>Number:         31021
>Category:       kern
>Synopsis:       panic during exit in Knote
>Confidential:   no
>Severity:       critical
>Priority:       medium
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sat Aug 20 13:54:00 +0000 2005
>Originator:     Frank Kardel
>Release:        NetBSD 3.99.7
>Organization:
	
>Environment:
System: NetBSD pip.kardel.name 3.99.7 NetBSD 3.99.7 (PIP_ISDN) #11: Sun Aug 14 14:14:08 MEST 2005 kardel@pip.kardel.name:/fs/IC35L180AVV207-1-n/IC35L120AVV207-0-e/src/NetBSD/netbsd/sys/arch/i386/compile/obj.i386/PIP_ISDN i386
Architecture: i386
Machine: i386
>Description:
	I am currently testing for the next release of ntpd and experience often
	panics when killing user level ntpd.

	Specialty of process environment when running ntpd:
		- uses SIGIO on tty descriptors
		- has multiple tty descriptors with SIGIO open

	panic stack trace (hand copied):
	knote+0x17
	kpsignal2()+0x731
	kpgsignal+0x32
	pgsignal+0x32
	ttwakeup+0x57
	ttyflush
	ttyclose
	comclose
	specclose
	...
	vnclose
	...
	exit

	panics happen when killing ntpd often, but not always.
	
>How-To-Repeat:
	run ntp-dev ntpd with FSETOWN compile option disabled in config.h (to
	allow for multiple ttys using SIGIO).
	configure several refclock ttys

	while(system running) {
	  start ntpd
	  sleep 5
	  pkill ntpd
	}

	should get you into panic

>Fix:
	? - nothing obvious at first code scan, but maybe a signal
	is not expected at exit time or the environment for the
	event subsystem is already dismantled too far.

>Unformatted: