Subject: kern/25186: Panic from _simple_lock() due to fmt=NULL with LOCKDEBUG kernel
To: None <gnats-bugs@gnats.netbsd.org>
From: Christian Biere <christianbiere@gmx.de>
List: netbsd-bugs
Date: 04/14/2004 21:03:42
>Number: 25186
>Category: kern
>Synopsis: Panic from _simple_lock() due to fmt=NULL with LOCKDEBUG kernel
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: kern-bug-people
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Wed Apr 14 19:07:01 UTC 2004
>Closed-Date:
>Last-Modified:
>Originator: Christian Biere
>Release: NetBSD 2.0B
>Organization:
>Environment:
System: NetBSD cyclonus 2.0B NetBSD 2.0B (STARSCREAM) #0: Wed Mar 31 19:33:12 CEST 2004 bin@cyclonus:/usr/obj/sys/arch/i386/compile/STARSCREAM i386
Architecture: i386
Machine: i386
>Description:
The machine paniced when I killed a hanging ssh process (pkill ssh). top
showed it was waiting in state select before I killed it.
uvm_fault(0xc03d0a80, 0xdeadb000, 0, 1) -> 0xe
fatal page fault in supervisor mode
trap type 6 code 0 eip c0334a05 cs 8 eflags 10246 cr2 deadbeef ilevel d
panic: trap
Begin traceback...
trap() at netbsd:trap+0x157
--- trap (number 6) ---
strlen(c038ad03,8,c8018c48,c8018c64,c8018d1c) at netbsd:strlen+0xd
vsnprintf(c8018c64,96,c038ad03,c8018d18,7473616c) at netbsd:vsnprintf+0x33
lock_printf(c038ad03,deadbeef,ffffbeef,c03cbe60,16c5a) at netbsd:lock_printf+0x43
_simple_lock(c7ba95d8,c03a1040,2fc,c8018e64,c03c6530) at netbsd:_simple_lock+0x155
ktrwrite(c7dbfac8,c8018e64,5,0,f) at netbsd:ktrwrite+0xa1
ktrpsig(c7dbfac8,f,804f2e4,c7dbfc20,0) at netbsd:ktrpsig+0xb6
postsig(f,c8018f64,c8018f5c,0,c0aad040) at netbsd:postsig+0x21f
syscall_plain() at netbsd:syscall_plain+0xd8
--- syscall (number 4) ---
0x482276d3:
End traceback...
panic: trap
#0 0x00000001 in ?? ()
(gdb) bt full
#0 0x00000001 in ?? ()
No symbol table info available.
#1 0xc02934e7 in cpu_reboot (howto=235696128, bootstr=0x0)
at /usr/src/sys/arch/i386/i386/machdep.c:743
No locals.
#2 0xc0211968 in panic (
fmt=0x1000 "U\211åVWS\036\006\017 \017¨\213E\bf£à\037")
at /usr/src/sys/kern/subr_prf.c:242
bootopt = 235692032
#3 0xc029ccc7 in trap (frame=0xc8018b5c)
at /usr/src/sys/arch/i386/i386/trap.c:296
l = (struct lwp *) 0xc039119c
p = (struct proc *) 0xc7dbfac8
type = 6
pcb = (struct pcb *) 0xc8015000
vframe = (struct trapframe *) 0x0
ksi = {ksi_flags = 1, ksi_list = {cqe_next = 0x0, cqe_prev = 0x0},
ksi_info = {_signo = 0, _code = 1, _errno = 0, _reason = {_rt = {
_pid = -559038737, _uid = 6, _sigval = {sival_int = 0,
sival_ptr = 0x0}}, _child = {_pid = -559038737, _uid = 6,
_status = 0, _utime = 0, _stime = 0}, _fault = {_addr = 0xdeadbeef,
_trap = 6}, _poll = {_band = -559038737, _fd = 6}}}}
resume = 0
onfault = 0x0
error = 0
cr2 = 3735928559
#4 0xc010aee9 in calltrap ()
No symbol table info available.
