From owner-freebsd-current@FreeBSD.ORG  Fri Nov 30 04:11:34 2007
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 1A7F216A468;
	Fri, 30 Nov 2007 04:11:34 +0000 (UTC)
	(envelope-from avatar@mmlab.cse.yzu.edu.tw)
Received: from www.mmlab.cse.yzu.edu.tw (www.mmlab.cse.yzu.edu.tw
	[140.138.150.166])
	by mx1.freebsd.org (Postfix) with ESMTP id E26EA13C442;
	Fri, 30 Nov 2007 04:11:32 +0000 (UTC)
	(envelope-from avatar@mmlab.cse.yzu.edu.tw)
Received: by www.mmlab.cse.yzu.edu.tw (qmail, from userid 1000)
	id 7739F8C9A0C; Fri, 30 Nov 2007 11:53:32 +0800 (CST)
Received: from localhost (localhost [127.0.0.1])
	by www.mmlab.cse.yzu.edu.tw (qmail) with ESMTP id 6E9D68C9859;
	Fri, 30 Nov 2007 11:53:32 +0800 (CST)
Date: Fri, 30 Nov 2007 11:53:32 +0800 (CST)
From: Tai-hwa Liang <avatar@mmlab.cse.yzu.edu.tw>
To: Remko Lodder <remko@FreeBSD.org>
In-Reply-To: <474D81DB.7020004@FreeBSD.org>
Message-ID: <071130112653E.701@www.mmlab.cse.yzu.edu.tw>
References: <474D81DB.7020004@FreeBSD.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
Cc: FreeBSD Current <freebsd-current@freebsd.org>, kib@freebsd.org
Subject: Re: [Fwd: Re: kern/118258 sysctl causing panics on 7.0-xxx]
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>, 
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 30 Nov 2007 04:11:34 -0000

On Wed, 28 Nov 2007, Remko Lodder wrote:
> Hello,
>
> So as per Jeff's information, can someone from the -current
> list either contact jeff or try to resolve the problems
> mentioned? :)

   This is a longstanding bug which also exists in RELENG_6.  It turns out
that 'sysctl kern.ttys' after a terminal device is removed could trigger
this panic reliably.  For example, do 'sysctl kern.ttys' multiple times
after detaching an USB serial-to-rs232 cable or a PCMCIA modem card.

   Alternatively, following script would demo the panic if you don't have
a physically removable terminal device:

#!/bin/sh
#
# Warning! Running this script as root will panic your CURRENT box...
#
while true; do
 	kldload dcons
 	kldunload dcons
 	ls /dev
 	sysctl kern.ttys
 	sleep 1
done

   This seems to be a race between devfs and destroy_dev(), Cc'ing kib@
since he probably has more clues in this area.

> -------- Original Message --------
> Subject: Re: kern/118258 sysctl causing panics on 7.0-xxx
> Date: Wed, 28 Nov 2007 14:50:02 GMT
> From: Jeff Palmer <jeff@rexdb.com>
> Reply-To: Jeff Palmer <jeff@rexdb.com>
> To: freebsd-bugs@FreeBSD.org
>
> The following reply was made to PR kern/118258; it has been noted by GNATS.
>
> From: Jeff Palmer <jeff@rexdb.com>
> To: bug-followup@freebsd.org
> Cc:
> Subject: Re: kern/118258 sysctl causing panics on 7.0-xxx
> Date: Wed, 28 Nov 2007 09:28:47 -0500
>
> Caught another vmcore,=20
> this time simply from 'sysctl -a'
> This one showed debugging data from the if_wpi driver on the terminal
> immediately before the panic.
>
> Since the wpi driver is in -CURRENT (and not in 7.3-BETA3) I'm uncertain
> if this should actually be filed as a PR,  or just brought up on the
> current@ list.
> I'm not certain it's directly related to the wpi driver,  so until
> informed otherwise,  I'll just keep submitting followups to this PR as I
> can.
>
> Thanks,
>
> Jeff Palmer
>
>
> Laptop# kgdb /usr/obj/usr/src/sys/GENERIC/kernel.debug /var/crash/vmcore.=
> 1
> [GDB will not be able to debug user-mode threads:
> /usr/lib/libthread_db.so: Undefined symbol "
> ps_pglobal_lookup"]
> GNU gdb 6.1.1 [FreeBSD]
> Copyright 2004 Free Software Foundation, Inc.
> GDB is free software, covered by the GNU General Public License, and you =
> are
> welcome to change it and/or distribute copies of it under certain
> conditions.
> Type "show copying" to see the conditions.
> There is absolutely no warranty for GDB.  Type "show warranty" for detail=
> s.
> This GDB was configured as "i386-marcel-freebsd".
>
> Unread portion of the kernel message buffer:
>
>
> Fatal trap 12: page fault while in kernel mode
> cpuid =3D 1; apic id =3D 01
> fault virtual address   =3D 0x18264
> fault code              =3D supervisor read, page not present
> instruction pointer     =3D 0x20:0xc06e6a11
> stack pointer           =3D 0x28:0xe76e9aa4
> frame pointer           =3D 0x28:0xe76e9aa4
> code segment            =3D base 0x0, limit 0xfffff, type 0x1b
>                         =3D DPL 0, pres 1, def32 1, gran 1
> processor eflags        =3D interrupt enabled, resume, IOPL =3D 0
> current process         =3D 53221 (sysctl)
> trap number             =3D 12
> panic: page fault
> cpuid =3D 1
> Uptime: 1d5h15m17s
> Physical memory: 1001 MB
> Dumping 210 MB: 195 179 163 147 131 115 99 83 67 51 35 19 3
>
> #0  doadump () at pcpu.h:195
> 195     pcpu.h: No such file or directory.
>         in pcpu.h
> (kgdb) bt
> #0  doadump () at pcpu.h:195
> #1  0xc0750c17 in boot (howto=3D260) at /usr/src/sys/kern/kern_shutdown.c=
> :409
> #2  0xc0750ed9 in panic (fmt=3DVariable "fmt" is not available.
> ) at /usr/src/sys/kern/kern_shutdown.c:563
> #3  0xc0a1542c in trap_fatal (frame=3D0xe76e9a64, eva=3D98916)
>     at /usr/src/sys/i386/i386/trap.c:872
> #4  0xc0a156b0 in trap_pfault (frame=3D0xe76e9a64, usermode=3D0, eva=3D98=
> 916)
>     at /usr/src/sys/i386/i386/trap.c:785
> #5  0xc0a16025 in trap (frame=3D0xe76e9a64) at
> /usr/src/sys/i386/i386/trap.c:463
> #6  0xc09fc04b in calltrap () at /usr/src/sys/i386/i386/exception.s:139
> #7  0xc06e6a11 in dev2udev (x=3D0xc50f4b00) at
> /usr/src/sys/fs/devfs/devfs_vnops.c:1322
> #8  0xc0790e22 in sysctl_kern_ttys (oidp=3D0xc0b4b7e0, arg1=3D0x0, arg2=3D=
> 0,
> req=3D0xe76e9ba4)
>     at /usr/src/sys/kern/tty.c:3078
> #9  0xc075a457 in sysctl_root (oidp=3DVariable "oidp" is not available.
> ) at /usr/src/sys/kern/kern_sysctl.c:1306
> #10 0xc075a5a4 in userland_sysctl (td=3D0xc5049210, name=3D0xe76e9c14,
> namelen=3D2, old=3D0x0,
>     oldlenp=3D0xbfbfe334, inkernel=3D0, new=3D0x0, newlen=3D0,
> retval=3D0xe76e9c10, flags=3D0)
>     at /usr/src/sys/kern/kern_sysctl.c:1401
> #11 0xc075b33e in __sysctl (td=3D0xc5049210, uap=3D0xe76e9cfc)
>     at /usr/src/sys/kern/kern_sysctl.c:1336
> #12 0xc0a15a05 in syscall (frame=3D0xe76e9d38) at
> /usr/src/sys/i386/i386/trap.c:1008
> #13 0xc09fc0b0 in Xint0x80_syscall () at
> /usr/src/sys/i386/i386/exception.s:196
> #14 0x00000033 in ?? ()
> Previous frame inner to this frame (corrupt stack?)
> (kgdb) list
> 196             call    syscall
> 197             add     $4, %esp
> 198             MEXITCOUNT
> 199             jmp     doreti
> 200
> 201     ENTRY(fork_trampoline)
> 202             pushl   %esp                    /* trapframe pointer */
> 203             pushl   %ebx                    /* arg1 */
> 204             pushl   %esi                    /* function */
> 205             call    fork_exit
> (kgdb)
-- 
Cheers,

Tai-hwa Liang