Panic when removing a SCSI device entry

Joerg Wunsch freebsd-scsi at
Wed May 18 06:04:32 UTC 2011

As Joerg Wunsch wrote:

> > Please provide the full printout from the panic. Also, it would
> > be useful to get the dump and do "p *dev" from the frame of
> > destroy_devl(). I might need further information after the requested
> > data is provided.
> Unfortunately, I somehow cannot get the system to provide a coredump.

OK, it happened again last night, and I've got a DDB trace now.  The
panic is at a slightly different location (in notify_destroy()), but
still a null pointer (apparently, dev->si_name is NULL now).

[thread pid 33502 tid 100246 ]
Stopped at      strlen+0x8:     cmpb    $0,0(%edx)
db> bt
Tracing pid 33502 tid 100246 td 0xc8be92e0
strlen(0,c6dfc804,cc0b0e80,cc6e6800,e98804b8,...) at strlen+0x8
notify(ce0dc900,0,0,cc6e6800,c05ac3fb,...) at notify+0x3f
destroy_devl(e98804f4,c0470a2b,ce0dc900,c07e9284,1,...) at destroy_devl+0x17b
destroy_dev(ce0dc900,c07e9284,1,0,e988051c,...) at destroy_dev+0x10
sacleanup(cc0b0e80,c07f161b,12,0,e9880570,...) at sacleanup+0x8b
camperiphfree(50,e9880994,c044b4de,e98809ac,c6e83c80,...) at camperiphfree+0x8f
cam_periph_release_locked(cc0b0e80,0,cc0b0e80,e98809bc,c044b762,...) at cam_periph_release_locked+0x55
cam_periph_release(cc0b0e80,14c,cc814200,e98809fc,e98809e8,...) at cam_periph_release+0x60
saopen(cc814200,1,2000,c8be92e0,c07cc465,...) at saopen+0x263
giant_open(cc814200,1,2000,c8be92e0,e9880b08,...) at giant_open+0x93
devfs_open(e9880b08,e9880b30,c061c4fa,c0840e60,e9880b08,...) at devfs_open+0x102
VOP_OPEN_APV(c0840e60,e9880b08,c075ad1a,cacbe788,0,...) at VOP_OPEN_APV+0x42
vn_open_cred(e9880b78,e9880c2c,0,0,c7fba280,...) at vn_open_cred+0x4ba
vn_open(e9880b78,e9880c2c,0,c7f49150,3,...) at vn_open+0x3b
kern_openat(c8be92e0,ffffff9c,804a0bb,0,1,...) at kern_openat+0x12c
kern_open(c8be92e0,804a0bb,0,0,6,...) at kern_open+0x35
open(c8be92e0,e9880cec,0,c,28176088,...) at open+0x30
syscallenter(c8be92e0,e9880ce4,e9880d1c,c07ad276,c8be92e0,...) at syscallenter+0x329
syscall(e9880d28) at syscall+0x34
Xint0x80_syscall() at Xint0x80_syscall+0x21
syscall (5, FreeBSD ELF32, open), eip = 0x2817608f, esp = 0xbfbfec7c, ebp = 0xbfbfee18 ---
db> show reg
cs                0x20
ds                0x28
es                0x28
fs                 0x8
ss                0x28
eax                  0
ecx                0x8
edx                  0
ebx                0x2
esp         0xe9880468
ebp         0xe9880468
esi         0xce0dc900
edi         0xcc6e6800
eip         0xc0620568  strlen+0x8
efl            0x10202
strlen+0x8:     cmpb    $0,0(%edx)
db> show cdev
geom.ctl 0xc6d1a100
devctl 0xc6ccc700
console 0xc6ccc600
sndstat 0xc6ccc500
ptmx 0xc6ccc400
ctty 0xc6ccc300
mem 0xc6ccc200
