:50 GMT (envelope-from nobody@www.freebsd.org) Received: (from nobody@localhost) by www.freebsd.org (8.13.1/8.13.1/Submit) id k42CUori034040; Tue, 2 May 2006 12:30:50 GMT (envelope-from nobody) Message-Id: <200605021230.k42CUori034040@www.freebsd.org> Date: Tue, 2 May 2006 12:30:50 GMT From: Kouji Ito To: freebsd-gnats-submit@FreeBSD.org Subject: Panic : FreeBSD 5.3-RELEASE-p5 X-Send-Pr-Version: www-2.3 >Number: 96657 >Category: kern >Synopsis: [panic]: FreeBSD 5.3-RELEASE-p5 >Confidential: no >Severity: serious >Priority: low >Responsible: remko >State: closed >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Tue May 02 12:40:13 GMT 2006 >Closed-Date: Sat Jan 27 18:54:45 GMT 2007 >Last-Modified: Sat Jun 07 06:17:09 UTC 2008 >Originator: Kouji Ito >Release: FreeBSD 5.3-RELEASE-p5 >Organization: >Environment: FreeBSD 5.3-RELEASE-p5 SMP kernel Intel Xeon 2.8Ghz x 2 Mem 2GB >Description: The problem that is already revised please teach a revised source code. Which version will be good if I update a version of a kernel? 5.3-RELEASE-p29 or 5.5-PRERELEASE. Thank you. #0 doadump () at pcpu.h:159 #1 0xc060d61f in boot (howto=260) at ../../../kern/kern_shutdown.c:397 #2 0xc060d975 in panic (fmt=0xc08023df "%s") at ../../../kern/kern_shutdown.c:553 #3 0xc07bb018 in trap_fatal (frame=0xe59aabc0, eva=8) at ../../../i386/i386/trap.c:809 #4 0xc07ba715 in trap (frame= {tf_fs = -1009319912, tf_es = 32899088, tf_ds = -239796208, tf_edi = -1064472272, tf_esi = -1003314816, tf_ebp = -442848244, tf_isp = -442848276, tf_ebx = -1009257696, tf_edx = 0, tf_ecx = -1064454104, tf_eax = -997162656, tf_trapno = 12, tf_err = 2, tf_eip = -1067277058, tf_cs = 8, tf_eflags = 65666, tf_esp = 0, tf_ss = -1009257696}) at ../../../i386/i386/trap.c:247 #5 0xc07a8bca in calltrap () at ../../../i386/i386/exception.s:140 #6 0xc3d70018 in ?? () #7 0x01f60010 in ?? () #8 0xf1b50010 in ?? () #9 0xc08d7130 in proctree_lock () #10 0xc432a180 in ?? () #11 0xe59aac0c in ?? () #12 0xe59aabec in ?? () #13 0xc3d7f320 in ?? () #14 0x00000000 in ?? () #15 0xc08db828 in sleepq_chains () #16 0xc4908160 in ?? () #17 0x0000000c in ?? () #18 0x00000002 in ?? () #19 0xc062a4fe in sleepq_add (sq=0xc432a180, wchan=0xc08d7130, lock=0xc08d633c, wmesg=0x0, flags=1) at ../../../kern/subr_sleepqueue.c:294 #20 0xc05e8fab in cv_wait (cvp=0xc08d7130, mp=0xc08d633c) at ../../../kern/kern_condvar.c:127 #21 0xc0613814 in _sx_xlock (sx=0xc08d7100, file=0x0, line=0) at ../../../kern/kern_sx.c:175 #22 0xc05f6569 in kern_wait (td=0xc3d7f320, pid=-1, status=0xe59aac94, options=0, rusage=0xe59aac98) at ../../../kern/kern_exit.c:583 #23 0xc05f646b in wait4 (td=0xc3d7f320, uap=0xe59aad14) at ../../../kern/kern_exit.c:558 #24 0xc07bb32b in syscall (frame= {tf_fs = -1078001617, tf_es = -1078001617, tf_ds = -1078001617, tf_edi = -1077940476, tf_esi = -1077940488, tf_ebp = -1077940760, tf_isp = -442847884, tf_ebx = 0, tf_edx = 0, tf_ecx = 3, tf_eax = 7, tf_trapno = 3841, tf_err = 2, tf_eip = 134553095, tf_cs = 31, tf_eflags = 642, tf_esp = -1077940788, tf_ss = 47}) at ../../../i386/i386/trap.c:1001 #25 0xc07a8c1f in Xint0x80_syscall () at ../../../i386/i386/exception.s:201 #26 0xbfbf002f in ?? () #27 0xbfbf002f in ?? () #28 0xbfbf002f in ?? () #29 0xbfbfef04 in ?? () #30 0xbfbfeef8 in ?? () #31 0xbfbfede8 in ?? () #32 0xe59aad74 in ?? () #33 0x00000000 in ?? () #34 0x00000000 in ?? () #35 0x00000003 in ?? () #36 0x00000007 in ?? () #37 0x00000f01 in ?? () #38 0x00000002 in ?? () #39 0x08051e07 in ?? () #40 0x0000001f in ?? () #41 0x00000282 in ?? () #42 0xbfbfedcc in ?? () #43 0x0000002f in ?? () #44 0x00000000 in ?? () #45 0x00000000 in ?? () #46 0x00000000 in ?? () #47 0x00000000 in ?? () #48 0x9cecd000 in ?? () #49 0xc3d7ee20 in ?? () #50 0xc3d7f320 in ?? () #51 0xe59aab90 in ?? () #52 0xe59aab78 in ?? () #53 0xc3d7f4b0 in ?? () #54 0xc061dc57 in sched_switch (td=0xbfbfeef8, newtd=0x0, flags=Cannot access memory at address 0xbfbfedf8 ) at ../../../kern/sched_4bsd.c:865 Previous frame inner to this frame (corrupt stack?) (kgdb) fr 19 #19 0xc062a4fe in sleepq_add (sq=0xc432a180, wchan=0xc08d7130, lock=0xc08d633c, wmesg=0x0, flags=1) at ../../../kern/subr_sleepqueue.c:294 294 LIST_INSERT_HEAD(&sq->sq_free, td->td_sleepqueue, sq_hash); (kgdb) print *td $1 = {td_proc = 0xc3d7ee20, td_ksegrp = 0xc3d86bd0, td_plist = {tqe_next = 0x0, tqe_prev = 0xc3d7ee30}, td_kglist = {tqe_next = 0x0, tqe_prev = 0xc3d86bdc}, td_slpq = {tqe_next = 0xc3e65320, tqe_prev = 0xc432a180}, td_lockq = {tqe_next = 0x0, tqe_prev = 0x0}, td_runq = {tqe_next = 0x0, tqe_prev = 0x0}, td_selq = {tqh_first = 0x0, tqh_last = 0x0}, td_sleepqueue = 0x0, td_turnstile = 0xc3d84180, td_tid = 100002, td_flags = 16842754, td_inhibitors = 0, td_pflags = 0, td_dupfd = 0, td_wchan = 0xc08d7130, td_wmesg = 0xc081d6e1 "proctree", td_lastcpu = 3 '\003', td_oncpu = 2 '\002', td_locks = 0, td_blocked = 0x0, td_ithd = 0x0, td_lockname = 0x0, td_contested = { lh_first = 0x0}, td_sleeplocks = 0x0, td_intr_nesting_level = 0, td_pinned = 0, td_mailbox = 0x0, td_ucred = 0xc3d7c480, td_standin = 0x0, td_prticks = 0, td_upcall = 0x0, td_sticks = 35622, td_uuticks = 0, td_usticks = 0, td_intrval = 0, td_oldsigmask = {__bits = {0, 0, 0, 0}}, td_sigmask = { __bits = {2658963540, 4294967295, 4294967295, 4294967295}}, td_siglist = {__bits = {0, 0, 0, 0}}, td_waitset = 0x0, td_umtx = {tqe_next = 0x0, tqe_prev = 0x0}, td_generation = 4501037, td_sigstk = { ss_sp = 0x0, ss_size = 0, ss_flags = 4}, td_kflags = 0, td_xsig = 0, td_profil_addr = 0, td_profil_ticks = 0, td_base_pri = 92 '\\', td_priority = 92 '\\', td_pcb = 0xe59aada0, td_state = TDS_RUNNING, td_retval = {0, 0}, td_slpcallout = {c_links = {sle = {sle_next = 0x0}, tqe = { tqe_next = 