Bug 219074

Summary: panic on cd insert
Product: Base System Reporter: Steven Hartland <smh>
Component: kernAssignee: freebsd-bugs (Nobody) <bugs>
Status: New ---    
Severity: Affects Only Me    
Priority: ---    
Version: 11.0-RELEASE   
Hardware: Any   
OS: Any   

Description Steven Hartland freebsd_committer freebsd_triage 2017-05-04 23:02:39 UTC 
When inserting a cdrom on a supermicro IPMI I got the following panic:
Fatal trap 9: general protection fault while in kernel mode
cpuid = 23; apic id = 2b
instruction pointer     = 0x20:0xffffffff80304f65
stack pointer           = 0x28:0xfffffe0f9452d640
frame pointer           = 0x28:0xfffffe0f9452d6e0
code segment            = base rx0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 13 (g_event)
trap number             = 9
panic: general protection fault
cpuid = 23
KDB: stack backtrace:
#0 0xffffffff807d80f7 at kdb_backtrace+0x67
#1 0xffffffff8078d4a2 at vpanic+0x182
#2 0xffffffff8078d313 at panic+0x43
#3 0xffffffff80a97d81 at trap_fatal+0x351
#4 0xffffffff80a97a18 at trap+0x768
#5 0xffffffff80a7af41 at calltrap+0x8
#6 0xffffffff802fe682 at cdopen+0x212
#7 0xffffffff806f2225 at g_disk_access+0xc5
#8 0xffffffff806f800e at g_access+0x17e
#9 0xffffffff806f800e at g_access+0x17e
#10 0xffffffff806ef570 at g_dev_attrchanged+0x60
#11 0xffffffff806ef432 at g_dev_taste+0x2d2
#12 0xffffffff806f864a at g_new_provider_event+0xba
#13 0xffffffff806f367e at g_run_events+0x20e
#14 0xffffffff80744085 at fork_exit+0x85
#15 0xffffffff80a7b47e at fork_trampoline+0xe


#0  doadump (textdump=<value optimized out>) at pcpu.h:221
#1  0xffffffff8078cf29 in kern_reboot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:366
#2  0xffffffff8078d4db in vpanic (fmt=<value optimized out>, ap=<value optimized out>) at /usr/src/sys/kern/kern_shutdown.c:759
#3  0xffffffff8078d313 in panic (fmt=0x0) at /usr/src/sys/kern/kern_shutdown.c:690
#4  0xffffffff80a97d81 in trap_fatal (frame=0xfffffe0f9452d590, eva=0) at /usr/src/sys/amd64/amd64/trap.c:841
#5  0xffffffff80a97a18 in trap (frame=0xfffffe0f9452d590) at /usr/src/sys/amd64/amd64/trap.c:203
#6  0xffffffff80a7af41 in calltrap () at /usr/src/sys/amd64/amd64/exception.S:236
#7  0xffffffff80304f65 in cdcheckmedia (periph=0xfffff80135338a00) at /usr/src/sys/cam/scsi/scsi_cd.c:2340
#8  0xffffffff802fe682 in cdopen (dp=<value optimized out>) at /usr/src/sys/cam/scsi/scsi_cd.c:740
#9  0xffffffff806f2225 in g_disk_access (pp=0x9d, r=<value optimized out>, w=0, e=1) at /usr/src/sys/geom/geom_disk.c:122
#10 0xffffffff806f800e in g_access (cp=0xfffff80019bd7480, dcr=1, dcw=0, dce=1) at /usr/src/sys/geom/geom_subr.c:924
#11 0xffffffff806f800e in g_access (cp=0xfffff80019bd9580, dcr=1, dcw=0, dce=0) at /usr/src/sys/geom/geom_subr.c:924
#12 0xffffffff806ef570 in g_dev_attrchanged (cp=0xfffff80019bd9580, attr=0xffffffff80c0c0b9 "GEOM::physpath") at /usr/src/sys/geom/geom_dev.c:231
#13 0xffffffff806ef432 in g_dev_taste (mp=<value optimized out>, pp=<value optimized out>, insist=<value optimized out>) at /usr/src/sys/geom/geom_dev.c:347
#14 0xffffffff806f864a in g_new_provider_event (arg=<value optimized out>, flag=<value optimized out>) at /usr/src/sys/geom/geom_subr.c:552
#15 0xffffffff806f367e in g_run_events () at /usr/src/sys/geom/geom_event.c:264
#16 0xffffffff80744085 in fork_exit (callout=0xffffffff806f6120 <g_event_procbody>, arg=0x0, frame=0xfffffe0f9452dac0) at /usr/src/sys/kern/kern_fork.c:1038
#17 0xffffffff80a7b47e in fork_trampoline () at /usr/src/sys/amd64/amd64/exception.S:611
#18 0x0000000000000000 in ?? ()

Looking at frame 7 the value for softc->disk is bogus:

(kgdb) frame 7
#7  0xffffffff80304f65 in cdcheckmedia (periph=0xfffff80135338a00) at /usr/src/sys/cam/scsi/scsi_cd.c:2340
2340            if ((softc->disk->d_devstat->flags & DEVSTAT_BS_UNAVAILABLE) != 0)
(kgdb) print softc
$1 = (struct cd_softc *) 0xfffff8013564a000
(kgdb) print softc->disk
$2 = (struct disk *) 0xf741c7b074d58fe4

It looks like there may be a setup / locking issue, when the IPMI device triggered the insert of the cd.

Relevant messages just prior to the panic:
May  4 14:54:31 host02 kernel: cd0 at umass-sim1 bus 1 scbus3 target 0 lun 0
May  4 14:54:31 host02 kernel: cd0: <IPMI Virtual CDROM 3000> Removable CD-ROM SCSI device
May  4 14:54:31 host02 kernel: cd0: 40.000MB/s transfers
May  4 14:54:31 host02 kernel: cd0: 685MB (350720 2048 byte sectors)
May  4 14:54:31 host02 kernel: cd0: quirks=0x10<10_BYTE_ONLY>