5.4-STABLE panic

Robert Watson rwatson at FreeBSD.org
Fri Apr 8 11:09:50 PDT 2005 

On Fri, 8 Apr 2005, Doug White wrote:

> On Fri, 8 Apr 2005, Rene Ladan wrote:
>
>> has anyone seen this panic yet?  It appears to be LOR-related :
>
> This is a tough one since it occured while ddb was active.  How did you 
> cause this?

This occurs because the low level syscons output routines incorrectly call 
into KQ while in the debugger.  I was sure I had fixed this, but maybe 
it's fixed only in -CURRENT.  If that's the case, it needs to be MFC'd -- 
not because it's a source of stability problems when running normally, but 
because it makes debugging other bugs harder.  In this case, the real bug 
is up in the trap entries.

Looking at my local CVS checkout, I see that I actually didn't commit the 
fix to HEAD either :-(.  The patch is attached below, and is largely 
untested.

Robert N M Watson

>>     file=0xc05f619e "/usr/src/sys/kern/kern_event.c", line=1453)
>>     at /usr/src/sys/kern/subr_witness.c:709
>> 	lock_list = (struct lock_list_entry **) 0xf00
>> 	lle = (struct lock_list_entry *) 0x20
>> 	lock1 = (struct lock_instance *) 0xc13df000
>> 	lock2 = (struct lock_instance *) 0x0
>> 	class = (struct lock_class *) 0xc062045c
>> 	w = (struct witness *) 0xc0648808
>> 	w1 = (struct witness *) 0xc0686b28
>> 	td = (struct thread *) 0xc13df000
>> ---Type <return> to continue, or q <return> to quit---
>> 	i = -1067755093
>> 	j = -910530880
>> 	__func__ = "witness_checkorder"
>> #4  0xc048a5fa in _mtx_lock_flags (m=0xc1580110, opts=0,
>>     file=0xc05f619e "/usr/src/sys/kern/kern_event.c", line=1453)
>>     at /usr/src/sys/kern/kern_mutex.c:271
>> No locals.
>> #5  0xc0476d25 in knote (list=0xc1580098, hint=0, islocked=0)
>>     at /usr/src/sys/kern/kern_event.c:1453
>> 	kq = (struct kqueue *) 0xc1580038
>> 	kn = (struct knote *) 0xc1580000
>> #6  0xc04c934e in ttwwakeup (tp=0xc1580000) at /usr/src/sys/kern/tty.c:2394
>> No locals.
>> #7  0xc05ba441 in scstart (tp=0xc1580000)
>>     at /usr/src/sys/dev/syscons/syscons.c:1369
>> 	rbp = (struct clist *) 0xc1580038
>> 	len = 0
>> 	buf = "\fziÁ\200\a\000\000\000p\000\000\000ziÁlgºÉb`[À\fziÁ\200\a\000\000 \000\000\000\000p\000\000BK\000 \\gºÉ:z[ÀÀ\235hÀ\fziÁ\000ziÁ\000\a\000\000\224gºÉ\225a[À\000ziÁ\200\a\000\000 \000\000\000\000\a\000\000\000\000\000\000\000ziÁ\000ziÁÀ\235hÀÿÿgºÉ\016Â[À\000ziÁ\200\a\000\000\000\000\000"
>> 	scp = (scr_stat *) 0xc1697a00
>> #8  0xc05bd825 in scgetc (sc=0xc0689dc0, flags=3)
>>     at /usr/src/sys/dev/syscons/syscons.c:3211
>> ---Type <return> to continue, or q <return> to quit---
>> 	scp = (scr_stat *) 0xc1697a00
>> 	tp = (struct tty *) 0x0
>> 	c = 6
>> 	this_scr = -910530592
>> 	f = 0
>> 	i = 0
>> #9  0xc05ba899 in sccngetch (flags=2)
>>     at /usr/src/sys/dev/syscons/syscons.c:1555
>> 	fkey = {str = "\033[A", '\0' <repeats 12 times>, len = 3 '\003'}
>> 	fkeycp = 3
>> 	scp = (scr_stat *) 0xc1697a00
>> 	p = (u_char *) 0x0
>> 	cur_mode = 1
>> 	c = -1067204928
>> #10 0xc05ba6e2 in sccncheckc (cd=0xc0634480)
>>     at /usr/src/sys/dev/syscons/syscons.c:1478
>> No locals.
>> #11 0xc04cbc98 in cncheckc () at /usr/src/sys/kern/tty_cons.c:567
>> 	cnd = (struct cn_device *) 0xc066c480
>> 	cn = (struct consdev *) 0x0
>> 	c = 0
>> #12 0xc04cbc45 in cngetc () at /usr/src/sys/kern/tty_cons.c:548
>> 	c = 0
>> #13 0xc042a535 in db_readline (lstart=0xc063bec0 "c\n", lsize=120)
>> ---Type <return> to continue, or q <return> to quit---
>>     at /usr/src/sys/ddb/db_input.c:324
>> No locals.
>> #14 0xc042a67a in db_read_line () at /usr/src/sys/ddb/db_lex.c:55
>> 	i = 0
>> #15 0xc0428d91 in db_command_loop () at /usr/src/sys/ddb/db_command.c:453
>> No locals.
>> #16 0xc042aef5 in db_trap (type=3, code=0) at /usr/src/sys/ddb/db_main.c:221
>> 	jb = {{_jb = {-910530388, -910530416, -910530336, -1052905472, 0,
>>       -1069371754, 0, 0, 0, 0, -910530336, -1068824416}}}
>> 	prev_jb = (void *) 0x0
>> 	bkpt = 0
>> #17 0xc04b0927 in kdb_trap (type=0, code=0, tf=0xc9ba6940)
>>     at /usr/src/sys/kern/subr_kdb.c:418
>> 	handled = -910530240
>> #18 0xc05d8948 in trap (frame=
>>       {tf_fs = -1051983848, tf_es = 16, tf_ds = -910557168, tf_edi = 9, tf_esi = -1051954588, tf_ebp = -910530168, tf_isp = -910530196, tf_ebx = -1067007556, tf_edx = 1, tf_ecx = -1056878592, tf_eax = 31, tf_trapno = 3, tf_err = 0, tf_eip = -1068825056, tf_cs = 8, tf_eflags = 646, tf_esp = -1067470996, tf_ss = -1067540423}) at /usr/src/sys/i386/i386/trap.c:576
>> 	td = (struct thread *) 0xc13df000
>> 	p = (struct proc *) 0xc13e61c4
>> 	sticks = 0
>> 	i = 0
>> ---Type <return> to continue, or q <return> to quit---
>> 	ucode = 0
>> 	type = 3
>> 	code = 0
>> 	eva = 0
>> #19 0xc05c7d2a in calltrap () at /usr/src/sys/i386/i386/exception.s:140
>> No locals.


Index: syscons.c
===================================================================
RCS file: /home/ncvs/src/sys/dev/syscons/syscons.c,v
retrieving revision 1.433
diff -u -r1.433 syscons.c
--- syscons.c	27 Feb 2005 21:16:11 -0000	1.433
+++ syscons.c	4 Mar 2005 19:07:02 -0000
@@ -1457,9 +1457,11 @@
  	    scp->status |= CURSOR_ENABLED;
  	    sc_draw_cursor_image(scp);
  	}
-	tp = VIRTUAL_TTY(scp->sc, scp->index);
-	if (ISTTYOPEN(tp))
-	    scstart(tp);
+	if (debugger == 0) {
+	    tp = VIRTUAL_TTY(scp->sc, scp->index);
+	    if (ISTTYOPEN(tp))
+		scstart(tp);
+	}
      }
  #endif /* !SC_NO_HISTORY */

@@ -3216,9 +3218,11 @@
  			    scp->status |= CURSOR_ENABLED;
  			    sc_draw_cursor_image(scp);
  			}
-			tp = VIRTUAL_TTY(sc, scp->index);
-			if (ISTTYOPEN(tp))
-			    scstart(tp);
+			if (debugger == 0) {
+			    tp = VIRTUAL_TTY(sc, scp->index);
+			    if (ISTTYOPEN(tp))
+				scstart(tp);
+			}
  #endif
  		    }
  		}
@@ -3547,6 +3551,9 @@
      scr_stat *scp = arg;
      struct tty *tp;

+    if (debugger)
+	return;
+
      if (ISGRAPHSC(scp) || (scp->sc->blink_in_progress <= 1)) {
  	scp->sc->blink_in_progress = 0;
      	mark_all(scp);

More information about the freebsd-stable mailing list