My apologies in advance for the length of this email.
I recently updated my 5.4 system after security notices, and I'm getting a
kernel panic when I interact on the keyboard with a rc.local script.
Disabling ACPI makes the problem go away, but I am on a laptop so I think
I want ACPI on.
The shell script is something I wrote/mooched/hacked that allows me to select a
wifi station to login to during boot time. The machine is a laptop: Dell
Inspiron 1150. It's probably bad form to have an interactive script on
boot, but anyway...
here is the rc.local script:
==
run_it () {
case ${AUTO_RUN} in
'')
unset YES_OR_NO
echo ''
echo -n 'Connect to'
echo ''
echo -n '1.) Wifi 1'
echo ''
echo -n '2.) Wifi 2'
echo ''
echo -n '[Default: Wifi 2] ? 1, 2, [Enter]'
echo ''
read YES_OR_NO
case ${YES_OR_NO} in
1)
echo logging into Wifi 1 using card ${1}
echo ''
eval echo ifconfig Wifi 1
echo ''
;;
''|2)
echo logging into Wifi 2 using card ${1}
echo ''
eval echo ifconfig Wifi 2
echo ''
;;
*)
echo ''
echo Invalid selection for command ${1}
echo ''
echo Make sure to run ${1} yourself
echo ''
esac
;;
*) ;;
esac
}
run_it ath0
dhclient ath0
==
The kernel boots fine, and gets to the point where rc.local runs:
Connect to:
1) Wifi station 1
2) Wifi station 2
When I hit a key, I get the following message (entered by hand here):
Fatal Trap 12
page fault while in kernel mode
fault virtual address: 0x7408a85c
fault code: supervisor read, page not present
instruction pointer: 0x8: 0x7408a85c
stack pointer: 0x10: 0xcbc60c94
frame pointer: 0x10: 0xcbc60c94
code segment: base 0x0 limit 0x
type 0x16
DPL 0, pres 1, def32 1, gran 1
processor eflags: interrupt enabled, resume IOPL=0
current process: 13 (irq1: atkbd0)
trap number: 12
panic: page fault
Uptime: 36s
Cannot dump. no demp device defined.
(The above is the first attempt. I was able later to get a crashdump, and
recompiled the kernel with
debug on so the message above is in a slightly different environment than what
the crash dump saw)
In the crash dump, and it kind of looks like the kernel can't create a thread
to handle a
keyboard interrupt for some reason.
atkbd_intr() in /usr/src/sys/dev/kbd/atkbd.c gets a null argument for kbd,
which it tries to
dereference:
453 atkbd_intr(keyboard_t *kbd, void *arg)
454 {
(kgdb)
455 atkbd_state_t *state;
456 int delay[2];
457 int c;
458
459 if (KBD_IS_ACTIVE(kbd) KBD_IS_BUSY(kbd)) {
460 /* let the callback function to process the input */
461 (*kbd-kb_callback.kc_func)(kbd, KBDIO_KEYINPUT,
462 kbd-kb_callback.kc_arg);
463 } else {
It gets this from atkbd_isa_intr() in /usr/src/sys/isa/atkbd_isa.c
static void
atkbd_isa_intr(void *arg)
{
keyboard_t *kbd;
kbd = (keyboard_t *)arg; -- null void pointer cast
as keyboard_t *
(*kbdsw[kbd-kb_index]-intr)(kbd, NULL);
}
Which, in turn gets the null pointer from a critical section in an interrupt
thread handler in kern_intr.c.
But, there I am lost :)
I can provide more info if needed, given that I can keep the machine running...
--Allan Bowhill
[GDB will not be able to debug user-mode threads: /usr/lib/libthread_db.so:
Undefined symbol ps_pglobal_lookup]
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type show copying to see the conditions.
There is absolutely no warranty for GDB. Type show warranty for details.
This GDB was configured as i386-marcel-freebsd.
#0 doadump () at pcpu.h:160
160 __asm __volatile(movl %%fs:0,%0 : =r (td));
(kgdb) where
#0 doadump () at pcpu.h:160
#1 0xc0665172 in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:410
#2 0xc0665479 in panic (fmt=0xc08a0119 %s) at
/usr/src/sys/kern/kern_shutdown.c:566
#3 0xc085566d in trap_fatal (frame=0xcbc60c34, eva=0) at
/usr/src/sys/i386/i386/trap.c:817
#4 0xc0855390 in trap_pfault (frame=0xcbc60c34, usermode=0, eva=194672) at
/usr/src/sys/i386/i386/trap.c:735
#5 0xc0854f5c in trap (frame=
{tf_fs = 24, tf_es = 16, tf_ds = -1066991600, tf_edi = 13, tf_esi =
-1063617632, tf_ebp = -876213100, tf_isp = -876213152, tf_ebx = -1050240512,
tf_edx = -1066827385, tf_ecx = -1063864572, tf_eax = 13, tf_trapno = 12, tf_err
= 0, tf_eip = 194672, tf_cs = 8, tf_eflags = 66050, tf_esp = -1065129891,
tf_ss = 13}) at /usr/src/sys/i386/i386/trap.c:425
#6 0xc084317a in calltrap () at /usr/src/sys/i386/i386/exception.s:140
#7 0x0018 in ?? ()
#8
