kern/95288: panic in sys/kern/tty_subr.c putc()
Robert Watson
rwatson at FreeBSD.org
Wed Apr 5 15:30:16 UTC 2006
The following reply was made to PR kern/95288; it has been noted by GNATS.
From: Robert Watson <rwatson at FreeBSD.org>
To: Marcin Gryszkalis <mg at fork.pl>
Cc: FreeBSD-gnats-submit at FreeBSD.org, mg at math.ui.lodz.pl,
freebsd-bugs at FreeBSD.org
Subject: Re: kern/95288: panic in sys/kern/tty_subr.c putc()
Date: Wed, 5 Apr 2006 16:20:21 +0100 (BST)
This message is in MIME format. The first part should be readable text,
while the remaining parts are likely unreadable without MIME-aware tools.
--0-666368381-1144250421=:82516
Content-Type: TEXT/PLAIN; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: QUOTED-PRINTABLE
On Tue, 4 Apr 2006, Marcin Gryszkalis wrote:
> =09I got panic during ppp connection, the backtrace is:
You want to update to a slightly more recent RELENG_6 to catch the followin=
g=20
change, which may help:
revision 1.105.2.3
date: 2006/04/02 11:10:38; author: rwatson; state: Exp; lines: +1 -1
Merge if_ppp.c:1.113 from HEAD to RELENG_6:
Add IFF_NEEDSGIANT to kernel PPP support. I have no idea why this was=
n't
here, but it should have been.
Approved by: re (hrs)
It looks like your RELENG_6 snapshot is about a week before this change wen=
t=20
in.
Robert N M Watson
>
> #0 doadump () at pcpu.h:165
> #1 0xc04ff027 in boot (howto=3D260) at /usr/src/sys/kern/kern_shutdown.c=
:402
> #2 0xc04ff369 in panic (fmt=3D0xc06b308b "%s") at /usr/src/sys/kern/kern=
_shutdown.c:558
> #3 0xc06899bc in trap_fatal (frame=3D0xd43bda80, eva=3D0) at /usr/src/sy=
s/i386/i386/trap.c:836
> #4 0xc0689692 in trap_pfault (frame=3D0xd43bda80, usermode=3D0, eva=3D6)=
at /usr/src/sys/i386/i386/trap.c:744
> #5 0xc068924f in trap (frame=3D
> {tf_fs =3D -1017249784, tf_es =3D 40, tf_ds =3D 4915240, tf_edi =3D =
209, tf_esi =3D -1019750344, tf_ebp =3D -734274864, tf_isp =3D -734274900, =
tf_ebx =3D 0, tf_edx =3D 2, tf_ecx =3D 5, tf_eax =3D -33, tf_trapno =3D 12,=
tf_err =3D 2, tf_eip =3D -1068239194, tf_cs =3D 32, tf_eflags =3D 590343, =
tf_esp =3D 0, tf_ss =3D -734274812}) at /usr/src/sys/i386/i386/trap.c:434
> #6 0xc067622a in calltrap () at /usr/src/sys/i386/i386/exception.s:139
> #7 0xc053f6a6 in putc (chr=3D209, clistp=3D0xc337d838) at /usr/src/sys/k=
ern/tty_subr.c:416
> #8 0xc05924cd in pppasyncstart (sc=3D0xc39c7400) at /usr/src/sys/net/ppp=
_tty.c:649
> #9 0xc058c64d in pppoutput (ifp=3D0xc33d2800, m0=3D0xc35b4a00, dst=3D0xd=
43bdb88, rtp=3D0xc3563528) at /usr/src/sys/net/if_ppp.c:961
> #10 0xc05b0907 in ip_output (m=3D0xc35b4a00, opt=3D0xc33d2800, ro=3D0xd43=
bdb84, flags=3D1, imo=3D0x0, inp=3D0x0) at /usr/src/sys/netinet/ip_output.c=
:777