#5 0xc0212513 in vsnprintf (buf=0x0, size=0,
fmt=0xc038ad03 "last locked: %s:%d\n", ap=0xc8018d18 "ï¾Þï¾^?^?`¾<ÀZl\001")
at /usr/src/sys/kern/subr_prf.c:843
retval = 0
p = 0xc8018cf9 "\225ºÇ<\215\001Èx\a\037À\200\027:ÀØ\225ºÇ<\215\001Èe\b\037À\0038Àï¾Þï¾^?^?`¾<ÀZl\001"
#6 0xc01ef643 in lock_printf (fmt=0x0) at /usr/src/sys/kern/kern_lock.c:368
b = "last locked: t: /usr/src/sys/kern/kern_ktrace.c:764\n\0\0\0\0}\2338À\006\0\0\0\224\214\001È\002", '\0' <repeats 11 times>, "2\0\0\0\001\0\0\0\001\0\0\0\0\0\0\0è\214\0\0\0\0\232§}\2338ÀÈúÛÇô\214\001È}\2338À<\215\001È3Í\036ÀÈúÛÇô\214\001È\a\0\0\0Zl\001\0\006\0\0\0Ø\225"
#7 0xc01f0865 in _simple_lock (alp=0xc7ba95d8,
id=0xc03a1040 "/usr/src/sys/kern/kern_ktrace.c", l=-939422648)
at intr.h:168
No locals.
#8 0xc01ed8e1 in ktrwrite (p=0xc7dbfac8, kth=0xc7ba95d8)
at /usr/src/sys/kern/kern_ktrace.c:764
auio = {uio_iov = 0xc8018d64, uio_iovcnt = 2, uio_offset = 0,
uio_resid = 72, uio_segflg = UIO_SYSSPACE, uio_rw = UIO_WRITE,
uio_procp = 0x0}
aiov = {{iov_base = 0xc8018e64, iov_len = 44}, {iov_base = 0xc8018dc4,
iov_len = 28}}
error = 0
tries = -941884728
fp = (struct file *) 0xc7ba95a4
#9 0xc01ecf96 in ktrpsig (p=0xc7dbfac8, sig=15, action=0, mask=0xc7dbfac8,
ksi=0x0) at /usr/src/sys/kern/kern_ktrace.c:333
kth = {ktr_len = 28, ktr_type = 5, ktr_pid = 544,
ktr_comm = "ssh", '\0' <repeats 13 times>, ktr_time = {tv_sec = 1080873954,
tv_usec = 372698}, ktr_buf = 0xc8018dc4}
kbuf = {kp = {signo = 15, action = 0x804f2e4, mask = {__bits = {0, 0,
0, 0}}, code = 0}, si = {
si_pad = "P Àð}¦Ç\0\0\0\0\b\0\0\0\202\002\0\0\0\0\0\0\020\0\0\0\0\0\0\0\f\0\0\0\001\0\0\0\0\001\0\0ÈúÛÇ\0\0\0\0\0\0\0\0\004\0\0\0<\217\001È\204U!À\214å>À\030\001\0\0\234\2368À", '\0' <repeats 12 times>, "\004\0\0\0\0\0\0\0Ì", '\0' <repeats 15 times>, "d\216\001ÈÈúÛÇ\214\216\001È", _info = {_signo = -1071636400,
_code = -945390096, _errno = 0, _reason = {_rt = {_pid = 8, _uid = 642,
_sigval = {sival_int = 0, sival_ptr = 0x0}}, _child = {_pid = 8,
_uid = 642, _status = 0, _utime = 16, _stime = 0}, _fault = {
_addr = 0x8, _trap = 642}, _poll = {_band = 8, _fd = 642}}}}}
#10 0xc01fcdaf in postsig (signum=15) at /usr/src/sys/kern/kern_sig.c:1827
ksi = (ksiginfo_t *) 0x0
l = (struct lwp *) 0xc7a67df0
p = (struct proc *) 0xc7dbfac8
