From owner-freebsd-stable@FreeBSD.ORG  Tue Sep 11 08:04:58 2007
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 0651416A417
	for <freebsd-stable@freebsd.org>; Tue, 11 Sep 2007 08:04:58 +0000 (UTC)
	(envelope-from peterjeremy@optushome.com.au)
Received: from turion.vk2pj.dyndns.org
	(c220-239-20-82.belrs4.nsw.optusnet.com.au [220.239.20.82])
	by mx1.freebsd.org (Postfix) with ESMTP id 813AB13C457
	for <freebsd-stable@freebsd.org>; Tue, 11 Sep 2007 08:04:57 +0000 (UTC)
	(envelope-from peterjeremy@optushome.com.au)
Received: from turion.vk2pj.dyndns.org (localhost.vk2pj.dyndns.org [127.0.0.1])
	by turion.vk2pj.dyndns.org (8.14.1/8.14.1) with ESMTP id l8B7nEke001256
	for <freebsd-stable@freebsd.org>; Tue, 11 Sep 2007 17:49:14 +1000 (EST)
	(envelope-from peter@turion.vk2pj.dyndns.org)
Received: (from peter@localhost)
	by turion.vk2pj.dyndns.org (8.14.1/8.14.1/Submit) id l8B7nEnK001255
	for freebsd-stable@freebsd.org; Tue, 11 Sep 2007 17:49:14 +1000 (EST)
	(envelope-from peter)
Date: Tue, 11 Sep 2007 17:49:14 +1000
From: Peter Jeremy <peterjeremy@optushome.com.au>
To: freebsd-stable@freebsd.org
Message-ID: <20070911074914.GA1175@turion.vk2pj.dyndns.org>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="cNdxnHkX5QqsyA0e"
Content-Disposition: inline
X-PGP-Key: http://members.optusnet.com.au/peterjeremy/pubkey.asc
User-Agent: Mutt/1.5.16 (2007-06-09)
Subject: crash in acd_geom_detach() whilst reading vcd
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>, 
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Sep 2007 08:04:58 -0000


--cNdxnHkX5QqsyA0e
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

I was trying to play a VCD (using mplayer) on my 6-STABLE system and
it runs for a while and then crashes.  This is reproducable with the
same traceback.

kgdb reports:
acd0: FAILURE - device detached

Fatal trap 12: page fault while in kernel mode
fault virtual address   =3D 0x3c8
fault code              =3D supervisor read data, page not present
instruction pointer     =3D 0x8:0xffffffff801b6489
stack pointer           =3D 0x10:0xffffffffa3561ba0
frame pointer           =3D 0x10:0xffffffffa3561bc0
code segment            =3D base 0x0, limit 0xfffff, type 0x1b
                        =3D DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags        =3D interrupt enabled, resume, IOPL =3D 0
current process         =3D 2 (g_event)
trap number             =3D 12
panic: page fault
KDB: stack backtrace:
panic() at panic+0x1c1
trap_fatal() at trap_fatal+0x298
trap_pfault() at trap_pfault+0x243
trap() at trap+0x298
calltrap() at calltrap+0x5
--- trap 0xc, rip =3D 0xffffffff801b6489, rsp =3D 0xffffffffa3561ba0, rbp =
=3D 0xffffffffa3561bc0 ---
acd_geom_detach() at acd_geom_detach+0x19
g_run_events() at g_run_events+0x1b7
g_event_procbody() at g_event_procbody+0x5a
fork_exit() at fork_exit+0x87
fork_trampoline() at fork_trampoline+0xe

A gdb backtrace shows:
#6  0xffffffff803787bb in calltrap () at /usr/src/sys/amd64/amd64/exception=
=2ES:168
#7  0xffffffff801b6489 in acd_geom_detach (arg=3D0xffffff00007e1100, flag=
=3D0x0) at /usr/src/sys/dev/ata/atapi-cd.c:194
#8  0xffffffff8022f267 in g_run_events () at /usr/src/sys/geom/geom_event.c=
:209
#9  0xffffffff802305ca in g_event_procbody () at /usr/src/sys/geom/geom_ker=
n.c:141
#10 0xffffffff80254f77 in fork_exit (callout=3D0xffffffff80230570 <g_event_=
procbody>, arg=3D0x0, frame=3D0xffffff0039dc4770)
    at /usr/src/sys/kern/kern_fork.c:821
#11 0xffffffff80378b1e in fork_trampoline () at /usr/src/sys/amd64/amd64/ex=
ception.S:394

The argument to acd_geom_detach() does include a NULL ivars:
(kgdb) p *(device_t)0xffffff00007e1100
$2 =3D {
  ops =3D 0xffffff0000825000,=20
  link =3D {
    tqe_next =3D 0xffffff00007c1c00,=20
    tqe_prev =3D 0xffffff00008ea130
  },=20
  devlink =3D {
    tqe_next =3D 0xffffff00007c1c00,=20
    tqe_prev =3D 0xffffff00009f1518
  },=20
  parent =3D 0xffffff00008ea100,=20
  children =3D {
    tqh_first =3D 0x0,=20
    tqh_last =3D 0xffffff00007e1130
  },=20
  driver =3D 0xffffffff80532220,=20
  devclass =3D 0xffffff00007ebe00,=20
  unit =3D 0x0,=20
  nameunit =3D 0xffffff00009d19d0 "acd0",=20
  desc =3D 0xffffff0039bd72a0 "TSSTcorpCD/DVDW TS-L532M/HR08",=20
  busy =3D 0x0,=20
  state =3D DS_ATTACHED,=20
  devflags =3D 0x0,=20
  flags =3D 0x5d,=20
  order =3D 0x0,=20
  pad =3D 0x0,=20
  ivars =3D 0x0,=20
  softc =3D 0xffffff0000acac00,=20
  sysctl_ctx =3D {
    tqh_first =3D 0xffffff0039bd7120,=20
    tqh_last =3D 0xffffff0039bd7228
  },=20
  sysctl_tree =3D 0xffffff0000b30600
}
(kgdb)=20

Is this behaviour expected?

--=20
Peter Jeremy


--cNdxnHkX5QqsyA0e
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (FreeBSD)

iD8DBQFG5kh6/opHv/APuIcRAmaHAJ9tcVBLQSUG7+DPySZFQwJL4dp0NwCfeC7a
b1JKKkOyj9uhTjWmXECcYG8=
=rC4d
-----END PGP SIGNATURE-----

--cNdxnHkX5QqsyA0e--