freebsd stable - Aug 2005 - 6.0-BETA3: 'kldunload linux' --> panic

The following panic can reliably be reproduced on a GENERIC 6.0-BETA3
kernel when loading linux support via /etc/rc.conf
(linux_enable="YES")
and then issuing "kldunload linux".

I'll leave the crash dump around.

% kgdb -n 95

[...]

Unread portion of the kernel message buffer:
panic: witness_destroy: lock (sleep mutex) linux osname is not initialized
cpuid = 0
KDB: enter: panic
Dumping 191 MB (2 chunks)
  chunk 0: 1MB (159 pages) ... ok
  chunk 1: 191MB (48880 pages) 175 159 143 127 111 95 79 63 47 31 15

#0  doadump () at pcpu.h:165
165	pcpu.h: No such file or directory.
	in pcpu.h
(kgdb) bt f
#0  doadump () at pcpu.h:165
No locals.
#1  0xc0475ae6 in db_fncall (dummy1=0, dummy2=0, dummy3=1999,
    dummy4=0xcf021a38 "\200?\235?") at
/usr/src/sys/ddb/db_command.c:489
	fn_addr = -1066784304
	args = {0, -821945852, -1064888387, -1062909536, 28, -821945852,
  -1069058507, 32, -1063899200, 2}
	nargs = 0
	retval = 547703424
	t = 0
#2  0xc0475862 in db_command (last_cmdp=0xc09dcf84, cmd_table=0x0,
    aux_cmd_tablep=0xc095a0c0, aux_cmd_tablep_end=0xc095a0dc)
    at /usr/src/sys/ddb/db_command.c:349
	cmd = (struct command *) 0xc0963140
	t = 0
	modif =
"\200?\235?\000\000\000\000T\032\002?\r\000\000\000?\034??\r\000\000\000\001\000\000\000t\032\002???\211??I??\aK\000
d\035??\000_??\200?\235?x\000\000\000\200?\235?\000\000\000\000\230\032\002?1\177G?b?\222??{G?\000\000\000\000\020\000\000\000\000\000\000\000\200?\235??qG?\200?\235?8?\235?x\000\000\000?\032\002?"
	addr = 0
	count = 1999
	have_addr = 0
	result = 0
#3  0xc0475975 in db_command_loop () at /usr/src/sys/ddb/db_command.c:455
No locals.
#4  0xc0477ae5 in db_trap (type=3, code=0) at /usr/src/sys/ddb/db_main.c:221
	jb = {{_jb = {-821945604, -821945632, -821945552, 1, 0, -1069057402,
      0, 0, 0, 0, -821945552, -1066657536}}}
	prev_jb = (void *) 0x0
	bkpt = 0
#5  0xc06c19ae in kdb_trap (type=0, code=0, tf=0xcf021b98)
    at /usr/src/sys/kern/subr_kdb.c:473
	did_stop_cpus = 1
	handled = -821945448
#6  0xc08c2468 in trap (frame      {tf_fs = 8, tf_es = 40, tf_ds = -821952472,
tf_edi = 256, tf_esi = 1, tf_ebp = -821945376, tf_isp = -821945404, tf_ebx =
-821945316, tf_edx = 0, tf_ecx = -1056755712, tf_eax = 18, tf_trapno = 3, tf_err
= 0, tf_eip = -1066658176, tf_cs = 32, tf_eflags = 646, tf_esp = -1064104898,
tf_ss = -1064113900})
    at /usr/src/sys/i386/i386/trap.c:601
	td = (struct thread *) 0xc24db300
	p = (struct proc *) 0xc24fc830
	sticks = 3473021836
	i = 0
	ucode = 0
	type = 3
	code = 0
	eva = 0
#7  0xc08ac43a in calltrap () at /usr/src/sys/i386/i386/exception.s:139
No locals.
#8  0x00000008 in ?? ()
No symbol table info available.
#9  0x00000028 in ?? ()
No symbol table info available.
#10 0xcf020028 in ?? ()
No symbol table info available.
#11 0x00000100 in ?? ()
No symbol table info available.
#12 0x00000001 in ?? ()
No symbol table info available.
#13 0xcf021be0 in ?? ()
No symbol table info available.
#14 0xcf021bc4 in ?? ()
No symbol table info available.
#15 0xcf021c1c in ?? ()
No symbol table info available.
#16 0x00000000 in ?? ()
No symbol table info available.
#17 0xc1033000 in ?? ()
No symbol table info available.
#18 0x00000012 in ?? ()
No symbol table info available.
#19 0x00000003 in ?? ()
No symbol table info available.
#20 0x00000000 in ?? ()
No symbol table info available.
#21 0xc06c1680 in kdb_enter (msg=0x0) at cpufunc.h:60
No locals.
#22 0xc06a337e in panic (fmt=0xc09323ad "%s: lock (%s) %s is not
initialized")
    at /usr/src/sys/kern/kern_shutdown.c:537
	td = (struct thread *) 0xc24db300
	bootopt = 256
	newpanic = 1
	ap = 0xcf021c1c
"?}\216??\232\224???2???2?\020?2?L\034\002?X\230i???2???\222?"
	buf = "witness_destroy: lock (sleep mutex) linux osname is not
initialized", '\0' <repeats 188 times>
#23 0xc06cd5a9 in witness_destroy (lock=0xc232e6c0)
    at /usr/src/sys/kern/subr_witness.c:567
	w = (struct witness *) 0xc232e6c0
	__func__ = "witness_destroy"
#24 0xc0699858 in mtx_destroy (m=0xc232e6c0)
    at /usr/src/sys/kern/kern_mutex.c:875
No locals.
#25 0xc0691b60 in linker_file_sysuninit (lf=0x0)
    at /usr/src/sys/kern/kern_linker.c:238
	start = (struct sysinit **) 0xc232ce10
	stop = (struct sysinit **) 0xc232ce18
	sipp = (struct sysinit **) 0xc232ce10
	xipp = (struct sysinit **) 0x0
	save = (struct sysinit *) 0x0
#26 0xc0692384 in linker_file_unload (file=0xc222eb00, flags=0)
    at /usr/src/sys/kern/kern_linker.c:539
	mod = 0x0
	next = 0x0
	ml = 0x0
	nextml = 0x0
	cp = (struct common_symbol *) 0x0
	error = 0
	i = 0
#27 0xc0692c3a in kern_kldunload (td=0xc222eb00, fileid=0, flags=0)
    at /usr/src/sys/kern/kern_linker.c:828
	lf = 0xc222eb00
	error = 2
#28 0xc0692cdc in kldunloadf (td=0x0, uap=0x0)
    at /usr/src/sys/kern/kern_linker.c:858
No locals.
#29 0xc08c2e30 in syscall (frame      {tf_fs = 59, tf_es = 59, tf_ds = 59,
tf_edi = 4, tf_esi = -1077940798, tf_ebp = -1077941080, tf_isp = -821944988,
tf_ebx = 1, tf_edx = -1077940798, tf_ecx = 1, tf_eax = 444, tf_trapno = 0,
tf_err = 2, tf_eip = 671855983, tf_cs = 51, tf_eflags = 582, tf_esp =
-1077942212, tf_ss = 59})
    at /usr/src/sys/i386/i386/trap.c:986
	params = 0xbfbfe840 <Address 0xbfbfe840 out of bounds>
	callp = (struct sysent *) 0xc0990150
	td = (struct thread *) 0xc24db300
	p = (struct proc *) 0xc24fc830
	orig_tf_eflags = 582
	sticks = 3
	error = 0
	narg = 2
	args = {4, 0, -1064543505, -1063413248, -821945036, 0, 0, 671524056}
	code = 444
#30 0xc08ac48f in Xint0x80_syscall ()
    at /usr/src/sys/i386/i386/exception.s:200
No locals.
#31 0x0000003b in ?? ()
No symbol table info available.
#32 0x0000003b in ?? ()
No symbol table info available.
#33 0x0000003b in ?? ()
No symbol table info available.
#34 0x00000004 in ?? ()
No symbol table info available.
#35 0xbfbfedc2 in ?? ()
No symbol table info available.
#36 0xbfbfeca8 in ?? ()
No symbol table info available.
#37 0xcf021d64 in ?? ()
No symbol table info available.
#38 0x00000001 in ?? ()
No symbol table info available.
#39 0xbfbfedc2 in ?? ()
No symbol table info available.
#40 0x00000001 in ?? ()
No symbol table info available.
#41 0x000001bc in ?? ()
No symbol table info available.
#42 0x00000000 in ?? ()
No symbol table info available.
#43 0x00000002 in ?? ()
No symbol table info available.
#44 0x280bb56f in ?? ()
No symbol table info available.
#45 0x00000033 in ?? ()
No symbol table info available.
#46 0x00000246 in ?? ()
No symbol table info available.
#47 0xbfbfe83c in ?? ()
No symbol table info available.
#48 0x0000003b in ?? ()
No symbol table info available.
#49 0x00000000 in ?? ()
No symbol table info available.
#50 0x00000000 in ?? ()
No symbol table info available.
#51 0x00000000 in ?? ()
No symbol table info available.
#52 0x00000000 in ?? ()
No symbol table info available.
#53 0x0872a000 in ?? ()
No symbol table info available.
#54 0xc24fc830 in ?? ()
No symbol table info available.
#55 0xc24db300 in ?? ()
No symbol table info available.
#56 0xcf0219b0 in ?? ()
No symbol table info available.
#57 0xcf02198c in ?? ()
No symbol table info available.
#58 0xc1465600 in ?? ()
No symbol table info available.
#59 0xc06b7a90 in sched_switch (td=0xbfbfedc2, newtd=0x1, flags=Cannot access
memory at address 0xbfbfecb8)
    at /usr/src/sys/kern/sched_4bsd.c:973
	kg = (struct ksegrp *) 0x0
	p = (struct proc *) 0x4
Previous frame inner to this frame (corrupt stack?)
(kgdb) q
--
GPG fingerprint = 5FFA 3959 3377 C697 8428  24D0 BF3E F4A9 AE33 5DCC

"It won't fit on the line."
		-- me, 2001
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url :
http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20050823/607fd818/attachment.bin

On 8/23/05, Rene Ladan <r.c.ladan@student.tue.nl>
wrote:
> The following panic can reliably be reproduced on a GENERIC 6.0-BETA3
> kernel when loading linux support via /etc/rc.conf
(linux_enable="YES")
> and then issuing "kldunload linux".
> 
No, I have a BETA3 box too, and can unload linux kernel module after
booting with linux_enable="YES"...