From owner-freebsd-stable@FreeBSD.ORG Sun Aug 27 01:38:16 2006 Return-Path: X-Original-To: freebsd-stable@freebsd.org Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A254316A4DA for ; Sun, 27 Aug 2006 01:38:16 +0000 (UTC) (envelope-from j.porter.clark@nasa.gov) Received: from x500msfc.msfc.nasa.gov (x500msfc.msfc.nasa.gov [198.116.111.5]) by mx1.FreeBSD.org (Postfix) with ESMTP id 22E7243D49 for ; Sun, 27 Aug 2006 01:38:16 +0000 (GMT) (envelope-from j.porter.clark@nasa.gov) Received: from drum.msfc.nasa.gov by x500msfc.msfc.nasa.gov with ESMTP for freebsd-stable@freebsd.org; Sat, 26 Aug 2006 20:38:15 -0500 Received: by drum.msfc.nasa.gov (Postfix, from userid 134) id D71DE6144; Sat, 26 Aug 2006 20:38:14 -0500 (CDT) Date: Sat, 26 Aug 2006 20:38:14 -0500 From: "J. Porter Clark" To: freebsd-stable@freebsd.org Message-Id: <20060827013814.GA1441@drum.msfc.nasa.gov> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Organization: http://www.msfc.nasa.gov/ X-PGP-Key-ID: 0x677B780D User-Agent: mutt-ng/devel-r804 (FreeBSD) Subject: 6.1-STABLE panic using revoked pty X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 27 Aug 2006 01:38:16 -0000 I'm having a problem with a surprisingly easily provoked panic on an SMP machine. (If I try it with a non-SMP machine, I can get it to hang but not panic.) The easiest way I've found to do it is to login to target SMP machine "drum" from two different windows on some other machine "remote" using ssh. In the first window: remote % ssh drum Password: Last login: Sat Aug 26 12:02:07 2006 Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994 The Regents of the University of California. All rights reserved. FreeBSD 6.1-STABLE (DRUM6) #0: Fri Aug 25 10:07:09 CDT 2006 $ In the second window, log in: remote % ssh drum Password: Last login: Sat Aug 26 12:02:07 2006 Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994 The Regents of the University of California. All rights reserved. FreeBSD 6.1-STABLE (DRUM6) #0: Fri Aug 25 10:07:09 CDT 2006 $ ls -l `tty` crw------- 1 jpc tty 0, 142 Aug 26 18:58 /dev/ttyp1 $ exit Now go back to the first window and write to the other terminal's revoked tty: $ echo hello > /dev/ttyp1 Go to the second window and log in again, or try to: remote % ssh drum Password: ...and that's as far as I get. drum has panicked. drum# kgdb kernel.debug /usr/crash/vmcore.13 [GDB will not be able to debug user-mode threads: /usr/lib/libthread_db.so: Undefined symbol "ps_pglobal_lookup"] GNU gdb 6.1.1 [FreeBSD] Copyright 2004 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "i386-marcel-freebsd". Unread portion of the kernel message buffer: Fatal trap 12: page fault while in kernel mode cpuid = 0; apic id = 00 fault virtual address = 0x0 fault code = supervisor read, page not present instruction pointer = 0x20:0x0 stack pointer = 0x28:0xe921f974 frame pointer = 0x28:0xe921f988 code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, def32 1, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 1287 (sshd) trap number = 12 panic: page fault cpuid = 0 Uptime: 8m57s Dumping 2047 MB (2 chunks) chunk 0: 1MB (159 pages) ... ok chunk 1: 2047MB (524032 pages) #0 doadump () at pcpu.h:165 165 __asm __volatile("movl %%fs:0,%0" : "=r" (td)); (kgdb) x/80xw 0xe921f974 0xe921f974: 0xc0571543 0x00000000 0xc6b74800 0xc6b74800 0xe921f984: 0xc6bb6c00 0xe921f9a4 0xc05c01a9 0xc6b74888 0xe921f994: 0x00000000 0x00000000 0xc6b74810 0xc6b74800 0xe921f9a4: 0xe921f9bc 0xc05beda0 0xc6b74800 0xc6b74800 0xe921f9b4: 0xc73b0e80 0xc6b74800 0xe921f9d8 0xc05c32ad 0xe921f9c4: 0xc6b74800 0x00000001 0xc6ebc400 0xe921fbcc 0xe921f9d4: 0xc07c0520 0xe921f9f4 0xc056315b 0xc6ebc400 0xe921f9e4: 0x00000003 0x00002000 0xc6bb6c00 0x00000000 0xe921f9f4: 0xe921fa34 0xc0533c6b 0xc6ebc400 0x00000003 0xe921fa04: 0x00002000 0xc6bb6c00 0xc6ebc400 0xc71ff440 0xe921fa14: 0xc6bb6c00 0xc07de2c0 0xc71ff440 0x00000000 0xe921fa24: 0xc6bb6c00 0x00000000 0xe921fbcc 0x00000003 0xe921fa34: 0xe921fa40 0xc073e0b8 0xe921fa64 0xe921fb20 0xe921fa44: 0xc05f33a8 0xc07b2a60 0xe921fa64 0x00000000 0xe921fa54: 0x00000180 0xc6bb6c00 0xc71ff440 0xe921fa78 0xe921fa64: 0xc07ddcc0 0xc71ff440 0x00000003 0xc6f71680 0xe921fa74: 0xc6bb6c00 0x00000006 0xe921fa84 0xc146cd20 0xe921fa84: 0x00000400 0xc6b74800 0xe921fa94 0xc0582668 0xe921fa94: 0xe921faac 0xc05827ed 0xc07bfe80 0x00000400 0xe921faa4: 0xc6b74800 0x00000000 0xe921fad0 0xc05c0c73 (kgdb) quit drum# addr2line -e kernel.debug 0xc0571543 ../../../kern/kern_event.c:1534 drum# addr2line -e kernel.debug 0xc05c01a9 ../../../kern/tty.c:2427 drum# addr2line -e kernel.debug 0xc05beda0 ../../../kern/tty.c:1681 drum# addr2line -e kernel.debug 0xc05c32ad ../../../sys/linedisc.h:136 drum# addr2line -e kernel.debug 0xc056315b ../../../kern/kern_conf.c:242 drum# addr2line -e kernel.debug 0xc0533c6b ../../../fs/devfs/devfs_vnops.c:680 drum# addr2line -e kernel.debug 0xc05f33a8 ./vnode_if.h:198 drum# addr2line -e kernel.debug 0xc0582668 ../../../kern/kern_malloc.c:251 drum# addr2line -e kernel.debug 0xc05827ed ../../../kern/kern_malloc.c:404 drum# addr2line -e kernel.debug 0xc05c0c73 ../../../kern/tty.c:2829 Copyright (c) 1992-2006 The FreeBSD Project. Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 The Regents of the University of California. All rights reserved. FreeBSD 6.1-STABLE #0: Fri Aug 25 10:07:09 CDT 2006 jpc@drum.msfc.nasa.gov:/usr/src/sys/i386/compile/DRUM6 MPTable: Timecounter "i8254" frequency 1193182 Hz quality 0 CPU: Intel(R) Xeon(TM) CPU 2.80GHz (2800.12-MHz 686-class CPU) Origin = "GenuineIntel" Id = 0xf25 Stepping = 5 Features=0xbfebfbff Features2=0x4400> Logical CPUs per core: 2 real memory = 2147483648 (2048 MB) avail memory = 2091847680 (1994 MB) FreeBSD/SMP: Multiprocessor System Detected: 4 CPUs cpu0 (BSP): APIC ID: 0 cpu1 (AP): APIC ID: 1 cpu2 (AP): APIC ID: 6 cpu3 (AP): APIC ID: 7 ioapic0: Assuming intbase of 0 ioapic1: Assuming intbase of 16 ioapic2: Assuming intbase of 32 ioapic3: Assuming intbase of 48 ioapic0 irqs 0-15 on motherboard ioapic1 irqs 16-31 on motherboard ioapic2 irqs 32-47 on motherboard ioapic3 irqs 48-63 on motherboard netsmb_dev: loaded cpu0 on motherboard cpu1 on motherboard cpu2 on motherboard cpu3 on motherboard pcib0: pcibus 0 on motherboard pci0: on pcib0 pcib1: at device 7.0 on pci0 pci1: on pcib1 fwohci0: port 0xa800-0xa87f mem 0xfc8ff000-0xfc8ff7ff irq 24 at device 8.0 on pci1 fwohci0: OHCI version 1.0 (ROM=1) fwohci0: No. of Isochronous channels is 8. fwohci0: EUI64 00:11:06:00:00:00:50:66 fwohci0: Phy 1394a available S400, 3 ports. fwohci0: Link S400, max_rec 2048 bytes. firewire0: on fwohci0 sbp0: on firewire0 fwe0: on firewire0 if_fwe0: Fake Ethernet address: 02:11:06:00:50:66 fwe0: Ethernet address: 02:11:06:00:50:66 fwe0: if_start running deferred for Giant fwip0: on firewire0 fwip0: Firewire address: 00:11:06:00:00:00:50:66 @ 0xfffe00000000, S400, maxrec 2048 fwohci0: Initiate bus reset fwohci0: node_id=0xc800ffc1, gen=1, CYCLEMASTER mode firewire0: 2 nodes, maxhop <= 1, cable IRM = 1 (me) firewire0: bus manager 1 (me) ohci0: mem 0xfc8fd000-0xfc8fdfff irq 25 at device 9.0 on pci1 ohci0: [GIANT-LOCKED] usb0: OHCI version 1.0 usb0: on ohci0 usb0: USB revision 1.0 uhub0: NEC OHCI root hub, class 9/0, rev 1.00/1.00, addr 1 uhub0: 3 ports with 3 removable, self powered ohci1: mem 0xfc8fe000-0xfc8fefff irq 20 at device 9.1 on pci1 ohci1: [GIANT-LOCKED] usb1: OHCI version 1.0 usb1: on ohci1 usb1: USB revision 1.0 uhub1: NEC OHCI root hub, class 9/0, rev 1.00/1.00, addr 1 uhub1: 2 ports with 2 removable, self powered ehci0: mem 0xfc8ffc00-0xfc8ffcff irq 21 at device 9.2 on pci1 ehci0: [GIANT-LOCKED] usb2: EHCI version 0.95 usb2: companion controllers, 3 ports each: usb0 usb1 usb2: on ehci0 usb2: USB revision 2.0 uhub2: NEC EHCI root hub, class 9/0, rev 2.00/1.00, addr 1 uhub2: 5 ports with 5 removable, self powered em0: port 0xc800-0xc83f mem 0xfea60000-0xfea7ffff irq 28 at device 8.0 on pci0 em0: Ethernet address: 00:30:48:53:37:e4 em0: [FAST] em1: port 0xd000-0xd03f mem 0xfeba0000-0xfebbffff irq 26 at device 9.0 on pci0 em1: Ethernet address: 00:30:48:53:37:e5 em1: [FAST] ahd0: port 0xd800-0xd8ff,0xd400-0xd4ff mem 0xfebfa000-0xfebfbfff irq 30 at device 10.0 on pci0 ahd0: [GIANT-LOCKED] aic7902: Ultra320 Wide Channel A, SCSI Id=7, PCI 33 or 66Mhz, 512 SCBs ahd1: port 0xe400-0xe4ff,0xe000-0xe0ff mem 0xfebfc000-0xfebfdfff irq 31 at device 10.1 on pci0 ahd1: [GIANT-LOCKED] aic7902: Ultra320 Wide Channel B, SCSI Id=7, PCI 33 or 66Mhz, 512 SCBs drm0: port 0xe800-0xe8ff mem 0xfd000000-0xfdffffff,0xfebff000-0xfebfffff irq 29 at device 11.0 on pci0 info: [drm] Initialized mach64 1.0.0 20020904 atapci0: port 0x1f0-0x1f7,0x3f6,0x170-0x177,0x376,0xffa0-0xffaf at device 15.1 on pci0 ata0: on atapci0 ata1: on atapci0 ohci2: mem 0xfebfe000-0xfebfefff irq 17 at device 15.2 on pci0 ohci2: [GIANT-LOCKED] usb3: OHCI version 1.0, legacy support usb3: on ohci2 usb3: USB revision 1.0 uhub3: (0x1166) OHCI root hub, class 9/0, rev 1.00/1.00, addr 1 uhub3: 4 ports with 4 removable, self powered isab0: at device 15.3 on pci0 isa0: on isab0 pcib255: pcibus 255 on motherboard pci255: on pcib255 pmtimer0 on isa0 orm0: at iomem 0xc0000-0xc7fff on isa0 atkbdc0: at port 0x60,0x64 on isa0 atkbd0: irq 1 on atkbdc0 kbd0 at atkbd0 atkbd0: [GIANT-LOCKED] psm0: irq 12 on atkbdc0 psm0: [GIANT-LOCKED] psm0: model Generic PS/2 mouse, device ID 0 fdc0: at port 0x3f0-0x3f5,0x3f7 irq 6 drq 2 on isa0 fdc0: [FAST] fd0: <1440-KB 3.5" drive> on fdc0 drive 0 ppc0: at port 0x378-0x37f irq 7 on isa0 ppc0: Generic chipset (ECP/PS2/NIBBLE) in COMPATIBLE mode ppc0: FIFO with 16/16/8 bytes threshold ppbus0: on ppc0 lpt0: on ppbus0 lpt0: Interrupt-driven port ppi0: on ppbus0 sc0: at flags 0x100 on isa0 sc0: VGA <16 virtual consoles, flags=0x300> sio0 at port 0x3f8-0x3ff irq 4 flags 0x10 on isa0 sio0: type 16550A sio1 at port 0x2f8-0x2ff irq 3 on isa0 sio1: type 16550A vga0: at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0 unknown: can't assign resources (port) speaker0: at port 0x61 on isa0 unknown: can't assign resources (irq) unknown: can't assign resources (port) unknown: can't assign resources (port) unknown: can't assign resources (port) unknown: can't assign resources (port) Timecounters tick every 1.000 msec acd0: DVDR at ata0-master UDMA66 Waiting 5 seconds for SCSI devices to settle firewire0: New S400 device ID:0010b920007ad726 sa0 at ahd1 bus 0 target 5 lun 0 sa0: Removable Sequential Access SCSI-2 device sa0: 40.000MB/s transfers (20.000MHz, offset 15, 16bit) da0 at ahd0 bus 0 target 0 lun 0 da0: Fixed Direct Access SCSI-3 device da0: 320.000MB/s transfers (160.000MHz, offset 127, 16bit), Tagged Queueing Enabled da0: 35046MB (71775284 512 byte sectors: 255H 63S/T 4467C) da1 at ahd0 bus 0 target 1 lun 0 da1: Fixed Direct Access SCSI-3 device da1: 320.000MB/s transfers (160.000MHz, offset 127, 16bit), Tagged Queueing Enabled da1: 35046MB (71775284 512 byte sectors: 255H 63S/T 4467C) da2 at sbp0 bus 0 target 0 lun 0 da2: Fixed Direct Access SCSI-4 device da2: 50.000MB/s transfers da2: 286103MB (585938944 512 byte sectors: 255H 63S/T 36473C) cd0 at ata0 bus 0 target 0 lun 0 cd0: Removable CD-ROM SCSI-0 device cd0: 66.000MB/s transfers cd0: Attempt to query device size failed: NOT READY, Medium not present SMP: AP CPU #3 Launched! SMP: AP CPU #1 Launched! SMP: AP CPU #2 Launched! Trying to mount root from ufs:/dev/da0s1a WARNING: / was not properly dismounted -- J. Porter Clark j.porter.clark@nasa.gov NASA/MSFC Flight & Ground Computers Branch (EI31) Phone (256)544-3661 Fax (256)544-6193