[Bug 287566] sleeping thread holds process lock (drm-kmod most likely)

Mon, 16 Jun 2025 08:41:12 -0700 

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=287566

--- Comment #5 from polyduekes <[email protected]> ---
(In reply to Konstantin Belousov from comment #4)
output of the first command:-
(kgdb) p *((struct thread *)0xfffff801f4573740)
$1 = {td_lock = 0xffffffff81bd1188 <sleepq_chains+11016>, td_proc =
0xfffffe00b4139040, td_plist = {tqe_next = 0x0, 
    tqe_prev = 0xfffff8018e44e010}, td_runq = {tqe_next = 0x0, tqe_prev =
0xfffffe0010378618}, {td_slpq = {tqe_next = 0x0, 
      tqe_prev = 0xfffff8007859e030}, td_zombie = 0x0}, td_lockq = {tqe_next =
0x0, tqe_prev = 0x0}, td_hash = {
    le_next = 0x0, le_prev = 0xfffffe001056c818}, td_cpuset =
0xfffff800035c5c00, td_domain = {
    dr_policy = 0xffffffff81800110 <domainset_firsttouch>, dr_iter = 0}, td_sel
= 0x0, td_sleepqueue = 0x0, 
  td_turnstile = 0xfffff801da402840, td_rlqe = 0xfffff80006b75488, td_umtxq =
0xfffff8017e348d80, td_tid = 102659, 
  td_sigqueue = {sq_signals = {__bits = {0, 0, 0, 0}}, sq_kill = {__bits = {0,
0, 0, 0}}, sq_ptrace = {__bits = {0, 0, 0, 
        0}}, sq_list = {tqh_first = 0x0, tqh_last = 0xfffff801f4573818},
sq_proc = 0xfffffe00b4139040, sq_flags = 1}, 
  td_lend_user_pri = 255 '\377', td_allocdomain = 0 '\000', td_base_ithread_pri
= 0 '\000', td_kmsan = 0x0, td_flags = 4, 
  td_ast = 0, td_inhibitors = 2, td_pflags = 16777472, td_pflags2 = 0, td_dupfd
= 0, td_sqqueue = 0, 
  td_wchan = 0xffffffff81c02c80 <audit_watermark_cv>, td_wmesg =
0xffffffff81230c2d "audit_watermark_cv", 
  td_owepreempt = 0 '\000', td_tsqueue = 0 '\000', td_stopsched = 0 '\000',
td_locks = 0, td_rw_rlocks = 0, td_sx_slocks = 0, 
  td_lk_slocks = 0, td_blocked = 0x0, td_lockname = 0x0, td_contested =
{lh_first = 0xfffff8017e66e540}, td_sleeplocks = 0x0, 
  td_intr_nesting_level = 0, td_pinned = 0, td_realucred = 0xfffff801d466e200,
td_ucred = 0xfffff801d466e200, 
  td_limit = 0xfffff8002bf47d80, td_slptick = -2147302762, td_blktick = 0,
td_swvoltick = -2147302762, td_swinvoltick = 0, 
  td_cow = 0, td_ru = {ru_utime = {tv_sec = 0, tv_usec = 0}, ru_stime = {tv_sec
= 0, tv_usec = 0}, ru_maxrss = 918676, 
    ru_ixrss = 107800, ru_idrss = 1180, ru_isrss = 128, ru_minflt = 257,
ru_majflt = 0, ru_nswap = 0, ru_inblock = 0, 
    ru_oublock = 0, ru_msgsnd = 0, ru_msgrcv = 0, ru_nsignals = 0, ru_nvcsw =
9, ru_nivcsw = 0}, td_rux = {rux_runtime = 0, 
    rux_uticks = 0, rux_sticks = 0, rux_iticks = 0, rux_uu = 0, rux_su = 0,
rux_tu = 0}, td_incruntime = 16074850, 
  td_runtime = 16074850, td_pticks = 0, td_sticks = 0, td_iticks = 0, td_uticks
= 1, td_intrval = 0, td_oldsigmask = {
    __bits = {0, 0, 0, 0}}, td_generation = 9, td_sigstk = {ss_sp = 0x0,
ss_size = 0, ss_flags = 0}, td_xsig = 0, 
  td_profil_addr = 0, td_profil_ticks = 0, td_name =
"telegram-desktop\000\000\000", td_fpop = 0x0, td_dbgflags = 1024, 
  td_si = {si_signo = 0, si_errno = 0, si_code = 0, si_pid = 0, si_uid = 0,
si_status = 0, si_addr = 0x0, si_value = {
      sival_int = 0, sival_ptr = 0x0, sigval_int = 0, sigval_ptr = 0x0},
_reason = {_fault = {_trapno = 0}, _timer = {
        _timerid = 0, _overrun = 0}, _mesgq = {_mqd = 0}, _poll = {_band = 0},
_capsicum = {_syscall = 0}, __spare__ = {
        __spare1__ = 0, __spare2__ = {0, 0, 0, 0, 0, 0, 0}}}}, td_ng_outbound =
0, td_osd = {osd_nslots = 0, osd_slots = 0x0, 
    osd_next = {le_next = 0x0, le_prev = 0x0}}, td_map_def_user = 0x0,
td_dbg_forked = 0, td_vp_reserved = 0x0, 
  td_no_sleeping = 0, td_su = 0x0, td_sleeptimo = 0, td_rtcgen = 0, td_errno =
0, td_vslock_sz = 0, td_kcov_info = 0x0, 
  td_ucredref = 0, td_sigmask = {__bits = {4294967295, 4294967295, 4294967295,
4294967295}}, td_rqindex = 22 '\026', 
  td_base_pri = 88 'X', td_priority = 88 'X', td_pri_class = 3 '\003',
td_user_pri = 88 'X', td_base_user_pri = 88 'X', 
--Type <RET> for more, q to quit, c to continue without paging--
  td_rb_list = 0, td_rbp_list = 0, td_rb_inact = 0, td_sa = {code = 431,
original_code = 431, 
    callp = 0xffffffff818c1cb0 <sysent+13792>, args = {50049364393992, 102659,
0, 0, 0, 50049364394432, 0, 0}}, 
  td_sigblock_ptr = 0x2d8506960040, td_sigblock_val = 0, td_pcb =
0xfffff801f4573c60, td_state = TDS_INHIBITED, td_uretoff = {
    tdu_retval = {0, 0}, tdu_off = 0}, td_cowgen = 0, td_slpcallout = {c_links
= {le = {le_next = 0x0, 
        le_prev = 0xfffffe00104aef18}, sle = {sle_next = 0x0}, tqe = {tqe_next
= 0x0, tqe_prev = 0xfffffe00104aef18}}, 
    c_time = 3358177998890, c_precision = 0, c_arg = 0xfffff801f4573740, c_func
= 0xffffffff80bb8890 <sleepq_timeout>, 
    c_lock = 0x0, c_flags = 2, c_iflags = 272, c_cpu = 2}, td_frame =
0xfffffe00b510ef40, td_kstack = 18446741877724065792, 
  td_kstack_pages = 4, td_critnest = 1, td_md = {md_spinlock_count = 1,
md_saved_flags = 582, md_spurflt_addr = 0, 
    md_invl_gen = {gen = 116109, {link = {le_next = 0x1, le_prev = 0x58}, {next
= 0x1, saved_pri = 88 'X'}}}, 
    md_efirt_tmp = 0, md_efirt_dis_pf = 0, md_pcb = {pcb_r15 = -2118315640,
pcb_r14 = -2198751181760, 
      pcb_r13 = -8796036636672, pcb_r12 = -8796035827904, pcb_rbp =
-2195985470256, pcb_rsp = -2195985470504, 
      pcb_rbx = -8787698698432, pcb_rip = -2135371781, pcb_fsbase =
50049387835296, pcb_gsbase = 0, pcb_kgsbase = 0, 
      pcb_cr0 = 0, pcb_cr2 = 0, pcb_cr3 = 0, pcb_cr4 = 0, pcb_dr0 = 0, pcb_dr1
= 0, pcb_dr2 = 0, pcb_dr3 = 0, pcb_dr6 = 0, 
      pcb_dr7 = 0, pcb_gdt = {rd_limit = 0, rd_base = 0}, pcb_idt = {rd_limit =
0, rd_base = 0}, pcb_ldt = {rd_limit = 0, 
        rd_base = 0}, pcb_tr = 0, pcb_flags = 25, pcb_initial_fpucw = 895,
pcb_onfault = 0x0, pcb_saved_ucr3 = 4868358144, 
      pcb_tssp = 0x0, pcb_efer = 0, pcb_star = 0, pcb_lstar = 0, pcb_cstar = 0,
pcb_sfmask = 0, 
      pcb_save = 0xfffff801da438600, pcb_pad = {0, 0, 0, 0, 0}}, md_stack_base
= 18446741877724082176, 
    md_usr_fpu_save = 0xfffff801da438600}, td_ar = 0xfffff8017e0ea500, td_lprof
= {{lh_first = 0x0}, {lh_first = 0x0}}, 
  td_dtrace = 0xfffff8000bfd5200, td_vnet = 0x0, td_vnet_lpush = 0x0,
td_intr_frame = 0x0, td_rfppwait_p = 0x0, td_ma = 0x0, 
  td_ma_cnt = 0, td_emuldata = 0x0, td_lastcpu = 2, td_oncpu = -1, td_lkpi_task
= 0x0, td_pmcpend = 0, td_remotereq = 0x0, 
  td_ktr_io_lim = 0}

output of the second command:-
(kgdb) p *(((struct thread *)0xfffff801f4573740)->td_proc)
$2 = {p_list = {le_next = 0xfffffe00b4133040, le_prev = 0xfffffe00b4134060},
p_threads = {tqh_first = 0xfffff80070165740, 
    tqh_last = 0xfffff801f4573750}, p_slock = {lock_object = {lo_name =
0xffffffff811484eb "process slock", 
      lo_flags = 537067520, lo_data = 0, lo_witness = 0x0}, mtx_lock = 0},
p_ucred = 0xfffff801d466e200, 
  p_fd = 0xfffffe00105770c0, p_fdtol = 0x0, p_pd = 0xfffff801d48cc000, p_stats
= 0xfffff801d4cf8900, 
  p_limit = 0xfffff8002bf47d80, p_limco = {c_links = {le = {le_next = 0x0,
le_prev = 0x0}, sle = {sle_next = 0x0}, tqe = {
        tqe_next = 0x0, tqe_prev = 0x0}}, c_time = 0, c_precision = 0, c_arg =
0x0, c_func = 0x0, 
    c_lock = 0xfffffe00b4139168, c_flags = 0, c_iflags = 0, c_cpu = 0},
p_sigacts = 0xfffff8007017e000, p_flag = 268451969, 
  p_flag2 = 0, p_state = PRS_NORMAL, p_pid = 74542, p_hash = {le_next =
0xfffffe00b38ca580, le_prev = 0xfffffe0010546970}, 
  p_pglist = {le_next = 0xfffffe00b40cf000, le_prev = 0xfffffe00b4aa9638},
p_pptr = 0xfffffe00907c85c0, p_sibling = {
    le_next = 0x0, le_prev = 0xfffffe00b4ab1130}, p_children = {lh_first =
0x0}, p_reaper = 0xfffffe001057d040, p_reaplist = {
    lh_first = 0x0}, p_reapsibling = {le_next = 0xfffffe00b4133040, le_prev =
0xfffffe00b4134178}, p_mtx = {lock_object = {
      lo_name = 0xffffffff811715da "process lock", lo_flags = 558039040,
lo_data = 0, lo_witness = 0x0}, 
    mtx_lock = 18446735286010853186}, p_statmtx = {lock_object = {lo_name =
0xffffffff811ba603 "pstatl", 
      lo_flags = 537067520, lo_data = 0, lo_witness = 0x0}, mtx_lock = 0},
p_itimmtx = {lock_object = {
      lo_name = 0xffffffff811c54aa "pitiml", lo_flags = 537067520, lo_data = 0,
lo_witness = 0x0}, mtx_lock = 0}, 
  p_profmtx = {lock_object = {lo_name = 0xffffffff811715e7 "pprofl", lo_flags =
537067520, lo_data = 0, lo_witness = 0x0}, 
    mtx_lock = 0}, p_ksi = 0xfffff80006875000, p_sigqueue = {sq_signals =
{__bits = {0, 0, 0, 0}}, sq_kill = {__bits = {0, 0, 
        0, 0}}, sq_ptrace = {__bits = {0, 0, 0, 0}}, sq_list = {tqh_first =
0x0, tqh_last = 0xfffffe00b4139220}, 
    sq_proc = 0xfffffe00b4139040, sq_flags = 1}, p_oppid = 55944, p_vmspace =
0xfffff80006aba268, p_swtick = 2146960612, 
  p_cowgen = 0, p_realtimer = {it_interval = {tv_sec = 0, tv_usec = 0},
it_value = {tv_sec = 0, tv_usec = 0}}, p_ru = {
    ru_utime = {tv_sec = 0, tv_usec = 0}, ru_stime = {tv_sec = 0, tv_usec = 0},
ru_maxrss = 918352, ru_ixrss = 171186400, 
    ru_idrss = 1873840, ru_isrss = 203264, ru_minflt = 109261, ru_majflt = 402,
ru_nswap = 0, ru_inblock = 1838, 
    ru_oublock = 1, ru_msgsnd = 27, ru_msgrcv = 1302, ru_nsignals = 0, ru_nvcsw
= 435488, ru_nivcsw = 19112}, p_rux = {
    rux_runtime = 43196350021, rux_uticks = 1534, rux_sticks = 193, rux_iticks
= 0, rux_uu = 1017422, rux_su = 53954, 
    rux_tu = 1071377}, p_crux = {rux_runtime = 6825329492, rux_uticks = 257,
rux_sticks = 14, rux_iticks = 0, rux_uu = 0, 
    rux_su = 0, rux_tu = 0}, p_profthreads = 0, p_exitthreads = 0, p_traceflag
= 0, p_ktrioparms = 0x0, 
  p_textvp = 0xfffff8021ee041c0, p_textdvp = 0xfffff8012200a8c0, p_binname =
0xfffff8012283ab20 "telegram-desktop", 
  p_lock = 0, p_sigiolst = {slh_first = 0x0}, p_sigparent = 20, p_sig = 0,
p_ptevents = 0, p_aioinfo = 0x0, 
  p_singlethread = 0x0, p_suspcount = 0, p_xthread = 0x0, p_boundary_count = 0,
p_pendingcnt = 0, p_itimers = 0x0, 
  p_procdesc = 0x0, p_treeflag = 0, p_pendingexits = 0, p_filemon = 0x0,
p_pdeathsig = 0, p_magic = 3203398350, 
--Type <RET> for more, q to quit, c to continue without paging--
  p_osrel = 1402000, p_fctl0 = 0, p_comm = "telegram-desktop\000\000\000", 
  p_sysent = 0xffffffff8194c628 <elf64_freebsd_sysvec_la48>, p_args =
0xfffff8002bc85aa0, p_cpulimit = 9223372036854775807, 
  p_nice = 0 '\000', p_fibnum = 0, p_reapsubtree = 1, p_elf_flags = 0, 
  p_elf_brandinfo = 0xffffffff8194c9f8 <freebsd_brand_info_la48>,
p_umtx_min_timeout = 0, p_xexit = 0, p_xsig = 0, 
  p_pgrp = 0xfffff80006bedac8, p_klist = 0xfffff8007052cd40, p_numthreads = 32,
p_md = {md_ldt = 0x0, md_ldt_sd = {
      sd_lolimit = 0, sd_lobase = 0, sd_type = 0, sd_dpl = 0, sd_p = 0,
sd_hilimit = 0, sd_xx0 = 0, sd_gran = 0, 
      sd_hibase = 0, sd_xx1 = 0, sd_mbz = 0, sd_xx2 = 0}, md_flags = 1},
p_itcallout = {c_links = {le = {le_next = 0x0, 
        le_prev = 0x0}, sle = {sle_next = 0x0}, tqe = {tqe_next = 0x0, tqe_prev
= 0x0}}, c_time = 0, c_precision = 0, 
    c_arg = 0x0, c_func = 0x0, c_lock = 0xfffffe00b4139168, c_flags = 0,
c_iflags = 0, c_cpu = 0}, p_acflag = 0, 
  p_peers = 0x0, p_leader = 0xfffffe00b4139040, p_emuldata = 0x0, p_label =
0x0, p_ktr = {stqh_first = 0x0, 
    stqh_last = 0xfffffe00b4139520}, p_mqnotifier = {lh_first = 0x0}, p_dtrace
= 0xfffff80037fff380, p_pwait = {
    cv_description = 0xffffffff81219f9c "ppwait", cv_waiters = 0},
p_prev_runtime = 0, p_racct = 0x0, p_throttled = 0, 
  p_orphan = {le_next = 0x0, le_prev = 0x0}, p_orphans = {lh_first = 0x0},
p_kqtim_stop = {tqh_first = 0x0, 
    tqh_last = 0xfffffe00b4139580}, p_jaillist = {le_next = 0xfffffe00b4133040,
le_prev = 0xfffffe00b41345b0}}

sleaping thread tid:102659

bt of it:-
(kgdb) thread find 102659
Thread 1088 has target id 'Thread 102659'
(kgdb) thread 1088
[Switching to thread 1088 (Thread 102659)]
#0  sched_switch (td=td@entry=0xfffff801f4573740, flags=flags@entry=259) at
/usr/src/sys/kern/sched_ule.c:2290
2290                    cpuid = td->td_oncpu = PCPU_GET(cpuid);
(kgdb) bt
#0  sched_switch (td=td@entry=0xfffff801f4573740, flags=flags@entry=259) at
/usr/src/sys/kern/sched_ule.c:2290
#1  0xffffffff80b67c7d in mi_switch (flags=flags@entry=259) at
/usr/src/sys/kern/kern_synch.c:548
#2  0xffffffff80bb8b19 in sleepq_switch (wchan=<optimized out>, pri=<optimized
out>)
    at /usr/src/sys/kern/subr_sleepqueue.c:608
#3  0xffffffff80bb8a05 in sleepq_wait (wchan=<unavailable>,
wchan@entry=0xffffffff81c02c80 <audit_watermark_cv>, 
    pri=<unavailable>, pri@entry=0) at /usr/src/sys/kern/subr_sleepqueue.c:659
#4  0xffffffff80ae7ceb in _cv_wait (cvp=0xffffffff81c02c80
<audit_watermark_cv>, lock=0xffffffff81c02bc8 <audit_mtx>)
    at /usr/src/sys/kern/kern_condvar.c:153
#5  0xffffffff80e5a883 in audit_commit (ar=0xfffff8017e0ea500, error=<optimized
out>, retval=<optimized out>)
    at /usr/src/sys/security/audit/audit.c:574
#6  0xffffffff80e5abb6 in audit_syscall_exit (error=<unavailable>,
error@entry=0, td=td@entry=0xfffff801f4573740)
    at /usr/src/sys/security/audit/audit.c:728
#7  0xffffffff80b7038a in kern_thr_exit (td=td@entry=0xfffff801f4573740) at
/usr/src/sys/kern/kern_thr.c:378
#8  0xffffffff80b70247 in sys_thr_exit (td=0xfffff801f4573740, td@entry=<error
reading variable: value is not available>, 
    uap=0xfffff801f4573b40, uap@entry=<error reading variable: value is not
available>) at /usr/src/sys/kern/kern_thr.c:321
#9  0xffffffff8104e789 in syscallenter (td=0xfffff801f4573740) at
/usr/src/sys/amd64/amd64/../../kern/subr_syscall.c:165
#10 amd64_syscall (td=0xfffff801f4573740, traced=0) at
/usr/src/sys/amd64/amd64/trap.c:1241
#11 <signal handler called>
#12 0x0000000853df5fda in ?? ()
Backtrace stopped: Cannot access memory at address 0x97fc21a8
(kgdb)

-- 
You are receiving this mail because:
You are the assignee for the bug.

Reply via email to