From owner-freebsd-stable@FreeBSD.ORG Mon Dec 5 15:15:30 2005 Return-Path: X-Original-To: freebsd-stable@freebsd.org Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6931B16A41F for ; Mon, 5 Dec 2005 15:15:30 +0000 (GMT) (envelope-from gavin.atkinson@ury.york.ac.uk) Received: from mail-gw0.york.ac.uk (mail-gw0.york.ac.uk [144.32.128.245]) by mx1.FreeBSD.org (Postfix) with ESMTP id 95D6743D5F for ; Mon, 5 Dec 2005 15:15:27 +0000 (GMT) (envelope-from gavin.atkinson@ury.york.ac.uk) Received: from buffy.york.ac.uk (buffy-128.york.ac.uk [144.32.128.160]) by mail-gw0.york.ac.uk (8.12.10/8.12.10) with ESMTP id jB5FFNPN007913; Mon, 5 Dec 2005 15:15:23 GMT Received: from buffy.york.ac.uk (localhost [127.0.0.1]) by buffy.york.ac.uk (8.13.4/8.13.4) with ESMTP id jB5FFMQo071459; Mon, 5 Dec 2005 15:15:23 GMT (envelope-from gavin.atkinson@ury.york.ac.uk) Received: (from ga9@localhost) by buffy.york.ac.uk (8.13.4/8.13.4/Submit) id jB5FFKPW071458; Mon, 5 Dec 2005 15:15:20 GMT (envelope-from gavin.atkinson@ury.york.ac.uk) X-Authentication-Warning: buffy.york.ac.uk: ga9 set sender to gavin.atkinson@ury.york.ac.uk using -f From: Gavin Atkinson To: "Bjoern A. Zeeb" In-Reply-To: <20051205132558.M88299@maildrop.int.zabbadoz.net> References: <20051205113818.I88299@maildrop.int.zabbadoz.net> <1133786693.70431.9.camel@buffy.york.ac.uk> <20051205132558.M88299@maildrop.int.zabbadoz.net> Content-Type: text/plain Content-Transfer-Encoding: 7bit Date: Mon, 05 Dec 2005 15:15:20 +0000 Message-Id: <1133795720.70431.26.camel@buffy.york.ac.uk> Mime-Version: 1.0 X-Mailer: Evolution 2.2.3 FreeBSD GNOME Team Port X-York-MailScanner: Found to be clean X-York-MailScanner-From: gavin.atkinson@ury.york.ac.uk Cc: freebsd-stable@freebsd.org Subject: Re: panic logging out on serial console X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 05 Dec 2005 15:15:30 -0000 On Mon, 2005-12-05 at 13:29 +0000, Bjoern A. Zeeb wrote: > On Mon, 5 Dec 2005, Gavin Atkinson wrote: > > > On Mon, 2005-12-05 at 11:47 +0000, Bjoern A. Zeeb wrote: > >> I had been logged in on serial console and typed 'exit' and the > >> RELENG_6 machine went *kaboom*. I hadn't seen sth like this befire on > >> any of my other machines: > >> > >> i386/RELENG_6 from around 2005-11-17 11:00 UTC. > >> > >> --- 8< 8< 8< --- > >> foo# exit > >> logout > >> > >> Fatal trap 12: page fault while in kernel mode > >> fault virtual address = 0x0 > >> fault code = supervisor read, page not present > >> instruction pointer = 0x20:0x0 > >> stack pointer = 0x28:0xef699954 > >> frame pointer = 0x28:0xef699968 > >> code segment = base 0x0, limit 0xfffff, type 0x1b > >> = DPL 0, pres 1, def32 1, gran 1 > >> processor eflags = interrupt enabled, resume, IOPL = 0 > >> current process = 70703 (getty) > >> trap number = 12 > >> panic: page fault > >> > >> I have the core file and can save it for some days but it won't > >> help a lot unless someone tells me how I can skip the frame with > >> the null pointer in kgdb. > > > > I've never had a problem with backtraces (even when IP=0x0) but don't > > forget you can always look at the stack with > > > > (gdb) x/40xw 0xef699954 > > oh thanks. I'll paste it in for the arguments: (kgdb) x/40xw 0xef699954 0xef699954: * 0xc05b60db 0x00000000 0xc23b5c00 0xc23b4400 0xef699964: 0xc23b5c00 0xef699980 * 0xc0600ec8 0xc23b5cac 0xef699974: 0x00000000 0x00000000 0xc278a900 0xef699998 0xef699984: * 0xc0770a81 0xc23b5c00 0xc23b4400 0x00000003 [snip backtrace] It looks nothing like mine so I'm pretty sure it's a different issue, but I suspect there is enough detail there for someone who knows about the tty/kqueue interaction to have a guess as to what is going on. It does look like one entry on the tty writers knote list has become NULL, so maybe it's a race. I wonder if http://lists.freebsd.org/pipermail/freebsd-hackers/2005-April/011300.html is related? Can you get a process listing out of the core file using "ps -M" and see if it's similar to rwatson's panic? Although in his case, it looks like it panicked in the KNL_ASSERT_LOCK call, which again would be indicative of a race (e.g. in your case the structure may have been cleared between calling KNL_ASSERT_LOCK and list->kl_lock(list->kl_lockarg) ) Gavin