ps = (struct sigacts *) 0xc7d930e4
action = 0x804f2e4
returnmask = (sigset_t *) 0xc7dbfc20
#11 0xc029c708 in syscall_plain (frame=0xc8018fa8) at userret.h:93
params = 0x0
callp = (const struct sysent *) 0xc03c2d1c
l = (struct lwp *) 0xc7a67df0
p = (struct proc *) 0x0
error = 0
argsize = 0
code = 0
args = {7, 134780080, 134780096, 0, 0, -939421800, -1070837976, 10}
rval = {0, 0}
(gdb) f 7
(gdb) p alp
$2 = {lock_data = 1,
lock_file = 0xdeadbeef <Address 0xdeadbeef out of bounds>,
unlock_file = 0xdeadbeef <Address 0xdeadbeef out of bounds>,
lock_line = -16657, unlock_line = -8531, list = {tqe_next = 0xdeadbeef,
tqe_prev = 0xdeadbeef}, lock_holder = 3735928559}
(gdb) f 11
#11 0xc029c708 in syscall_plain (frame=0xc8018fa8) at userret.h:93
93 postsig(sig);
(gdb) p *callp
$1 = {sy_narg = 5, sy_argsize = 20, sy_flags = 0,
sy_call = 0xc02152f0 <sys_select>}
(gdb) p *l
$3 = {l_forw = 0xc03eddb0, l_back = 0x0, l_list = {le_next = 0xc7a67b5c,
le_prev = 0xc7a67f00}, l_proc = 0xc7dbfac8, l_sibling = {le_next = 0x0,
le_prev = 0xc7dbfb34}, l_cpu = 0xc03c8ea0, l_flag = 4, l_stat = 7,
l_lid = 1, l_swtime = 160, l_slptime = 0, l_wchan = 0x0, l_tsleep_ch = {
c_list = {cq_next = {elem = 0x0, list = 0x0}, cq_prev = {elem = 0x0,
list = 0x0}}, c_func = 0, c_arg = 0x0, c_time = 0, c_flags = 0},
l_wmesg = 0xc0389e9c "select", l_holdcnt = 0, l_ctxlink = 0x0, l_dupfd = 0,
l_savp = 0x0, l_priority = 24 '\030', l_usrpri = 51 '3',
l_private = 0xdeadbeef, l_emuldata = 0xdeadbeef, l_locks = -559038736,
l_addr = 0xc8015000, l_md = {md_regs = 0xc8018fa8, md_flags = 1,
md_tss_sel = 632}}
>How-To-Repeat:
I think the only noteable differences in my kernel config are DEBUG,
LOCKDEBUG and DIAGNOSTIC.
include "arch/i386/conf/std.i386"
options INCLUDE_CONFIG_FILE # embed config file in kernel binary
maxusers 16 # estimated number of users
options I686_CPU
options USER_LDT # user-settable LDT; used by WINE
options MTRR # memory-type range register syscall support
options INSECURE # disable kernel security levels - X needs this
options RTC_OFFSET=0 # hardware clock is this many mins. west of GMT
options NTP # NTP phase/frequency locked loop
options KTRACE # system call tracing via ktrace(1)
options SYSTRACE # system call vetting via systrace(1)
