Bug 131032 - [panic] hald causing panic in scsi_sg
Summary: [panic] hald causing panic in scsi_sg
Status: Closed FIXED
Alias: None
Product: Base System
Classification: Unclassified
Component: kern (show other bugs)
Version: Unspecified
Hardware: Any Any
: Normal Affects Only Me
Assignee: freebsd-scsi mailing list
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2009-01-27 06:30 UTC by kamikaze
Modified: 2009-12-09 11:35 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description kamikaze 2009-01-27 06:30:05 UTC
With hald running as soon as a USB storage device appears the system instantly panics. This applies to any USB storage device, such as hard disks, sticks and card readers.

Without hald I can use USB storage devices just fine (even boot FreeBSD from them, since glabel solved the device naming troubles).

I have selected high priority, because hald is now used by X and I suspect sooner or later it won't be possible to override this in the xorg.conf file any more.

GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "amd64-marcel-freebsd"...

Unread portion of the kernel message buffer:
kernel trap 12 with interrupts disabled


Fatal trap 12: page fault while in kernel mode
cpuid = 0; apic id = 00
fault virtual address	= 0x30
fault code		= supervisor read data, page not present
instruction pointer	= 0x8:0xffffffff80238a70
stack pointer	        = 0x10:0xffffffffaf32f920
frame pointer	        = 0x10:0xffffff0026618370
code segment		= base rx0, limit 0xfffff, type 0x1b
			= DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags	= resume, IOPL = 0
current process		= 7086 (hald-probe-storage)
trap number		= 12
panic: page fault
cpuid = 0
Uptime: 43m15s
Physical memory: 2029 MB
Dumping 314 MB: 299 283 267 251 235 219 203 187 (CTRL-C to abort)  (CTRL-C to abort)  (CTRL-C to abort)  171 155 139 123 107 91 75 59 43 27 11

Reading symbols from /boot/kernel/geom_md.ko...Reading symbols from /boot/kernel/geom_md.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/geom_md.ko
Reading symbols from /boot/kernel/linux.ko...Reading symbols from /boot/kernel/linux.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/linux.ko
Reading symbols from /boot/kernel/if_bge.ko...Reading symbols from /boot/kernel/if_bge.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/if_bge.ko
Reading symbols from /boot/kernel/miibus.ko...Reading symbols from /boot/kernel/miibus.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/miibus.ko
Reading symbols from /boot/kernel/snd_hda.ko...Reading symbols from /boot/kernel/snd_hda.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/snd_hda.ko
Reading symbols from /boot/kernel/sound.ko...Reading symbols from /boot/kernel/sound.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/sound.ko
Reading symbols from /boot/kernel/usb.ko...Reading symbols from /boot/kernel/usb.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/usb.ko
Reading symbols from /boot/kernel/ugen.ko...Reading symbols from /boot/kernel/ugen.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/ugen.ko
Reading symbols from /boot/kernel/ums.ko...Reading symbols from /boot/kernel/ums.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/ums.ko
Reading symbols from /boot/kernel/umass.ko...Reading symbols from /boot/kernel/umass.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/umass.ko
Reading symbols from /boot/kernel/cam.ko...Reading symbols from /boot/kernel/cam.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/cam.ko
Reading symbols from /boot/kernel/agp.ko...Reading symbols from /boot/kernel/agp.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/agp.ko
Reading symbols from /boot/kernel/random.ko...Reading symbols from /boot/kernel/random.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/random.ko
Reading symbols from /boot/kernel/atadisk.ko...Reading symbols from /boot/kernel/atadisk.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/atadisk.ko
Reading symbols from /boot/kernel/ata.ko...Reading symbols from /boot/kernel/ata.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/ata.ko
Reading symbols from /boot/kernel/atapci.ko...Reading symbols from /boot/kernel/atapci.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/atapci.ko
Reading symbols from /boot/modules/u3g.ko...done.
Loaded symbols for /boot/modules/u3g.ko
Reading symbols from /boot/kernel/ucom.ko...Reading symbols from /boot/kernel/ucom.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/ucom.ko
Reading symbols from /boot/kernel/atapicd.ko...Reading symbols from /boot/kernel/atapicd.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/atapicd.ko
Reading symbols from /boot/kernel/atapicam.ko...Reading symbols from /boot/kernel/atapicam.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/atapicam.ko
Reading symbols from /boot/kernel/if_wpi.ko...Reading symbols from /boot/kernel/if_wpi.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/if_wpi.ko
Reading symbols from /boot/kernel/wlan.ko...Reading symbols from /boot/kernel/wlan.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/wlan.ko
Reading symbols from /boot/kernel/firmware.ko...Reading symbols from /boot/kernel/firmware.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/firmware.ko
Reading symbols from /boot/kernel/wlan_amrr.ko...Reading symbols from /boot/kernel/wlan_amrr.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/wlan_amrr.ko
Reading symbols from /boot/kernel/wpifw.ko...Reading symbols from /boot/kernel/wpifw.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/wpifw.ko
Reading symbols from /boot/kernel/wlan_scan_sta.ko...Reading symbols from /boot/kernel/wlan_scan_sta.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/wlan_scan_sta.ko
Reading symbols from /boot/kernel/wlan_ccmp.ko...Reading symbols from /boot/kernel/wlan_ccmp.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/wlan_ccmp.ko
Reading symbols from /boot/kernel/wlan_tkip.ko...Reading symbols from /boot/kernel/wlan_tkip.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/wlan_tkip.ko
Reading symbols from /boot/kernel/cpufreq.ko...Reading symbols from /boot/kernel/cpufreq.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/cpufreq.ko
Reading symbols from /boot/kernel/uvisor.ko...Reading symbols from /boot/kernel/uvisor.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/uvisor.ko
Reading symbols from /boot/kernel/nullfs.ko...Reading symbols from /boot/kernel/nullfs.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/nullfs.ko
Reading symbols from /boot/kernel/if_tun.ko...Reading symbols from /boot/kernel/if_tun.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/if_tun.ko
Reading symbols from /usr/local/modules/fuse.ko...done.
Loaded symbols for /usr/local/modules/fuse.ko
Reading symbols from /boot/kernel/i915.ko...Reading symbols from /boot/kernel/i915.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/i915.ko
Reading symbols from /boot/kernel/drm.ko...Reading symbols from /boot/kernel/drm.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/drm.ko
#0  doadump () at pcpu.h:195
195	pcpu.h: No such file or directory.
	in pcpu.h
(kgdb) bt
#0  doadump () at pcpu.h:195
#1  0x0000000000000004 in ?? ()
#2  0xffffffff80205ce1 in boot (howto=260)
    at /usr/src/sys/kern/kern_shutdown.c:418
#3  0xffffffff8020611c in panic (fmt=0x104 <Address 0x104 out of bounds>)
    at /usr/src/sys/kern/kern_shutdown.c:574
#4  0xffffffff803e93aa in trap_fatal (frame=0xffffff0026618370, eva=Variable "eva" is not available.
)
    at /usr/src/sys/amd64/amd64/trap.c:764
#5  0xffffffff803e9f74 in trap (frame=0xffffffffaf32f870)
    at /usr/src/sys/amd64/amd64/trap.c:290
#6  0xffffffff803d0b5e in calltrap ()
    at /usr/src/sys/amd64/amd64/exception.S:209
#7  0xffffffff80238a70 in turnstile_broadcast (ts=0x0, queue=0)
    at /usr/src/sys/kern/subr_turnstile.c:836
#8  0xffffffff801fa3d6 in _mtx_unlock_sleep (m=0xffffffff805aa180, opts=Variable "opts" is not available.
)
    at /usr/src/sys/kern/kern_mutex.c:619
#9  0xffffffff801fa6d3 in unlock_mtx (lock=0x0)
    at /usr/src/sys/kern/kern_mutex.c:158
#10 0xffffffff8020d760 in _sleep (ident=0x0, lock=0xffffffff805aa180, 
    priority=256, wmesg=0xffffffff80815847 "sgread", timo=0)
    at /usr/src/sys/kern/kern_synch.c:185
#11 0xffffffff8080e4a9 in sgread (dev=Variable "dev" is not available.
)
    at /usr/src/sys/modules/cam/../../cam/scsi/scsi_sg.c:798
#12 0xffffffff801d116f in giant_read (dev=0xffffff0003038800, 
    uio=0xffffffffaf32fb20, ioflag=0) at /usr/src/sys/kern/kern_conf.c:424
#13 0xffffffff80199f4c in devfs_read_f (fp=0xffffff003bbc4e00, 
    uio=0xffffffffaf32fb20, cred=Variable "cred" is not available.
) at /usr/src/sys/fs/devfs/devfs_vnops.c:1000
#14 0xffffffff8023ab8f in dofileread (td=0xffffff0026618370, fd=4, 
    fp=0xffffff003bbc4e00, auio=0xffffffffaf32fb20, offset=Variable "offset" is not available.
) at file.h:244
#15 0xffffffff8023ae58 in kern_readv (td=0xffffff0026618370, fd=4, 
    auio=0xffffffffaf32fb20) at /usr/src/sys/kern/sys_generic.c:192
#16 0xffffffff8023af18 in read (td=Variable "td" is not available.
) at /usr/src/sys/kern/sys_generic.c:108
#17 0xffffffff803e99bc in syscall (frame=0xffffffffaf32fc80)
    at /usr/src/sys/amd64/amd64/trap.c:907
#18 0xffffffff803d0d6b in Xfast_syscall ()
    at /usr/src/sys/amd64/amd64/exception.S:330
#19 0x0000000800cf03dc in ?? ()
Previous frame inner to this frame (corrupt stack?)
(kgdb) quit

How-To-Repeat: The system was built with CPUTYPE?=core2, the whole base and all ports.

Just run hald and add a USB storage device and it all blows up.
Comment 1 Thomas Quinot freebsd_committer 2009-01-27 09:52:18 UTC
Can you clarify why you think this panic is related to ATAPI/CAM at all?
The backtrace you show does not give any indication that ATAPI/CAM is
involved, which is expected since you are using USB devices, not ATA.

Thomas.
Comment 2 kamikaze 2009-01-27 10:15:12 UTC
It's that line. I don't think it's supposed to be there:

at /usr/src/sys/modules/cam/../../cam/scsi/scsi_sg.c:798

As you said atapicam shouldn't be involved at all, so why
is an atapicam funtion doing a giant-locked read?
Comment 3 Thomas Quinot freebsd_committer 2009-01-27 10:24:56 UTC
* Dominic Fandrey, 2009-01-27 :

>  It's that line. I don't think it's supposed to be there:
>  at /usr/src/sys/modules/cam/../../cam/scsi/scsi_sg.c:798


This module is part of the generic CAM layer, which sits *above* the
various SCSI transport modules (e.g. ATAPI/CAM and umass). It is *not*
part of ATAPI/CAM, and it is fully expected that this generic code is
involved when using umass devices.

>  As you said atapicam shouldn't be involved at all, so why
>  is an atapicam funtion doing a giant-locked read?


This is *not* an ATAPI/CAM function.

Thomas.
Comment 4 kamikaze 2009-01-27 10:31:49 UTC
OK, so thanks for clarifying that. It doesn't get me rid of the panic,
though. So I assume I should CC someone involved with SCSI.

Regards
Comment 5 Thomas Quinot freebsd_committer 2009-01-27 10:39:49 UTC
Responsible Changed
From-To: freebsd-bugs->freebsd-scsi

Problem isn't in ATAPI/CAM, might be in generic SCSI code, over to 
SCSI maintainers for futher assessment.
Comment 6 Thomas Quinot freebsd_committer 2009-01-27 10:43:43 UTC
Right. I've reassigned this PR to freebsd-scsi for now.

Thomas.
Comment 7 kamikaze 2009-02-17 09:35:17 UTC
I wonder how HAL manages to start this panic. It doesn't have
the rights to access any SCSI device. I did a
# su -m haldaemon
and tried read operations on all da*, cd*, xpt* and pass*
devices. And all I ever received was:
Permission denied

So how doe HAL go about accessing things it must not? This
looks like a major breech of security to me.
Comment 8 kamikaze 2009-07-03 08:19:48 UTC
Request close.

The panic is gone.
Comment 9 Boris Samorodov freebsd_committer 2009-12-09 11:33:34 UTC
State Changed
From-To: open->closed

Closed per submitters request since the problem he observed vanished.