From dgilbert@daveg.ca Mon Dec 5 00:36:30 2005 Return-Path: Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6C02616A41F for ; Mon, 5 Dec 2005 00:36:30 +0000 (GMT) (envelope-from dgilbert@daveg.ca) Received: from ox.eicat.ca (ox.eicat.ca [66.96.30.35]) by mx1.FreeBSD.org (Postfix) with ESMTP id DE0D043D5F for ; Mon, 5 Dec 2005 00:36:27 +0000 (GMT) (envelope-from dgilbert@daveg.ca) Received: by ox.eicat.ca (Postfix, from userid 66) id AFA1010C84; Sun, 4 Dec 2005 19:36:23 -0500 (EST) Received: by canoe.dclg.ca (Postfix, from userid 101) id 0F97A1A0A45; Sun, 4 Dec 2005 19:36:20 -0500 (EST) Message-Id: <20051205003620.0F97A1A0A45@canoe.dclg.ca> Date: Sun, 4 Dec 2005 19:36:20 -0500 (EST) From: David Gilbert Reply-To: David Gilbert To: FreeBSD-gnats-submit@freebsd.org Cc: Subject: USB Disk driver race condition? X-Send-Pr-Version: 3.113 X-GNATS-Notify: >Number: 89954 >Category: usb >Synopsis: [umass] [panic] USB Disk driver race condition? >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-usb >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Mon Dec 05 00:40:02 GMT 2005 >Closed-Date: >Last-Modified: Tue Jan 29 10:04:43 UTC 2008 >Originator: David Gilbert >Release: FreeBSD 6.0-STABLE i386 >Organization: >Environment: System: FreeBSD canoe.dclg.ca 6.0-STABLE FreeBSD 6.0-STABLE #1: Thu Nov 24 14:20:52 EST 2005 dgilbert@canoe.dclg.ca:/usr/src/sys/i386/compile/CANOE i386 This has been happening to me in 5.x and in 6.x. I don't think it's terribly version dependant. >Description: Firstly, flash card readers --- especially the ones that handle multiple types of media seem to "fight" with FreeBSD. FreeBSD will detect multiple "0" sized disks along the way to finding the desired media. But this isn't the current problem (although it may be, in some way, related). The current problem is that ocaisionally, plugging in the usb flash reader (and I think sometimes a usb hard drive, but I hot plug that so much less that I can't remember) causes a kernel panic. I have the core files, if anyone's interested, but here's the stack dump from kgdb: Unread portion of the kernel message buffer: umass0: at uhub3 port 4 (addr 2) disconnected (da0:umass-sim0:0:0:0): lost device (da1:umass-sim0:0:0:1): lost device Fatal trap 12: page fault while in kernel mode fault virtual address = 0x8 fault code = supervisor write, page not present instruction pointer = 0x20:0xc0435793 stack pointer = 0x28:0xe3964ae8 frame pointer = 0x28:0xe3964af0 code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, def32 1, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 2 (g_event) trap number = 12 panic: page fault Uptime: 16h14m49s (da0:umass-sim0:0:0:0): Synchronize cache failed, status == 0x39, scsi status == 0x0 Dumping 1023 MB (2 chunks) chunk 0: 1MB (159 pages) ... ok chunk 1: 1023MB (261806 pages) 1007 991 975 (CTRL-C to abort) (CTRL-C to abort) (CTRL-C to abort) (CTRL-C to abort) (CTRL-C to abort) (CTRL-C to abort) 959 943 927 911 895 879 863 847 831 815 799 783 767 751 735 719 703 687 671 655 639 623 607 591 575 559 543 527 511 495 479 463 447 431 415 399 383 367 351 335 319 303 287 271 255 239 223 207 191 175 159 143 127 111 95 79 63 47 31 15 #0 doadump () at pcpu.h:165 165 pcpu.h: No such file or directory. in pcpu.h (kgdb) bt #0 doadump () at pcpu.h:165 #1 0xc0503cfe in boot (howto=260) at ../../../kern/kern_shutdown.c:399 #2 0xc0503f2a in panic (fmt=0xc06626d7 "%s") at ../../../kern/kern_shutdown.c:555 #3 0xc0638968 in trap_fatal (frame=0xe3964aa8, eva=8) at ../../../i386/i386/trap.c:831 #4 0xc06386d3 in trap_pfault (frame=0xe3964aa8, usermode=0, eva=8) at ../../../i386/i386/trap.c:742 #5 0xc063839d in trap (frame= {tf_fs = -476708856, tf_es = -1068433368, tf_ds = -476708824, tf_edi = -1030561792, tf_esi = 0, tf_ebp = -476689680, tf_isp = -476689708, tf_ebx = -1012047232, tf_edx = 1, tf_ecx = -1016955888, tf_eax = -1014922688, tf_trapno = 12, tf_err = 2, tf_eip = -1069328493, tf_cs = 32, tf_eflags = 590406, tf_esp = -990339584, tf_ss = -1012047232}) at ../../../i386/i386/trap.c:432 #6 0xc062c1fa in calltrap () at ../../../i386/i386/exception.s:139 #7 0xc0435793 in camq_remove (queue=0xc3ad6280, index=1) at ../../../cam/cam_queue.c:187 #8 0xc0438244 in xpt_run_dev_allocq (bus=0xc3acfd00) at ../../../cam/cam_xpt.c:3798 #9 0xc0438ae6 in xpt_release_ccb (free_ccb=0x1) at ../../../cam/cam_xpt.c:4349 #10 0xc044289c in dagetcapacity (periph=0xc2b5fc80) at ../../../cam/scsi/scsi_da.c:1743 #11 0xc0440fe5 in daopen (dp=0xc3818240) at ../../../cam/scsi/scsi_da.c:463 #12 0xc04d5f9b in g_disk_access (pp=0xc37b3e80, r=1, w=0, e=0) at ../../../geom/geom_disk.c:135 #13 0xc04d9ce6 in g_access (cp=0xc3acf540, dcr=1, dcw=0, dce=0) at ../../../geom/geom_subr.c:730 #14 0xc04d8fc9 in g_slice_new (mp=0xc06a25a0, slices=128, pp=0xc37b3e80, cpp=0xc3818240, extrap=0xe3964c6c, extra=512, start=0xc3818240) at ../../../geom/geom_slice.c:476 #15 0xc04d754c in g_gpt_taste (mp=0xc06a25a0, pp=0xc37b3e80, insist=0) at ../../../geom/geom_gpt.c:151 #16 0xc04d9866 in g_new_provider_event (arg=0xc37b3e80, flag=0) at ../../../geom/geom_subr.c:459 #17 0xc04d6f99 in one_event () at ../../../geom/geom_event.c:206 #18 0xc04d7041 in g_run_events () at ../../../geom/geom_event.c:226 #19 0xc04d831d in g_event_procbody () at ../../../geom/geom_kern.c:141 #20 0xc04f255d in fork_exit (callout=0xc04d82cc , arg=0x0, frame=0xe3964d38) at ../../../kern/kern_fork.c:789 #21 0xc062c25c in fork_trampoline () at ../../../i386/i386/exception.s:208 >How-To-Repeat: I don't know how often this happens --- but maybe 1 in 10 or 1 in 20 times I use flash memory. Enough to be annoying, but not enough to make me submit a bug (until now) >Fix: None known at the momment. >Release-Note: >Audit-Trail: Responsible-Changed-From-To: freebsd-bugs->freebsd-usb Responsible-Changed-By: linimon Responsible-Changed-When: Mon Dec 5 01:06:14 GMT 2005 Responsible-Changed-Why: Over to maintainer(s). http://www.freebsd.org/cgi/query-pr.cgi?pr=89954 >Unformatted: