Bug 94897

Summary: [panic] Kernel Panic when cleanly unmounting USB disk
Product: Base System Reporter: Surer Dink <surerlistmail>
Component: usbAssignee: freebsd-usb (Nobody) <usb>
Status: Open ---    
Severity: Affects Only Me    
Priority: Normal    
Version: 6.1-PRERELEASE   
Hardware: Any   
OS: Any   

Description Surer Dink 2006-03-24 07:30:16 UTC
> I have two USB hard drives attached through an "Adaptec" USB2 card.
> The disks were working fine (although seemed a bit slow ~3MB/s random
> reads/writes as reported by iostat while rsync was copying from one to
> the other a complete freebsd install).  The drives were left connected
> to the machine unmounted.  At some point the following appeared on the
> console:
>
> umass1: Phase Error, residue = 32
> (da2:umass-sim1:1:0:0): AutoSense Failed
> Opened disk da2 -> 5
> umass1: Invalid CSW: tag 2575 should be 2576
>
> however I did not notice this message until later connecting to the
> machine through ssh and trying to mount the _other_ disk (the disk on
> da1).  the kernel panic'ed; through remote kvm I was able to copy down
> the following (which was below the CSW message):
>
> Fatal Trap 18: integer divide fault while in kernel mode
> ...
> current process = (...) mount
> ...
>
> the instruction pointer was at 0xc081daab, which is:
>
> 0xc081da9f <__qdivrem+47>:      mov    $0x1,%edi
> 0xc081daa4 <__qdivrem+52>:      mov    %edi,%eax
> 0xc081daa6 <__qdivrem+54>:      mov    $0x0,%edx
> 0xc081daab <__qdivrem+59>:      div    %ecx
> 0xc081daad <__qdivrem+61>:      mov    %eax,0xffffffbc(%ebp)
> 0xc081dab0 <__qdivrem+64>:      mov    %eax,0xffffffc0(%ebp)
> 0xc081dab3 <__qdivrem+67>:      cmpl   $0x0,0x18(%ebp)
>
> usb1: OHCI version 1.0
> usb1: <NEC uPD 9210 USB controller> on ohci1
> usb1: USB revision 1.0
> uhub1: NEC OHCI root hub, class 9/0, rev 1.00/1.00, addr 1
> uhub1: 3 ports with 3 removable, self powered
> ohci2: <NEC uPD 9210 USB controller> mem 0xfebfe000-0xfebfefff irq 23
> at device 1.1 on pci2
> ohci2: [GIANT-LOCKED]
> usb2: OHCI version 1.0
> usb2: <NEC uPD 9210 USB controller> on ohci2
> usb2: USB revision 1.0
> uhub2: NEC OHCI root hub, class 9/0, rev 1.00/1.00, addr 1
> uhub2: 2 ports with 2 removable, self powered
> ehci0: <NEC uPD 720100 USB 2.0 controller> mem 0xfebffc00-0xfebffcff
> irq 16 at device 1.2 on pci2
> ehci0: [GIANT-LOCKED]
> usb3: EHCI version 1.0
> usb3: companion controllers, 3 ports each: usb1 usb2
> usb3: <NEC uPD 720100 USB 2.0 controller> on ehci0
> usb3: USB revision 2.0
> uhub3: NEC EHCI root hub, class 9/0, rev 2.00/1.00, addr 1
> uhub3: 5 ports with 5 removable, self powered
> umass0: vendor 0x0402 USB 2.0 Storage Device, rev 2.00/1.03, addr 2
> umass1: vendor 0x0402 USB 2.0 Storage Device, rev 2.00/1.03, addr 3

It appears the problem is reproduceable.  Same instruction
pointer/same integer divide fault; however this time current process
is  2(g_event) and, above the panic, the console contains:

g_vfs_done:da2s1a[READ(65536), length 8192)]error = 6

The messages prior to the panic frequently change, however the actual
panic is definitely in the same place every time.

Fix: 

nope, sorry.
How-To-Repeat: hardware description is above - not sure if it's hardware specific, but
that is likely.

to repeat, the following procedure is sufficient for me:
1. mount two usb disks
2. rsync a bit (12GB) of data from one to the other
3. unmount either disk.
Comment 1 Eitan Adler freebsd_committer freebsd_triage 2017-12-31 07:59:15 UTC
For bugs matching the following criteria:

Status: In Progress Changed: (is less than) 2014-06-01

Reset to default assignee and clear in-progress tags.

Mail being skipped