From nobody@FreeBSD.org  Sat Jan 28 00:30:07 2006
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 8CE7316A420
	for <freebsd-gnats-submit@FreeBSD.org>; Sat, 28 Jan 2006 00:30:07 +0000 (GMT)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [216.136.204.117])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 4D3E343D45
	for <freebsd-gnats-submit@FreeBSD.org>; Sat, 28 Jan 2006 00:30:07 +0000 (GMT)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.13.1/8.13.1) with ESMTP id k0S0U7Qx095345
	for <freebsd-gnats-submit@FreeBSD.org>; Sat, 28 Jan 2006 00:30:07 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.13.1/8.13.1/Submit) id k0S0U7du095344;
	Sat, 28 Jan 2006 00:30:07 GMT
	(envelope-from nobody)
Message-Id: <200601280030.k0S0U7du095344@www.freebsd.org>
Date: Sat, 28 Jan 2006 00:30:07 GMT
From: Paul Marciano <pm940@yahoo.com>
To: freebsd-gnats-submit@FreeBSD.org
Subject: Kernel fault in knote when getty opens a serial port
X-Send-Pr-Version: www-2.3

>Number:         92440
>Category:       kern
>Synopsis:       Kernel fault in knote when getty opens a serial port
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    mbr
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sat Jan 28 00:40:03 GMT 2006
>Closed-Date:    Sat Jan 02 23:10:49 UTC 2010
>Last-Modified:  Sat Jan 02 23:10:49 UTC 2010
>Originator:     Paul Marciano
>Release:        5.4-RELEASE
>Organization:
>Environment:
FreeBSD  5.4-RELEASE FreeBSD 5.4-RELEASE #15: Thu Jan 26 18:06:53 PST 2006     pm@hazard.none.com:/usr/src/sys/i386/compile/HAZARD  i386

>Description:
My systems all use serial consoles.  Upon logging out of a shell session I observed a kernel fault.  This has been reported before, I believe, but I couldn't find a PR.

(http://adam.kungfoohampster.com/lists/freebsd-stable/msg11259.shtml)

It is imperative that my serial consoles remain reliable.

db> c

Fatal trap 12: page fault while in kernel mode
fault virtual address   = 0x1c
fault code              = supervisor write, page not present
instruction pointer     = 0x8:0xc0514443
stack pointer           = 0x10:0xd621e984
frame pointer           = 0x10:0xd621e990
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, def32 1, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 308 (getty)
[thread pid 308 tid 30109 ]
Stopped at      knote+0x27:     cmpxchgl        %ecx,0x1c(%edx)
db> tr
Tracing pid 308 tid 30109 td 0xc1cddc00
knote(c1acaa98,0,0,c1cddc00,d621e9c0) at knote+0x27
ttwwakeup(c1acaa00) at ttwwakeup+0xc8
comstart(c1acaa00) at comstart+0x2f5
comparam(c1acaa00,c1acaaa4,c1acaa00,3,0) at comparam+0x253
sioopen(c0784878,3,2000,c1cddc00,c0775060) at sioopen+0x1df
spec_open(d621ea80,d621eb3c,c058baa5,d621ea80,180) at spec_open+0x2b6
spec_vnoperate(d621ea80) at spec_vnoperate+0x13
vn_open_cred(d621ebe4,d621ece4,c08,c193dd80,0) at vn_open_cred+0x419
vn_open(d621ebe4,d621ece4,c08,0,c066b40f) at vn_open+0x1e
kern_open(c1cddc00,804f8e0,0,3,bfbfee18) at kern_open+0xe7
open(c1cddc00,d621ed14,3,0,292) at open+0x18
syscall(2f,2f,2f,804f8e0,0) at syscall+0x2ab
Xint0x80_syscall() at Xint0x80_syscall+0x1f
--- syscall (5, FreeBSD ELF32, open), eip = 0x280d26bb, esp = 0xbfbfedec, ebp 
= 0xbfbfee18 ---
db> ps
  pid   proc     uid  ppid  pgrp  flag   stat  wmesg    wchan  cmd
  308 c1d84388    0     1     1 0004000 [CPU 0] getty
   63 c1bd4000    0     0     0 0000204 [SLPQ - 0xd5047d18][SLP] schedcpu
   62 c1bd41c4    0     0     0 0000204 [SLPQ - 0xc0793e2c][SLP] nfsiod 3
   61 c1bd4388    0     0     0 0000204 [SLPQ - 0xc0793e28][SLP] nfsiod 2
   60 c1a081c4    0     0     0 0000204 [SLPQ - 0xc0793e24][SLP] nfsiod 1
   59 c1a08388    0     0     0 0000204 [SLPQ - 0xc0793e20][SLP] nfsiod 0
   58 c1a0854c    0     0     0 0000204 [SLPQ syncer 0xc078794c][SLP] syncer
   57 c1a08710    0     0     0 0000204 [SLPQ vlruwt 0xc1a08710][SLP] vnlru
   56 c1a088d4    0     0     0 0000204 [SLPQ psleep 0xc078b78c][SLP] bufdaemon
   55 c1a08a98    0     0     0 0000204 [RUNQ] idlepoll
   54 c1a08c5c    0     0     0 000020c [SLPQ pgzero 0xc079a794][SLP] pagezero
   53 c1a08e20    0     0     0 0000204 [SLPQ psleep 0xc079a7e8][SLP] vmdaemon
   52 c1a49000    0     0     0 0000204 [SLPQ psleep 0xc079a7a4][SLP] 
pagedaemon
   51 c1a491c4    0     0     0 0000204 [IWAIT] swi0: sio
   50 c1a49388    0     0     0 0000204 [SLPQ usbevt 0xc19fba10][SLP] usb4
   49 c1a4954c    0     0     0 0000204 [SLPQ usbevt 0xc1a4c210][SLP] usb3
   48 c1a49710    0     0     0 0000204 [SLPQ usbevt 0xc1a42210][SLP] usb2
   47 c1a498d4    0     0     0 0000204 [SLPQ usbevt 0xc1a3b210][SLP] usb1
   46 c1999a98    0     0     0 0000204 [SLPQ usbtsk 0xc077f910][SLP] usbtask
   45 c1999c5c    0     0     0 0000204 [SLPQ usbevt 0xc1a11210][SLP] usb0
    9 c1999e20    0     0     0 0000204 [SLPQ actask 0xc0890bec][SLP] 
acpi_task2
    8 c1a03000    0     0     0 0000204 [SLPQ actask 0xc0890bec][SLP] 
acpi_task1
    7 c1a031c4    0     0     0 0000204 [SLPQ actask 0xc0890bec][SLP] 
acpi_task0
    6 c1a03388    0     0     0 0000204 [SLPQ - 0xc19eaac0][SLP] thread taskq
   44 c1a0354c    0     0     0 0000204 [IWAIT] swi6:+
   43 c1a03710    0     0     0 0000204 [IWAIT] swi6: acpitaskq
   42 c1a038d4    0     0     0 0000204 [IWAIT] swi6: task queue
    5 c1a03a98    0     0     0 0000204 [SLPQ - 0xc19eac80][SLP] kqueue taskq
   41 c1a03c5c    0     0     0 0000204 [IWAIT] swi3: cambio
   40 c1a03e20    0     0     0 0000204 [IWAIT] swi2: camnet
   39 c1a08000    0     0     0 0000204 [IWAIT] swi6:+
   38 c198954c    0     0     0 0000204 [SLPQ - 0xc077f200][SLP] yarrow
    4 c1989710    0     0     0 0000204 [SLPQ - 0xc0781dc8][SLP] g_down
    3 c19898d4    0     0     0 0000204 [SLPQ - 0xc0781dc4][SLP] g_up
    2 c1989a98    0     0     0 0000204 [SLPQ - 0xc0781dbc][SLP] g_event
   37 c1989c5c    0     0     0 0000204 [IWAIT] swi4: vm
   36 c1989e20    0     0     0 000020c [RUNQ] swi5: clock sio
   35 c1999000    0     0     0 0000204 [RUNQ] swi1: net
   34 c19991c4    0     0     0 0000204 [IWAIT] irq0: clk
   33 c1999388    0     0     0 0000204 [IWAIT] irq23: uhci0 ehci0
   32 c199954c    0     0     0 0000204 [IWAIT] irq22:
   31 c1999710    0     0     0 0000204 [IWAIT] irq21:
   30 c19998d4    0     0     0 0000204 [IWAIT] irq20: ste0
   29 c19471c4    0     0     0 0000204 [IWAIT] irq19: ste1 uhci1
   28 c1947388    0     0     0 0000204 [IWAIT] irq18: ste2 uhci2
   27 c194754c    0     0     0 0000204 [IWAIT] irq17:
   26 c1947710    0     0     0 0000204 [IWAIT] irq16: ste3 uhci3
   25 c19478d4    0     0     0 0000204 [IWAIT] irq15: ata1
   24 c1947a98    0     0     0 0000204 [IWAIT] irq14: ata0
   23 c1947c5c    0     0     0 0000204 [IWAIT] irq13:
   22 c1947e20    0     0     0 0000204 [IWAIT] irq12: psm0
   21 c1989000    0     0     0 0000204 [IWAIT] irq11:
   20 c19891c4    0     0     0 0000204 [IWAIT] irq10:
   19 c1989388    0     0     0 0000204 [IWAIT] irq9: acpi0
   18 c193f000    0     0     0 0000204 [IWAIT] irq8: rtc
   17 c193f1c4    0     0     0 0000204 [IWAIT] irq7: ppc0
   16 c193f388    0     0     0 0000204 [IWAIT] irq6:
   15 c193f54c    0     0     0 0000204 [IWAIT] irq5:
   14 c193f710    0     0     0 0000204 [IWAIT] irq4: sio0
   13 c193f8d4    0     0     0 0000204 [IWAIT] irq3: sio1
   12 c193fa98    0     0     0 0000204 [IWAIT] irq1: atkbd0
   11 c193fc5c    0     0     0 000020c [Can run] idle
    1 c193fe20    0     0     1 0004200 [SLPQ wait 0xc193fe20][SLP] init
   10 c1947000    0     0     0 0000204 [SLPQ ktrace 0xc0785b78][SLP] ktrace
    0 c0781ec0    0     0     0 0000200 [SLPQ sched 0xc0781ec0][SLP] swapper
db>
db> thread
[thread pid 308 tid 30109 ]
knote+0x27:     cmpxchgl        %ecx,0x1c(%edx)

