From gpr@nvnpp.vrn.ru  Wed Jan 22 04:43:43 2003
Return-Path: <gpr@nvnpp.vrn.ru>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id B5C7037B401
	for <FreeBSD-gnats-submit@freebsd.org>; Wed, 22 Jan 2003 04:43:43 -0800 (PST)
Received: from relay.nvnpp.vrn.ru (relay.nvnpp.vrn.ru [195.98.93.66])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 6D66B43F18
	for <FreeBSD-gnats-submit@freebsd.org>; Wed, 22 Jan 2003 04:43:41 -0800 (PST)
	(envelope-from gpr@nvnpp.vrn.ru)
Received: from gpr by relay.nvnpp.vrn.ru with local (Exim)
	id 18bKEF-0006JF-00
	for FreeBSD-gnats-submit@freebsd.org; Wed, 22 Jan 2003 15:43:39 +0300
Message-Id: <E18bKEF-0006JF-00@relay.nvnpp.vrn.ru>
Date: Wed, 22 Jan 2003 15:43:39 +0300
From: Gennady Proskurin <gpr@nvnpp.vrn.ru>
Sender: Gennady Proskurin <gpr@relay.nvnpp.vrn.ru>
Reply-To: Gennady Proskurin <gpr@nvnpp.vrn.ru>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: panic after kldunload snp
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         47359
>Category:       kern
>Synopsis:       [snp] [panic] panic after kldunload snp
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    linimon
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Jan 22 04:50:01 PST 2003
>Closed-Date:    Sun Mar 04 02:22:10 GMT 2007
>Last-Modified:  Sun Mar 04 02:22:10 GMT 2007
>Originator:     Gennady Proskurin
>Release:        FreeBSD 4.7-RELEASE-p3 i386
>Organization:
>Environment:

	
>Description:
	When snp module unloaded after watch(8) connected and
	disconnected from tty, doing lstat(2) on /dev/snp*
	makes system panic.
>How-To-Repeat:
	- Compile kernel without snp
	- Watch some tty, then exit watch
	- kldunload snp
	- ls -l /dev/snp*
	panic...

I kept core, so I can give some additional information from gdb.

IdlePTD at phsyical address 0x002fc000
initial pcb at physical address 0x00278960
panicstr: page fault
panic messages:
---
Fatal trap 12: page fault while in kernel mode
fault virtual address	= 0xc18b8510
fault code		= supervisor read, page not present
instruction pointer	= 0x8:0xc0196005
stack pointer	        = 0x10:0xccf2bdd0
frame pointer	        = 0x10:0xccf2bddc
code segment		= base 0x0, limit 0xfffff, type 0x1b
			= DPL 0, pres 1, def32 1, gran 1
processor eflags	= interrupt enabled, resume, IOPL = 0
current process		= 11876 (ls)
interrupt mask		= none
trap number		= 12
panic: page fault

syncing disks... 13 1 1 
done
Uptime: 12d6h2m26s

dumping to dev #da/0x20001, offset 8192
---
#0  dumpsys () at /usr/src/sys/kern/kern_shutdown.c:487
487		if (dumping++) {
(kgdb) bt
#0  dumpsys () at /usr/src/sys/kern/kern_shutdown.c:487
#1  0xc0166d9c in boot (howto=256) at /usr/src/sys/kern/kern_shutdown.c:316
#2  0xc01671e9 in panic (fmt=0xc024e84c "%s")
    at /usr/src/sys/kern/kern_shutdown.c:595
#3  0xc0216564 in trap_fatal (frame=0xccf2bd90, eva=3247146256)
    at /usr/src/sys/i386/i386/trap.c:974
#4  0xc0216201 in trap_pfault (frame=0xccf2bd90, usermode=0, eva=3247146256)
    at /usr/src/sys/i386/i386/trap.c:867
#5  0xc0215d73 in trap (frame={tf_fs = -856555504, tf_es = -867827696, 
      tf_ds = -861601776, tf_edi = -862491648, tf_esi = -862491648, 
      tf_ebp = -856506916, tf_isp = -856506948, tf_ebx = 0, tf_edx = 0, 
      tf_ecx = 7, tf_eax = -1047821088, tf_trapno = 12, tf_err = 0, 
      tf_eip = -1072078843, tf_cs = 8, tf_eflags = 66178, 
      tf_esp = -1055470080, tf_ss = -856506868})
    at /usr/src/sys/i386/i386/trap.c:466
#6  0xc0196005 in vn_isdisk (vp=0xcc976c00, errp=0x0)
    at /usr/src/sys/kern/vfs_subr.c:3072
#7  0xc019bcac in vn_stat (vp=0xcc976c00, sb=0xccf2bed4, p=0xccd71ba0)
    at /usr/src/sys/kern/vfs_vnops.c:536
#8  0xc0198593 in lstat (p=0xccd71ba0, uap=0xccf2bf80)
    at /usr/src/sys/kern/vfs_syscalls.c:1826
#9  0xc021679a in syscall2 (frame={tf_fs = 47, tf_es = 47, tf_ds = 47, 
      tf_edi = 134880256, tf_esi = 134897812, tf_ebp = -1077939084, 
      tf_isp = -856506412, tf_ebx = 134880328, tf_edx = 134881408, tf_ecx = 0, 
      tf_eax = 190, tf_trapno = 12, tf_err = 2, tf_eip = 134575376, 
      tf_cs = 31, tf_eflags = 659, tf_esp = -1077939224, tf_ss = 47})
    at /usr/src/sys/i386/i386/trap.c:1175
#10 0xc0209625 in Xint0x80_syscall ()
#11 0x8056e45 in ?? ()
#12 0x8056a8c in ?? ()
#13 0x8048b91 in ?? ()
#14 0x8048a1c in ?? ()
#15 0x8048135 in ?? ()
(kgdb) l *0xc0196005
0xc0196005 is in vn_isdisk (/usr/src/sys/kern/vfs_subr.c:3072).
3067		if (!devsw(vp->v_rdev)) {
3068			if (errp != NULL)
3069				*errp = ENXIO;
3070			return (0);
3071		}
3072		if (!(devsw(vp->v_rdev)->d_flags & D_DISK)) {
3073			if (errp != NULL)
3074				*errp = ENOTBLK;
3075			return (0);
3076		}
(kgdb)

	
>Fix:

	


>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->dd 
Responsible-Changed-By: kris 
Responsible-Changed-When: Fri Oct 10 22:40:47 PDT 2003 
Responsible-Changed-Why:  
dd did the work to make snp kldloadable. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=47359 
State-Changed-From-To: open->feedback 
State-Changed-By: linimon 
State-Changed-When: Sun Mar 4 02:19:06 UTC 2007 
State-Changed-Why:  
To submitter: is this still a problem in modern versions of FreeBSD? 

http://www.freebsd.org/cgi/query-pr.cgi?pr=47359 
State-Changed-From-To: feedback->closed 
State-Changed-By: linimon 
State-Changed-When: Sun Mar 4 02:21:51 UTC 2007 
State-Changed-Why:  
Submitter's email address bounces. 


Responsible-Changed-From-To: dd->linimon 
Responsible-Changed-By: linimon 
Responsible-Changed-When: Sun Mar 4 02:21:51 UTC 2007 
Responsible-Changed-Why:  

http://www.freebsd.org/cgi/query-pr.cgi?pr=47359 
>Unformatted:
