panic logging out on serial console

Bjoern A. Zeeb bzeeb-lists at lists.zabbadoz.net
Mon Dec 5 05:32:53 PST 2005 

On Mon, 5 Dec 2005, Gavin Atkinson wrote:

> On Mon, 2005-12-05 at 11:47 +0000, Bjoern A. Zeeb wrote:
>> I had been logged in on serial console and typed 'exit' and the
>> RELENG_6 machine went *kaboom*. I hadn't seen sth like this befire on
>> any of my other machines:
>>
>> i386/RELENG_6 from around 2005-11-17 11:00 UTC.
>>
>> --- 8< 8< 8< ---
>> foo# exit
>> logout
>>
>> Fatal trap 12: page fault while in kernel mode
>> fault virtual address   = 0x0
>> fault code              = supervisor read, page not present
>> instruction pointer     = 0x20:0x0
>> stack pointer           = 0x28:0xef699954
>> frame pointer           = 0x28:0xef699968
>> code segment            = base 0x0, limit 0xfffff, type 0x1b
>>                          = DPL 0, pres 1, def32 1, gran 1
>> processor eflags        = interrupt enabled, resume, IOPL = 0
>> current process         = 70703 (getty)
>> trap number             = 12
>> panic: page fault
>>
>> I have the core file and can save it for some days but it won't
>> help a lot unless someone tells me how I can skip the frame with
>> the null pointer in kgdb.
>
> I've never had a problem with backtraces (even when IP=0x0) but don't
> forget you can always look at the stack with
>
> (gdb) x/40xw 0xef699954

oh thanks. I'll paste it in for the arguments:

(kgdb) x/40xw 0xef699954 
0xef699954:   * 0xc05b60db      0x00000000      0xc23b5c00      0xc23b4400
0xef699964:     0xc23b5c00      0xef699980    * 0xc0600ec8      0xc23b5cac
0xef699974:     0x00000000      0x00000000      0xc278a900      0xef699998
0xef699984:   * 0xc0770a81      0xc23b5c00      0xc23b4400      0x00000003
0xef699994:     0x0000cb00      0xef6999bc    * 0xc077062f      0xc23b5c00
0xef6999a4:     0x00770c5f      0x0000000c      0x00000003      0xc23b5c00
0xef6999b4:     0xc23b5d1c      0xc23b5cf0      0xef6999d8    * 0xc060209c
0xef6999c4:     0xc23b5c00      0xc23b5cc4      0xc2399300      0xef699bcc
0xef6999d4:     0xc0840b00      0xef6999f4    * 0xc05a7f87      0xc2399300
0xef6999e4:     0x00000003      0x00002000      0xc278a900      0x00000000

(kgdb) l *0xc05b60db
0xc05b60db is in knote (/u1/src/RELENG_6/sys/kern/kern_event.c:1534).
1529                    return;
1530
1531            KNL_ASSERT_LOCK(list, islocked);
1532
1533            if (!islocked) 
1534                    list->kl_lock(list->kl_lockarg); 
1535
1536            /*
1537             * If we unlock the list lock (and set KN_INFLUX), we can eliminate
1538             * the kqueue scheduling, but this will introduce four

(kgdb) l *0xc0600ec8
0xc0600ec8 is in ttwwakeup (/u1/src/RELENG_6/sys/kern/tty.c:2451).
2446                tp->t_outq.c_cc <= tp->t_olowat) {
2447                    CLR(tp->t_state, TS_SO_OLOWAT);
2448                    wakeup(TSA_OLOWAT(tp));
2449            }
2450            KNOTE_UNLOCKED(&tp->t_wsel.si_note, 0);
2451    }
2452
2453    /*
2454     * Look up a code for a specified speed in a conversion table;
2455     * used by drivers to map software speed values to hardware parameters.

(kgdb) l *0xc0770a81
0xc0770a81 is in comstart (systm.h:290).
285     static __inline intrmask_t      splsoftvm(void)         { return 0; }
286     static __inline intrmask_t      splsofttq(void)         { return 0; }
287     static __inline intrmask_t      splstatclock(void)      { return 0; }
288     static __inline intrmask_t      spltty(void)            { return 0; }
289     static __inline intrmask_t      splvm(void)             { return 0; }
290     static __inline void            splx(intrmask_t ipl __unused)   { return; }
291
292     /*
293      * Common `proc' functions are declared here so that proc.h can be included
294      * less often.

(kgdb) l *0xc077062f
0xc077062f is in comparam (/u1/src/RELENG_6/sys/dev/sio/sio.c:1902).
1897            ttyldoptim(tp);
1898
1899            mtx_unlock_spin(&sio_lock);
1900            splx(s);
1901            comstart(tp);
1902            if (com->ibufold != NULL) {
1903                    free(com->ibufold, M_DEVBUF);
1904                    com->ibufold = NULL;
1905            }
1906            return (0);

(kgdb) l *0xc060209c
0xc060209c is in ttyopen (/u1/src/RELENG_6/sys/kern/tty.c:3145).
3140                    tp->t_termios = ISCALLOUT(dev) ? tp->t_init_out : tp->t_init_in;
3141                    tp->t_cflag = tp->t_termios.c_cflag;
3142                    if (tp->t_modem != NULL)
3143                            tp->t_modem(tp, SER_DTR | SER_RTS, 0);
3144                    ++tp->t_wopeners;
3145                    error = tp->t_param(tp, &tp->t_termios);
3146                    --tp->t_wopeners;
3147                    if (error == 0 && tp->t_open != NULL)
3148                            error = tp->t_open(tp, dev);
3149                    if (error != 0)

(kgdb) l *0xc05a7f87
0xc05a7f87 is in giant_open (/u1/src/RELENG_6/sys/kern/kern_conf.c:242).
237     giant_open(struct cdev *dev, int oflags, int devtype, struct thread *td)
238     {
239             int retval;
240
241             mtx_lock(&Giant);
242             retval = dev->si_devsw->d_gianttrick->
243                 d_open(dev, oflags, devtype, td);
244             mtx_unlock(&Giant);
245             return (retval);
246     }

-- 
Bjoern A. Zeeb				bzeeb at Zabbadoz dot NeT

More information about the freebsd-stable mailing list