kern/89538: [tty] [panic] triggered by "sysctl -a"

Kazuaki ODA kazuaki at aliceblue.jp
Sun Jul 1 03:40:13 UTC 2007


The following reply was made to PR kern/89538; it has been noted by GNATS.

From: Kazuaki ODA <kazuaki at aliceblue.jp>
To: bug-followup at FreeBSD.org,  gkozyrev at gmail.com
Cc:  
Subject: Re: kern/89538: [tty] [panic] triggered by "sysctl -a"
Date: Sun, 01 Jul 2007 12:16:57 +0900

 Hi, I got the same panic on 7.0-CURRENT cvsup'ed today.
 So I post the result of the suggestion.
 
 
 Fatal trap 12: page fault while in kernel mode
 cpuid = 1; apic id = 01
 fault virtual address   = 0xc0
 fault code              = supervisor read, page not present
 instruction pointer     = 0x20:0xc06e2d11
 stack pointer           = 0x28:0xe669aaa4
 frame pointer           = 0x28:0xe669aaa4
 code segment            = base 0x0, limit 0xfffff, type 0x1b
                         = DPL 0, pres 1, def32 1, gran 1
 processor eflags        = interrupt enabled, resume, IOPL = 0
 current process         = 2200 (sysctl)
 trap number             = 12
 panic: page fault
 cpuid = 1
 Uptime: 3h8m20s
 Physical memory: 1001 MB
 Dumping 139 MB: 124 108 92 76 60 44 28 12
 
