kern/58305: WITNESS + INVARIANTS + "camcontrol devlist" = panic
Harold Gutch
logix at foobar.franken.de
Mon Oct 20 14:20:17 PDT 2003
>Number: 58305
>Category: kern
>Synopsis: WITNESS + INVARIANTS + "camcontrol devlist" = panic
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Mon Oct 20 14:20:13 PDT 2003
>Closed-Date:
>Last-Modified:
>Originator: Harold Gutch
>Release: FreeBSD 5.1-CURRENT i386
>Organization:
>Environment:
System: FreeBSD outside.gutch.net 5.1-CURRENT FreeBSD 5.1-CURRENT #4: Mon Oct 20 22:19:12 CEST 2003 logix at outside.gutch.net:/usr/obj/usr/src/sys/OUTSIDE i386
No SCSI, one ATAPI CDRW, using atapicam.
>Description:
When running "camcontrol devlist" on a -CURRENT kernel from about 9 hours
ago (Oct 20, ~12:00 UTC) with INVARIANT_SUPPORT, INVARIANTS, WITNESS and
WITNESS_SKIPSKIN, I get a panic:
panic: vmapbuf
Debugger("panic")
Stopped at Debugger+0x54: xchgl %ebx,in_Debugger.0
db> where
Debugger(c068bbbe,c06ecec0,c0692054,caac07ec,100) at Debugger+0x54
panic(c0692054,1,c069185a,e6e,0) at panic+0xd5
vmapbuf(c28dc798,0,c0676925,270,1) at vmapbuf+0x18e
cam_periph_mapmem(c0df4c00,caac08a0,0,caac08a4,c051a0c3) at cam_periph_mapmem+0x291
xptioctl(c164de00,c2601502,c0df4c00,3,c1823130) at xptioctl+0x26a
spec_ioctl(caac0b7c,caac0c28,c05590b1,caac0b7c,c04e977d) at spec_ioctl+0x19e
spec_vnoperate(caac0b7c,c04e977d,c06ee5a0,1,c06d6560) at spec_vnoperate+0x18
vn_ioctl(c1692220,c2601502,c0df4c00,c164f800,c1823130) at vn_ioctl+0x1a1
ioctl(c1823130,caac0d10,c06a2c0a,3ed,3) at ioctl+0x475
syscall(2f,2f,2f,bfbff814,0) at syscall+0x2c0
Xint0x80_syscall() at Xint0x80_syscall+0x1d
--- syscall (54, FreeBSD ELF32, ioctl), eip = 0x805463b, esp = 0xbfbff5ec, ebp = 0xbfbff9e8 ---
And then, in kgdb
panic: vmapbuf
panic: from debugger
Uptime: 59s
Dumping 64 MB
16 32 48
---
#0 doadump () at /usr/src/sys/kern/kern_shutdown.c:240
240 dumping++;
(kgdb) where
#0 doadump () at /usr/src/sys/kern/kern_shutdown.c:240
#1 0xc04f308c in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:372
#2 0xc04f3417 in panic () at /usr/src/sys/kern/kern_shutdown.c:550
#3 0xc0440752 in db_panic () at /usr/src/sys/ddb/db_command.c:450
#4 0xc04406b2 in db_command (last_cmdp=0xc06d7cc0, cmd_table=0x0,
aux_cmd_tablep=0xc06a79b0, aux_cmd_tablep_end=0xc06a79b4)
at /usr/src/sys/ddb/db_command.c:346
#5 0xc04407f5 in db_command_loop () at /usr/src/sys/ddb/db_command.c:472
#6 0xc04437f5 in db_trap (type=3, code=0) at /usr/src/sys/ddb/db_trap.c:73
#7 0xc063d67c in kdb_trap (type=3, code=0, regs=0xca80f764)
at /usr/src/sys/i386/i386/db_interface.c:171
#8 0xc064e4aa in trap (frame=
#9 0xc063f068 in calltrap () at {standard input}:102
#10 0xc04f33a5 in panic (fmt=0xc0692054 "vmapbuf")
at /usr/src/sys/kern/kern_shutdown.c:534
#11 0xc053fd0e in vmapbuf (bp=0xc28dc798) at /usr/src/sys/kern/vfs_bio.c:3729
#12 0xc042e221 in cam_periph_mapmem (ccb=0x0, mapinfo=0xca80f8a0)
at /usr/src/sys/cam/cam_periph.c:652
#13 0xc04303da in xptioctl (dev=0x0, cmd=3244684288, addr=0xca80f8a0 "",
flag=3, td=0xc1677be0) at /usr/src/sys/cam/cam_xpt.c:1132
#14 0xc04b86de in spec_ioctl (ap=0xca80fb7c)
at /usr/src/sys/fs/specfs/spec_vnops.c:351
#15 0xc04b7cc8 in spec_vnoperate (ap=0x0)
at /usr/src/sys/fs/specfs/spec_vnops.c:122
#16 0xc05590b1 in vn_ioctl (fp=0xc16933fc, com=3261076738, data=0xc165f400,
active_cred=0xc1849b00, td=0xc1677be0) at vnode_if.h:503
#17 0xc051bdf5 in ioctl (td=0xc1677be0, uap=0xca80fd10)
at /usr/src/sys/sys/file.h:261
#18 0xc064ee10 in syscall (frame=
{tf_fs = 47, tf_es = 47, tf_ds = 47, tf_edi = -1077938156, tf_esi = 0, tf_ebp = -1077937688, tf_isp = -897516172, tf_ebx = 134651066, tf_edx = 0, tf_ecx = 0, tf_eax = 54, tf_trapno = 12, tf_err = 2, tf_eip = 134563387, tf_cs = 31, tf_eflags = 518, tf_esp = -1077938708, tf_ss = 47})
at /usr/src/sys/i386/i386/trap.c:1009
#19 0xc063f0bd in Xint0x80_syscall () at {standard input}:144
---Can't read userspace from dump, or kernel process---
(kgdb) up 11
#11 0xc053fd0e in vmapbuf (bp=0xc28dc798) at /usr/src/sys/kern/vfs_bio.c:3729
3729 panic("vmapbuf: mapped more than MAXPHYS");
(kgdb) list
3724 if (m == NULL)
3725 goto retry;
3726 bp->b_pages[pidx] = m;
3727 }
3728 if (pidx > btoc(MAXPHYS))
3729 panic("vmapbuf: mapped more than MAXPHYS");
3730 pmap_qenter((vm_offset_t)bp->b_saveaddr, bp->b_pages, pidx);
3731
3732 kva = bp->b_saveaddr;
3733 bp->b_npages = pidx;
(kgdb) print pidx
$1 = -897517408
(kgdb) print *bp
$3 = {b_io = {bio_cmd = 1, bio_dev = 0xc162d600, bio_disk = 0x0,
bio_offset = 30445568, bio_bcount = 12288, bio_data = 0x807b000---Can't read userspace from dump, or kernel process---
With INVARIANT_SUPPORT and INVARIANTS but without WITNESS, I don't get a
panic, but rather a freeze when running "camcontrol devlist". A break on
the serial console brings me to ddb then:
panic: vmapbuf
Debugger("panic")
Stopped at Debugger+0x54: xchgl %ebx,in_Debugger.0
db> where
Debugger(c06881b8,c06e7260,c068ce6f,ca80f7f4,100) at Debugger+0x54
panic(c068ce6f,1,c068c675,e6e,0) at panic+0xd5
vmapbuf(c28dc798,0,c0672f05,270,1) at vmapbuf+0x18e
cam_periph_mapmem(c165f400,ca80f8a8,c1676be0,ca80f894,c0540228) at cam_periph_mapmem+0x291
xptioctl(c165ab00,c2601502,c165f400,3,c1676be0) at xptioctl+0x26a
spec_ioctl(ca80fb7c,ca80fc28,c0555931,ca80fb7c,217) at spec_ioctl+0x14c
spec_vnoperate(ca80fb7c,217,c06e55a0,3ac,c06d0900) at spec_vnoperate+0x18
vn_ioctl(c1693f24,c2601502,c165f400,c184aa80,c1676be0) at vn_ioctl+0x1a1
ioctl(c1676be0,ca80fd10,c069da52,3ed,3) at ioctl+0x475
syscall(2f,2f,2f,bfbff814,0) at syscall+0x2c0
Xint0x80_syscall() at Xint0x80_syscall+0x1d
--- syscall (54, FreeBSD ELF32, ioctl), eip = 0x805463b, esp = 0xbfbff5ec, ebp = 0xbfbff9e8 ---
db>
>How-To-Repeat:
Add INVARIANT_SUPPORT, INVARIANTS, WITNESS and WITNESS_SKIPSKIN to your
kernelconfig and run "camcontrol devlist".
>Fix:
None known.
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list