From nobody@FreeBSD.org  Tue Nov 27 12:23:26 2007
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id CA5DC16A46C
	for <freebsd-gnats-submit@FreeBSD.org>; Tue, 27 Nov 2007 12:23:26 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21])
	by mx1.freebsd.org (Postfix) with ESMTP id BA8E613C4FD
	for <freebsd-gnats-submit@FreeBSD.org>; Tue, 27 Nov 2007 12:23:26 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.14.2/8.14.2) with ESMTP id lARCNKqt006613
	for <freebsd-gnats-submit@FreeBSD.org>; Tue, 27 Nov 2007 12:23:20 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.14.2/8.14.1/Submit) id lARCNJTT006612;
	Tue, 27 Nov 2007 12:23:19 GMT
	(envelope-from nobody)
Message-Id: <200711271223.lARCNJTT006612@www.freebsd.org>
Date: Tue, 27 Nov 2007 12:23:19 GMT
From: Kyryll A Mirnenko <mirya@zoc.com.ua>
To: freebsd-gnats-submit@FreeBSD.org
Subject: device sg + hald + umass plugging crashes 7.0
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         118282
>Category:       kern
>Synopsis:       [sg] device sg + hald + umass plugging crashes 7.0
>Confidential:   no
>Severity:       serious
>Priority:       low
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Nov 27 12:30:02 UTC 2007
>Closed-Date:    Thu Aug 18 14:54:15 UTC 2011
>Last-Modified:  Thu Aug 18 14:54:15 UTC 2011
>Originator:     Kyryll A Mirnenko
>Release:        RELENG_7
>Organization:
>Environment:
FreeBSD miryanote 7.0-BETA3 FreeBSD 7.0-BETA3 #0: Tue Nov 26 18:35:21 EET 2007 mirya@miryanote:/usr/src/sys/i386/compile/MY-LITE i386
>Description:
Putting "device sg" into kernel causes 7.0-BETA3 to crash on the following
conditions:

1) hald is run (it's started at the boot time for me)
2) umass device containing ELI-encrypted data is being plugged in (it
   seems to have nothing to do with ELI, but I can reproduce it cleanly
   with an USB hard disk with FFS at da0.eli after `geli attach`)

In a few moments the kernel crashes after hald-probe-storage tries to
read the block device. The crash is _sometimes_ reproduced with another
flash drive containing FAT32 at da0s1. The kernel does not panic if the
device is plugged in before hald is started.

Some extra info:

* the device that causes the crash:

acpi0: <HP 3084> on motherboard
acpi0: [ITHREAD]
acpi0: Power Button (fixed)
pcib0: <ACPI Host-PCI bridge> port 0xcf8-0xcff on acpi0
pci0: <ACPI PCI bus> on pcib0
pci0: <base peripheral> at device 0.1 (no driver attached)
pci0: <base peripheral> at device 0.3 (no driver attached)
ehci0: <Intel 82801DB/L/M (ICH4) USB 2.0 controller> mem 0xe0100000-0xe01003ff irq 11 at device 29.7 on pci0
ehci0: [GIANT-LOCKED]
ehci0: [ITHREAD]
usb3: EHCI version 1.0
usb3: companion controllers, 2 ports each: usb0 usb1 usb2
usb3: <Intel 82801DB/L/M (ICH4) USB 2.0 controller> on ehci0
usb3: USB revision 2.0
uhub3: <Intel EHCI root hub, class 9/0, rev 2.00/1.00, addr 1> on usb3
uhub3: 6 ports with 6 removable, self powered
umass0: <Western Digital External HDD, class 0/0, rev 2.00/2.40, addr 2> on uhub3
da0 at umass-sim0 bus 0 target 0 lun 0
da0: <WDC WD12 00UE-00KVT0 0000> Fixed Direct Access SCSI-0 device
da0: 40.000MB/s transfers
da0: 114473MB (234441648 512 byte sectors: 255H 63S/T 14593C)

* the dump:

panic: msleep
KDB: stack backtrace
db_trace_self_wrapper(c0968c2f,c0a19c40,c09697de,cc12cb30,cc12cb30,...) at 
0xc047b4a6 = db_trace_self_wrapper+0x26
panic(c09697de,c0a19630,c09697ad,c094a106,8,...) at 0xc05d9bef = panic+0xdf
_sleep(0,c0a19630,100,c094a106,0,...) at 0xc05e2a57 = _sleep+0x87
sgread(c31c1f00,cc12cc5c,0,168,0,...) at 0xc046d91f = sgread+0xff
giant_read(c31c1f00,cc12cc5c,0,0,c00,...) at 0xc05aa188 = giant_read+0x48
devfs_read_f(c2faa4c8,cc12cc5c,c2809f00,0,c31be630,...) at 0xc0539746 = 
devfs_read_f+0x76
dofileread(cc12cc5c,ffffffff,ffffffff,0,c2faa4c8,...) at 0xc061423c = 
dofileread+0x6c
kern_readv(c31be630,4,cc12cc5c,cc12cc7c,1,...) at 0xc0615e98 = kern_readv+0x58
read(c31be630,cc12ccf8,c,c096e2b3,c09c97c8,...) at 0xc0615f80 = read+0x50
syscall(cc12cd38) at 0xc90642a = syscall+0x13a
Xint0x80_syscall() at 0xc08eeb20 = Xint0x80_syscall+0x20
--- syscall (3, FreeBSD ELF 32, read), eip = 0x48381673, esp = 0xbfbfe65c, ebp 
= 0xbfbfe68b ---


>How-To-Repeat:
* add "device sg" to the GENERIC
* run hald (make it run via rc.conf on startup)
* plug in the umass device formatted as described above
* expect panic
>Fix:


>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->feedback 
State-Changed-By: jh 
State-Changed-When: Mon May 23 15:25:02 UTC 2011 
State-Changed-Why:  
Can you still reproduce this on a supported release? 

http://www.freebsd.org/cgi/query-pr.cgi?pr=118282 
State-Changed-From-To: feedback->closed 
State-Changed-By: jh 
State-Changed-When: Thu Aug 18 14:54:13 UTC 2011 
State-Changed-Why:  
Feedback timeout. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=118282 
>Unformatted:
