Bug 117955

Summary: [umass] [panic] inserting minolta dimage a2 crashes OS
Product: Base System Reporter: fulvio ciriaco <oivulf>
Component: usbAssignee: freebsd-usb (Nobody) <usb>
Status: Open ---    
Severity: Affects Only Me Keywords: crash
Priority: Normal    
Version: Unspecified   
Hardware: Any   
OS: Any   

Description fulvio ciriaco 2007-11-10 08:40:01 UTC 
When I usb plug Minolta dimage A2 to my computer, it crashes and reboots.
The output of $(kgdb /boot/kernel/kernel vmcore.0) follows

[GDB will not be able to debug user-mode threads: /usr/lib/libthread_db.so: Unde
fined symbol "ps_pglobal_lookup"]                                               GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-marcel-freebsd".

Unread portion of the kernel message buffer:
umass0: at uhub4 port 4 (addr 3) disconnected


Fatal trap 12: page fault while in kernel mode
cpuid = 0; apic id = 00
fault virtual address   = 0x0
fault code              = supervisor write, page not present
instruction pointer     = 0x20:0xc0466f4b
stack pointer           = 0x28:0xe30b59c0
frame pointer           = 0x28:0xe30b59d8
code segment            = base rx0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, def32 1, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 34 (usb4)
trap number             = 12
panic: page fault
cpuid = 0
Uptime: 59s
Physical memory: 1001 MB
Dumping 169 MB: 154 138 122 106 90 74 58 42 26 10

#0  doadump () at pcpu.h:195
195     pcpu.h: No such file or directory.
        in pcpu.h
(kgdb)

How-To-Repeat: plug minolta dimage a2, always.
Comment 1 fulvio ciriaco 2007-11-17 15:15:11 UTC 
more from kgdb
#0  doadump () at pcpu.h:195
195             __asm __volatile("movl %%fs:0,%0" : "=r" (td));
(kgdb) list *0xc0466f4b
0xc0466f4b is in xpt_done (/usr/src/sys/cam/cam_xpt.c:4856).
4851                     * any of the "non-immediate" type of ccbs.
4852                     */
4853                    sim = done_ccb->ccb_h.path->bus->sim;
4854                    switch (done_ccb->ccb_h.path->periph->type) {
4855                    case CAM_PERIPH_BIO:
4856                            TAILQ_INSERT_TAIL(&sim->sim_doneq, 
&done_ccb->cc
b_h,                                                                            
4857                                              sim_links.tqe);
4858                            done_ccb->ccb_h.pinfo.index = 
CAM_DONEQ_INDEX;
4859                            if ((sim->flags & CAM_SIM_ON_DONEQ) == 0) {
4860                                    mtx_lock(&cam_simq_lock);

(kgdb) backtrace
#0  doadump () at pcpu.h:195
#1  0xc0730af6 in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:409
#2  0xc0730ce9 in panic (fmt=Variable "fmt" is not available.
) at /usr/src/sys/kern/kern_shutdown.c:563
#3  0xc09b946c in trap_fatal (frame=0xe30b5980, eva=0)
    at /usr/src/sys/i386/i386/trap.c:872
#4  0xc09b9663 in trap_pfault (frame=0xe30b5980, usermode=0, eva=0)
    at /usr/src/sys/i386/i386/trap.c:785
#5  0xc09b9ef5 in trap (frame=0xe30b5980) at 
/usr/src/sys/i386/i386/trap.c:463
#6  0xc09a1a5b in calltrap () at /usr/src/sys/i386/i386/exception.s:139
#7  0xc0466f4b in xpt_done (done_ccb=0xc4a5ec00)
    at /usr/src/sys/cam/cam_xpt.c:4856
#8  0xc046c9ce in probedone (periph=0xc502b580, done_ccb=Variable 
"done_ccb" is
not available.
)
    at /usr/src/sys/cam/cam_xpt.c:6331
#9  0xc0468b0f in camisr_runqueue (V_queue=Variable "V_queue" is not 
available.
) at /usr/src/sys/cam/cam_xpt.c:7255
#10 0xc046cfdf in xpt_bus_deregister (pathid=1)
    at /usr/src/sys/cam/cam_xpt.c:4442
#11 0xc06b6300 in umass_cam_detach_sim (sc=0xc4faa600)
    at /usr/src/sys/dev/usb/umass.c:2694
    at /usr/src/sys/cam/cam_xpt.c:4442
#11 0xc06b6300 in umass_cam_detach_sim (sc=0xc4faa600)
    at /usr/src/sys/dev/usb/umass.c:2694
#12 0xc06b63ad in umass_detach (self=0xc5024d00)
    at /usr/src/sys/dev/usb/umass.c:1542
#13 0xc074e9a8 in device_detach (dev=0xc5024d00) at device_if.h:212
#14 0xc06bc452 in usb_disconnect_port (up=0xc486d56c, parent=0xc4866500)
    at /usr/src/sys/dev/usb/usb_subr.c:1380
---Type <return> to continue, or q <return> to quit---
#15 0xc06b3cbe in uhub_explore (dev=0xc4866580)
    at /usr/src/sys/dev/usb/uhub.c:462
#16 0xc06ba795 in usb_discover (v=Variable "v" is not available.
) at /usr/src/sys/dev/usb/usb.c:724
#17 0xc06bb047 in usb_event_thread (arg=0xc48dbbc0)
    at /usr/src/sys/dev/usb/usb.c:440
#18 0xc0716914 in fork_exit (callout=0xc06bafb0 <usb_event_thread>,
    arg=0xc48dbbc0, frame=0xe30b5d38) at /usr/src/sys/kern/kern_fork.c:754
#19 0xc09a1ad0 in fork_trampoline () at 
/usr/src/sys/i386/i386/exception.s:205
(kgdb)

Fulvio Ciriaco
Comment 2 Eitan Adler freebsd_committer freebsd_triage 2017-12-31 07:59:41 UTC 
For bugs matching the following criteria:

Status: In Progress Changed: (is less than) 2014-06-01

Reset to default assignee and clear in-progress tags.

Mail being skipped
Comment 3 Graham Perrin freebsd_committer freebsd_triage 2022-10-17 12:17:12 UTC 
Keyword: 

    crash

– in lieu of summary line prefix: 

    [panic]

* bulk change for the keyword
* summary lines may be edited manually (not in bulk). 

Keyword descriptions and search interface: 

    <https://bugs.freebsd.org/bugzilla/describekeywords.cgi>