Running this on a DF 3.6.3 system, under VMWare Workstation 9.0.3, gets: checking if `rename' handles unwritable source/target... ok,source=ok,target=ok checking that `mmap' is sane... yes checking signal received if referencing nonexistent part of mmapped file... Segmentation fault 11
Pulling out the test program and compiling/running it gives me: # ./conftest mmap: Bad file descriptor So, I wasn't able to get a kernel crash out of it. On Thu, Jul 17, 2014 at 5:08 PM, Nelson H. F. Beebe <[email protected]> wrote: > I run DragonFly 3.6-RELEASE (and also 3.4) on VMware ESX on Sun AMD64 > hardware, along with dozens of other virtual machines. > > Today, I found out how to reliably, and preproducibly, crash the 3.6 > kernel from a user process: build GNU rcs-5.9.1 or rcs-5.9.2, available > at > > ftp://ftp.gnu.org/gnu/rcs/ > > There is a kernel panic immediately after this report from the > configure run: > > checking signal received if referencing nonexistent part of mmapped > file... > > I cannot capture the exact panic report easily from the VMware > console, which puts me into a debugger with prompt "db>", at which > typing "reset" reboots the system. > > After the reboot, examination of /var/log/messages shows something > similar to what I saw in the VMware console window: > > Jul 17 14:52:47 xxx syslogd: kernel boot file is /boot/kernel/kernel > Jul 17 14:52:47 xxx kernel: pid 23179 (conftest), uid 887: exited on > signal 11 > Jul 17 14:52:47 xxx kernel: panic: assertion "ref >= &td->td_toks_base && > ref->tr_tok == tok" failed in lwkt_reltoken at > /build/home/justin/src/sys/kern/lwkt_token.c:812 > Jul 17 14:52:47 xxx kernel: cpuid = 0 > Jul 17 14:52:47 xxx kernel: Trace beginning at frame 0xffffffe05ce377d8 > Jul 17 14:52:47 xxx kernel: panic() at panic+0x223 0xffffffff80561c0c > Jul 17 14:52:47 xxx kernel: panic() at panic+0x223 0xffffffff80561c0c > Jul 17 14:52:47 xxx kernel: lwkt_reltoken() at lwkt_reltoken+0x5d > 0xffffffff80575f98 > Jul 17 14:52:47 xxx kernel: sigexit() at sigexit+0xce 0xffffffff80564a78 > Jul 17 14:52:47 xxx kernel: postsig() at postsig+0x1c7 0xffffffff80564c46 > Jul 17 14:52:47 xxx kernel: userret() at userret+0x18d 0xffffffff8092ed6d > Jul 17 14:52:47 xxx kernel: trap() at trap+0x6b4 0xffffffff8092fb4c > Jul 17 14:52:47 xxx kernel: calltrap() at calltrap+0x9 0xffffffff80919bef > Jul 17 14:52:47 xxx kernel: --- trap 000000000000000c, rip = > 0000000000400ab4, rsp = ffffffe05ce37ab0, rbp = 00007fffffffe990 --- > Jul 17 14:52:47 xxx kernel: kernmxps() at 0x400ab4 0x400ab4 > Jul 17 14:52:47 xxx kernel: kernmxps() at 0x400926 0x400926 > Jul 17 14:52:47 xxx kernel: Debugger("panic") > Jul 17 14:52:47 xxx kernel: > Jul 17 14:52:47 xxx kernel: CPU0 stopping CPUs: 0x00000000 > Jul 17 14:52:47 xxx kernel: stopped > > Can anyone reproduce this crash on physical hardware? > > Builds of the two named releases of GNU rcs on DragonflyBSD 3.4 work > just fine. > > All of the files in /boot/kernel on my 3.6 system are dated > 20-Feb-2014 14:47, and the panic persists even after running > > pkg update > pkg upgrade > > to ensure that all software components are current (as expected, > because the kernel files themselves do not change). > > ------------------------------------------------------------------------------- > - Nelson H. F. Beebe Tel: +1 801 581 5254 > - > - University of Utah FAX: +1 801 581 4148 > - > - Department of Mathematics, 110 LCB Internet e-mail: [email protected] > - > - 155 S 1400 E RM 233 [email protected] [email protected] > - > - Salt Lake City, UT 84112-0090, USA URL: http://www.math.utah.edu/~beebe/ > - > -------------------------------------------------------------------------------
