kern/55628: inserting blank disk into USB Floppy drive panics NetBSD 9.0/amd64

To: kern-bug-people%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost
Subject: kern/55628: inserting blank disk into USB Floppy drive panics NetBSD 9.0/amd64
From: joernc%gmail.com@localhost
Date: Sun, 30 Aug 2020 18:40:00 +0000 (UTC)

>Number:         55628
>Category:       kern
>Synopsis:       inserting blank disk into USB Floppy drive panics NetBSD 9.0/amd64
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sun Aug 30 18:40:00 +0000 2020
>Originator:     Joern Clausen
>Release:        9.0/amd64
>Organization:
>Environment:
NetBSD itix.joern.loc 9.0 NetBSD 9.0 (GENERIC) #0: Fri Feb 14 00:06:28 UTC 2020  mkrepro%mkrepro.NetBSD.org@localhost:/usr/src/sys/arch/amd64/compile/GENERIC amd64
>Description:
I have an old USB Floppy drive. This is logged when plugging it in:

[    84.478242] umass1 at uhub3 port 3 configuration 1 interface 0
[    84.478242] umass1: TEAC (0x644) TEAC FD-05PUW (0000), rev 2.00/0.00, addr 6
[    84.478242] umass1: using UFI over CBI with CCI
[    84.478242] atapibus0 at umass1: 2 targets
[    84.558295] sd1 at atapibus0 drive 0: <TEAC, FD-05PUW, 3000> disk removable
[    84.628340] sd1: drive offline

When inserting a blank disk, it is read for a second, that the machine crashes:

[    93.874370] fatal integer divide fault in supervisor mode
[    93.874370] trap type 8 code 0 rip 0xffffffff809716b3 cs 0x8 rflags 0x10246 cr2 0x756bf954a000 ilevel 0 rsp 0xffff9a0064c929b0
[    93.874370] curlwp 0xffff96a32578a540 pid 1010.1 lowest kstack 0xffff9a0064c902c0
[    93.874370] panic: trap
[    93.874370] cpu3: Begin traceback...
[    93.874370] vpanic() at netbsd:vpanic+0x160
[    93.874370] snprintf() at netbsd:snprintf
[    93.874370] startlwp() at netbsd:startlwp
[    93.874370] alltraps() at netbsd:alltraps+0xbb
[    93.884376] scan_mbr() at netbsd:scan_mbr+0x3e
[    93.884376] readdisklabel() at netbsd:readdisklabel+0x110
[    93.884376] dk_getdisklabel() at netbsd:dk_getdisklabel+0xc8
[    93.884376] dk_open() at netbsd:dk_open+0x120
[    93.884376] spec_open() at netbsd:spec_open+0x175
[    93.894383] VOP_OPEN() at netbsd:VOP_OPEN+0x4c
[    93.894383] vn_open() at netbsd:vn_open+0x241
[    93.894383] do_open() at netbsd:do_open+0x103
[    93.894383] do_sys_openat() at netbsd:do_sys_openat+0x8b
[    93.894383] sys_open() at netbsd:sys_open+0x24
[    93.894383] syscall() at netbsd:syscall+0x157
[    93.904389] --- syscall (number 5) ---
[    93.904389] 756bf88429fa:
[    93.904389] cpu3: End traceback...

[    93.904389] dumping to dev 0,1 (offset=611511, size=972259):
[    93.904389] dump Skipping crash dump on recursive panic
[    94.794968] panic: pr_item_bitmap_put: [ataspl] 0xffff96a338d39038 already freed
[    94.794968] cpu3: Begin traceback...
[    94.794968] vpanic() at netbsd:vpanic+0x160
[    94.794968] snprintf() at netbsd:snprintf
[    94.794968] pool_put() at netbsd:pool_put+0x492
[    94.804975] ahci_bio_complete() at netbsd:ahci_bio_complete+0x177
[    94.804975] ahci_intr_port() at netbsd:ahci_intr_port+0x23e
[    94.804975] ahci_bio_poll() at netbsd:ahci_bio_poll+0x2b
[    94.804975] ata_xfer_start() at netbsd:ata_xfer_start+0xaa
[    94.804975] atastart() at netbsd:atastart+0x1d2
[    94.804975] ahci_ata_bio() at netbsd:ahci_ata_bio+0x5f
[    94.814982] wd_dumpblocks() at netbsd:wd_dumpblocks+0x111
[    94.814982] dk_dump() at netbsd:dk_dump+0x172
[    94.814982] dumpsys_seg() at netbsd:dumpsys_seg+0xd0
[    94.814982] dump_seg_iter() at netbsd:dump_seg_iter+0x107
[    94.814982] dodumpsys() at netbsd:dodumpsys+0x268
[    94.814982] dumpsys() at netbsd:dumpsys+0x1d
[    94.824988] vpanic() at netbsd:vpanic+0x169
[    94.824988] snprintf() at netbsd:snprintf
[    94.824988] startlwp() at netbsd:startlwp
[    94.824988] alltraps() at netbsd:alltraps+0xbb
[    94.824988] scan_mbr() at netbsd:scan_mbr+0x3e
[    94.824988] readdisklabel() at netbsd:readdisklabel+0x110
[    94.834995] dk_getdisklabel() at netbsd:dk_getdisklabel+0xc8
[    94.834995] dk_open() at netbsd:dk_open+0x120
[    94.834995] spec_open() at netbsd:spec_open+0x175
[    94.834995] VOP_OPEN() at netbsd:VOP_OPEN+0x4c
[    94.834995] vn_open() at netbsd:vn_open+0x241
[    94.834995] do_open() at netbsd:do_open+0x103
[    94.845001] do_sys_openat() at netbsd:do_sys_openat+0x8b
[    94.845001] sys_open() at netbsd:sys_open+0x24
[    94.845001] syscall() at netbsd:syscall+0x157
[    94.845001] --- syscall (number 5) ---


This is the backtrace using crash(8) on the generated kernel dump and core (from a second attempt, so some values differ to the above output):

Crash version 9.0, image version 9.0.
System panicked: trap
Backtrace from time of crash is available.
db> crash> bt
_KERNEL_OPT_NARCNET() at 0
?() at ffffb50064d10000
vpanic() at vpanic+0x169
snprintf() at snprintf
startlwp() at startlwp
calltrap() at calltrap+0x11
scan_mbr() at scan_mbr+0x3e
readdisklabel() at readdisklabel+0x110
dk_getdisklabel() at dk_getdisklabel+0xc8
dk_open() at dk_open+0x120
spec_open() at spec_open+0x175
VOP_OPEN() at VOP_OPEN+0x4c
vn_open() at vn_open+0x241
do_open() at do_open+0x103
do_sys_openat() at do_sys_openat+0x8b
sys_open() at sys_open+0x24
syscall() at syscall+0x157
--- syscall (number 5) ---
78440f4429fa:

>How-To-Repeat:

>Fix:

Prev by Date: Re: PR/55605 CVS commit: src/usr.bin/script
Next by Date: Re: PR/55531 CVS commit: src/usr.bin/script
Previous by Thread: Re: port-alpha/53077 (alpha panic: cpu_uarea_alloc: uvm_pglistalloc failed: 12)
Next by Thread: Re: kern/55628: inserting blank disk into USB Floppy drive panics NetBSD 9.0/amd64
Indexes:

Home | Main Index | Thread Index | Old Index