From robert@fledge.watson.org  Wed Jul 14 21:06:51 2004
Return-Path: <robert@fledge.watson.org>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id EABEE16A4CF; Wed, 14 Jul 2004 21:06:51 +0000 (GMT)
Received: from fledge.watson.org (fledge.watson.org [204.156.12.50])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 93D1443D1D; Wed, 14 Jul 2004 21:06:51 +0000 (GMT)
	(envelope-from robert@fledge.watson.org)
Received: from fledge.watson.org (localhost [127.0.0.1])
	by fledge.watson.org (8.12.11/8.12.11) with ESMTP id i6EL6XDR064670;
	Wed, 14 Jul 2004 17:06:33 -0400 (EDT)
	(envelope-from robert@fledge.watson.org)
Received: (from robert@localhost)
	by fledge.watson.org (8.12.11/8.12.11/Submit) id i6EL6XWL064669;
	Wed, 14 Jul 2004 17:06:33 -0400 (EDT)
	(envelope-from robert)
Message-Id: <200407142106.i6EL6XWL064669@fledge.watson.org>
Date: Wed, 14 Jul 2004 17:06:33 -0400 (EDT)
From: Robert Watson <rwatson@freebsd.org>
To: FreeBSD-gnats-submit@freebsd.org
Cc: phk@freebsd.org
Subject: nmdm page fault when slattach on a null modem device
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         69066
>Category:       kern
>Synopsis:       [panic] nmdm(4) page fault when slattach on a null modem device
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Jul 14 21:10:23 GMT 2004
>Closed-Date:    Thu Nov 18 17:44:31 UTC 2010
>Last-Modified:  Thu Nov 18 17:44:31 UTC 2010
>Originator:     Robert Watson
>Release:        FreeBSD 5-CURRENT i386
>Organization:
-
>Environment:

Using CVS HEAD kernel from around 20040714.  nmdm compiled into the
kernel or loaded in a module.

>Description:

hippy# slattach /dev/nmdm0A
/var/run/slattach.nmdm0A.pid
hippy# 
hippy
Fatal trap 12: page fault while in kernel mode
cpuid = 1; apic id = 01
fault virtual address   = 0x0
fault code              = supervisor read, page not present
instruction pointer     = 0x8:0xc054e4a5
stack pointer           = 0x10:0xdb0e9cac
frame pointer           = 0x10:0xdb0e9cb4
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, def32 1, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 47 (swi6:+)
[thread 100026]
Stopped at      nmdm_task_tty+0x11:     movl    0(%eax),%ebx
db> trace
nmdm_task_tty(c26f4c00,2,c22f8958,0,c07d310a) at nmdm_task_tty+0x11
taskqueue_run(c22f8940,db0e9d1c,c05de75c,0,0) at taskqueue_run+0x83
taskqueue_swi_giant_run(0) at taskqueue_swi_giant_run+0xe
ithread_loop(c2308980,db0e9d48,c2308980,c05de628,0) at ithread_loop+0x134
fork_exit(c05de628,c2308980,db0e9d48) at fork_exit+0x98
fork_trampoline() at fork_trampoline+0x8
--- trap 0x1, eip = 0, esp = 0xdb0e9d7c, ebp = 0 ---

(kgdb) l *nmdm_task_tty+0x11
0xc054e3e5 is in nmdm_task_tty (../../../dev/nmdm/nmdm.c:153).
148             struct softpart *sp;
149             int c;
150
151             tp = arg;
152             sp = tp->t_sc;
153             otp = sp->other->nm_tty;
154             KASSERT(otp != NULL, ("NULL otp in nmdmstart"));
155             KASSERT(otp != tp, ("NULL otp == tp nmdmstart"));
156             if (sp->other->nm_dcd) {
157                     if (!(tp->t_state & TS_ISOPEN)) {

Looks like sp->other is NULL.

>How-To-Repeat:

slattach on a null modem device seems to repeat this quite easily.  It
sounds a bit like a race in start up or tear-down.

>Fix:

Not included.

>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->feedback 
State-Changed-By: jh 
State-Changed-When: Fri Oct 29 08:01:53 UTC 2010 
State-Changed-Why:  
Do you know if this problem still exists? 

http://www.freebsd.org/cgi/query-pr.cgi?pr=69066 
State-Changed-From-To: feedback->closed 
State-Changed-By: jh 
State-Changed-When: Thu Nov 18 17:41:42 UTC 2010 
State-Changed-Why:  
There is no evidence that the problem still exists. SLIP has been 
removed from head and stable/8. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=69066 
>Unformatted:
