NetBSD Problem Report #46186

From woods@once.weird.com  Tue Mar 13 18:05:19 2012
Return-Path: <woods@once.weird.com>
Received: from mail.netbsd.org (mail.netbsd.org [149.20.53.66])
	by www.NetBSD.org (Postfix) with ESMTP id 5777863B946
	for <gnats-bugs@gnats.NetBSD.org>; Tue, 13 Mar 2012 18:05:19 +0000 (UTC)
Message-Id: <m1S7W65-001EBwC@once.weird.com>
Date: Tue, 13 Mar 2012 11:05:21 -0700 (PDT)
From: "Greg A. Woods" <woods@planix.com>
Sender: "Greg A. Woods" <woods@once.weird.com>
Reply-To: "Greg A. Woods" <woods@planix.com>
To: gnats-bugs@gnats.NetBSD.org
Subject: SIGKILL to a debugged process while exiting hits KASSERT((ksi->ksi_flags & KSI_QUEUED) == 0)
X-Send-Pr-Version: 3.95

>Number:         46186
>Category:       kern
>Synopsis:       SIGKILL to a debugged process while exiting hits KASSERT((ksi->ksi_flags & KSI_QUEUED) == 0)
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Tue Mar 13 18:10:00 +0000 2012
>Last-Modified:  Tue Mar 13 21:05:01 +0000 2012
>Originator:     Greg A. Woods
>Release:        NetBSD 5.1_STABLE 2012/01/25
>Organization:
Planix, Inc.; Kelowna, BC; Canada
>Environment:


System: NetBSD 5.1_STABLE (GENERIC) #8: Thu Jan 26 13:54:58 PST 2012
Architecture: i386
Machine: i386
>Description:

	This is probably another case of of PR#42309, but somehow the
	pull-up for that fix was never made so it lives on in netbsd-5,
	and so this bug report is essentially a pull-up request.

	It would be really nice if pull-ups were more automatic, even
	for "fixes" that are not explicitly for open PRs, but especially
	for all fixes against open PRs.

panic: kernel diagnostic assertion "(ksi->ksi_flags & KSI_QUEUED) == 0" failed: file "/rest/work/woods/m-NetBSD-5/sys/kern/kern_sig.c", line 549
fatal breakpoint trap in supervisor mode
trap type 1 code 0 eip c05cc08c cs 8 eflags 246 cr2 bbb6e8c4 ilevel 0
Stopped in pid 2604.1 (ksh) at  netbsd:breakpoint+0x4:  popl    %ebp
db{3}> trace
breakpoint(c0bfe2b6,dce89be8,c3397000,dce89bfc,0,cc619780,cc606e74,cc619780,cc606d80,0) at netbsd:breakpoint+0x4
panic(c0c1768c,c0b414fd,c0b8d6cc,c0b8d650,225,4,dce89c2c,c04d686e,c0b414fd,c0b8d650) at netbsd:panic+0x1b0
__kernassert(c0b414fd,c0b8d650,225,c0b8d6cc,cc606d80,2,0,0,f279b5d0,c3b4fb90) at netbsd:__kernassert+0x39
sigput(f279b5d0,dce89ca0,2,9,f279b5d0,241,0,1,9,0) at netbsd:sigput+0x10e
kpsignal2(f279b5d0,dce89ca0,f279b5d0,9,0,0,dce89ca0,0,0,0) at netbsd:kpsignal2+0x40c
sys_kill(dce6f7e0,dce89d00,dce89d28,dce89d40,c05b8ae2,dce76acc,25,57aa,9,bfbfeaf8) at netbsd:sys_kill+0x14f
syscall(dce89d48,b3,ab,1f,1f,0,bbb3a408,bfbfeb18,bbb64274,57aa) at netbsd:syscall+0xcf
db{3}> 

>How-To-Repeat:

	I was running gdb on xterm and hit <CTRL-D> to exit it while the
	process was still running, at which point gdb got stuck (which
	may be a separate bug):

(gdb) where
#0  0x081dc377 in read ()
#1  0x0807553a in spawn () at /usr/xsrc-current/xfree/xc/programs/xterm/main.c:4230
#2  0x08077ae3 in main (argc=Cannot access memory at address 0x0
) at /usr/xsrc-current/xfree/xc/programs/xterm/main.c:2186
(gdb) The program is running.  Exit anyway? (y or n) y
^?load: 0.00  cmd: gdb 10517 [wait] 0.22u 0.34s 0% 35156k
^?^?
^Z

^?^?load: 0.00  cmd: gdb 10517 [wait] 0.22u 0.34s 0% 35156k
^?


	Then tried sending SIGKILL to the xterm process from another
	shell prompt and the panic() above occurred.


	FYI the buffer-sync-on-reboot wasn't clean either:

db{3}> reboot
syncing disks... 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 giving up
Printing vnodes for busy buffers
vnode @ 0xdc4fdad0, flags (30<MPSAFE,LOCKSWORK>)
        tag VT_UFS(1), type VBLK(3), usecount 8008, writecount 0, holdcount 36
        freelisthd 0x0, mount 0xdc440208, data 0xdc523ed4 lock 0xdc4fdb70 recursecnt 0
        tag VT_UFS, ino 1235075, on dev 4, 0 flags 0x0, effnlink 1, nlink 1
        mode 060640, owner 0, group 5, size 0
vnode @ 0xd7433730, flags (10<MPSAFE>)
        tag UNKNOWN(0), type VBLK(3), usecount 24819, writecount 0, holdcount 38
        freelisthd 0x0, mount 0x0, data 0x0 lock 0xd74337d0 recursecnt 0
giving up
sd1(mfi1:0:1:0): should have flushed queue?
sd1: cache synchronization failed
sd0(mfi1:0:0:0): should have flushed queue?
sd0: cache synchronization failed
rebooting...
x86_reset(): trying generic PCI-bus system & CPU reset...


>Fix:

	pull up the fix for PR#42309?

>Audit-Trail:
From: christos@zoulas.com (Christos Zoulas)
To: gnats-bugs@NetBSD.org, kern-bug-people@netbsd.org, 
	gnats-admin@netbsd.org, netbsd-bugs@netbsd.org
Cc: 
Subject: Re: kern/46186: SIGKILL to a debugged process while exiting hits KASSERT((ksi->ksi_flags & KSI_QUEUED) == 0)
Date: Tue, 13 Mar 2012 17:04:42 -0400

 On Mar 13,  6:10pm, woods@planix.com ("Greg A. Woods") wrote:
 -- Subject: kern/46186: SIGKILL to a debugged process while exiting hits KASS

 | >Number:         46186
 | >Category:       kern
 | >Synopsis:       SIGKILL to a debugged process while exiting hits KASSERT((ksi->ksi_flags & KSI_QUEUED) == 0)
 | >Confidential:   no
 | >Severity:       serious
 | >Priority:       high
 | >Responsible:    kern-bug-people
 | >State:          open
 | >Class:          sw-bug
 | >Submitter-Id:   net
 | >Arrival-Date:   Tue Mar 13 18:10:00 +0000 2012
 | >Originator:     Greg A. Woods
 | >Release:        NetBSD 5.1_STABLE 2012/01/25
 | >Organization:
 | Planix, Inc.; Kelowna, BC; Canada
 | >Environment:
 | 	
 | 	

 I asked to pullup the fix from 42309.

 christos

>Unformatted:

NetBSD Home
NetBSD PR Database Search

(Contact us) $NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.