0x0, tqe_prev = 0xd7db9f80}}, c_time = 1804, c_arg = 0xc3d7f320, c_func = 0, c_flags = 8}, td_frame = 0xe59aad48, td_kstack_obj = 0xc103bd68, td_kstack = 3852111872, td_kstack_pages = 2, td_altkstack_obj = 0x0, td_altkstack = 0, td_altkstack_pages = 0, td_critnest = 2, td_md = {md_savecrit = 582}, td_sched = 0xc3d7f474} (kgdb) print *td->td_proc $2 = {p_list = {le_next = 0xc3d88000, le_prev = 0xc3d7ec5c}, p_ksegrps = {tqh_first = 0xc3d86bd0, tqh_last = 0xc3d86bd4}, p_threads = {tqh_first = 0xc3d7f320, tqh_last = 0xc3d7f328}, p_suspended = { tqh_first = 0x0, tqh_last = 0xc3d7ee38}, p_ucred = 0xc3d7c480, p_fd = 0xc3d7b200, p_fdtol = 0x0, p_stats = 0xe59e5000, p_limit = 0xc3d7b400, p_upages_obj = 0xc103b084, p_sigacts = 0xc3d8e000, p_flag = 16896, p_sflag = 1, p_state = PRS_NORMAL, p_pid = 1, p_hash = {le_next = 0x0, le_prev = 0xc52273d4}, p_pglist = {le_next = 0x0, le_prev = 0xc4341748}, p_pptr = 0xc08d1f40, p_sibling = {le_next = 0xc3d88000, le_prev = 0xc3d7ecbc}, p_children = {lh_first = 0xc5227388}, p_mtx = { mtx_object = {lo_class = 0xc087321c, lo_name = 0xc081d5f5 "process lock", lo_type = 0xc081d5f5 "process lock", lo_flags = 4390912, lo_list = {tqe_next = 0x0, tqe_prev = 0x0}, lo_witness = 0x0}, mtx_lock = 4, mtx_recurse = 0}, p_oppid = 0, p_vmspace = 0xc3d90000, p_swtime = 32936782, p_realtimer = {it_interval = {tv_sec = 0, tv_usec = 0}, it_value = {tv_sec = 0, tv_usec = 0}}, p_runtime = {sec = 340, frac = 8148196458464447526}, p_uu = 24177737, p_su = 273887461, p_iu = 1, p_uticks = 3147, p_sticks = 35622, p_iticks = 0, p_profthreads = 0, p_maxthrwaits = 0, p_traceflag = 0, p_tracevp = 0x0, p_tracecred = 0x0, p_textvp = 0xc4396108, p_siglist = {__bits = {0, 0, 0, 0}}, p_lock = 0 '\0', p_sigiolst = {slh_first = 0x0}, p_sigparent = 20, p_sig = 0, p_code = 0, p_stops = 0, p_stype = 0, p_step = 0 '\0', p_pfsflags = 0 '\0', p_nlminfo = 0x0, p_aioinfo = 0x0, p_singlethread = 0x0, p_suspcount = 0, p_xthread = 0x0, p_boundary_count = 0, p_magic = 3203398350, p_comm = "init\000er", '\0' , p_pgrp = 0xc4341740, p_sysent = 0xc08b34a0, p_args = 0xc432d460, p_cpulimit = 9223372036854775807, p_nice = 0 '\0', p_xstat = 0, p_klist = {kl_lock = 0xc3d7ee8c, kl_list = {slh_first = 0x0}}, p_numthreads = 1, p_numksegrps = 1, p_md = {md_ldt = 0xc432d440}, p_itcallout = {c_links = {sle = {sle_next = 0x0}, tqe = { tqe_next = 0x0, tqe_prev = 0x0}}, c_time = 0, c_arg = 0x0, c_func = 0, c_flags = 8}, p_uarea = 0xe59e5000, p_acflag = 0, p_ru = 0x0, p_peers = 0x0, p_leader = 0xc3d7ee20, p_emuldata = 0x0, p_label = 0x0, p_sched = 0xc3d7efe4} (kgdb) print td->td_sleepqueue $3 = (struct sleepqueue *) 0x0 (kgdb) fr 4 #4 0xc07ba715 in trap (frame= {tf_fs = -1009319912, tf_es = 32899088, tf_ds = -239796208, tf_edi = -1064472272, tf_esi = -1003314816, tf_ebp = -442848244, tf_isp = -442848276, tf_ebx = -1009257696, tf_edx = 0, tf_ecx = -1064454104, tf_eax = -997162656, tf_trapno = 12, tf_err = 2, tf_eip = -1067277058, tf_cs = 8, tf_eflags = 65666, tf_esp = 0, tf_ss = -1009257696}) at ../../../i386/i386/trap.c:247 247 trap_fatal(&frame, eva); (kgdb) list 242 */ 243 eva = rcr2(); 244 if (td->td_critnest == 0) 245 enable_intr(); 246 else 247 trap_fatal(&frame, eva); 248 } 249 250 #ifdef DEVICE_POLLING 251 if (poll_in_trap) (kgdb) print td->td_critnest $4 = 2 >How-To-Repeat: I dont know. >Fix: I dont know. >Release-Note: >Audit-Trail: From: Kris Kennaway To: Kouji Ito Cc: freebsd-gnats-submit@FreeBSD.org Subject: Re: kern/96657: Panic : FreeBSD 5.3-RELEASE-p5 Date: Tue, 2 May 2006 13:35:53 -0400 --k+w/mQv8wyuph6w0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable It is recommended that you try 6.1, or if for some reason you absolutely cannot use the 6.x branch, only then should you use 5.5. Kris --k+w/mQv8wyuph6w0 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (FreeBSD) iD8DBQFEV5h5Wry0BWjoQKURAmJ5AJ9dOCKBt8/WikqGfaOozMRRcW4CwQCfQIEG yq37+yGTL05Cj489cRgB3ZQ= =l8Bh -----END PGP SIGNATURE----- --k+w/mQv8wyuph6w0-- From: Kouji Ito To: bug-followup@FreeBSD.org, kouji@cty-net.ne.jp Cc: kris@obsecurity.org Subject: Re: kern/96657: Panic : FreeBSD 5.3-RELEASE-p5 Date: Wed, 03 May 2006 10:44:58 +0900 Thank you very much for an answer. There is one question. May I think that this problem is revised by a change below? (Or is my thought wrong?) >>Default branch: MAIN >>Current tag: RELENG_5 >>Revision 1.49.2.16 / (download) - annotate - [select for diffs], Sun Jul 3 20:08:04 2005 UTC (9 months, 4 weeks ago) by ups >>Branch: RELENG_5 >>Changes since 1.49.2.15: +98 -50 lines >>Diff to previous 1.49.2.15 (colored) to branchpoint 1.49 (colored) next main 1.50 (colored) >> >>MFC: kern/kern_switch.c 1.112, 1.114-1.116 >> kern/sched_4bsd.c 1.74 1.75 >> >>Fix some race conditions for pinned threads that may cause them to run >>on the wrong CPU. >> >>Add IPI support for preempting a thread on another CPU. >>( To reduce diff for future MFCs, The required MD Part to support >> IPI preemption is not part of this MFC) PS. I expect success of BSDCan2006. Thank you. State-Changed-From-To: open->feedback State-Changed-By: remko State-Changed-When: Mon Dec 25 20:26:24 UTC 2006 State-Changed-Why: hello, did you try a later version of freebsd? is the problem resolved there? Responsible-Changed-From-To: freebsd-bugs->remko Responsible-Changed-By: remko Responsible-Changed-When: Mon Dec 25 20:26:24 UTC 2006 Responsible-Changed-Why: grab the pr for feedback tracing. http://www.freebsd.org/cgi/query-pr.cgi?pr=96657 State-Changed-From-To: feedback->closed State-Changed-By: remko State-Changed-When: Sat Jan 27 18:54:40 UTC 2007 State-Changed-Why: The submitter mentions that this had been resolved! http://www.freebsd.org/cgi/query-pr.cgi?pr=96657 >Unformatted: