sysctl -a panic from kern.pts.enable=1

From: Kris Kennaway <kris_at_obsecurity.org> Date: Tue, 14 Nov 2006 23:55:24 -0500 · This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:02 UTC

I ran sysctl -a (in the context of looking up the correct name for
kern.pts.enable, per previous email) and got a panic:

Fatal trap 12: page fault while in kernel mode
cpuid = 1; apic id = 00
fault virtual address   = 0xcbe8d900
fault code              = supervisor read, page not present
instruction pointer     = 0x20:0xc04dd0af
stack pointer           = 0x28:0xed76baa8
frame pointer           = 0x28:0xed76baa8
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, def32 1, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 23312 (sysctl)
[thread pid 23312 tid 101060 ]
Stopped at      dev2udev+0xf:   movl    0(%edx),%eax
db> wh
Tracing pid 23312 tid 101060 td 0xc5c981c0
dev2udev(cbe8d900,88,c0743823,bf4,88,...) at dev2udev+0xf
sysctl_kern_ttys(c077f520,0,0,ed76bba4,ed76bba4,...) at sysctl_kern_ttys+0xc4
sysctl_root(0,ed76bc14,2,ed76bba4,c5c981c0,...) at sysctl_root+0x174
userland_sysctl(c5c981c0,ed76bc14,2,0,bfbfd63c,...) at userland_sysctl+0x13c
__sysctl(c5c981c0,ed76bd04,18,1,c5c981c0,...) at __sysctl+0xb7
syscall(bfbf003b,bfbf003b,bfbf003b,bfbfd63c,bfbfdf00,...) at syscall+0x2e3
Xint0x80_syscall() at Xint0x80_syscall+0x1f
--- syscall (202, FreeBSD ELF32, __sysctl), eip = 0x28146ac3, esp = 0xbfbfd5bc, ebp = 0xbfbfd5e8 ---

#10 0xc04dd0af in dev2udev (x=0xcbe8d900) at ../../../fs/devfs/devfs_vnops.c:1296
#11 0xc0575874 in sysctl_kern_ttys (oidp=0xc077f520, arg1=0x0, arg2=0, req=0xed76bba4) at ../../../kern/tty.c:3030
#12 0xc0538f24 in sysctl_root (oidp=0x0, arg1=0x0, arg2=0, req=0xed76bba4) at ../../../kern/kern_sysctl.c:1282
#13 0xc05391ac in userland_sysctl (td=0xffffffff, name=0xed76bc14, namelen=2, old=0xed76bba4, oldlenp=0xbfbfd63c,
    inkernel=0, new=0x0, newlen=4294967295, retval=0xed76bc10, flags=-1) at ../../../kern/kern_sysctl.c:1381
#14 0xc0538ff7 in __sysctl (td=0xffffffff, uap=0xed76bd04) at ../../../kern/kern_sysctl.c:1316
#15 0xc06fa643 in syscall (frame=
      {tf_fs = -1078001605, tf_es = -1078001605, tf_ds = -1078001605, tf_edi = -1077946820, tf_esi = -1077944576, tf_ebp = -1077946904, tf_isp = -310985372, tf_ebx = 672598776, tf_edx = 0, tf_ecx = 0, tf_eax = 202, tf_trapno = 0, tf_err = 2, tf_eip = 672426691, tf_cs = 51, tf_eflags = 663, tf_esp = -1077946948, tf_ss = 59}) at ../../../i386/i386/trap.c:1010
#16 0xc06e0d6f in Xint0x80_syscall () at ../../../i386/i386/exception.s:191

(kgdb) frame 10
#10 0xc04dd0af in dev2udev (x=0xcbe8d900) at ../../../fs/devfs/devfs_vnops.c:1296
1296            if (x == NULL)
(kgdb) print *x
Cannot access memory at address 0xcbe8d900

kern.pts.enable=1 on this machine which may be relevant, I think the
tty disappeared while kern.ttys was walking it.

Kris