 #0  doadump () at pcpu.h:195
 195             __asm __volatile("movl %%fs:0,%0" : "=r" (td));
 (kgdb) bt
 #0  doadump () at pcpu.h:195
 #1  0xc074b957 in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:409
 #2  0xc074bc19 in panic (fmt=Variable "fmt" is not available.
 ) at /usr/src/sys/kern/kern_shutdown.c:563
 #3  0xc0a04ade in trap_fatal (frame=0xe669aa64, eva=192)
     at /usr/src/sys/i386/i386/trap.c:870
 #4  0xc0a04d60 in trap_pfault (frame=0xe669aa64, usermode=0, eva=192)
     at /usr/src/sys/i386/i386/trap.c:784
 #5  0xc0a056c2 in trap (frame=0xe669aa64) at /usr/src/sys/i386/i386/trap.c:462
 #6  0xc09eb66b in calltrap () at /usr/src/sys/i386/i386/exception.s:139
 #7  0xc06e2d11 in dev2udev (x=0xc40b1c00)
     at /usr/src/sys/fs/devfs/devfs_vnops.c:1308
 #8  0xc078c9d2 in sysctl_kern_ttys (oidp=0xc0b390e0, arg1=0x0, arg2=0,
     req=0xe669aba4) at /usr/src/sys/kern/tty.c:3069
 #9  0xc07550f7 in sysctl_root (oidp=Variable "oidp" is not available.
 ) at /usr/src/sys/kern/kern_sysctl.c:1306
 #10 0xc0755244 in userland_sysctl (td=0xc4395440, name=0xe669ac14, namelen=2,
     old=0x0, oldlenp=0xbfbfe0f4, inkernel=0, new=0x0, newlen=0,
     retval=0xe669ac10, flags=0) at /usr/src/sys/kern/kern_sysctl.c:1401
 #11 0xc0755fde in __sysctl (td=0xc4395440, uap=0xe669acfc)
     at /usr/src/sys/kern/kern_sysctl.c:1336
 #12 0xc0a050b5 in syscall (frame=0xe669ad38)
     at /usr/src/sys/i386/i386/trap.c:1006
 #13 0xc09eb6d0 in Xint0x80_syscall () at /usr/src/sys/i386/i386/exception.s:196
 #14 0x00000033 in ?? ()
 Previous frame inner to this frame (corrupt stack?)
 (kgdb) frame 7
 #7  0xc06e2d11 in dev2udev (x=0xc40b1c00)
     at /usr/src/sys/fs/devfs/devfs_vnops.c:1308
 1308            return (x->si_priv->cdp_inode);
 (kgdb) p/x *x
 $1 = {si_priv = 0x0, si_flags = 0x3e9, si_atime = {tv_sec = 0x3e9,
     tv_nsec = 0x3e9}, si_ctime = {tv_sec = 0x4, tv_nsec = 0x3e9}, si_mtime = {
     tv_sec = 0x3e9, tv_nsec = 0x0}, si_uid = 0x5, si_gid = 0x0, si_mode = 0x0,
   si_cred = 0x0, si_drv0 = 0x0, si_refcount = 0x0, si_list = {le_next = 0x0,
     le_prev = 0x0}, si_clone = {le_next = 0x0, le_prev = 0x0}, si_children = {
     lh_first = 0x0}, si_siblings = {le_next = 0x0, le_prev = 0x0},
   si_parent = 0x3e9, si_name = 0x3e9, si_drv1 = 0xc426dd00,
   si_drv2 = 0xc426dd00, si_devsw = 0x0, si_iosize_max = 0x0,
   si_usecount = 0xffffffff, si_threadcount = 0x0, __si_u = {__sit_tty = 0x0,
     __sid_snapdata = 0x0}, __si_namebuf = {0x0 <repeats 64 times>}}
 (kgdb) frame 8
 #8  0xc078c9d2 in sysctl_kern_ttys (oidp=0xc0b390e0, arg1=0x0, arg2=0,
     req=0xe669aba4) at /usr/src/sys/kern/tty.c:3069
 3069                            xt.xt_dev = dev2udev(tp->t_dev);
 (kgdb) p/x *tp
 $2 = {t_rawq = {c_cc = 0x0, c_cbcount = 0x0, c_cbmax = 0x0,
     c_cbreserved = 0x0, c_cf = 0x0, c_cl = 0x0}, t_rawcc = 0x0, t_canq = {
     c_cc = 0x0, c_cbcount = 0x0, c_cbmax = 0x0, c_cbreserved = 0x0,
     c_cf = 0x0, c_cl = 0x0}, t_cancc = 0x0, t_outq = {c_cc = 0x0,
     c_cbcount = 0x0, c_cbmax = 0x0, c_cbreserved = 0x0, c_cf = 0x0,
     c_cl = 0x0}, t_outcc = 0x0, t_line = 0x0, t_dev = 0xc40b1c00,
   t_mdev = 0xc40b1c00, t_devunit = 0x1, t_state = 0x2000000, t_flags = 0x0,
   t_timeout = 0xffffffff, t_pgrp = 0x0, t_session = 0x0, t_sigio = 0x0,
   t_rsel = {si_thrlist = {tqe_next = 0x0, tqe_prev = 0x0}, si_thread = 0x0,
     si_note = {kl_list = {slh_first = 0x0}, kl_lock = 0xc0726bb0,
       kl_unlock = 0xc0726540, kl_locked = 0xc0726520,
       kl_lockarg = 0xc40a95ec}, si_flags = 0x0}, t_wsel = {si_thrlist = {
       tqe_next = 0x0, tqe_prev = 0x0}, si_thread = 0x0, si_note = {kl_list = {
         slh_first = 0x0}, kl_lock = 0xc0726bb0, kl_unlock = 0xc0726540,
       kl_locked = 0xc0726520, kl_lockarg = 0xc40a95ec}, si_flags = 0x0},
   t_termios = {c_iflag = 0x2b02, c_oflag = 0x3, c_cflag = 0x4b00,
     c_lflag = 0x580, c_cc = {0x4, 0xff, 0xff, 0x7f, 0x17, 0x15, 0x12, 0x8,
       0x3, 0x1c, 0x1a, 0x19, 0x11, 0x13, 0x16, 0xf, 0x1, 0x0, 0x14, 0xff},
     c_ispeed = 0x2580, c_ospeed = 0x2580}, t_init_in = {c_iflag = 0x2b02,
     c_oflag = 0x3, c_cflag = 0x4b00, c_lflag = 0x580, c_cc = {0x4, 0xff, 0xff,
       0x7f, 0x17, 0x15, 0x12, 0x8, 0x3, 0x1c, 0x1a, 0x19, 0x11, 0x13, 0x16,
       0xf, 0x1, 0x0, 0x14, 0xff}, c_ispeed = 0x2580, c_ospeed = 0x2580},
   t_init_out = {c_iflag = 0x2b02, c_oflag = 0x3, c_cflag = 0x4b00,
     c_lflag = 0x580, c_cc = {0x4, 0xff, 0xff, 0x7f, 0x17, 0x15, 0x12, 0x8,
       0x3, 0x1c, 0x1a, 0x19, 0x11, 0x13, 0x16, 0xf, 0x1, 0x0, 0x14, 0xff},
     c_ispeed = 0x2580, c_ospeed = 0x2580}, t_lock_in = {c_iflag = 0x0,
     c_oflag = 0x0, c_cflag = 0x0, c_lflag = 0x0, c_cc = {
       0x0 <repeats 20 times>}, c_ispeed = 0x0, c_ospeed = 0x0}, t_lock_out = {
     c_iflag = 0x0, c_oflag = 0x0, c_cflag = 0x0, c_lflag = 0x0, c_cc = {
       0x0 <repeats 20 times>}, c_ispeed = 0x0, c_ospeed = 0x0}, t_winsize = {
     ws_row = 0x0, ws_col = 0x0, ws_xpixel = 0x0, ws_ypixel = 0x0},
   t_sc = 0xc40b1d00, t_lsc = 0x0, t_column = 0x0, t_rocount = 0x0,
   t_rocol = 0x0, t_ififosize = 0x0, t_ihiwat = 0x0, t_ilowat = 0x0,
   t_ispeedwat = 0x0, t_ohiwat = 0x0, t_olowat = 0x0, t_ospeedwat = 0x0,
   t_gen = 0x0, t_list = {tqe_next = 0xc4225c00, tqe_prev = 0xc40a99dc},
   t_actout = 0x0, t_wopeners = 0x0, t_mtx = {lock_object = {
       lo_name = 0xc0a8aeba, lo_type = 0xc0a8aeba, lo_flags = 0x1030000,
       lo_witness_data = {lod_list = {stqe_next = 0x0}, lod_witness = 0x0}},
     mtx_lock = 0x4, mtx_recurse = 0x0}, t_refcnt = 0x2, t_hotchar = 0x0,
   t_dtr_wait = 0xbb8, t_do_timestamp = 0x0, t_timestamp = {tv_sec = 0x0,
     tv_usec = 0x0}, t_pps = 0x0, t_oproc = 0xc0da0300, t_stop = 0xc0da0510,
   t_param = 0xc0da01e0, t_modem = 0xc0d9fc20, t_break = 0xc0d9fbe0,
   t_ioctl = 0xc0d9fb80, t_open = 0xc0da0010, t_purge = 0x0,
   t_close = 0xc0d9feb0, t_cioctl = 0x0}
 (kgdb) quit
 
 
 -- 
 Kazuaki ODA


More information about the freebsd-bugs mailing list