From owner-freebsd-bugs  Mon Jun  3  1:20:33 2002
Delivered-To: freebsd-bugs@hub.freebsd.org
Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21])
	by hub.freebsd.org (Postfix) with ESMTP id B9EB737B404
	for <freebsd-bugs@hub.freebsd.org>; Mon,  3 Jun 2002 01:20:02 -0700 (PDT)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.11.6/8.11.6) id g538K2P94522;
	Mon, 3 Jun 2002 01:20:02 -0700 (PDT)
	(envelope-from gnats)
Received: from snark.rtelekom.ru (snark.rtelekom.ru [217.146.42.132])
	by hub.freebsd.org (Postfix) with ESMTP id 2C0CC37B403
	for <FreeBSD-gnats-submit@freebsd.org>; Mon,  3 Jun 2002 01:11:22 -0700 (PDT)
Received: from snark.rtelekom.ru (paul@localhost [127.0.0.1])
	by snark.rtelekom.ru (8.12.3/8.12.2) with ESMTP id g538BGAj030347
	for <FreeBSD-gnats-submit@freebsd.org>; Mon, 3 Jun 2002 12:11:16 +0400 (MSD)
	(envelope-from paul@snark.rtelekom.ru)
Received: (from paul@localhost)
	by snark.rtelekom.ru (8.12.3/8.12.3/Submit) id g538BEGr030346;
	Mon, 3 Jun 2002 12:11:14 +0400 (MSD)
Message-Id: <200206030811.g538BEGr030346@snark.rtelekom.ru>
Date: Mon, 3 Jun 2002 12:11:14 +0400 (MSD)
From: Paul Argentoff <argentoff@rtelekom.ru>
Reply-To: Paul Argentoff <argentoff@rtelekom.ru>
To: FreeBSD-gnats-submit@FreeBSD.org
X-Send-Pr-Version: 3.113
Subject: kern/38848: kernel panic when removing memory stick from MSAC-US1 device
Sender: owner-freebsd-bugs@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-bugs.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-bugs>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-bugs>
X-Loop: FreeBSD.org


>Number:         38848
>Category:       kern
>Synopsis:       kernel panic when removing memory stick from MSAC-US1 device
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Mon Jun 03 01:20:01 PDT 2002
>Closed-Date:
>Last-Modified:
>Originator:     Paul Argentoff <argentoff@rtelekom.ru>
>Release:        FreeBSD 4.5-RELEASE i386
>Organization:
Ratmir-TeleKom, Tver, Russian Federation
>Environment:
System: FreeBSD a15.ratmir.tver.ru 4.5-RELEASE FreeBSD 4.5-RELEASE #1: Wed May 29 18:18:51 MSD 2002     root@a15.ratmir.tver.ru:/usr/src/sys/compile/A15-KRON  i386


>Description:
Sometimes (very often) when I remove a memory stick from MSAC-US1 (USB memory
stick reader from SONY), I get the following panic (here's the typescript of a
gdb session):

--- gdb-session begins here ---
Script started on Wed May 29 18:53:43 2002
[root@a15 crash]# gdb -k kernel.debug vmcore.6 
GNU gdb 4.18
Copyright 1998 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-unknown-freebsd"...
IdlePTD at phsyical address 0x00301000
initial pcb at physical address 0x00266040
panicstr: page fault
panic messages:
---
Fatal trap 12: page fault while in kernel mode
fault virtual address	= 0x4
fault code		= supervisor read, page not present
instruction pointer	= 0x8:0xc01bd58e
stack pointer	        = 0x10:0xc0243e68
frame pointer	        = 0x10:0xc0243e70
code segment		= base 0x0, limit 0xfffff, type 0x1b
			= DPL 0, pres 1, def32 1, gran 1
processor eflags	= interrupt enabled, resume, IOPL = 0
current process		= Idle
interrupt mask		= bio 
trap number		= 12
panic: page fault

syncing disks... 

Fatal trap 12: page fault while in kernel mode
fault virtual address	= 0x30
fault code		= supervisor read, page not present
instruction pointer	= 0x8:0xc019c598
stack pointer	        = 0x10:0xc0243c8c
frame pointer	        = 0x10:0xc0243c94
code segment		= base 0x0, limit 0xfffff, type 0x1b
			= DPL 0, pres 1, def32 1, gran 1
processor eflags	= interrupt enabled, resume, IOPL = 0
current process		= Idle
interrupt mask		= bio 
trap number		= 12
panic: page fault
Uptime: 1m23s

dumping to dev #ad/0x30004, offset 892952
dump ata0: resetting devices .. done
63 62 61 60 59 58 57 56 55 54 53 52 51 50 49 48 47 46 45 44 43 42 41 40 39 38 37 36 35 34 33 32 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0 
---
#0  dumpsys () at ../../kern/kern_shutdown.c:474
474		if (dumping++) {
(kgdb) where
#0  dumpsys () at ../../kern/kern_shutdown.c:474
#1  0xc0140458 in boot (howto=260) at ../../kern/kern_shutdown.c:313
#2  0xc014085d in panic (fmt=0xc023b80c "%s") at ../../kern/kern_shutdown.c:582
#3  0xc01fdf08 in trap_fatal (frame=0xc0243c4c, eva=48) at ../../i386/i386/trap.c:956
#4  0xc01fdb9d in trap_pfault (frame=0xc0243c4c, usermode=0, eva=48) at ../../i386/i386/trap.c:849
#5  0xc01fd72f in trap (frame={tf_fs = -1072300016, tf_es = 6815760, tf_ds = -1071382512, tf_edi = 0, 
      tf_esi = -1064190976, tf_ebp = -1071367020, tf_isp = -1071367048, tf_ebx = -1071303940, 
      tf_edx = 6832224, tf_ecx = -971604736, tf_eax = 0, tf_trapno = 12, tf_err = 0, tf_eip = -1072052840, 
      tf_cs = 8, tf_eflags = 66054, tf_esp = -1064190976, tf_ss = -1064190976})
    at ../../i386/i386/trap.c:448
#6  0xc019c598 in acquire_lock (lk=0xc02532fc) at ../../ufs/ffs/ffs_softdep.c:271
#7  0xc01a070c in softdep_update_inodeblock (ip=0xc091bc00, bp=0xc1d25874, waitfor=0)
    at ../../ufs/ffs/ffs_softdep.c:3775
#8  0xc019b6a6 in ffs_update (vp=0xc6167d00, waitfor=0) at ../../ufs/ffs/ffs_inode.c:106
#9  0xc01a3c4a in ffs_sync (mp=0xc08eea00, waitfor=2, cred=0xc05ab400, p=0xc0279500)
    at ../../ufs/ffs/ffs_vfsops.c:1014
#10 0xc0170e07 in sync (p=0xc0279500, uap=0x0) at ../../kern/vfs_syscalls.c:547
#11 0xc014022b in boot (howto=256) at ../../kern/kern_shutdown.c:234
#12 0xc014085d in panic (fmt=0xc023b80c "%s") at ../../kern/kern_shutdown.c:582
#13 0xc01fdf08 in trap_fatal (frame=0xc0243e28, eva=4) at ../../i386/i386/trap.c:956
#14 0xc01fdb9d in trap_pfault (frame=0xc0243e28, usermode=0, eva=4) at ../../i386/i386/trap.c:849
#15 0xc01fd72f in trap (frame={tf_fs = -1071382512, tf_es = -1071972336, tf_ds = -1063387120, tf_edi = 1, 
      tf_esi = -1064330496, tf_ebp = -1071366544, tf_isp = -1071366572, tf_ebx = -1064579264, tf_edx = 64, 
      tf_ecx = 0, tf_eax = 0, tf_trapno = 12, tf_err = 0, tf_eip = -1071917682, tf_cs = 8, 
      tf_eflags = 66055, tf_esp = -1064330496, tf_ss = -1064611840}) at ../../i386/i386/trap.c:448
#16 0xc01bd58e in uhci_check_intr (sc=0xc08b5000, ii=0xc08f9b00) at ../../dev/usb/uhci.c:1029
#17 0xc01bd517 in uhci_intr (arg=0xc08b5000) at ../../dev/usb/uhci.c:990
(kgdb) up 16
#16 0xc01bd58e in uhci_check_intr (sc=0xc08b5000, ii=0xc08f9b00) at ../../dev/usb/uhci.c:1029
1029			for (std = ii->stdstart; std != lstd; std = std->link.std) {
(kgdb) up 1
#17 0xc01bd517 in uhci_intr (arg=0xc08b5000) at ../../dev/usb/uhci.c:990
990			uhci_check_intr(sc, ii);
(kgdb) q
[root@a15 crash]# exit

Script done on Wed May 29 18:54:24 2002
--- gdb-session ends here ---


>How-To-Repeat:
For example, (though it's not the only situation when the problem arises) one
can reproduce the panic removing a memory stick shortly after it's been inserted
into the reader (while usbd is still registering the device in the system).

>Fix:
No idea.

>Release-Note:
>Audit-Trail:
>Unformatted:

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message