From owner-freebsd-stable@FreeBSD.ORG  Mon Dec  5 13:32:53 2005
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
X-Original-To: freebsd-stable@freebsd.org
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 0FB3216A41F
	for <freebsd-stable@freebsd.org>; Mon,  5 Dec 2005 13:32:53 +0000 (GMT)
	(envelope-from bzeeb-lists@lists.zabbadoz.net)
Received: from transport.cksoft.de (transport.cksoft.de [62.111.66.27])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 3BC4D43D66
	for <freebsd-stable@freebsd.org>; Mon,  5 Dec 2005 13:32:51 +0000 (GMT)
	(envelope-from bzeeb-lists@lists.zabbadoz.net)
Received: from transport.cksoft.de (localhost [127.0.0.1])
	by transport.cksoft.de (Postfix) with ESMTP
	id 57E2A1FF9A8; Mon,  5 Dec 2005 14:32:49 +0100 (CET)
Received: by transport.cksoft.de (Postfix, from userid 66)
	id CC5011FF9A7; Mon,  5 Dec 2005 14:32:46 +0100 (CET)
Received: from maildrop.int.zabbadoz.net (maildrop.int.zabbadoz.net
	[10.111.66.10])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mail.int.zabbadoz.net (Postfix) with ESMTP id 2C909444F50;
	Mon,  5 Dec 2005 13:29:58 +0000 (UTC)
Date: Mon, 5 Dec 2005 13:29:58 +0000 (UTC)
From: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net>
X-X-Sender: bz@maildrop.int.zabbadoz.net
To: Gavin Atkinson <gavin.atkinson@ury.york.ac.uk>
In-Reply-To: <1133786693.70431.9.camel@buffy.york.ac.uk>
Message-ID: <20051205132558.M88299@maildrop.int.zabbadoz.net>
References: <20051205113818.I88299@maildrop.int.zabbadoz.net>
	<1133786693.70431.9.camel@buffy.york.ac.uk>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
X-Virus-Scanned: by AMaViS cksoft-s20020300-20031204bz on transport.cksoft.de
Cc: freebsd-stable@freebsd.org
Subject: Re: panic logging out on serial console
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>, 
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 05 Dec 2005 13:32:53 -0000

On Mon, 5 Dec 2005, Gavin Atkinson wrote:

> On Mon, 2005-12-05 at 11:47 +0000, Bjoern A. Zeeb wrote:
>> I had been logged in on serial console and typed 'exit' and the
>> RELENG_6 machine went *kaboom*. I hadn't seen sth like this befire on
>> any of my other machines:
>>
>> i386/RELENG_6 from around 2005-11-17 11:00 UTC.
>>
>> --- 8< 8< 8< ---
>> foo# exit
>> logout
>>
>> Fatal trap 12: page fault while in kernel mode
>> fault virtual address   = 0x0
>> fault code              = supervisor read, page not present
>> instruction pointer     = 0x20:0x0
>> stack pointer           = 0x28:0xef699954
>> frame pointer           = 0x28:0xef699968
>> code segment            = base 0x0, limit 0xfffff, type 0x1b
>>                          = DPL 0, pres 1, def32 1, gran 1
>> processor eflags        = interrupt enabled, resume, IOPL = 0
>> current process         = 70703 (getty)
>> trap number             = 12
>> panic: page fault
>>
>> I have the core file and can save it for some days but it won't
>> help a lot unless someone tells me how I can skip the frame with
>> the null pointer in kgdb.
>
> I've never had a problem with backtraces (even when IP=0x0) but don't
> forget you can always look at the stack with
>
> (gdb) x/40xw 0xef699954

oh thanks. I'll paste it in for the arguments:

(kgdb) x/40xw 0xef699954 
0xef699954:   * 0xc05b60db      0x00000000      0xc23b5c00      0xc23b4400
0xef699964:     0xc23b5c00      0xef699980    * 0xc0600ec8      0xc23b5cac
0xef699974:     0x00000000      0x00000000      0xc278a900      0xef699998
0xef699984:   * 0xc0770a81      0xc23b5c00      0xc23b4400      0x00000003
0xef699994:     0x0000cb00      0xef6999bc    * 0xc077062f      0xc23b5c00
0xef6999a4:     0x00770c5f      0x0000000c      0x00000003      0xc23b5c00
0xef6999b4:     0xc23b5d1c      0xc23b5cf0      0xef6999d8    * 0xc060209c
0xef6999c4:     0xc23b5c00      0xc23b5cc4      0xc2399300      0xef699bcc
0xef6999d4:     0xc0840b00      0xef6999f4    * 0xc05a7f87      0xc2399300
0xef6999e4:     0x00000003      0x00002000      0xc278a900      0x00000000

(kgdb) l *0xc05b60db
0xc05b60db is in knote (/u1/src/RELENG_6/sys/kern/kern_event.c:1534).
1529                    return;
1530
1531            KNL_ASSERT_LOCK(list, islocked);
1532
1533            if (!islocked) 
1534                    list->kl_lock(list->kl_lockarg); 
1535
1536            /*
1537             * If we unlock the list lock (and set KN_INFLUX), we can eliminate
1538             * the kqueue scheduling, but this will introduce four

(kgdb) l *0xc0600ec8
0xc0600ec8 is in ttwwakeup (/u1/src/RELENG_6/sys/kern/tty.c:2451).
2446                tp->t_outq.c_cc <= tp->t_olowat) {
2447                    CLR(tp->t_state, TS_SO_OLOWAT);
2448                    wakeup(TSA_OLOWAT(tp));
2449            }
2450            KNOTE_UNLOCKED(&tp->t_wsel.si_note, 0);
2451    }
2452
2453    /*
2454     * Look up a code for a specified speed in a conversion table;
2455     * used by drivers to map software speed values to hardware parameters.

(kgdb) l *0xc0770a81
0xc0770a81 is in comstart (systm.h:290).
285     static __inline intrmask_t      splsoftvm(void)         { return 0; }
286     static __inline intrmask_t      splsofttq(void)         { return 0; }
287     static __inline intrmask_t      splstatclock(void)      { return 0; }
288     static __inline intrmask_t      spltty(void)            { return 0; }
289     static __inline intrmask_t      splvm(void)             { return 0; }
290     static __inline void            splx(intrmask_t ipl __unused)   { return; }
291
292     /*
293      * Common `proc' functions are declared here so that proc.h can be included
294      * less often.

(kgdb) l *0xc077062f
0xc077062f is in comparam (/u1/src/RELENG_6/sys/dev/sio/sio.c:1902).
1897            ttyldoptim(tp);
1898
1899            mtx_unlock_spin(&sio_lock);
1900            splx(s);
1901            comstart(tp);
1902            if (com->ibufold != NULL) {
1903                    free(com->ibufold, M_DEVBUF);
1904                    com->ibufold = NULL;
1905            }
1906            return (0);

(kgdb) l *0xc060209c
0xc060209c is in ttyopen (/u1/src/RELENG_6/sys/kern/tty.c:3145).
3140                    tp->t_termios = ISCALLOUT(dev) ? tp->t_init_out : tp->t_init_in;
3141                    tp->t_cflag = tp->t_termios.c_cflag;
3142                    if (tp->t_modem != NULL)
3143                            tp->t_modem(tp, SER_DTR | SER_RTS, 0);
3144                    ++tp->t_wopeners;
3145                    error = tp->t_param(tp, &tp->t_termios);
3146                    --tp->t_wopeners;
3147                    if (error == 0 && tp->t_open != NULL)
3148                            error = tp->t_open(tp, dev);
3149                    if (error != 0)

(kgdb) l *0xc05a7f87
0xc05a7f87 is in giant_open (/u1/src/RELENG_6/sys/kern/kern_conf.c:242).
237     giant_open(struct cdev *dev, int oflags, int devtype, struct thread *td)
238     {
239             int retval;
240
241             mtx_lock(&Giant);
242             retval = dev->si_devsw->d_gianttrick->
243                 d_open(dev, oflags, devtype, td);
244             mtx_unlock(&Giant);
245             return (retval);
246     }

-- 
Bjoern A. Zeeb				bzeeb at Zabbadoz dot NeT