Bug 17146

Summary: panic in devfs_open() while mounting device from devfs
Product: Base System Reporter: gem <gem>
Component: kernAssignee: freebsd-bugs (Nobody) <bugs>
Status: Closed FIXED    
Severity: Affects Only Me    
Priority: Normal    
Version: 4.0-CURRENT   
Hardware: Any   
OS: Any   

Description gem 2000-03-03 12:10:01 UTC 
panic in devfs_open() while mounting device on devfs

SMP 2 cpus
IdlePTD 3506176
initial pcb at 2cf980
panicstr: page fault
panic messages:
---
Fatal trap 12: page fault while in kernel mode
mp_lock = 00000002; cpuid = 0; lapic.id = 00000000
fault virtual address   = 0x0
fault code              = supervisor read, page not present
instruction pointer     = 0x8:0xc01903f6
stack pointer           = 0x10:0xd043fcd0
frame pointer           = 0x10:0xd043fd04
code segment            = base rx0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, def32 1, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 182 (mount)
interrupt mask          = none <- SMP: XXX
trap number             = 12
panic: page fault
mp_lock = 00000002; cpuid = 0; lapic.id = 00000000
boot() called on cpu#0

syncing disks... 2 2 
done
Uptime: 13m8s

dumping to dev #da/9, offset 86119
dump 256 255 254 253 252 251 250 ...
(kgdb) bt
#0  boot (howto=256) at ../../kern/kern_shutdown.c:304
#1  0xc015b560 in poweroff_wait (junk=0xc02a244f, howto=-821729120)
    at ../../kern/kern_shutdown.c:554
#2  0xc0263d53 in trap_fatal (frame=0xd043fc90, eva=0)
    at ../../i386/i386/trap.c:924
#3  0xc02639e9 in trap_pfault (frame=0xd043fc90, usermode=0, eva=0)
    at ../../i386/i386/trap.c:817
#4  0xc02635e7 in trap (frame={tf_fs = -800915432, tf_es = -800915440, 
      tf_ds = -1072168944, tf_edi = -1050317440, tf_esi = -801124384, 
      tf_ebp = -800850684, tf_isp = -800850756, tf_ebx = -1070803008, 
      tf_edx = -800850612, tf_ecx = -801124384, tf_eax = 0, tf_trapno = 12, 
      tf_err = 0, tf_eip = -1072102410, tf_cs = 8, tf_eflags = 66194, 
      tf_esp = -1050317440, tf_ss = 3}) at ../../i386/i386/trap.c:423
#5  0xc01903f6 in devfs_open (ap=0xd043fd4c)
    at ../../miscfs/devfs/devfs_vnops.c:1336
#6  0xc0220fe1 in ffs_mountfs (devvp=0xd03fcfe0, mp=0xc164fc00, p=0xcf0568a0, 
    malloctype=0xc02c1860) at vnode_if.h:189
#7  0xc02208d4 in ffs_mount (mp=0xc164fc00, path=0xbfbff024 "/mnt", 
    data=0xbfbfef70 "n|??", ndp=0xd043fe98, p=0xcf0568a0)
    at ../../ufs/ffs/ffs_vfsops.c:357
#8  0xc0186c6f in mount (p=0xcf0568a0, uap=0xd043ff80)
    at ../../kern/vfs_syscalls.c:304
#9  0xc0263f9e in syscall (frame={tf_fs = 47, tf_es = 47, tf_ds = 47, 
      tf_edi = 134664598, tf_esi = -1077940188, tf_ebp = -1077940260, 
      tf_isp = -800849964, tf_ebx = 0, tf_edx = 0, tf_ecx = -1077940480, 
      tf_eax = 21, tf_trapno = 12, tf_err = 2, tf_eip = 134535536, tf_cs = 31, 
      tf_eflags = 582, tf_esp = -1077940448, tf_ss = 47})
    at ../../i386/i386/trap.c:1073
#10 0xc0252031 in Xint0x80_syscall ()
#11 0x8048b11 in ?? ()
#12 0x80486a1 in ?? ()
#13 0x80480f9 in ?? ()
....
(kgdb) l
1331                                    return (EPERM);
1332                    }
1333                    if ((dsw->d_flags & D_TYPEMASK) == D_TTY)
1334                            vp->v_flag |= VISTTY;
1335                    VOP_UNLOCK(vp, 0, p);
1336                    error = (*vp->v_rdev->si_devsw->d_open)(
1337                                            vp->v_rdev,
1338                                            ap->a_mode,
1339                                            S_IFCHR,
1340                                            p);
(kgdb) p *vp
$1 = {v_flag = 8192, v_usecount = 1, v_writecount = 0, v_holdcnt = 0, 
  v_id = 4025, v_mount = 0xc163fa00, v_op = 0xc15ea200, v_freelist = {
    tqe_next = 0x0, tqe_prev = 0xd03fd1dc}, v_mntvnodes = {
    le_next = 0xd03fd1c0, le_prev = 0xc163fa18}, v_cleanblkhd = {
    tqh_first = 0x0, tqh_last = 0xd03fd00c}, v_dirtyblkhd = {tqh_first = 0x0, 
    tqh_last = 0xd03fd014}, v_synclist = {le_next = 0x0, le_prev = 0x0}, 
  v_numoutput = 0, v_type = VCHR, v_un = {vu_mountedhere = 0xc1656d80, 
    vu_socket = 0xc1656d80, vu_spec = {vu_specinfo = 0xc1656d80, 
      vu_specnext = {sle_next = 0x0}}, vu_fifoinfo = 0xc1656d80}, 
  v_lease = 0x0, v_lastw = 0, v_cstart = 0, v_lasta = 0, v_clen = 0, 
  v_object = 0xd043a8a0, v_interlock = {lock_data = 0}, v_vnlock = 0x0, 
  v_tag = VT_DEVFS, v_data = 0xc16de400, v_cache_src = {lh_first = 0x0}, 
  v_cache_dst = {tqh_first = 0x0, tqh_last = 0xd03fd060}, v_dd = 0xd03fcfe0, 
  v_ddid = 0, v_pollinfo = {vpi_lock = {lock_data = 0}, vpi_selinfo = {
      si_pid = 0, si_flags = 0}, vpi_events = 0, vpi_revents = 0}}
(kgdb) p vp->v_un.vu_spec    
$3 = {vu_specinfo = 0xc1656d80, vu_specnext = {sle_next = 0x0}}
(kgdb)  p *vp->v_un.vu_spec.vu_specinfo
$5 = {si_flags = 0, si_udev = 3334, si_hash = {le_next = 0xc15c6680, 
    le_prev = 0xc168b908}, si_hlist = {slh_first = 0xd03fcfe0}, 
  si_name = '\000' <repeats 15 times>, si_drv1 = 0x0, si_drv2 = 0x0, 
  si_devsw = 0x0, si_devfs = 0x0, si_bdevfs = 0x0, si_iosize_max = 0, 
  __si_u = {__si_tty = {__sit_tty = 0x0}, __si_disk = {__sid_disk = 0x0, 
      __sid_mountpoint = 0x0, __sid_bsize_phys = 0, __sid_bsize_best = 0}}}

How-To-Repeat: bash-2.03# mount_devfs / /devs
bash-2.03# mount /devs/rda0s1g /mnt
Comment 1 Poul-Henning Kamp freebsd_committer freebsd_triage 2001-02-20 19:29:47 UTC 
State Changed
From-To: open->closed

Overtaken by events.  Sorry.