options SYSVMSG # System V-like message queues
options SYSVSEM # System V-like semaphores
options P1003_1B_SEMAPHORE # p1003.1b semaphore support
options DIAGNOSTIC # expensive kernel consistency checks
options DEBUG # expensive debugging checks/support
options LOCKDEBUG
options DDB # in-kernel debugger
options DDB_HISTORY_SIZE=512 # enable history editing in DDB
makeoptions DEBUG="-g" # compile full symbol table
options COMPAT_16 # NetBSD 1.6
options COMPAT_OSSAUDIO # OSS (Voxware) audio driver compatibility
file-system FFS # UFS
file-system MFS # memory file system
file-system CD9660 # ISO 9660 + Rock Ridge file system
file-system MSDOSFS # MS-DOS file system
file-system FDESC # /dev/fd
# immutable) behave as system flags.
options INET # IP + ICMP + TCP + UDP
options PPP_FILTER # Active filter support for PPP (requires bpf)
options PFIL_HOOKS # pfil(9) packet filter hooks
options IPFILTER_LOG # ipmon(8) log support
options WSEMUL_VT100 # VT100 / VT220 emulation
options WS_KERNEL_FG=WSCOL_WHITE
options WS_KERNEL_BG=WSCOL_BLUE
options WSDISPLAY_COMPAT_PCVT # emulate some ioctls
options WSDISPLAY_COMPAT_SYSCONS # emulate some ioctls
options WSDISPLAY_COMPAT_USL # VT handling
options WSDISPLAY_COMPAT_RAWKBD # can get raw scancodes
options PCKBD_LAYOUT="(KB_DE | KB_NODEAD)"
options PCDISPLAY_SOFTCURSOR
config netbsd root on ? type ?
mainbus0 at root
cpu* at mainbus?
ioapic* at mainbus?
apm0 at mainbus0 # Advanced power management
options MPBIOS # configure CPUs and APICs using MPBIOS
options MPBIOS_SCANPCI # find PCI roots using MPBIOS
options MPACPI # configure CPUs and APICs using ACPI
# (acpi at mainbus must also be enabled)
options MPACPI_SCANPCI # find PCI roots using MPACPI
acpi0 at mainbus0
acpiacad* at acpi? # ACPI AC Adapter
acpibut* at acpi? # ACPI Button
acpiec* at acpi? # ACPI Embedded Controller
acpitz* at acpi? # ACPI Thermal Zone
com* at acpi? # Serial communications interface
fdc* at acpi? # Floppy disk controller
lpt* at acpi? # Parallel port
npx* at acpi? # Math coprocessor
pckbc* at acpi? # PC keyboard controller
pci* at mainbus? bus ?
pci* at pchb? bus ?
pci* at ppb? bus ?
pchb* at pci? dev ? function ? # PCI-Host bridges
pcib* at pci? dev ? function ? # PCI-ISA bridges
ppb* at pci? dev ? function ? # PCI-PCI bridges
agp* at pchb?
isa0 at pcib?
pckbd* at pckbc? # PC keyboard
pms* at pckbc? # PS/2 mouse for wsmouse
vga* at pci? dev ? function ?
wsdisplay* at vga? console ?
wskbd* at pckbd? console ?
wsmouse* at pms? mux 0
siside* at pci? dev ? function ? # SiS IDE controllers
atabus* at ata?
wd* at atabus? drive ? flags 0x0000
atapibus* at atapi?
cd* at atapibus? drive ? flags 0x0000 # ATAPI CD-ROM drives
fd* at fdc? drive ? # the drives themselves
an* at pci? dev ? function ? # Aironet PC4500/PC4800 (802.11)
atw* at pci? dev ? function ? # ADMtek ADM8211 (802.11)
bce* at pci? dev ? function ? # Broadcom 4401 10/100 Ethernet
bge* at pci? dev ? function ? # Broadcom 570x gigabit Ethernet
en* at pci? dev ? function ? # ENI/Adaptec ATM
ep* at pci? dev ? function ? # 3Com 3c59x
epic* at pci? dev ? function ? # SMC EPIC/100 Ethernet
esh* at pci? dev ? function ? # Essential HIPPI card
ex* at pci? dev ? function ? # 3Com 90x[BC]
fpa* at pci? dev ? function ? # DEC DEFPA FDDI
fxp* at pci? dev ? function ? # Intel EtherExpress PRO 10+/100B