kmem 0xc6db3800
audit 0xc6db3700
bpf 0xc6db3600
bpf0 0xc6db3500
null 0xc6db3400
zero 0xc6db3300
fd/0 0xc6db3200
stdin 0xc6db3100
fd/1 0xc6db3000
stdout 0xc6db2e00
fd/2 0xc6db2d00
stderr 0xc6db2c00
klog 0xc6db2b00
pci 0xc6db2a00
midistat 0xc6db2900
kbdmux0 0xc6db2700
kbd0 0xc6db2600
random 0xc6db2400
urandom 0xc6db2300
sysmouse 0xc6db2200
io 0xc6db2100
speaker 0xc6db2000
fido 0xc6d1be00
ata 0xc6d1bd00
acpi 0xc6d1b800
ttyu2 0xc6e7dd00
ttyu2.init 0xc6e7d800
ttyu2.lock 0xc6e7d700
cuau2 0xc6e7d600
cuau2.init 0xc6e7d500
cuau2.lock 0xc6e7d400
ttyu3 0xc6e7d000
ttyu3.init 0xc6e7ce00
ttyu3.lock 0xc6e7cd00
cuau3 0xc6e7cc00
cuau3.init 0xc6e7cb00
cuau3.lock 0xc6e7ca00
ttyu4 0xc6e7c600
ttyu4.init 0xc6e7c500
ttyu4.lock 0xc6e7c800
cuau4 0xc6e7c900
cuau4.init 0xc6e7d200
cuau4.lock 0xc6e7d300
ttyu5 0xc6e7e400
ttyu5.init 0xc6e7e500
ttyu5.lock 0xc6e7e600
cuau5 0xc6e7e700
cuau5.init 0xc6e7e800
cuau5.lock 0xc6e7e900
ttyu6 0xc6e7e000
ttyu6.init 0xc6f01e00
ttyu6.lock 0xc6f01d00
cuau6 0xc6f01c00
cuau6.init 0xc6f01b00
cuau6.lock 0xc6f01a00
ttyu7 0xc6f01600
ttyu7.init 0xc6f01500
ttyu7.lock 0xc6f01400
cuau7 0xc6f01300
cuau7.init 0xc6f01200
cuau7.lock 0xc6f01100
ttyu8 0xc6f00c00
ttyu8.init 0xc6f00b00
ttyu8.lock 0xc6f00a00
cuau8 0xc6f00900
cuau8.init 0xc6f00800
cuau8.lock 0xc6f00700
ttyu9 0xc6f00300
ttyu9.init 0xc6f00200
ttyu9.lock 0xc6f00100
cuau9 0xc6f00000
cuau9.init 0xc6e7fe00
cuau9.lock 0xc6e7fd00
ttyv0 0xc6f01000
ttyv1 0xc6f01800
ttyv2 0xc6fa5d00
ttyv3 0xc6fa5c00
ttyv4 0xc6fa5b00
ttyv5 0xc6fa5a00
ttyv6 0xc6fa5900
ttyv7 0xc6fa5800
ttyv8 0xc6fa5700
ttyv9 0xc6fa5600
ttyva 0xc6fa5500
ttyvb 0xc6fa5400
ttyvc 0xc6fa5300
ttyvd 0xc6fa5200
ttyve 0xc6fa5100
ttyvf 0xc6fa5000
consolectl 0xc6fa4e00
lpt0 0xc6fa4b00
lpt0.ctl 0xc6fa4a00
ppi0 0xc6fa4900
ttyu0 0xc6fa4600
ttyu0.init 0xc6fa4500
ttyu0.lock 0xc6fa4400
cuau0 0xc6fa4300
cuau0.init 0xc6fa4200
cuau0.lock 0xc6fa4100
usbctl 0xc71d6d00
mdctl 0xc71d6b00
devstat 0xc71d6a00
fd0 0xc71d6900
usb/0.1.0 0xc71d6700
ugen0.1 0xc71d6600
usb/1.1.0 0xc71d6500
ugen1.1 0xc71d6400
usb/0.1.1 0xc71d6300
usb/1.1.1 0xc71d5d00
xpt0 0xc71d5800
mixer0 0xc71d4a00
mixer1 0xc71d4000
mixer2 0xc7216a00
acd0 0xc7216100
ad4 0xc7216000
ad4s1 0xc7215e00
ad4s1b 0xc7215d00
ad4s1h 0xc7215c00
gvinum/sound 0xc728de00
gvinum/squid 0xc728dd00
gvinum/camel 0xc728dc00
gvinum/tmp 0xc728db00
gvinum/dump 0xc728da00
gvinum/bacula_db 0xc728d900
gvinum/junk 0xc728d800
gvinum/home 0xc728d700
gvinum/home_cvs 0xc728d600
gvinum/var 0xc728d500
gvinum/usr 0xc728d400
gvinum/local 0xc728d300
gvinum/root 0xc728d200
gvinum/obj 0xc728d100
gvinum/upload 0xc728d000
gvinum/mysql 0xc72a4400
gvinum/pdf 0xc72a4300
gvinum/distfiles 0xc72a4200
gvinum/news 0xc72a4100
gvinum/src 0xc72a4000
gvinum/ports 0xc72a3e00
gvinum/temp 0xc72a3d00
ufsid/4dd10a3a6f636a7d 0xc72a3100
usb/1.2.0 0xc72a2700
ugen1.2 0xc72a2600
usb/1.2.1 0xc7290800
cd0 0xc7290500
pass0 0xc7290700
pass1 0xc7290d00
pass2 0xc7290e00
da0 0xc72e8800
da0a 0xc72a2900
da0h 0xc72a2a00
da1 0xc72a2b00
ufsid/4856d98a00081994 0xc72a2c00
da1a 0xc72a2d00
da1h 0xc72e6700
usb/0.2.0 0xc72e7100
ugen0.2 0xc72e6e00
usb/0.2.1 0xc72e6c00
usb/0.3.0 0xc7375300
ugen0.3 0xc72a3400
usb/0.3.1 0xc7376d00
ukbd0 0xc7377200
kbd1 0xc72a3500
usb/0.4.0 0xc743a400
ugen0.4 0xc743a300
usb/0.4.1 0xc743a000
ums0 0xc7439500
usb/0.5.0 0xc7438c00
ugen0.5 0xc7438b00
usb/0.5.1 0xc7438a00
usb/0.6.0 0xc7501800
ugen0.6 0xc7501700
usb/0.6.2 0xc7501400
pf 0xc75d7500
nfslock 0xc7501a00
tap0 0xc7501100
apm0 0xc75d9600
dsp2.0 0xc82a3500
dsp1.0 0xc7f9dc00
dsp0.0 0xc7f9db00
pts/0 0xc8902d00
pts/1 0xc82a1600
pts/2 0xc89e0a00
pts/3 0xc8901a00
ptyp0 0xc8902c00
ttyp0 0xc82a3a00
pts/4 0xc819f100
pts/5 0xc89de200
pts/6 0xc8902600
tun0 0xc9f99300
pts/7 0xcc35a700
ptyp1 0xcc210a00
ttyp1 0xcc1b9600
pass3 0xce096c00
ch0 0xce113400
nsa0.0 0xcc814200
esa0.0 0xcdc50600
nsa0 0xcc81c800
esa0 0xcc871a00
sa0.1 0xce083c00
nsa0.1 0xccec1d00
esa0.1 0xccd63400
sa0.2 0xcc840e00
nsa0.2 0xcc7dc800
esa0.2 0xcc841500
sa0.3 0xce083400
nsa0.3 0xcdc50400
esa0.3 0xce084600
ptyp2 0xcf8b1000
ttyp2 0xcf929100
pass4 0xce989900
sa0.ctl 0xced5f400
sa0.0 0xce991100
nsa0.0 0xcea91c00
esa0.0 0xced17900
sa0 0xce71d500
nsa0 0xced60400
esa0 0xce956800
sa0.1 0xce68ab00
nsa0.1 0xceb10a00
esa0.1 0xced1f300
sa0.2 0xce6dd400
nsa0.2 0xcec9c800
esa0.2 0xce960100
sa0.3 0xcea91d00
nsa0.3 0xce9bb700
esa0.3 0xceb99d00
db> panic
panic: from debugger
cpuid = 0
Uptime: 1d5h4m38s
Physical memory: 3575 MB
Dumping 365 MB: 350 334 318 302 286 270 254 238 222 206 190 174 158 142 126 110 94 78 62 46 30 14
Dump complete
Automatic reboot in 15 seconds - press a key on the console to abort
--> Press a key on the console to reboot,
--> or switch off the system now.

As you can see, I've got a coredump this time, so I can run kgdb
on that.

Currently, I'm compiling an INVARIANTS kernel, and will boot that one
soon - though I wonder whether it really makes sense here, as the
picture is different from last time (due to Kostik's suggested

One observation that comes to mind: with devices appearing and
disappearing, the CAM subsystem sometimes suffers from some confusion
if a device is still held open by the time it disappears on the bus.
The device then appears in "camcontrol devlist" as just "sa0", without
a pass device associated.  When powering it on again, and reprobing
it, it becomes "sa0, pass4, sa0" or such.

cheers, J"org               .-.-.   --... ...--   -.. .  DL8DTL                        NIC: JW11-RIPE
Never trust an operating system you don't have sources for. ;-)

More information about the freebsd-scsi mailing list