Date: Wed, 11 Dec 2002 00:14:20 +0100 (CET) From: Frode Nordahl <frode@nordahl.net> To: FreeBSD-gnats-submit@FreeBSD.org Subject: kern/46176: umass causes kernel panic if device removed before umount Message-ID: <200212102314.gBANEKZr007937@samwise.xu.nordahl.net>
next in thread | raw e-mail | index | archive | help
>Number: 46176
>Category: kern
>Synopsis: umass causes kernel panic if device removed before umount
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Tue Dec 10 15:20:00 PST 2002
>Closed-Date:
>Last-Modified:
>Originator: Frode Nordahl
>Release: FreeBSD 5.0-RC1 i386
>Organization:
>Environment:
System: FreeBSD samwise.xu.nordahl.net 5.0-RC1 FreeBSD 5.0-RC1 #1: Wed Dec 11 00:10:50 CET 2002 root@samwise.xu.nordahl.net:/usr/src/sys/i386/compile/SAMWISE i386
Kernel compiled from sources provided with 5.0-RC1 release
>Description:
Using a JMTek USBDRIVE. If the usbdrive is removed before unmounting the
filesystem, forcing a unmount later and then reinserting the drive will cause
a kernel panic.
This is 100% reproducible.
>How-To-Repeat:
First attach:
umass0: Luwen EasyDisc, rev 1.10/1.00, addr 3
da0 at umass-sim0 bus 0 target 0 lun 0
da0: <JMTek USBDRIVE 1.00> Removable Direct Access SCSI-2 device
da0: 1.000MB/s transfers
da0: 15MB (32000 512 byte sectors: 64H 32S/T 15C)
(da0:umass-sim0:0:0:0): READ(6)/WRITE(6) not supported, increasing minimum_cmd_s
ize to 10.
Mount:
mount -t msdos /dev/da0s1 /mnt
Detach:
umass0: at uhub0 port 1 (addr 3) disconnected
(da0:umass-sim0:0:0:0): lost device
umass0: detached
Umount:
# umount /mnt
umass-sim:0:0:0:func_code 0x0901: Invalid target (target needed)
(da0:umass-sim0:0:0:0): Synchronize cache failed, status == 0x39, scsi status ==
0x0
umass-sim:0:0:0:func_code 0x0901: Invalid target (target needed)
(da0:umass-sim0:0:0:0): removing device entry
Reattach the device:
Fatal trap 12: page fault while in kernel mode
fault virtual address = 0x0
fault code = supervisor read, page not present
instruction pointer = 0x8:0xc7001005
stack pointer = 0x10:0xcc8bf864
frame pointer = 0x10:0xcc8bf8b0
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, def32 1, gran 1
processor eflags = interrupt enabled, resume, IOPL = 0
current process = 482 (mount)
Backtrace:
(kgdb) bt
#0 0xc0248cab in doadump ()
#1 0xc02491c9 in boot ()
#2 0xc0249413 in panic ()
#3 0xc0147ef2 in db_panic ()
#4 0xc0147e72 in db_command ()
#5 0xc0147f86 in db_command_loop ()
#6 0xc014ac9a in db_trap ()
#7 0xc03bcbf2 in kdb_trap ()
#8 0xc03ce2f2 in trap_fatal ()
#9 0xc03ce002 in trap_pfault ()
#10 0xc03cdaf0 in trap ()
#11 0xc03be3d8 in calltrap ()
#12 0xc020fc47 in g_dev_open ()
#13 0xc020d915 in spec_open ()
#14 0xc020d698 in spec_vnoperate ()
#15 0xc03718cc in ffs_mountfs ()
#16 0xc0370e65 in ffs_mount ()
#17 0xc029a8b8 in vfs_mount ()
#18 0xc0299f68 in mount ()
#19 0xc03ce64a in syscall ()
#20 0xc03be42d in Xint0x80_syscall ()
Other usefull info:
If I do not unmount the filesystem after the first removal, reinserting the
device instead the following happends:
First reattach w/mount w/o unmount:
uhub0: port error, restarting port 1
umass0: Luwen EasyDisc, rev 1.10/1.00, addr 3
Following attaches:
uhub0: port error, restarting port 1
umass0: Luwen EasyDisc, rev 1.10/1.00, addr 3
cam_periph_alloc: attempt to re-allocate valid device da0 rejected
daasync: Unable to attach to new device due to status 0x6
>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200212102314.gBANEKZr007937>