usb/89598: FLASH DISK 1.00 cause page fault
Ricardo A. Reis
ricardo.areis at gmail.com
Sat Nov 26 18:40:12 GMT 2005
>Number: 89598
>Category: usb
>Synopsis: FLASH DISK 1.00 cause page fault
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-usb
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Sat Nov 26 18:40:01 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator: Ricardo A. Reis
>Release: FreeBSD 6.0-STABLE
>Organization:
UNIFESP
>Environment:
FreeBSD myfreebsd.homeunix.org 6.0-STABLE FreeBSD 6.0-STABLE #1: Sat Nov 26 12:02:28 BRST 2005 root at myfreebsd.homeunix.org:/usr/obj/usr/src/sys/GENERIC i386
>Description:
When i plug pendrive, the system freeze and create the crash dump.
dmesg --------------------------
umass0: vendor 0x10d6 USB 2.0(FS) FLASH DISK, rev 1.10/1.00, addr 2
da0 at umass-sim0 bus 0 target 0 lun 0
da0: <USB2.0 (FS) FLASH DISK 1.00> Removable Direct Access SCSI-0 device
da0: 1.000MB/s transfers
da0: 1001MB (2051809 512 byte sectors: 64H 32S/T 1001C)
umass0: BBB reset failed, STALLED
umass0: BBB bulk-in clear stall failed, STALLED
umass0: BBB bulk-out clear stall failed, STALLED
(da0:umass-sim0:0:0:0): Synchronize cache failed, status == 0x4, scsi status == 0x0
umass0: BBB reset failed, STALLED
umass0: BBB bulk-in clear stall failed, STALLED
umass0: BBB bulk-out clear stall failed, STALLED
umass0: BBB reset failed, STALLED
umass0: BBB bulk-in clear stall failed, STALLED
umass0: BBB bulk-out clear stall failed, STALLED
umass0: BBB reset failed, STALLED
umass0: BBB bulk-in clear stall failed, STALLED
umass0: at uhub0 port 2 (addr 2) disconnected
(da0:umass-sim0:0:0:0): lost device
(da0:umass-sim0:0:0:0): removing device entry
Opened disk da0 -> 5
umass0: detached
dmesg --------------------------
info.4--------------------------
cat /usr/crash/info.4
Dump header from device /dev/ad2s1b
Architecture: i386
Architecture Version: 2
Dump Length: 200867840B (191 MB)
Blocksize: 512
Dumptime: Sat Nov 26 13:53:10 2005
Hostname: myfreebsd.homeunix.org
Magic: FreeBSD Kernel Dump
Version String: FreeBSD 6.0-STABLE #1: Sat Nov 26 12:02:28 BRST 2005
root at myfreebsd.homeunix.org:/usr/obj/usr/src/sys/GENERIC
Panic String: page fault
Dump Parity: 3635700528
Bounds: 4
Dump Status: good
info.4--------------------------
kgdb----------------------------
kgdb kernel.debug /usr/crash/vmcore.4^M
[GDB will not be able to debug user-mode threads: /usr/lib/libthread_db.so: Undefined symbol "ps_pglobal_lookup"]
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i386-marcel-freebsd".
#0 doadump () at pcpu.h:165
165 __asm __volatile("movl %%fs:0,%0" : "=r" (td));
(kgdb) bt full
#0 doadump () at pcpu.h:165
No locals.
#1 0xc067ee30 in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:399
first_buf_printf = 1
#2 0xc067f116 in panic (fmt=0xc08a856b "%s") at /usr/src/sys/kern/kern_shutdown.c:555
td = (struct thread *) 0xc1af9480
bootopt = 260
newpanic = 0
ap = 0xc1af9480 ""
buf = "page fault", '\0' <repeats 245 times>
#3 0xc085f851 in trap_fatal (frame=0xd04709d4, eva=90) at /usr/src/sys/i386/i386/trap.c:831
code = 40
type = 12
ss = 40
esp = 0
softseg = {ssd_base = 0, ssd_limit = 1048575, ssd_type = 27, ssd_dpl = 0, ssd_p = 1, ssd_xx = 0, ssd_xx1 = 0, ssd_def32 = 1, ssd_gran = 1}
#4 0xc085f5ae in trap_pfault (frame=0xd04709d4, usermode=0, eva=90) at /usr/src/sys/i386/i386/trap.c:742
va = 0
vm = (struct vmspace *) 0x0
map = 0xc232e834
rv = 1
ftype = 1 '\001'
td = (struct thread *) 0xc1af9480
p = (struct proc *) 0xc20a4000
#5 0xc085f1ed in trap (frame=
{tf_fs = 8, tf_es = 40, tf_ds = 40, tf_edi = -1056690176, tf_esi = 1, tf_ebp = -800650528, tf_isp = -800650752, tf_ebx = 0, tf_edx = 7, tf_ecx = -800650628, tf_eax = 0, tf_trapno = 12, tf_err = 0, tf_eip =
-1065416531, tf_cs = 32, tf_eflags = 66118, tf_esp = 1224941956, tf_ss = 4}) at /usr/src/sys/i386/i386/trap.c:432
td = (struct thread *) 0xc1af9480
p = (struct proc *) 0xc20a4000
sticks = 3238266804
i = 0
ucode = 0
type = 12
code = 0
eva = 90
#6 0xc084dc7a in calltrap () at /usr/src/sys/i386/i386/exception.s:139
No locals.
#7 0x00000008 in ?? ()
No symbol table info available.
#8 0x00000028 in ?? ()
No symbol table info available.
#9 0x00000028 in ?? ()
No symbol table info available.
#10 0xc1043000 in ?? ()
No symbol table info available.
#11 0x00000001 in ?? ()
No symbol table info available.
#12 0xd0470ae0 in ?? ()
No symbol table info available.
#13 0xd0470a00 in ?? ()
No symbol table info available.
#14 0x00000000 in ?? ()
No symbol table info available.
#15 0x00000007 in ?? ()
No symbol table info available.
#16 0xd0470a7c in ?? ()
No symbol table info available.
#17 0x00000000 in ?? ()
No symbol table info available.
#18 0x0000000c in ?? ()
No symbol table info available.
#19 0x00000000 in ?? ()
No symbol table info available.
#20 0xc07f08ad in vm_fault (map=0xc1043000, vaddr=3238014976, fault_type=1 '\001', fault_flags=0) at /usr/src/sys/vm/vm_fault.c:293
rv = 0
reqpage = -1045457792
ahead = -285868032
behind = 2891
behavior = 0 '\0'
---Type <return> to continue, or q <return> to quit---
prot = 7 '\a'
is_first_object_locked = -1066857443
result = 0
growstack = 1
wired = 0
map_generation = 3232
next_object = 0x0
marray = {0xc20a4000, 0xd0470ae8, 0xc0685a3d, 0xc1af9480, 0x0, 0x2, 0xe3afe25b, 0x704ccf7a, 0xc09b1ed4, 0x0, 0xc3b, 0xf1829dbb, 0x2aedfc8, 0x1, 0xc3b, 0xf1829dbb}
hardfault = 0
faultcount = 1
fs = {m = 0xc0690ca2, object = 0xc09819c0, pindex = 3242313556, first_m = 0xd0470a84, first_object = 0x0, first_pindex = 4356, map = 0xc1043000, entry = 0xc1040044, lookup_still_valid = 1839067057,
vp = 0xc20a40a8}
#21 0xc085f55e in trap_pfault (frame=0xd0470b48, usermode=0, eva=3238015094) at /usr/src/sys/i386/i386/trap.c:731
va = 3238014976
vm = (struct vmspace *) 0x0
map = 0xc1043000
rv = 1
ftype = 1 '\001'
td = (struct thread *) 0xc1af9480
p = (struct proc *) 0xc20a4000
#22 0xc085f1ed in trap (frame=
{tf_fs = 8, tf_es = 40, tf_ds = 40, tf_edi = 2, tf_esi = -1056952210, tf_ebp = -800650292, tf_isp = -800650380, tf_ebx = 1, tf_edx = -1051143500, tf_ecx = 0, tf_eax = 773, tf_trapno = 12, tf_err = 0, tf_ei
p = -1066789440, tf_cs = 32, tf_eflags = 66178, tf_esp = 0, tf_ss = 2}) at /usr/src/sys/i386/i386/trap.c:432
td = (struct thread *) 0xc1af9480
p = (struct proc *) 0xc20a4000
sticks = 3494316868
i = 0
ucode = 0
type = 12
code = 0
eva = 3238015094
#23 0xc084dc7a in calltrap () at /usr/src/sys/i386/i386/exception.s:139
No locals.
#24 0x00000008 in ?? ()
No symbol table info available.
#25 0x00000028 in ?? ()
No symbol table info available.
#26 0x00000028 in ?? ()
No symbol table info available.
#27 0x00000002 in ?? ()
No symbol table info available.
#28 0xc100306e in ?? ()
No symbol table info available.
#29 0xd0470bcc in ?? ()
No symbol table info available.
#30 0xd0470b74 in ?? ()
No symbol table info available.
#31 0x00000001 in ?? ()
No symbol table info available.
#32 0xc158d2b4 in ?? ()
No symbol table info available.
#33 0x00000000 in ?? ()
No symbol table info available.
#34 0x00000305 in ?? ()
No symbol table info available.
#35 0x0000000c in ?? ()
No symbol table info available.
#36 0x00000000 in ?? ()
No symbol table info available.
#37 0xc06a15c0 in optimize_unr (uh=0xc13e3800) at /usr/src/sys/kern/subr_unit.c:354
up = (struct unr *) 0x0
uf = (struct unr *) 0xc100306e
us = (struct unr *) 0xc158d2c0
ub = (struct unrb *) 0x0
ubf = (struct unrb *) 0x0
a = 2
l = 1
ba = 2
#38 0xc06a1db4 in collapse_unr (uh=0xc13e3800, up=0xc158d324) at /usr/src/sys/kern/subr_unit.c:531
---Type <return> to continue, or q <return> to quit---
upp = (struct unr *) 0xc158d2c0
ub = (struct unrb *) 0x0
#39 0xc06a2126 in free_unrl (uh=0xc13e3800, item=0, p1=0xd0470c18, p2=0xd0470c1c) at /usr/src/sys/kern/subr_unit.c:709
up = (struct unr *) 0xc158d324
upp = (struct unr *) 0x0
upn = (struct unr *) 0x0
ub = (struct unrb *) 0x0
pl = 772
#40 0xc06a21b6 in free_unr (uh=0xc13e3800, item=100722) at /usr/src/sys/kern/subr_unit.c:720
p1 = (void *) 0x0
p2 = (void *) 0x0
#41 0xc06893d5 in thread_dtor (mem=0xc1afda80, size=372, arg=0x0) at /usr/src/sys/kern/kern_thread.c:170
No locals.
#42 0xc07ed584 in uma_zfree_arg (zone=0xc104dc80, item=0xc1afda80, udata=0x0) at /usr/src/sys/vm/uma_core.c:2270
keg = 0xc1029140
cache = 0x0
bucket = 0xc1afda80
bflags = 0
cpu = 0
#43 0xc0689940 in thread_free (td=0xc1afda80) at uma.h:303
No locals.
#44 0xc0689889 in thread_reap () at /usr/src/sys/kern/kern_thread.c:355
td_first = (struct thread *) 0xc1afda80
td_next = (struct thread *) 0x0
kg_first = (struct ksegrp *) 0x0
kg_next = (struct ksegrp *) 0xc1afda80
#45 0xc06898e8 in thread_alloc () at /usr/src/sys/kern/kern_thread.c:386
No locals.
#46 0xc066cd16 in thread_alloc_spare (td=0xc1af9480) at /usr/src/sys/kern/kern_kse.c:1037
spare = (struct thread *) 0xc20a4000
#47 0xc066d6e5 in thread_userret (td=0xc1af9480, frame=0xd0470d38) at /usr/src/sys/kern/kern_kse.c:1423
ku = (struct kse_upcall *) 0xc1945de0
kg = (struct ksegrp *) 0xc2004180
kg2 = (struct ksegrp *) 0x0
p = (struct proc *) 0xc20a4000
ts = {tv_sec = 1133020385, tv_nsec = 421138711}
error = 0
upcalls = 0
uts_crit = 0
#48 0xc06a030e in userret (td=0xc1af9480, frame=0xd0470d38, oticks=0) at /usr/src/sys/kern/subr_trap.c:120
p = (struct proc *) 0xc20a4000
#49 0xc0668bd2 in fork_return (td=0xc1af9480, frame=0xd0470d38) at /usr/src/sys/kern/kern_fork.c:818
No locals.
#50 0xc0668aef in fork_exit (callout=0xc0668bc0 <fork_return>, arg=0xc1af9480, frame=0xd0470d38) at /usr/src/sys/kern/kern_fork.c:789
p = (struct proc *) 0xc20a4000
td = (struct thread *) 0x0
#51 0xc084dcdc in fork_trampoline () at /usr/src/sys/i386/i386/exception.s:208
No locals.
>How-To-Repeat:
I use the generic mp3 player with 1GB + Motherboard EPOX MVP3G2.
>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-usb
mailing list