From nobody@FreeBSD.org  Mon Oct  8 17:45:51 2007
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 3758916A46E
	for <freebsd-gnats-submit@FreeBSD.org>; Mon,  8 Oct 2007 17:45:51 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21])
	by mx1.freebsd.org (Postfix) with ESMTP id CBE9C13C46A
	for <freebsd-gnats-submit@FreeBSD.org>; Mon,  8 Oct 2007 17:45:50 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.14.1/8.14.1) with ESMTP id l98HjoIX019227
	for <freebsd-gnats-submit@FreeBSD.org>; Mon, 8 Oct 2007 17:45:50 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.14.1/8.14.1/Submit) id l98Hjo6W019226;
	Mon, 8 Oct 2007 17:45:50 GMT
	(envelope-from nobody)
Message-Id: <200710081745.l98Hjo6W019226@www.freebsd.org>
Date: Mon, 8 Oct 2007 17:45:50 GMT
From: Shanker Balan <mail@shankerbalan.net>
To: freebsd-gnats-submit@FreeBSD.org
Subject: panic: brelse: free buffer onto another queue???
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         117028
>Category:       kern
>Synopsis:       [atapicam] [panic] brelse: free buffer onto another queue???
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Oct 08 17:50:02 GMT 2007
>Closed-Date:    Mon Feb 21 16:44:11 UTC 2011
>Last-Modified:  Mon Feb 21 16:44:11 UTC 2011
>Originator:     Shanker Balan
>Release:        7.0-CURRENT
>Organization:
Yahoo
>Environment:
FreeBSD partvarious-lx.eglbp.corp.yahoo.com 7.0-CURRENT FreeBSD 7.0-CURRENT #5: Sun Sep 23 13:48:49 IST 2007     shanu@partvarious-lx.eglbp.corp.yahoo.com:/usr/obj/usr/home/src/sys/MYKERNEL  i386

>Description:
The below panic happens with atapicam loaded and running totem media player
to play a DVD.

[partvarious-lx] ~> sudo kgdb -n 3
[GDB will not be able to debug user-mode threads: /usr/lib/libthread_db.so: Undefined symbol "ps_pglobal_lookup"]
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-marcel-freebsd".

Unread portion of the kernel message buffer:
(cd0:ata1:0:0:0): READ(10). CDB: 28 0 0 0 1 8 0 0 1 0 
(cd0:ata1:0:0:0): CAM Status: SCSI Status Error
(cd0:ata1:0:0:0): SCSI Status: Check Condition
(cd0:ata1:0:0:0): NOT READY asc:3a,0
(cd0:ata1:0:0:0): Medium not present
(cd0:ata1:0:0:0): Unretryable error
(cd0:ata1:0:0:0): cddone: got error 0x6 back
g_vfs_done():cd0[READ(offset=540672, length=2048)]error = 6
warning: udf_readlblks returned error 6
panic: brelse: free buffer onto another queue???
cpuid = 0
KDB: stack backtrace:
db_trace_self_wrapper(c0aaada9,d6500904,c07501ff,c0acb176,0,...) at db_trace_self_wrapper+0x26
kdb_backtrace(c0acb176,0,c0aadf1f,d6500910,0,...) at kdb_backtrace+0x29
panic(c0aadf1f,cd126114,1,800,c4df3008,...) at panic+0x10f
brelse(cd126048,c3c9c880,0,0,d65009d8,...) at brelse+0x6bf
udf_closedir(c49ed600,16d,d65009a8,c07c6759,ffffffff,...) at udf_closedir+0x18
udf_lookup(d6500a00,d6500a20,c07b88c9,c4dee7e0,d6500a00,...) at udf_lookup+0x2bf
VOP_CACHEDLOOKUP_APV(c4dee7e0,d6500a00,d6500bd0,d6500bbc,c2d95800,...) at VOP_CACHEDLOOKUP_APV+0x44
vfs_cache_lookup(d6500a84,d6500a38,2,c3c9c880,d6500aa4,...) at vfs_cache_lookup+0xc6
VOP_LOOKUP_APV(c4dee7e0,d6500a84,d6500bd0,c0aaed99,2a9,...) at VOP_LOOKUP_APV+0x48
lookup(d6500ba8,c3822400,400,d6500bc4,c4304220,...) at lookup+0x606
namei(d6500ba8,c0b6a600,7c,1,0,...) at namei+0x392
kern_stat(c4304220,28204500,0,d6500c18,c4304220,...) at kern_stat+0x37
stat(c4304220,d6500cfc,8,16,d6500d2c,...) at stat+0x2b
syscall(d6500d38) at syscall+0x32e
Xint0x80_syscall() at Xint0x80_syscall+0x20
--- syscall (188, FreeBSD ELF32, stat), eip = 0x281ab07b, esp = 0xbfbfe15c, ebp = 0xbfbfe248 ---
Uptime: 1h19m53s
Physical memory: 499 MB
Dumping 108 MB: 93 77 61 45 29 13

#0  doadump () at pcpu.h:195
195     pcpu.h: No such file or directory.
        in pcpu.h
(kgdb) bt
#0  doadump () at pcpu.h:195
#1  0xc074ff22 in boot (howto=260)
    at /usr/home/src/sys/kern/kern_shutdown.c:409
#2  0xc075022e in panic (fmt=Variable "fmt" is not available.
) at /usr/home/src/sys/kern/kern_shutdown.c:563
#3  0xc07b4692 in brelse (bp=0xcd126048)
    at /usr/home/src/sys/kern/vfs_bio.c:1358
#4  0xc4debd4e in ?? ()
#5  0xcd126048 in ?? ()
#6  0xc3c9c880 in ?? ()
#7  0x00000000 in ?? ()
#8  0x00000000 in ?? ()
#9  0xd65009d8 in ?? ()
#10 0xc4dec93a in ?? ()
#11 0xc49ed600 in ?? ()
#12 0x0000016d in ?? ()
#13 0xd65009a8 in ?? ()
#14 0xc07c6759 in vaccess (type=3298743808, file_mode=12288, 
    file_uid=3595569576, file_gid=3229378393, acc_mode=3024, cred=0x0, 
    privused=0xc3c9c880) at /usr/home/src/sys/kern/vfs_subr.c:3301
Previous frame inner to this frame (corrupt stack?)
(kgdb) 

>How-To-Repeat:
1. Pop in a DVD
2. Fire up totem
3. Play Disc
>Fix:


>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->feedback 
State-Changed-By: jh 
State-Changed-When: Sun Feb 20 18:58:11 UTC 2011 
State-Changed-Why:  
Can you still reproduce this on recent FreeBSD versions? 

http://www.freebsd.org/cgi/query-pr.cgi?pr=117028 
State-Changed-From-To: feedback->closed 
State-Changed-By: jh 
State-Changed-When: Mon Feb 21 16:44:10 UTC 2011 
State-Changed-Why:  
Submitter can't reproduce anymore. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=117028 
>Unformatted:
