panic on mount_cd9660

Vladimir Kushnir vkushnir at Alfacom.net
Fri Nov 14 17:18:05 PST 2003 

As of yesterday's sources, this panic is precisely the same. Actually, it
can be triggered by simply running "cdcontrol -f acdX info" with 2
different audio CDs in a row. And it doesn't happen with ATAPICAM devices
cdX. GDB session transcript attached.

On Mon, 10 Nov 2003, Pav Lucistnik wrote:

> FreeBSD hood.oook.cz 5.1-CURRENT FreeBSD 5.1-CURRENT #6: Mon Nov 10
> 20:26:12 CET 2003     root at hood.oook.cz:/usr/obj/usr/src/sys/PAV  i386
>
> What I did:
> 1) insert SVCD in the CD-ROM drive
> 2) play some tracks from it. note /dev/acd0t1 /dev/acd0t2 etc...
> 3) remove SVCD from the CD-ROM drive
> 4) put data CD in the CD-ROM drive
> 5) mount_cd9660 /dev/acd0 /mnt/cdrom
>
<snip gdb session>

Regards,
Vladimir
-------------- next part --------------
panic messages:
---
Fatal trap 12: page fault while in kernel mode
fault virtual address	= 0x1c
fault code		= supervisor read, page not present
instruction pointer	= 0x8:0xc04f2da3
stack pointer	        = 0x10:0xcbc94c68
frame pointer	        = 0x10:0xcbc94c80
code segment		= base 0x0, limit 0xfffff, type 0x1b
			= DPL 0, pres 1, def32 1, gran 1
processor eflags	= interrupt enabled, resume, IOPL = 0
current process		= 2 (g_event)
panic: from debugger


Fatal trap 3: breakpoint instruction fault while in kernel mode
instruction pointer	= 0x8:0xc06112f4
stack pointer	        = 0x10:0xcbc949e0
frame pointer	        = 0x10:0xcbc949ec
code segment		= base 0x0, limit 0xfffff, type 0x1b
			= DPL 0, pres 1, def32 1, gran 1
processor eflags	= IOPL = 0
current process		= 2 (g_event)
---

(kgdb) bt
#0  doadump () at /usr/src/sys/kern/kern_shutdown.c:240
#1  0xc04d6180 in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:372
#2  0xc04d6568 in panic () at /usr/src/sys/kern/kern_shutdown.c:550
#3  0xc045d3e2 in db_panic () at /usr/src/sys/ddb/db_command.c:450
#4  0xc045d342 in db_command (last_cmdp=0xc0693360, cmd_table=0x0, 
    aux_cmd_tablep=0xc0668ff4, aux_cmd_tablep_end=0xc0668ff8)
    at /usr/src/sys/ddb/db_command.c:346
#5  0xc045d485 in db_command_loop () at /usr/src/sys/ddb/db_command.c:472
#6  0xc04604a5 in db_trap (type=12, code=0) at /usr/src/sys/ddb/db_trap.c:73
#7  0xc061103c in kdb_trap (type=12, code=0, regs=0xcbc94c28)
    at /usr/src/sys/i386/i386/db_interface.c:171
#8  0xc0624fa6 in trap_fatal (frame=0xcbc94c28, eva=0)
    at /usr/src/sys/i386/i386/trap.c:816
#9  0xc0624c72 in trap_pfault (frame=0xcbc94c28, usermode=0, eva=28)
    at /usr/src/sys/i386/i386/trap.c:735
#10 0xc06247cd in trap (frame=
      {tf_fs = -1060962280, tf_es = -1035993072, tf_ds = -1035993072, tf_edi = 0, tf_esi = -1036926336, tf_ebp = -876000128, tf_isp = -876000172, tf_ebx = -1034088208, tf_edx = 0, tf_ecx = -1066807068, tf_eax = 1, tf_trapno = 12, tf_err = 0, tf_eip = -1068552797, tf_cs = 8, tf_eflags = 66051, tf_esp = -876000104, tf_ss = -1068903426}) at /usr/src/sys/i386/i386/trap.c:420
#11 0xc06129f8 in calltrap () at {standard input}:94
#12 0xc04a1d88 in g_destroy_provider (pp=0xc25d10f0)
    at /usr/src/sys/geom/geom_subr.c:416
#13 0xc049ed65 in g_orphan_register (pp=0xc231c280)
    at /usr/src/sys/geom/geom_event.c:143
#14 0xc049ee8c in one_event () at /usr/src/sys/geom/geom_event.c:169
#15 0xc049f0b5 in g_run_events () at /usr/src/sys/geom/geom_event.c:202
#16 0xc04a00e5 in g_event_procbody () at /usr/src/sys/geom/geom_kern.c:134
#17 0xc04bee10 in fork_exit (callout=0xc04a00c0 <g_event_procbody>, arg=0x0, 
    frame=0x0) at /usr/src/sys/kern/kern_fork.c:793
(kgdb) frame 12
#12 0xc04a1d88 in g_destroy_provider (pp=0xc25d10f0)
    at /usr/src/sys/geom/geom_subr.c:416
416		devstat_remove_entry(pp->stat);
(kgdb) list
411		KASSERT (pp->acw == 0, ("g_destroy_provider with acw"));
412		KASSERT (pp->acw == 0, ("g_destroy_provider with ace"));
413		g_cancel_event(pp);
414		LIST_REMOVE(pp, provider);
415		gp = pp->geom;
416		devstat_remove_entry(pp->stat);
417		g_free(pp);
418		if ((gp->flags & G_GEOM_WITHER))
419			g_wither_geom(gp, 0);
420	}
(kgdb) print pp
$1 = (struct g_provider *) 0xc25d10f0
(kgdb) print *pp
$2 = {name = 0x0, provider = {le_next = 0x0, le_prev = 0x0}, geom = 0x0, 
  consumers = {lh_first = 0x0}, acr = 0, acw = 0, ace = 0, error = 0, 
  orphan = {tqe_next = 0x0, tqe_prev = 0x0}, index = 0, mediasize = 0, 
  sectorsize = 0, stripesize = 0, stripeoffset = 0, stat = 0x0, nstart = 0, 
  nend = 0, flags = 0}
(kgdb) frame 13
#13 0xc049ed65 in g_orphan_register (pp=0xc231c280)
    at /usr/src/sys/geom/geom_event.c:143
143			g_destroy_provider(pp);
(kgdb) print pp
$3 = (struct g_provider *) 0xc231c280
(kgdb) print *pp
$4 = {name = 0xc22b93b0 "acd0", provider = {le_next = 0xc0670f00, 
    le_prev = 0x0}, geom = 0xc231c808, consumers = {lh_first = 0x0}, 
  acr = -1033931776, acw = -1036925696, ace = -1036924904, error = 1, 
  orphan = {tqe_next = 0xc0485260, tqe_prev = 0x0}, index = 0, 
  mediasize = 3225961040, sectorsize = 3225961648, stripesize = 3258105856, 
  stripeoffset = 0, stat = 0x0, nstart = 0, nend = 0, flags = 0}

More information about the freebsd-current mailing list