From ernst@heinz.jollem.com  Wed Jan 24 01:33:08 2001
Return-Path: <ernst@heinz.jollem.com>
Received: from heinz.jollem.com (c104187.upc-c.chello.nl [212.187.104.187])
	by hub.freebsd.org (Postfix) with ESMTP id 1A22337B400
	for <FreeBSD-gnats-submit@freebsd.org>; Wed, 24 Jan 2001 01:33:07 -0800 (PST)
Received: (from ernst@localhost)
	by heinz.jollem.com (8.11.1/8.11.1) id f1O9Wlx00477;
	Sat, 24 Feb 2001 10:32:47 +0100 (CET)
	(envelope-from ernst)
Message-Id: <200102240932.f1O9Wlx00477@heinz.jollem.com>
Date: Sat, 24 Feb 2001 10:32:47 +0100 (CET)
From: Ernst de Haan <ernst@jollem.com>
Reply-To: ernst@jollem.com
To: FreeBSD-gnats-submit@freebsd.org
Subject: sysinstall crash: Page fault while in kernel mode
X-Send-Pr-Version: 3.2

>Number:         24596
>Category:       kern
>Synopsis:       sysinstall crash: Page fault while in kernel mode
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    dd
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Jan 24 01:40:00 PST 2001
>Closed-Date:    Tue Jul 10 22:16:34 PDT 2001
>Last-Modified:  Tue Jul 10 22:16:45 PDT 2001
>Originator:     Ernst de Haan
>Release:        FreeBSD 4.2-STABLE i386
>Organization:
Jollem Information Technology
>Environment:

	dmesg says:

Copyright (c) 1992-2001 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
	The Regents of the University of California. All rights reserved.
FreeBSD 4.2-STABLE #6: Fri Feb 23 23:22:28 CET 2001
    root@heinz.jollem.com:/usr/src/sys/compile/HEINZ
Timecounter "i8254"  frequency 1193182 Hz
CPU: Pentium II/Pentium II Xeon/Celeron (400.91-MHz 686-class CPU)
  Origin = "GenuineIntel"  Id = 0x652  Stepping = 2
  Features=0x183f9ff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR>
real memory  = 268369920 (262080K bytes)
avail memory = 258162688 (252112K bytes)
Preloaded elf kernel "kernel" at 0xc0320000.
Pentium Pro MTRR support enabled
apm0: <APM BIOS> on motherboard
apm: found APM BIOS v1.2, connected at v1.2
npx0: <math processor> on motherboard
npx0: INT 16 interface
pcib0: <Intel 82443BX (440 BX) host to PCI bridge> on motherboard
pci0: <PCI bus> on pcib0
pcib1: <Intel 82443BX (440 BX) PCI-PCI (AGP) bridge> at device 1.0 on pci0
pci1: <PCI bus> on pcib1
pci1: <NVidia model 0110 graphics accelerator> at 0.0 irq 11
isab0: <Intel 82371AB PCI to ISA bridge> at device 7.0 on pci0
isa0: <ISA bus> on isab0
atapci0: <Intel PIIX4 ATA33 controller> port 0xf000-0xf00f at device 7.1 on pci0
ata0: at 0x1f0 irq 14 on atapci0
ata1: at 0x170 irq 15 on atapci0
uhci0: <Intel 82371AB/EB (PIIX4) USB controller> port 0xd000-0xd01f irq 10 at device 7.2 on pci0
usb0: <Intel 82371AB/EB (PIIX4) USB controller> on uhci0
usb0: USB revision 1.0
uhub0: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub0: 2 ports with 2 removable, self powered
ukbd0: Logitech USB Receiver, rev 1.10/10.b7, addr 2, iclass 3/1
kbd1 at ukbd0
uhid0: Logitech USB Receiver, rev 1.10/10.b7, addr 2, iclass 3/0
ums0: Logitech USB Receiver, rev 1.10/9.10, addr 3, iclass 3/1
ums0: 5 buttons and Z dir.
chip1: <Intel 82371AB Power management controller> port 0x5000-0x500f at device 7.3 on pci0
ahc0: <Adaptec 2940 Ultra2 SCSI adapter> port 0xd400-0xd4ff mem 0xef000000-0xef000fff irq 12 at device 16.0 on pci0
aic7890/91: Wide Channel A, SCSI Id=7, 32/255 SCBs
rl0: <RealTek 8139 10/100BaseTX> port 0xd800-0xd8ff mem 0xef001000-0xef0010ff irq 5 at device 18.0 on pci0
rl0: Ethernet address: 00:50:bf:10:ff:9f
miibus0: <MII bus> on rl0
rlphy0: <RealTek internal media interface> on miibus0
rlphy0:  10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
pcm0: <Creative EMU10K1> port 0xdc00-0xdc1f irq 10 at device 20.0 on pci0
fdc0: <NEC 72065B or clone> at port 0x3f0-0x3f5,0x3f7 irq 6 drq 2 on isa0
fdc0: FIFO enabled, 8 bytes threshold
fd0: <1440-KB 3.5" drive> on fdc0 drive 0
atkbdc0: <Keyboard controller (i8042)> at port 0x60,0x64 on isa0
atkbd0: <AT Keyboard> irq 1 on atkbdc0
kbd0 at atkbd0
vga0: <Generic ISA VGA> at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0
sc0: <System console> at flags 0x100 on isa0
sc0: VGA <16 virtual consoles, flags=0x300>
ppc0: <Parallel port> at port 0x378-0x37f irq 7 drq 3 on isa0
ppc0: Generic chipset (NIBBLE-only) in COMPATIBLE mode
lpt0: <Printer> on ppbus0
lpt0: Interrupt-driven port
ppi0: <Parallel I/O> on ppbus0
sio0: configured irq 12 not in bitmap of probed irqs 0
sio0 at port 0x2e8-0x2ef irq 12 flags 0x10 on isa0
sio0: type 8250
ad0: 8207MB <ST38641A> [16676/16/63] at ata0-master UDMA33
Waiting 10 seconds for SCSI devices to settle
da1 at ahc0 bus 0 target 2 lun 0
da1: <QUANTUM ATLAS_V__9_WLS 0230> Fixed Direct Access SCSI-3 device 
da1: 80.000MB/s transfers (40.000MHz, offset 63, 16bit), Tagged Queueing Enabled
da1: 8755MB (17930694 512 byte sectors: 255H 63S/T 1116C)
da2 at ahc0 bus 0 target 3 lun 0
da2: <QUANTUM ATLAS_V__9_WLS 0230> Fixed Direct Access SCSI-3 device 
da2: 80.000MB/s transfers (40.000MHz, offset 63, 16bit), Tagged Queueing Enabled
da2: 8755MB (17930694 512 byte sectors: 255H 63S/T 1116C)
Mounting root from ufs:/dev/da2s1a
cd0 at ahc0 bus 0 target 4 lun 0
cd0: <TEAC CD-R56S 1.0F> Removable CD-ROM SCSI-2 device 
cd0: 10.000MB/s transfers (10.000MHz, offset 15)
cd0: cd present [345852 x 2048 byte records]
da0 at ahc0 bus 0 target 1 lun 0
da0: <IBM DNES-309170W SAH0> Fixed Direct Access SCSI-3 device 
da0: 80.000MB/s transfers (40.000MHz, offset 30, 16bit), Tagged Queueing Enabled
da0: 8748MB (17916240 512 byte sectors: 255H 63S/T 1115C)

>Description:

	When I run /stand/sysinstall I get a kernel panic. I wrote down the
	error message (had to buy a pen for that ;) ). Here is comes:

Fatal trap 12: page fault while in kernel mode
fault virtual address   = 0x24
fault code              = superior read, page not present
instruction pointer     = 0x8:0xc0202f70
stack pointer           = 0x10:0xccec1c8c
frame pointer           = 0x10:0xccec1c98
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, def32, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 199 (sysinstall)
interrupt mask          = none
trap number             = 12
panic: page fault

	This happens almost immediately when I run /stand/sysinstall, during
	the first phase, where it says something like "Detecting devices (this
	may take a while)". I started getting this problem after I enabled USB
	in my kernel and attached a USB keyboard and mouse (Logitech Cordless
	Desktop Pro).

	I just modified my kernel to save crash dumps to the swap, and these
	should be moved to /var/crash at startup. If you like I can generate
	such a crash dump?

>How-To-Repeat:

	If I restart the system, login as root and execute /stand/sysinstall,
	I get the very same crash.

>Fix:

	I really don't know any, I guess removing USB from my kernel config
	would help. But then again, it *may* be something else.


>Release-Note:
>Audit-Trail:

From: Thomas Quinot <thomas@cuivre.fr.eu.org>
To: freebsd-gnats-submit@FreeBSD.org
Cc: ernst@jollem.com
Subject: Re: kern/24596: sysinstall crash: Page fault while in kernel mode
Date: Thu, 14 Jun 2001 22:10:34 +0200

 I reproduced the very same crash today with:
 4.3-STABLE FreeBSD 4.3-STABLE #2: Tue May  1 20:28:53 CEST 2001
 
 I have a make world on a freshly-cvsupped source tree in progess right
 now, in the hope that it will relieve the problem.
 
 dmesg output:
 Copyright (c) 1992-2001 The FreeBSD Project.
 Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
 	The Regents of the University of California. All rights reserved.
 FreeBSD 4.3-STABLE #2: Tue May  1 20:28:53 CEST 2001
     thomas@melusine.cuivre.fr.eu.org:/usr/obj/usr/src/sys/MELUSINE
 Timecounter "i8254"  frequency 1193182 Hz
 CPU: Pentium II/Pentium II Xeon/Celeron (300.68-MHz 686-class CPU)
   Origin = "GenuineIntel"  Id = 0x660  Stepping = 0
   Features=0x183f9ff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR>
 real memory  = 134205440 (131060K bytes)
 avail memory = 126836736 (123864K bytes)
 Preloaded elf kernel "kernel" at 0xc03b6000.
 Pentium Pro MTRR support enabled
 npx0: <math processor> on motherboard
 npx0: INT 16 interface
 pcib0: <Intel 82443BX (440 BX) host to PCI bridge> on motherboard
 pci0: <PCI bus> on pcib0
 pcib1: <Intel 82443BX (440 BX) PCI-PCI (AGP) bridge> at device 1.0 on pci0
 pci1: <PCI bus> on pcib1
 pci1: <ATI Mach64-GB graphics accelerator> at 0.0 irq 11
 isab0: <Intel 82371AB PCI to ISA bridge> at device 4.0 on pci0
 isa0: <ISA bus> on isab0
 atapci0: <Intel PIIX4 ATA33 controller> port 0xb800-0xb80f at device 4.1 on pci0
 ata0: at 0x1f0 irq 14 on atapci0
 ata1: at 0x170 irq 15 on atapci0
 pci0: <Intel 82371AB/EB (PIIX4) USB controller> at 4.2 irq 9
 chip1: <Intel 82371AB Power management controller> port 0xe800-0xe80f at device 4.3 on pci0
 pci0: <unknown card> (vendor=0x109e, dev=0x0350) at 9.0 irq 9
 xl0: <3Com 3c900-COMBO Etherlink XL> port 0xb000-0xb03f irq 9 at device 10.0 on pci0
 xl0: Ethernet address: 00:60:97:7c:8c:2c
 xl0: selecting 10baseT transceiver, half duplex
 pcm0: <AudioPCI ES1371> port 0xa800-0xa83f irq 9 at device 11.0 on pci0
 sym0: <875> port 0xa400-0xa4ff mem 0xdf800000-0xdf800fff,0xe0000000-0xe00000ff irq 11 at device 12.0 on pci0
 sym0: Tekram NVRAM, ID 7, Fast-20, SE, parity checking
 fdc0: <NEC 72065B or clone> at port 0x3f0-0x3f5,0x3f7 irq 6 drq 2 on isa0
 fdc0: FIFO enabled, 8 bytes threshold
 fd0: <1440-KB 3.5" drive> on fdc0 drive 0
 atkbdc0: <Keyboard controller (i8042)> at port 0x60,0x64 on isa0
 atkbd0: <AT Keyboard> flags 0x1 irq 1 on atkbdc0
 kbd0 at atkbd0
 psm0: <PS/2 Mouse> irq 12 on atkbdc0
 psm0: model MouseMan+, device ID 0
 vga0: <Generic ISA VGA> at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0
 sc0: <System console> at flags 0x100 on isa0
 sc0: VGA <16 virtual consoles, flags=0x300>
 sio0 at port 0x3f8-0x3ff irq 5 flags 0x10 on isa0
 sio0: type 16550A
 sio1 at port 0x2f8-0x2ff irq 3 on isa0
 sio1: type 16550A
 sio2 at port 0x3e8-0x3ef irq 4 on isa0
 sio2: type 16550A
 sio3 at port 0x2e8-0x2ef irq 10 on isa0
 sio3: type 16550A
 ppc0: <Parallel port> at port 0x378-0x37f irq 7 on isa0
 ppc0: SMC-like chipset (ECP/EPP/PS2/NIBBLE) in COMPATIBLE mode
 ppc0: FIFO with 16/16/9 bytes threshold
 ppi0: <Parallel I/O> on ppbus0
 plip0: <PLIP network interface> on ppbus0
 lpt0: <Printer> on ppbus0
 lpt0: Interrupt-driven port
 IP Filter: v3.4.16 initialized.  Default = pass all, Logging = enabled
 ad0: 6149MB <QUANTUM FIREBALL EX6.4A> [13328/15/63] at ata0-master UDMA33
 ad1: 14324MB <QUANTUM FIREBALLlct15 15> [29104/16/63] at ata0-slave UDMA33
 acd0: DVD-ROM <Pioneer DVD-ROM ATAPIModel DVD-105S 0122> at ata1-master using PIO4
 Waiting 3 seconds for SCSI devices to settle
 sa0 at sym0 bus 0 target 5 lun 0
 sa0: <HP C1533A HP00> Removable Sequential Access SCSI-2 device 
 sa0: 10.000MB/s transfers (10.000MHz, offset 8)
 Mounting root from ufs:/dev/ad1s1a
 WARNING: / was not properly dismounted
 da0 at sym0 bus 0 target 6 lun 0
 da0: <IBM DDRS-39130W S71D> Fixed Direct Access SCSI-2 device 
 da0: 40.000MB/s transfers (20.000MHz, offset 15, 16bit), Tagged Queueing Enabled
 da0: 8715MB (17850000 512 byte sectors: 255H 63S/T 1111C)
 (cd0:sym0:0:2:0): got CAM status 0x4c
 (cd0:sym0:0:2:0): fatal error, failed to attach to device
 (cd0:sym0:0:2:0): lost device
 (cd0:sym0:0:2:0): removing device entry
 IP Filter: already initialized
 uhci0: <Intel 82371AB/EB (PIIX4) USB controller> port 0xb400-0xb41f irq 9 at device 4.2 on pci0
 usb0: <Intel 82371AB/EB (PIIX4) USB controller> on uhci0
 usb0: USB revision 1.0
 uhub0: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1
 uhub0: 2 ports with 2 removable, self powered
 