> #11 0xc05afc00 in ip_forward (m=3D0xc35b4a00, srcrt=3D0) at /usr/src/sys/=
netinet/ip_input.c:1907
> #12 0xc05ae32c in ip_input (m=3D0xc35b4a00) at /usr/src/sys/netinet/ip_in=
put.c:689
> #13 0xc05917c9 in netisr_processqueue (ni=3D0xc0717ad8) at /usr/src/sys/n=
et/netisr.c:236
> #14 0xc0591a2f in swi_net (dummy=3D0x0) at /usr/src/sys/net/netisr.c:349
> #15 0xc04e4918 in ithread_execute_handlers (p=3D0xc32a7830, ie=3D0xc32e52=
80) at /usr/src/sys/kern/kern_intr.c:673
> #16 0xc04e4a86 in ithread_loop (arg=3D0xc3291720) at /usr/src/sys/kern/ke=
rn_intr.c:756
> #17 0xc04e346f in fork_exit (callout=3D0xc04e4a10 <ithread_loop>, arg=3D0=
xffffffdf, frame=3D0xffffffdf) at /usr/src/sys/kern/kern_fork.c:805
> #18 0xc067628c in fork_trampoline () at /usr/src/sys/i386/i386/exception.=
s:208
>
> =09The problem seems to be here:
>
> (kgdb) frame 7
> #7 0xc053f6a6 in putc (chr=3D209, clistp=3D0xc337d838) at /usr/src/sys/k=
ern/tty_subr.c:416
> 416 clrbit(cblockp->c_quote, clistp->c_cl - (char *)c=
blockp->c_info);
>
> (kgdb) p cblockp
> $1 =3D (struct cblock *) 0x0
>
>
> =09Additional info
>
> (kgdb) p chr
> $2 =3D 209
>
> (kgdb) p *clistp
> $6 =3D {c_cc =3D 41, c_cbcount =3D 0, c_cbmax =3D 19, c_cbreserved =3D 19=
, c_cf =3D 0x0, c_cl =3D 0x29 <Address 0x29 out of bounds>}
>
> (kgdb) frame 8
> #8 0xc05924cd in pppasyncstart (sc=3D0xc39c7400) at /usr/src/sys/net/ppp=
_tty.c:649
> 649 if (putc(*q, &tp->t_outq)) {
>
> (kgdb) p *tp
> $10 =3D {t_rawq =3D {c_cc =3D 0, c_cbcount =3D 0, c_cbmax =3D 0, c_cbrese=
rved =3D 0, c_cf =3D 0x0, c_cl =3D 0x0}, t_rawcc =3D 6812, t_canq =3D {c_cc=
=3D 0, c_cbcount =3D 0, c_cbmax =3D 1,
> c_cbreserved =3D 1, c_cf =3D 0x0, c_cl =3D 0x0}, t_cancc =3D 14, t_out=
q =3D {c_cc =3D 41, c_cbcount =3D 0, c_cbmax =3D 19, c_cbreserved =3D 19, c=
_cf =3D 0x0,
> c_cl =3D 0x29 <Address 0x29 out of bounds>}, t_outcc =3D 2394, t_line =
=3D 5, t_dev =3D 0xc3897500, t_mdev =3D 0xc3922100, t_devunit =3D 2, t_stat=
e =3D 131112, t_flags =3D 0,
> t_timeout =3D 300000, t_pgrp =3D 0xc5935600, t_session =3D 0xc3a33880, t=
_sigio =3D 0x0, t_rsel =3D {si_thrlist =3D {tqe_next =3D 0x0, tqe_prev =3D =
0xc51e2330}, si_thread =3D 0xc51e2300,
> si_note =3D {kl_list =3D {slh_first =3D 0x0}, kl_lock =3D 0xc04dc960 <=
knlist_mtx_lock>, kl_unlock =3D 0xc04dc9c0 <knlist_mtx_unlock>, kl_locked =
=3D 0xc04dca20 <knlist_mtx_locked>,
> kl_lockarg =3D 0xc337d9ec}, si_flags =3D 0}, t_wsel =3D {si_thrlist =
=3D {tqe_next =3D 0x0, tqe_prev =3D 0x0}, si_thread =3D 0x0, si_note =3D {k=
l_list =3D {slh_first =3D 0x0},
> kl_lock =3D 0xc04dc960 <knlist_mtx_lock>, kl_unlock =3D 0xc04dc9c0 <=
knlist_mtx_unlock>, kl_locked =3D 0xc04dca20 <knlist_mtx_locked>, kl_lockar=
g =3D 0xc337d9ec}, si_flags =3D 0},
> t_termios =3D {c_iflag =3D 5, c_oflag =3D 0, c_cflag =3D 215808, c_lflag=
=3D 0, c_cc =3D "\004\000=FF\177\027\025\022\b\003\034\032\031\021\023\026=
\017\001\000\024=FF", c_ispeed =3D 57600,
> c_ospeed =3D 57600}, t_init_in =3D {c_iflag =3D 11010, c_oflag =3D 3, =
c_cflag =3D 19200, c_lflag =3D 1408,
> c_cc =3D "\004=FF=FF\177\027\025\022\b\003\034\032\031\021\023\026\017=
\001\000\024=FF", c_ispeed =3D 9600, c_ospeed =3D 9600}, t_init_out =3D {c_=
iflag =3D 11010, c_oflag =3D 3,
> c_cflag =3D 19200, c_lflag =3D 1408, c_cc =3D "\004=FF=FF\177\027\025\=
022\b\003\034\032\031\021\023\026\017\001\000\024=FF", c_ispeed =3D 9600, c=
_ospeed =3D 9600}, t_lock_in =3D {c_iflag =3D 0,
> c_oflag =3D 0, c_cflag =3D 0, c_lflag =3D 0, c_cc =3D '\0' <repeats 19=
times>, c_ispeed =3D 0, c_ospeed =3D 0}, t_lock_out =3D {c_iflag =3D 0, c_=
oflag =3D 0, c_cflag =3D 0, c_lflag =3D 0,
> c_cc =3D '\0' <repeats 19 times>, c_ispeed =3D 0, c_ospeed =3D 0}, t_w=
insize =3D {ws_row =3D 0, ws_col =3D 0, ws_xpixel =3D 0, ws_ypixel =3D 0}, =
t_sc =3D 0xc37e0800, t_lsc =3D 0xc39c7400,
> t_column =3D 39, t_rocount =3D 0, t_rocol =3D 0, t_ififosize =3D 512, t_=
ihiwat =3D 7680, t_ilowat =3D 6720, t_ispeedwat =3D 0, t_ohiwat =3D 2052, t=
_olowat =3D 256, t_ospeedwat =3D 0, t_gen =3D 29,
> t_list =3D {tqe_next =3D 0xc3392400, tqe_prev =3D 0xc33b5ddc}, t_actout =
=3D 1, t_wopeners =3D 0, t_mtx =3D {mtx_object =3D {lo_class =3D 0xc06edda4=
, lo_name =3D 0xc06bf0b1 "tty",
> lo_type =3D 0xc06bf0b1 "tty", lo_flags =3D 196608, lo_list =3D {tqe_=
next =3D 0x0, tqe_prev =3D 0x0}, lo_witness =3D 0x0}, mtx_lock =3D 4, mtx_r=
ecurse =3D 0}, t_refcnt =3D 3,
> t_hotchar =3D 126, t_dtr_wait =3D 3000, t_do_timestamp =3D 0, t_timestam=
p =3D {tv_sec =3D 0, tv_usec =3D 0}, t_pps =3D 0x0, t_oproc =3D 0xc048f070 =
<ucomstart>, t_stop =3D 0xc048f360 <ucomstop>,
> t_param =3D 0xc048eed0 <ucomparam>, t_modem =3D 0xc048ebf0 <ucommodem>, =
t_break =3D 0xc048ecd0 <ucombreak>, t_ioctl =3D 0xc048eb60 <ucomioctl>, t_o=
pen =3D 0xc048e8a0 <ucomopen>,
> t_purge =3D 0, t_close =3D 0xc048eae0 <ucomclose>, t_cioctl =3D 0}
>
>
>> How-To-Repeat:
> =09Happened just once (~100 ppp connections established so far on this bo=
x), bug may be related to USB-serial driver (as you can see above this mode=
m is connected via ucom).
>
>> Fix:
>
>
>
>
>> Release-Note:
>> Audit-Trail:
>> Unformatted:
> _______________________________________________
> freebsd-bugs at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-bugs
> To unsubscribe, send any mail to "freebsd-bugs-unsubscribe at freebsd.org"
>
--0-666368381-1144250421=:82516--
More information about the freebsd-bugs
mailing list