netbsd-bugs: kern/10520: uvm_fault() while detaching umass0 (usb floppy) after partial attach.

Subject: kern/10520: uvm_fault() while detaching umass0 (usb floppy) after partial attach.
To: None <gnats-bugs@gnats.netbsd.org>
From: John Hawkinson <jhawk@mit.edu>
List: netbsd-bugs
Date: 07/05/2000 19:34:11
>Number:         10520
>Category:       kern
>Synopsis:       uvm_fault() while detaching umass0 (usb floppy) after partial attach.
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Wed Jul 05 19:35:00 PDT 2000
>Closed-Date:
>Last-Modified:
>Originator:     John Hawkinson
>Release:        netbsd-1-5 from 22 Jun 2000
>Organization:
MIT
>Environment:
	
System: NetBSD zorkmid.mit.edu 1.5_ALPHA NetBSD 1.5_ALPHA (ZORKMID-$Revision: 1.15 $) #213: Wed Jul 5 00:57:54 EDT 2000 jhawk@zorkmid.mit.edu:/usr/local/netbsd-1-5/src/sys/arch/i386/compile/ZORKMID i386


>Description:
	Inserted Y-E Data Flashbuster floppy into Sony VAIO Z505HE.
umass0 is probed, but scsibus0 is not attached.
Removed floppy. Machine paniced.

I tried once to reproduce and failed (scsibus0 attached just fine).

>How-To-Repeat:
	
zorkmid# gdb netbsd.34
GNU gdb 4.17
Copyright 1998 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386--netbsd"...(no debugging symbols found)...
(gdb) target kcore netbsd.34.core
panic: trap
#0  0x100 in ?? ()
(gdb) where
#0  0x100 in ?? ()
#1  0xc02d9843 in cpu_reboot ()
#2  0xc01a7899 in panic ()
#3  0xc02e134d in trap ()
#4  0xc0100f09 in calltrap ()
#5  0xc03d6714 in umass_activate ()
#6  0xc01a4221 in config_deactivate ()
#7  0xc01a4063 in config_detach ()
#8  0xc03cf47c in usb_disconnect_port ()
#9  0xc03cfac3 in uhub_explore ()
#10 0xc03cbf1d in usb_discover ()
#11 0xc03cba3a in usb_event_thread ()
(gdb) source /sys/gdbscripts/msgbuf
(gdb) set height 0
(gdb) msgbuf
msgbufp 0xc1b84000: bufx 46282 bufr 45213 bufs 131056
Dumping 0xc1b8f4da length 84774

Dumping 0xc1b84010 length 46282
[...]
NetBSD 1.5_ALPHA (ZORKMID-$Revision: 1.15 $) #213: Wed Jul  5 00:57:54 EDT 2000
    jhawk@zorkmid.mit.edu:/usr/local/netbsd-1-5/src/sys/arch/i386/compile/ZORKMID
cpu0: family 6 model 8 step 1
cpu0: Intel Pentium III (E) (686-class)
total memory = 65088 KB
avail memory = 55112 KB
using 839 buffers containing 3356 KB of memory
BIOS32 rev. 0 found at 0xfd880
PCI BIOS rev. 2.1 found at 0xfd99e
PCI IRQ Routing Table rev. 1.0 found at 0xfdf40, size 160 bytes (8 entries)
PCI Interrupt Router at 000:07:0 (Intel 82371FB PCI-to-ISA Bridge (PIIX))
WARNING: can't reserve area for I/O APIC.
pci_addr_fixup: 000:12:0 0x1180 0x0475 new address 0x04000000
mainbus0 (root)
pnpbios0 at mainbus0: nodes 17, max len 210
com0 at pnpbios0 index 14 (PNP0501)
com0: io 3f8-3ff, irq 4
com0: ns16550a, working fifo
lpt0 at pnpbios0 index 18 (PNP0401)
lpt0: io 378-37f 778-77f, irq 7, dma 3
pci0 at mainbus0 bus 0: configuration mode 1
pci0: i/o space, memory space enabled
pchb0 at pci0 dev 0 function 0
pchb0: Intel 82443BX Host Bridge/Controller (rev. 0x03)
ppb0 at pci0 dev 1 function 0: Intel 82443BX AGP Interface (rev. 0x03)
pci1 at ppb0 bus 1
pci1: i/o space, memory space enabled
vga1 at pci1 dev 0 function 0: Neomagic MagicMedia 256AV VGA (rev. 0x20)
wsdisplay0 at vga1: console (80x25, vt100 emulation)
pcib0 at pci0 dev 7 function 0
pcib0: Intel 82371AB PCI-to-ISA Bridge (PIIX4) (rev. 0x02)
pciide0 at pci0 dev 7 function 1: Intel 82371AB IDE controller (PIIX4) (rev. 0x01)
pciide0: bus-master DMA support present
pciide0: primary channel wired to compatibility mode
wd0 at pciide0 channel 0 drive 0: <TOSHIBA MK8113MAT>
wd0: drive supports 16-sector pio transfers, lba addressing
wd0: 7815 MB, 16938 cyl, 15 head, 63 sec, 512 bytes/sect x 16006410 sectors
wd0: 32-bit data port
wd0: drive supports PIO mode 4, DMA mode 2, Ultra-DMA mode 2
pciide0: primary channel interrupting at irq 14
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2 (using DMA data transfers)
pciide0: secondary channel wired to compatibility mode
pciide0: disabling secondary channel (no drives)
uhci0 at pci0 dev 7 function 2: Intel 82371AB USB Host Controller (PIIX4) (rev. 0x01)
uhci0: interrupting at irq 9
usb0 at uhci0: USB revision 1.0
uhub0 at usb0
uhub0: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub0: 2 ports with 2 removable, self powered
Intel 82371AB Power Management Controller (PIIX4) (miscellaneous bridge, revision 0x03) at pci0 dev 7 function 3 not configured
Sony CXD3222 OHCI IEEE 1394 Host Controller (Firewire serial bus, interface 0x10, revision 0x02) at pci0 dev 8 function 0 not configured
ymf: legacy audio enabled
Yamaha 744 (DS-1S) Audio (audio multimedia, revision 0x02) at pci0 dev 9 function 0 not configured
Conexant Systems SoftK56 PCI Software Modem (miscellaneous communications, revision 0x01) at pci0 dev 10 function 0 not configured
fxp0 at pci0 dev 11 function 0: Intel i82557 Ethernet, rev 8
fxp0: interrupting at irq 9
fxp0: Ethernet address 08:00:46:06:00:6b, 10/100 Mb/s
inphy0 at fxp0 phy 1: i82555 10/100 media interface, rev. 4
inphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
cbb0 at pci0 dev 12 function 0: Ricoh 5C475 PCI-CardBus bridge (rev. 0x80)
Sony Memory Stick I/F Controller (flash memory, revision 0x01) at pci0 dev 13 function 0 not configured
isa0 at pcib0
pckbc0 at isa0 port 0x60-0x64
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pms0 at pckbc0 (aux slot)
pckbc0: using irq 12 for aux slot
wsmouse0 at pms0 mux 0
sb0 at isa0 port 0x220-0x237 irq 5 drq 1: dsp v3.01
audio0 at sb0: half duplex, mmap, independent
midi0 at sb0: SB MIDI UART
opl0 at sb0: model OPL3
midi1 at opl0: SB Yamaha OPL3
pcppi0 at isa0 port 0x61
midi2 at pcppi0: PC speaker
sysbeep0 at pcppi0
isapnp0 at isa0 port 0x279: ISA Plug 'n Play device support
npx0 at isa0 port 0xf0-0xff: using exception 16
isapnp0: no ISA Plug 'n Play devices found
cbb0: interrupting at irq 9
cbb0: cacheline 0x0 lattimer 0x20
cbb0: bhlc 0x21000 lscp 0x20020200
cardslot0 at cbb0 slot 0 flags 0
cardbus0 at cardslot0: bus 2 device 0 cacheline 0x0, lattimer 0x20
pcmcia0 at cardslot0
acpi_probe(): BIOS EBDA mapped at 0xc0610000
acpi_probe(): RSDP checksums to 0
ACPI RSD pointer at 0xc05cbeb0, RsdtAddress at 0x03ffcbac, OEM SONY  
acpi_get_table(0x03ffcbac, 0xc05cbe98, 0t44, 0x00000001)
  mapping 44 bytes of acpispace at 0xc5634bac
acpi_get_table: new table
	signature	RSDT
	checksum	0x4f
	length		44
	revision	1
	oem_id		SONY  
	oem_table_id	Z1      
	oem_revision	0x20000211
	creator_id	PTL 
	creator_rev.	0
acpi_get_table(): table RSDT checksums to 0
acpi RSD has pointer to 0x03fff765
acpi_get_table(0x03fff765, 0xc05cbe94, 0t116, 0x00000001)
  mapping 116 bytes of acpispace at 0xc5634765
acpi_get_table: new table
	signature	FACP
	checksum	0x3f
	length		116
	revision	1
	oem_id		SONY  
	oem_table_id	Z1      
	oem_revision	0x20000211
	creator_id	PTL 
	creator_rev.	1000000
acpi_get_table(): table FACP checksums to 0
acpi RSD has pointer to 0x03fff7d9
acpi_get_table(0x03fff7d9, 0xc05cbe94, 0t116, 0x00000001)
  mapping 116 bytes of acpispace at 0xc56347d9
acpi_get_table: new table
	signature	BOOT
	checksum	0x57
	length		39
	revision	1
	oem_id		SONY  
	oem_table_id	Z1      
	oem_revision	0x20000211
	creator_id	PTL 
	creator_rev.	1
acpi_get_table(): table BOOT checksums to 0
acpi_get_table(0x03ffffc0, 0xc055c1fc, 0t116, 0x00000000)
acpi_get_table() mapping for 03ffffc0 failed for errno 35
apm0 at mainbus0: Power Management spec V1.2
apm: 1 batteries, global suspend, rtimer suspend, internal standby
biomask ef4d netmask ef4d ttymask ffcf
wi0 at pcmcia0 function 0
wi0: address 00:60:1d:1e:73:c9
boot device: wd0
root on wd0a dumps on wd0b
root file system type: ffs
wsdisplay0: screen 1 added (80x25, vt100 emulation)
wsdisplay0: screen 2 added (80x25, vt100 emulation)
wsdisplay0: screen 3 added (80x25, vt100 emulation)
wsdisplay0: screen 4 added (80x25, vt100 emulation)
wsmux1: connecting to wsdisplay0
uhci0: interrupt while not operating ignored
uhci0: interrupt while not operating ignored
uhci0: interrupt while not operating ignored
vnd0: no disk label
vnd0: no disk label
vnd0: no disk label
vnd0: no disk label
vnd0: no disk label
vnd0: no disk label
umass0 at uhub0 port 2 configuration 1 interface 0
umass0: Y-E DATA FlashBuster-U, rev 1.00/1.28, addr 2
umass0: using UFI over CBI-I
vnd0: no disk label
vnd0: no disk label
vnd0: no disk label
vnd0: no disk label
vnd0: no disk label
vnd0: no disk label
uhub0: port error, restarting port 2
umass0: at uhub0 port 2 (addr 2) disconnected
uvm_fault(0xc052f8e0, 0x0, 0, 1) -> 1
fatal page fault in supervisor mode
trap type 6 code 0 eip c01a41f4 cs 8 eflags 10246 cr2 c cpl 0
panic: trap
Begin traceback...
trap() at trap+0x1e5
--- trap (number 6) ---
config_deactivate(0,1,c5650efc,c01a4221,c07b5400) at config_deactivate+0x8
umass_activate(c07b5400,1,0,c04b3ae0,c5650f1c) at umass_activate+0x30
config_deactivate(c07b5400,0,c084a980,c074e7c0,c0531e74) at config_deactivate+0x35
config_detach(c07b5400,1,c04ae32a,2) at config_detach+0x3b
usb_disconnect_port(c074e7c0,c075c5c0,c074e900,0,0) at usb_disconnect_port+0x88
uhub_explore(c074e880) at uhub_explore+0x123
usb_discover(c074e900) at usb_discover+0x21
usb_event_thread(c074e900) at usb_event_thread+0x26
End traceback...
syncing disks... 13 13 4 done

dumping to dev 0,1 offset 396196
dump 63 62 61 60 59 58 57 56 55 54 53 52 51 50 49 48 47 46 45 44 43 42 41 40 39 38 37 36 35 34 33 32 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 

(gdb)
>Fix:
	
	'dunno. Going to update to -current 1.5_ALPHA today, though.
>Release-Note:
>Audit-Trail:
>Unformatted: