Date: Fri, 27 Apr 2007 00:20:09 GMT From: =?ISO-8859-1?Q?Lodewijk_V=F6ge?= <lvoege@gmail.com> To: freebsd-bugs@FreeBSD.org Subject: Re: kern/96981: reproducible instant reboot by unprivileged user Message-ID: <200704270020.l3R0K9h6086645@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR kern/96981; it has been noted by GNATS. From: =?ISO-8859-1?Q?Lodewijk_V=F6ge?= <lvoege@gmail.com> To: Gavin Atkinson <gavin.atkinson@ury.york.ac.uk> Cc: bug-followup@FreeBSD.org Subject: Re: kern/96981: reproducible instant reboot by unprivileged user Date: Thu, 26 Apr 2007 20:11:40 -0400 On 26-apr-2007, at 8:58, Gavin Atkinson wrote: > If so, is there any chance you could wire up a serial console to =20 > the machine done, the serial console is set up and works. dumpdev is set to AUTO, =20= debug.debugger_on_panic to 1, but it won't dump or break to ddb. the =20 only behavioral difference I see with the serial console is that it =20 hangs instead of rebooting, and it says "kernel trap 9 with =20 interrupts disabled" on the serial console. if I copy&paste a kdb_trap(type, 0, &frame); right after that printf=20 () in trap() in /usr/src/sys/amd64/amd64/trap.c it does break to ddb. =20= I have three mono threads, two of which have a trace with only =20 doreti_iret(). the third has: sched_switch() at sched_switch+0x11f mi_switch() at mi_switch+0x153 sleepq_timedwait_sig() at sleepq_timedwait_sig+0x2b msleep() at msleep+0x39a kse_release() at kse_release+0xe0 syscall() at syscall+0x629 Xfast_syscall() at Xfast_syscall+0xa8 --- syscall (383, FreeBSD ELF64, kse_release), rip =3D 0x800fb285c, rsp =20= =3D 0x7fffffbfef38, rbp =3D 0x81 --- if I then make it panic and kgdb the core file against kernel.debug =20 and 'bt', this appears: #0 doadump () at pcpu.h:172 #1 0xffffffff802832f3 in boot (howto=3D260) at ../../../kern/kern_shutdown.c:409 #2 0xffffffff80283927 in panic (fmt=3D0xffffff002533ebe0 "=B06\215+") at ../../../kern/kern_shutdown.c:565 #3 0xffffffff801aa1a2 in db_panic (addr=3D0, have_addr=3D0, count=3D0, =20= modif=3D0x0) at ../../../ddb/db_command.c:438 #4 0xffffffff801aa6e5 in db_command_loop () at ../../../ddb/=20 db_command.c:350 #5 0xffffffff801ac5fd in db_trap (type=3D-1462293744, code=3D0) at ../../../ddb/db_main.c:222 #6 0xffffffff802a1bab in kdb_trap (type=3D9, code=3D0, =20 tf=3D0xffffffffa8d72c10) at ../../../kern/subr_kdb.c:473 #7 0xffffffff8041305c in trap (frame=3D {tf_rdi =3D 34366898272, tf_rsi =3D 34376163152, tf_rdx =3D =20 140737488348840, tf_rcx =3D 0, tf_r8 =3D 0, tf_r9 =3D 0, tf_rax =3D 0, = tf_rbx =20 =3D 140737488348824, tf_rbp =3D 140737488348824, tf_r10 =3D 0, tf_r11 =3D = 0, =20 tf_r12 =3D 0, tf_r13 =3D 0, tf_r14 =3D 0, tf_r15 =3D 0, tf_trapno =3D 9, = =20 tf_addr =3D 0, tf_flags =3D 0, tf_err =3D 0, tf_rip =3D -2143296837, = tf_cs =3D =20 8, tf_rflags =3D 65670, tf_rsp =3D -1462293288, tf_ss =3D 16}) at ../../../amd64/amd64/trap.c:219 #8 0xffffffff803fd2cb in calltrap () at ../../../amd64/amd64/=20 exception.S:168 #9 0xffffffff803fe2bb in doreti_exit () at ../../../amd64/amd64/exception.S:496 #10 0x0000000801101e20 in ?? () #11 0x000000000000002b in ?? () #12 0x0000000000000202 in ?? () #13 0x00007fffffffe698 in ?? () #14 0x0000000000000000 in ?? () #15 0x00000000006eaff8 in ?? () #16 0x0000000000000023 in ?? () #17 0x0000000000000000 in ?? () #18 0x0000000000000000 in ?? () #19 0x0000000000000000 in ?? () #20 0x0000000000000000 in ?? () #21 0x0000000000000000 in ?? () #22 0x0000000000000000 in ?? () #23 0x0000000000000000 in ?? () #24 0x0000000000000000 in ?? () #25 0x0000000025c0a000 in ?? () #26 0xffffff002533ebe0 in ?? () #27 0x0000000000000001 in ?? () #28 0xffffff002b8d36b0 in ?? () #29 0xffffff00264d1000 in ?? () #30 0xffffffffa8d726d0 in ?? () #31 0xffffffffa8d726a8 in ?? () #32 0xffffff002533ebe0 in ?? () #33 0xffffffff80298f6f in sched_switch (td=3D0x7fffffffe698, newtd=3D0x0, = =20 flags=3D0) at ../../../kern/sched_4bsd.c:973 Previous frame inner to this frame (corrupt stack?) (kgdb) let me know if I can provide more help. Lodewijk=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200704270020.l3R0K9h6086645>