gsip* at pci? dev ? function ? # NS83820 Gigabit Ethernet
hme* at pci? dev ? function ? # Sun Microelectronics STP2002-STQ
le* at pci? dev ? function ? # PCnet-PCI Ethernet
lmc* at pci? dev ? function ? # Lan Media Corp SSI/HSSI/DS3
mtd* at pci? dev ? function ? # Myson MTD803 3-in-1 Ethernet
ne* at pci? dev ? function ? # NE2000-compatible Ethernet
ntwoc* at pci? dev ? function ? # Riscom/N2 PCI Sync Serial
pcn* at pci? dev ? function ? # AMD PCnet-PCI Ethernet
rtk* at pci? dev ? function ? # Realtek 8129/8139
sf* at pci? dev ? function ? # Adaptec AIC-6915 Ethernet
sip* at pci? dev ? function ? # SiS 900/DP83815 Ethernet
skc* at pci? dev ? function ? # SysKonnect SK9821 Gigabit Ethernet
sk* at skc? # SysKonnect SK9821 Gigabit Ethernet
ste* at pci? dev ? function ? # Sundance ST-201 Ethernet
stge* at pci? dev ? function ? # Sundance/Tamarack TC9021 Gigabit
ti* at pci? dev ? function ? # Alteon ACEnic gigabit Ethernet
tl* at pci? dev ? function ? # ThunderLAN-based Ethernet
tlp* at pci? dev ? function ? # DECchip 21x4x and clones
vr* at pci? dev ? function ? # VIA Rhine Fast Ethernet
wi* at pci? dev ? function ? # Intersil Prism Mini-PCI (802.11b)
wm* at pci? dev ? function ? # Intel 82543/82544 gigabit
acphy* at mii? phy ? # Altima AC101 and AMD Am79c874 PHYs
amhphy* at mii? phy ? # AMD 79c901 Ethernet PHYs
bmtphy* at mii? phy ? # Broadcom BCM5201 and BCM5202 PHYs
brgphy* at mii? phy ? # Broadcom BCM5400-family PHYs
dmphy* at mii? phy ? # Davicom DM9101 PHYs
exphy* at mii? phy ? # 3Com internal PHYs
gentbi* at mii? phy ? # Generic Ten-Bit 1000BASE-[CLS]X PHYs
glxtphy* at mii? phy ? # Level One LXT-1000 PHYs
gphyter* at mii? phy ? # NS83861 Gig-E PHY
icsphy* at mii? phy ? # Integrated Circuit Systems ICS189x
inphy* at mii? phy ? # Intel 82555 PHYs
iophy* at mii? phy ? # Intel 82553 PHYs
lxtphy* at mii? phy ? # Level One LXT-970 PHYs
makphy* at mii? phy ? # Marvell Semiconductor 88E1000 PHYs
nsphy* at mii? phy ? # NS83840 PHYs
nsphyter* at mii? phy ? # NS83843 PHYs
pnaphy* at mii? phy ? # generic HomePNA PHYs
qsphy* at mii? phy ? # Quality Semiconductor QS6612 PHYs
sqphy* at mii? phy ? # Seeq 80220/80221/80223 PHYs
tlphy* at mii? phy ? # ThunderLAN PHYs
tqphy* at mii? phy ? # TDK Semiconductor PHYs
ukphy* at mii? phy ? # generic unknown PHYs
urlphy* at mii? phy ? # Realtek RTL8150L internal PHYs
cmpci* at pci? dev ? function ? # C-Media CMI8338/8738
opl* at cmpci? flags 1
audio* at audiobus?
mpu* at cmpci?
include "arch/i386/conf/GENERIC.local"
pseudo-device cgd 4 # cryptographic disk devices
pseudo-device vnd 4 # disk-like interface to files
options ALTQ
options ALTQ_BLUE
options ALTQ_CBQ
options ALTQ_CDNR
options ALTQ_FIFOQ
options ALTQ_FLOWVALVE
options ALTQ_HFSC
options ALTQ_PRIQ
options ALTQ_RED
options ALTQ_RIO
options ALTQ_WFQ
pseudo-device bpfilter 8 # Berkeley packet filter
pseudo-device ipfilter # IP filter (firewall) and NAT
pseudo-device loop # network loopback
pseudo-device pppoe # PPP over Ethernet (RFC 2516)
pseudo-device pty # pseudo-terminals
pseudo-device rnd # /dev/random and in-kernel generator
pseudo-device clockctl # user control of clock subsystem
pseudo-device wsmux # mouse & keyboard multiplexor
pseudo-device wsfont
pseudo-device ksyms # /dev/ksyms
>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted: