Re: [Fwd: Re: kern/118258 sysctl causing panics on 7.0-xxx]

From: Tai-hwa Liang <avatar_at_mmlab.cse.yzu.edu.tw>
Date: Fri, 30 Nov 2007 11:53:32 +0800 (CST)
On Wed, 28 Nov 2007, Remko Lodder wrote:
> Hello,
>
> So as per Jeff's information, can someone from the -current
> list either contact jeff or try to resolve the problems
> mentioned? :)

   This is a longstanding bug which also exists in RELENG_6.  It turns out
that 'sysctl kern.ttys' after a terminal device is removed could trigger
this panic reliably.  For example, do 'sysctl kern.ttys' multiple times
after detaching an USB serial-to-rs232 cable or a PCMCIA modem card.

   Alternatively, following script would demo the panic if you don't have
a physically removable terminal device:

#!/bin/sh
#
# Warning! Running this script as root will panic your CURRENT box...
#
while true; do
 	kldload dcons
 	kldunload dcons
 	ls /dev
 	sysctl kern.ttys
 	sleep 1
done

   This seems to be a race between devfs and destroy_dev(), Cc'ing kib_at_
since he probably has more clues in this area.

> -------- Original Message --------
> Subject: Re: kern/118258 sysctl causing panics on 7.0-xxx
> Date: Wed, 28 Nov 2007 14:50:02 GMT
> From: Jeff Palmer <jeff_at_rexdb.com>
> Reply-To: Jeff Palmer <jeff_at_rexdb.com>
> To: freebsd-bugs_at_FreeBSD.org
>
> The following reply was made to PR kern/118258; it has been noted by GNATS.
>
> From: Jeff Palmer <jeff_at_rexdb.com>
> To: bug-followup_at_freebsd.org
> Cc:
> Subject: Re: kern/118258 sysctl causing panics on 7.0-xxx
> Date: Wed, 28 Nov 2007 09:28:47 -0500
>
> Caught another vmcore,=20
> this time simply from 'sysctl -a'
> This one showed debugging data from the if_wpi driver on the terminal
> immediately before the panic.
>
> Since the wpi driver is in -CURRENT (and not in 7.3-BETA3) I'm uncertain
> if this should actually be filed as a PR,  or just brought up on the
> current_at_ list.
> I'm not certain it's directly related to the wpi driver,  so until
> informed otherwise,  I'll just keep submitting followups to this PR as I
> can.
>
> Thanks,
>
> Jeff Palmer
>
>
> Laptop# kgdb /usr/obj/usr/src/sys/GENERIC/kernel.debug /var/crash/vmcore.=
> 1
> [GDB will not be able to debug user-mode threads:
> /usr/lib/libthread_db.so: Undefined symbol "
> ps_pglobal_lookup"]
> GNU gdb 6.1.1 [FreeBSD]
> Copyright 2004 Free Software Foundation, Inc.
> GDB is free software, covered by the GNU General Public License, and you =
> are
> welcome to change it and/or distribute copies of it under certain
> conditions.
> Type "show copying" to see the conditions.
> There is absolutely no warranty for GDB.  Type "show warranty" for detail=
> s.
> This GDB was configured as "i386-marcel-freebsd".
>
> Unread portion of the kernel message buffer:
>
>
> Fatal trap 12: page fault while in kernel mode
> cpuid =3D 1; apic id =3D 01
> fault virtual address   =3D 0x18264
> fault code              =3D supervisor read, page not present
> instruction pointer     =3D 0x20:0xc06e6a11
> stack pointer           =3D 0x28:0xe76e9aa4
> frame pointer           =3D 0x28:0xe76e9aa4
> code segment            =3D base 0x0, limit 0xfffff, type 0x1b
>                         =3D DPL 0, pres 1, def32 1, gran 1
> processor eflags        =3D interrupt enabled, resume, IOPL =3D 0
> current process         =3D 53221 (sysctl)
> trap number             =3D 12
> panic: page fault
> cpuid =3D 1
> Uptime: 1d5h15m17s
> Physical memory: 1001 MB
> Dumping 210 MB: 195 179 163 147 131 115 99 83 67 51 35 19 3
>
> #0  doadump () at pcpu.h:195
> 195     pcpu.h: No such file or directory.
>         in pcpu.h
> (kgdb) bt
> #0  doadump () at pcpu.h:195
> #1  0xc0750c17 in boot (howto=3D260) at /usr/src/sys/kern/kern_shutdown.c=
> :409
> #2  0xc0750ed9 in panic (fmt=3DVariable "fmt" is not available.
> ) at /usr/src/sys/kern/kern_shutdown.c:563
> #3  0xc0a1542c in trap_fatal (frame=3D0xe76e9a64, eva=3D98916)
>     at /usr/src/sys/i386/i386/trap.c:872
> #4  0xc0a156b0 in trap_pfault (frame=3D0xe76e9a64, usermode=3D0, eva=3D98=
> 916)
>     at /usr/src/sys/i386/i386/trap.c:785
> #5  0xc0a16025 in trap (frame=3D0xe76e9a64) at
> /usr/src/sys/i386/i386/trap.c:463
> #6  0xc09fc04b in calltrap () at /usr/src/sys/i386/i386/exception.s:139
> #7  0xc06e6a11 in dev2udev (x=3D0xc50f4b00) at
> /usr/src/sys/fs/devfs/devfs_vnops.c:1322
> #8  0xc0790e22 in sysctl_kern_ttys (oidp=3D0xc0b4b7e0, arg1=3D0x0, arg2=3D=
> 0,
> req=3D0xe76e9ba4)
>     at /usr/src/sys/kern/tty.c:3078
> #9  0xc075a457 in sysctl_root (oidp=3DVariable "oidp" is not available.
> ) at /usr/src/sys/kern/kern_sysctl.c:1306
> #10 0xc075a5a4 in userland_sysctl (td=3D0xc5049210, name=3D0xe76e9c14,
> namelen=3D2, old=3D0x0,
>     oldlenp=3D0xbfbfe334, inkernel=3D0, new=3D0x0, newlen=3D0,
> retval=3D0xe76e9c10, flags=3D0)
>     at /usr/src/sys/kern/kern_sysctl.c:1401
> #11 0xc075b33e in __sysctl (td=3D0xc5049210, uap=3D0xe76e9cfc)
>     at /usr/src/sys/kern/kern_sysctl.c:1336
> #12 0xc0a15a05 in syscall (frame=3D0xe76e9d38) at
> /usr/src/sys/i386/i386/trap.c:1008
> #13 0xc09fc0b0 in Xint0x80_syscall () at
> /usr/src/sys/i386/i386/exception.s:196
> #14 0x00000033 in ?? ()
> Previous frame inner to this frame (corrupt stack?)
> (kgdb) list
> 196             call    syscall
> 197             add     $4, %esp
> 198             MEXITCOUNT
> 199             jmp     doreti
> 200
> 201     ENTRY(fork_trampoline)
> 202             pushl   %esp                    /* trapframe pointer */
> 203             pushl   %ebx                    /* arg1 */
> 204             pushl   %esi                    /* function */
> 205             call    fork_exit
> (kgdb)
-- 
Cheers,

Tai-hwa Liang
Received on Fri Nov 30 2007 - 03:11:34 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:23 UTC