db> show registers
cs                 0x8
ds                0x10
es          0xc1bf0010
fs          0xc1cd0018
ss                0x10
eax                0x4
ecx         0xc1cddc00
edx                  0
ebx         0xc1acaa00
esp         0xd621e984
ebp         0xd621e990
esi         0xc1a76800
edi         0xc1acaa00
eip         0xc0514443  knote+0x27
efl            0x10246
dr0                  0
dr1                  0
dr2                  0
dr3                  0
dr4         0xffff0ff0
dr5              0x400
dr6         0xffff0ff0
dr7              0x400
knote+0x27:     cmpxchgl        %ecx,0x1c(%edx)
db>
>How-To-Repeat:

Unknown.

>Fix:

None.

>Release-Note:
>Audit-Trail:

From: Kris Kennaway <kris@obsecurity.org>
To: Paul Marciano <pm940@yahoo.com>
Cc: freebsd-gnats-submit@FreeBSD.org
Subject: Re: kern/92440: Kernel fault in knote when getty opens a serial port
Date: Fri, 24 Feb 2006 02:18:31 -0500

 On Sat, Jan 28, 2006 at 12:30:07AM +0000, Paul Marciano wrote:
 
 > >Description:
 > My systems all use serial consoles.  Upon logging out of a shell session I observed a kernel fault.  This has been reported before, I believe, but I couldn't find a PR.
 > 
 > (http://adam.kungfoohampster.com/lists/freebsd-stable/msg11259.shtml)
 > 
 > It is imperative that my serial consoles remain reliable.
 
 I think this was fixed in 6.0-RELEASE.  Can you confirm?
 
 Kris

From: Paul Marciano <pm940@yahoo.com>
To: Kris Kennaway <kris@obsecurity.org>
Cc: freebsd-gnats-submit@FreeBSD.org
Subject: Re: kern/92440: Kernel fault in knote when getty opens a serial port
Date: Thu, 23 Feb 2006 23:38:49 -0800 (PST)

 --- Kris Kennaway <kris@obsecurity.org> wrote:
 
 > On Sat, Jan 28, 2006 at 12:30:07AM +0000, Paul
 > Marciano wrote:
 > 
 > > >Description:
 > > My systems all use serial consoles.  Upon logging
 > > out of a shell session I observed a kernel fault. 
 > > This has been reported before, I believe, but I
 > > couldn't find a PR.
 > 
 > I think this was fixed in 6.0-RELEASE.  Can you
 > confirm?
 > 
 > Kris
 > 
 
 Kris,
 
 Thanks for the info, but unfortunately I'm not in a
 position to be able to check out 6.0.  We're on 5.4
 and will move to 5.5 when it is released but 6.0 is
 regarded as immature (I would be interested in hearing
 other opinions on that point).  I have looked at the
 kernel sources and see that the 6.0 serial framework
 has changed.
 
 Also I cannot reproduce the crash - it just happened
 once (once too many).
 
 Thanks for the note, though.
 
 Paul.
 
 
 
 __________________________________________________
 Do You Yahoo!?
 Tired of spam?  Yahoo! Mail has the best spam protection around 
 http://mail.yahoo.com 

From: Kris Kennaway <kris@obsecurity.org>
To: Paul Marciano <pm940@yahoo.com>
Cc: Kris Kennaway <kris@obsecurity.org>, freebsd-gnats-submit@FreeBSD.org
Subject: Re: kern/92440: Kernel fault in knote when getty opens a serial port
Date: Fri, 24 Feb 2006 10:08:10 -0500

 On Thu, Feb 23, 2006 at 11:38:49PM -0800, Paul Marciano wrote:
 > 
 > --- Kris Kennaway <kris@obsecurity.org> wrote:
 > 
 > > On Sat, Jan 28, 2006 at 12:30:07AM +0000, Paul
 > > Marciano wrote:
 > > 
 > > > >Description:
 > > > My systems all use serial consoles.  Upon logging
 > > > out of a shell session I observed a kernel fault. 
 > > > This has been reported before, I believe, but I
 > > > couldn't find a PR.
 > > 
 > > I think this was fixed in 6.0-RELEASE.  Can you
 > > confirm?
 > > 
 > > Kris
 > > 
 > 
 > Kris,
 > 
 > Thanks for the info, but unfortunately I'm not in a
 > position to be able to check out 6.0.  We're on 5.4
 > and will move to 5.5 when it is released but 6.0 is
 > regarded as immature (I would be interested in hearing
 > other opinions on that point).
 
 6.0 is a much better release than both 5.4 and (confidently predicting
 into the future), 5.5.  Any prejudice against it just because of the
 ".0" is unfounded.
 
 > I have looked at the kernel sources and see that the 6.0 serial
 > framework has changed.
 
 Yes, and unfortunately this bug will not be fixed in the 5.x series.
 
 Kris
Responsible-Changed-From-To: freebsd-bugs->mbr 
Responsible-Changed-By: mbr 
Responsible-Changed-When: Sat Sep 23 13:49:43 UTC 2006 
Responsible-Changed-Why:  
I'll work on this. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=92440 
State-Changed-From-To: open->closed 
State-Changed-By: mbr 
State-Changed-When: Sat Jan 2 23:10:26 UTC 2010 
State-Changed-Why:  
Fixed in FreeBSD > 6.0 

http://www.freebsd.org/cgi/query-pr.cgi?pr=92440 
>Unformatted:
