odd KSE panic

Andrew Gallatin gallatin at cs.duke.edu
Fri Jul 2 12:05:03 PDT 2004

I've got a character device which is used for OS-bypass NIC, and I've
got a problem.. 

We just started using a second thread in our userland library.  The
idea is this worker thread ioctls into the driver, where he sleeps
waiting for an interrupt from the NIC.  When he gets the interrupt,
he wakes up and returns from the ioctl, where he will process some
recently completed events.

The problem happens when exiting.  When main application thread
decides to exit, it does an ioctl into the driver to wakeup the
sleeping worker thread.  The worker thread thread wakes up, and then
exits, then the main thread closes his file descriptor and exits.

The problem I'm seeing is that I get a panic like the following when
using KSE.  (A linux binary works fine, ioctls are translated..)

The interesting thing is that there is no stack..  Just one function
from my driver (mx_free()) sitting out there by itself.  Is the kernel
somehow ripping the kernel stacks of all threads out from under them
when one thread calls exit()?  How do I take a reference so I
don't risk getting marooned without a stack?



Fatal trap 12: page fault while in kernel mode
cpuid = 0; apic id = 00
fault virtual address   = 0x0
fault code              = supervisor read, page not present
instruction pointer     = 0x8:0xc1d69150
stack pointer           = 0x10:0x0
frame pointer           = 0x10:0x0
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, def32 1, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 843 (mx_loopback_test)
trap number             = 12
panic: page fault
cpuid = 0; 
Stack backtrace:
backtrace(c068b9ae,0,c068f727,ffffff28,100) at backtrace+0x17
panic(c068f727,c06b21bf,c1cc0300,1,1) at panic+0x134
trap_fatal(ffffffc0,0,1,0,c1cc19a0) at trap_fatal+0x313
trap_pfault(ffffffc0,0,0,0,0) at trap_pfault+0x22d
trap(18,10,10,0,c16e30e0) at trap+0x2dd
calltrap() at calltrap+0x5
--- trap 0xc, eip = 0xc1d69150, esp = 0, ebp = 0 ---
mx_free() at mx_free+0x1b
boot() called on cpu#0
Uptime: 2m45s

More information about the freebsd-threads mailing list