[Bugme-new] [Bug 16527] New: panic at do_wait-> release_task – >__exit_signal->BUG_ON(!atomic_read(&sig->count));

bugzilla-daemon at bugzilla.kernel.org bugzilla-daemon at bugzilla.kernel.org
Thu Aug 5 21:32:56 PDT 2010


https://bugzilla.kernel.org/show_bug.cgi?id=16527

           Summary: panic at do_wait->release_task
                    –>__exit_signal->BUG_ON(!atomic_read(&sig->count));
           Product: Process Management
           Version: 2.5
    Kernel Version: 2.6.30
          Platform: All
        OS/Version: Linux
              Tree: Mainline
            Status: NEW
          Severity: blocking
          Priority: P1
         Component: Scheduler
        AssignedTo: mingo at elte.hu
        ReportedBy: yi.he at o2micro.com
        Regression: No


hi,all, we encountered a very strange and unreproduced panic on 2.6.30 ,it
occrued at do_wait->release_task
–>__exit_signal->BUG_ON(!atomic_read(&sig->count)), we tried our best to
analyze and reproduce this bug, but all were failed.

so counld you help us to solve it: why did this bug happened, how to reproduce
it, and how to fix it , thank you very much!


1. version detail is :
cat /proc/version 
Linux version 2.6.30 (root at DEVfc9) (gcc version 4.3.0 20080428 (Red Hat
4.3.0-8) (GCC) ) #17 SMP Mon May 24 19:38:11 CST 2010

2. calltrace is:

<0>[3809706.114772] ------------[ cut here ]------------

<2>[3809706.114806] Kernel BUG at 4042c07a [verbose debug info unavailable]

<0>[3809706.114835] invalid opcode: 0000 [#1] SMP 

<0>[3809706.114862] last sysfs file: 

<4>[3809706.114878] Modules linked in: dos_kernel antidos antireplay syn_cookie
ip_mac av_proxy_vif ring_packet aaa ipsec cryptosoft ocf kstartLog(P)
log_kernel_thread pppoe_handle route_reflect route_helper report tm cservice
ipr_status cf_filter wdt o2hal libcrc32c session_kernel nf_nat_sqlnet
nf_nat_mms nf_nat_rtsp nf_nat_ftp nf_nat_h323 nf_nat_irc nf_nat_tftp nf_nat_sip
nf_nat_pptp nf_nat_proto_gre nf_conntrack_ftp nf_conntrack_h323
nf_conntrack_irc nf_conntrack_mms nf_conntrack_pptp nf_conntrack_proto_gre
nf_conntrack_rtsp nf_conntrack_sip nf_conntrack_sqlnet nf_conntrack_tftp
dnat_kernel_api snat_kernel_api slb_kernel_api maplist_kernel_api
admin_kernel_api aclv6_kernel_api aclv4_kernel_api alg_kernel_api obj_kernelv6
obj_kernel xt_tcpudp xt_limit xt_state xt_normaltosw xt_TCPMSS xt_DEBUG xt_MSG
xt_bridge xt_csm ipt_aaa ip6t_LOG ipt_LOG ipt_IFSNAT ebtable_filter ebtables
ip6table_filter ip6_tables nf_conntrack_session_fn iptable_mangle iptable_nat
iptable_filter ip_tables nf_nat nf_conntrack_ipv4 nf_defrag_ipv4 x_tables
nf_conntrack common_kernel_api age_kernel_api triones_kernel triones_kernel_msg
dump ax88742_1n2p r8169 sasic

<4>[3809706.115008] 

<4>[3809706.115008] Pid: 1717, comm: httpd Tainted: P           (2.6.30 #17)
945GSE-ICH7M

<4>[3809706.115008] EIP: 0060:[<4042c07a>] EFLAGS: 00010046 CPU: 0

<4>[3809706.115008] EIP is at release_task+0x32a/0x340

<4>[3809706.115008] EAX: 00000000 EBX: 3ffffffd ECX: 00000000 EDX: 00000001

<4>[3809706.115008] ESI: a4138370 EDI: aa2eae00 EBP: 00007b04 ESP: be735ec0

<4>[3809706.115008]  DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068

<0>[3809706.115008] Process httpd (pid: 1717, ti=be734000 task=a4acc370
task.ti=be734000)

<0>[3809706.115008] Stack:

<4>[3809706.115008]  409fef68 00000001 3ffffffd 00007b04 a4138370 00007b04
4042c66f a180a000

<0>[3809706.115008]  00000100 000000d0 a180a01c 00000000 407c81d6 00000063
00000000 5c472c00

<0>[3809706.115008]  00000001 00000000 00000046 00000021 064d45de 00000000
a4138370 a4acc370

<0>[3809706.115008] Call Trace:

<0>[3809706.115008]  [<4042c66f>] ? wait_consider_task+0x5df/0x850

<0>[3809706.115008]  [<407c81d6>] ? tcp_current_mss+0x36/0x60

<0>[3809706.115008]  [<4042ca1b>] ? do_wait+0x13b/0x350

<0>[3809706.115008]  [<40423f50>] ? default_wake_function+0x0/0x10

<0>[3809706.115008]  [<4042ccac>] ? sys_wait4+0x7c/0xd0

<0>[3809706.115008]  [<4042cd27>] ? sys_waitpid+0x27/0x30

<0>[3809706.115008]  [<40402e08>] ? sysenter_do_call+0x12/0x26

<0>[3809706.115008] Code: 00 02 20 00 8b 14 24 64 a1 80 e4 9f 40 ff 0c 10 e9 4a
fe ff ff 8d 74 26 00 0f 0b eb fe 8d 74 26 00 0f 0b eb fe 0f 0b 66 90 eb fc <0f>
0b 8d 74 26 00 eb fa 0f 0b 8d 74 26 00 eb fa 8d b6 00 00 00 

<0>[3809706.115008] EIP: [<4042c07a>] release_task+0x32a/0x340 SS:ESP
0068:be735ec0


3. related task info:

<4>[3809706.115008] 0xa4acd810     1713        1  0    0   S  0xa4acda18  httpd

<4>[3809706.115008] 0xa4acc370     1717        1  1    0   S  0xa4acc578 *httpd

<4>[3809706.115008]   Error: no saved data for this cpu
<4>[3809706.115008] 0xbe7fedc0    30547     1717  0    0   R  0xbe7fefc8  httpd

<4>[3809706.115008] 0xa4138370    31492     1717  0    0   E  0xa4138578  httpd

<4>[3809706.115008] 0xa1d68000    32522     1713  0    0   S  0xa1d68208  httpd

<4>[3809706.115008] 0xa1d69810      693     1713  0    0   S  0xa1d69a18  httpd


4. the direct panic code is at:
exit.c, release_task –>__exit_signal->BUG_ON(!atomic_read(&sig->count));


following is the detail reassemble analysis:

[3809706.115008] EIP is at release_task+0x32a/0x340

objectdump -S exit.o:


00000950 <release_task>:

     950:      55                       push   %ebp

     951:      57                       push   %edi

     952:      56                       push   %esi

     953:      89 c6                  mov    %eax,%esi

     955:      53                       push   %ebx

     956:      b8 00 00 00 00          mov    $0x0,%eax

     95b:      83 ec 08                      sub    $0x8,%esp

     95e:      89 04 24                     mov    %eax,(%esp)

     961:      8b 86 d0 01 00 00              mov    0x1d0(%esi),%eax

     967:      8b 50 48                     mov    0x48(%eax),%edx

     96a:      8d 42 04                     lea    0x4(%edx),%eax

     96d:      f0 ff 4a 04                   lock decl 0x4(%edx)

     971:      89 f0                   mov    %esi,%eax

     973:      e8 fc ff ff ff       call   974 <release_task+0x24>

     978:      b8 00 00 00 00          mov    $0x0,%eax

     97d:      e8 fc ff ff ff       call   97e <release_task+0x2e>



static inline void ptrace_release_task(struct task_struct *task)

{

         BUG_ON(!list_empty(&task->ptraced));

         ptrace_unlink(task);

         BUG_ON(!list_empty(&task->ptrace_entry));

}





     982:      8d 86 24 01 00 00              lea    0x124(%esi),%eax 
BUG_ON(!list_empty(&task->ptraced));

     988:      39 86 24 01 00 00              cmp    %eax,0x124(%esi)

     98e:      0f 85 dc 02 00 00      jne    c70 <release_task+0x320>





     994:      8b 4e 10                     mov    0x10(%esi),%ecx  
ptrace_unlink(task);

     997:      85 c9                  test   %ecx,%ecx

     999:      0f 85 01 02 00 00    jne    ba0 <release_task+0x250>

     99f:       8d 86 2c 01 00 00    lea    0x12c(%esi),%eax

     9a5:      39 86 2c 01 00 00    cmp    %eax,0x12c(%esi) 
BUG_ON(!list_empty(&task->ptrace_entry));

     9ab:      0f 85 b7 02 00 00    jne    c68 <release_task+0x318>





static void __exit_signal(struct task_struct *tsk)

{

         struct signal_struct *sig = tsk->signal;

         struct sighand_struct *sighand;



         BUG_ON(!sig);

         BUG_ON(!atomic_read(&sig->count));



     9b1:      8b be 98 02 00 00              mov    0x298(%esi),%edi    struct
signal_struct *sig = tsk->signal;

     9b7:      85 ff                    test   %edi,%edi

     9b9:      0f 84 c3 02 00 00      je     c82 <release_task+0x332>
BUG_ON(!sig);

     9bf:      8b 07                  mov    (%edi),%eax   ==è  
BUG_ON(!atomic_read(&sig->count));

     9c1:     85 c0                  test   %eax,%eax

     9c3:     0f 84 b1 02 00 00     je     c7a <release_task+0x32a>


     。。。。

     c7a:      0f 0b                   ud2a    (死的最后位置: 950+32a)

     c7c:      8d 74 26 00                lea    0x0(%esi,%eiz,1),%esi

     c80:      eb fa                   jmp    c7c <release_task+0x32c>

     c82:      0f 0b                   ud2a

-- 
Configure bugmail: https://bugzilla.kernel.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.


More information about the Bugme-new mailing list