Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 05 Dec 2005 15:15:20 +0000
From:      Gavin Atkinson <gavin.atkinson@ury.york.ac.uk>
To:        "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net>
Cc:        freebsd-stable@freebsd.org
Subject:   Re: panic logging out on serial console
Message-ID:  <1133795720.70431.26.camel@buffy.york.ac.uk>
In-Reply-To: <20051205132558.M88299@maildrop.int.zabbadoz.net>
References:  <20051205113818.I88299@maildrop.int.zabbadoz.net> <1133786693.70431.9.camel@buffy.york.ac.uk> <20051205132558.M88299@maildrop.int.zabbadoz.net>

next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 2005-12-05 at 13:29 +0000, Bjoern A. Zeeb wrote:
> On Mon, 5 Dec 2005, Gavin Atkinson wrote:
> 
> > On Mon, 2005-12-05 at 11:47 +0000, Bjoern A. Zeeb wrote:
> >> I had been logged in on serial console and typed 'exit' and the
> >> RELENG_6 machine went *kaboom*. I hadn't seen sth like this befire on
> >> any of my other machines:
> >>
> >> i386/RELENG_6 from around 2005-11-17 11:00 UTC.
> >>
> >> --- 8< 8< 8< ---
> >> foo# exit
> >> logout
> >>
> >> Fatal trap 12: page fault while in kernel mode
> >> fault virtual address   = 0x0
> >> fault code              = supervisor read, page not present
> >> instruction pointer     = 0x20:0x0
> >> stack pointer           = 0x28:0xef699954
> >> frame pointer           = 0x28:0xef699968
> >> code segment            = base 0x0, limit 0xfffff, type 0x1b
> >>                          = DPL 0, pres 1, def32 1, gran 1
> >> processor eflags        = interrupt enabled, resume, IOPL = 0
> >> current process         = 70703 (getty)
> >> trap number             = 12
> >> panic: page fault
> >>
> >> I have the core file and can save it for some days but it won't
> >> help a lot unless someone tells me how I can skip the frame with
> >> the null pointer in kgdb.
> >
> > I've never had a problem with backtraces (even when IP=0x0) but don't
> > forget you can always look at the stack with
> >
> > (gdb) x/40xw 0xef699954
> 
> oh thanks. I'll paste it in for the arguments:

(kgdb) x/40xw 0xef699954 
0xef699954:   * 0xc05b60db      0x00000000      0xc23b5c00    0xc23b4400
0xef699964:     0xc23b5c00      0xef699980    * 0xc0600ec8    0xc23b5cac
0xef699974:     0x00000000      0x00000000      0xc278a900    0xef699998
0xef699984:   * 0xc0770a81      0xc23b5c00      0xc23b4400    0x00000003

[snip backtrace]

It looks nothing like mine so I'm pretty sure it's a different issue,
but I suspect there is enough detail there for someone who knows about
the tty/kqueue interaction to have a guess as to what is going on.  It
does look like one entry on the tty writers knote list has become NULL,
so maybe it's a race.

I wonder if
http://lists.freebsd.org/pipermail/freebsd-hackers/2005-April/011300.html is related?  Can you get a process listing out of the core file using
"ps -M" and see if it's similar to rwatson's panic?  Although in his
case, it looks like it panicked in the KNL_ASSERT_LOCK call, which again
would be indicative of a race (e.g. in your case the structure may have
been cleared between calling KNL_ASSERT_LOCK and
list->kl_lock(list->kl_lockarg) )

Gavin




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1133795720.70431.26.camel>