Project

General

Profile

Bug #5132

mdb loops forever printing a stack backtrace

Added by Gordon Ross over 5 years ago. Updated about 5 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
mdb - modular debugger
Start date:
2014-09-05
Due date:
% Done:

100%

Estimated time:
Difficulty:
Medium
Tags:
needs-triage

Description

Description:
I have a customer crash dump (taken with reboot -d) where mdb loops forever trying to print out one of the stacks.
When running this command:

::walk thread | ::findstack -v

I see an endless list of the same frame
(which apparently points to itself)

History

#1

Updated by Gordon Ross over 5 years ago

The cause is, in this crash dump, finstack find a frame that looks valid (and mostly is) but has a frame where the "frame pointer" slot points to itself.

The easiest way to make mdb "hardened" against this kind of problem is to ensure "progress" while generating a stack back-trace, which for kernel stacks on intel (and most CPUs) means each frame pointer much be a higher address than the previous.

#2

Updated by Gordon Ross about 5 years ago

before the fix:

> ffffff02e0e86b60 $C
ffffff02e0e86ba0 apix_intr_exit+0x24(2, 0)
ffffff02e0e86be0 apix_intr_thread_epilog+0xcb(ffffff64421b6000, 2)
ffffff02e0e86c20 apix_dispatch_lowlevel+0x30(24, 2)
ffffff02e0e8c8a0 switch_sp_and_call+0x13()
ffffff64423f8500 0xffffff64423f8080()
ffffff64423f8500 0xffffff64423f8080()
ffffff64423f8500 0xffffff64423f8080()
ffffff64423f8500 0xffffff64423f8080()
ffffff64423f8500 0xffffff64423f8080()
[... goes on forever ...]

after the fix:

> ffffff02e0e86b60 $C
ffffff02e0e86ba0 apix_intr_exit+0x24(2, 0)
ffffff02e0e86be0 apix_intr_thread_epilog+0xcb(ffffff64421b6000, 2)
ffffff02e0e86c20 apix_dispatch_lowlevel+0x30(24, 2)
ffffff02e0e8c8a0 switch_sp_and_call+0x13()
ffffff64423f8500 0xffffff64423f8080()
ffffff644136f330 [stack frame pointer is invalid]

#3

Updated by Marcel Telka about 5 years ago

  • Category set to mdb - modular debugger
#4

Updated by Electric Monk about 5 years ago

  • Status changed from New to Closed
  • % Done changed from 0 to 100

git commit c106d377bffb05d875a61ffd295396e4ef2d8f5c

commit  c106d377bffb05d875a61ffd295396e4ef2d8f5c
Author: Gordon Ross <gwr@nexenta.com>
Date:   2014-10-30T23:09:00.000Z

    5132 mdb loops forever printing a stack backtrace
    Reviewed by: Richard Lowe <richlowe@richlowe.net>
    Reviewed by: Adam Leventhal <ahl@delphix.com>
    Approved by: TBD

#5

Updated by Electric Monk about 5 years ago

git commit 0b4538017e5f84a04187012fe88bb3e46f1c5f51

commit  0b4538017e5f84a04187012fe88bb3e46f1c5f51
Author: Gordon Ross <gwr@nexenta.com>
Date:   2014-11-01T00:48:13.000Z

    5132 mdb loops forever printing a stack backtrace
    Reviewed by: Richard Lowe <richlowe@richlowe.net>
    Reviewed by: Adam Leventhal <ahl@delphix.com>
    Approved by: Garrett D'Amore <garrett@damore.org>

Also available in: Atom PDF