 -- 
     Thomas.Quinot@Cuivre.FR.EU.ORG

From: Thomas Quinot <quinot@infres.enst.fr>
To: freebsd-gnats-submit@FreeBSD.org, ernst@jollem.com
Cc:  
Subject: Re: kern/24596: sysinstall crash: Page fault while in kernel mode
Date: Fri, 15 Jun 2001 15:48:36 +0200

 Could this be due to using a /stand/sysinstall from an old release on a
 -stable system where world and kernel have been updated?
 
 -- 
 Thomas Quinot ** Dpartement Informatique & Rseaux **
 quinot@inf.enst.fr
               ENST   //   46 rue Barrault   //   75634 PARIS CEDEX 13

From: Ernst de Haan <ernst@jollem.com>
To: Thomas Quinot <quinot@infres.enst.fr>
Cc: freebsd-gnats-submit@FreeBSD.org
Subject: Re: kern/24596: sysinstall crash: Page fault while in kernel mode
Date: Fri, 15 Jun 2001 15:55:00 +0200

 Thomas,
 
 It could be, I don't know. It's been a while since I've seen this
 problem myself. I'm running 4.3-STABLE without any problems now.
 
 Ernst
 
 
 Thomas Quinot wrote:
 > Could this be due to using a /stand/sysinstall from an old release on a
 > -stable system where world and kernel have been updated?
 > 
 > -- 
 > Thomas Quinot ** Dpartement Informatique & Rseaux **
 > quinot@inf.enst.fr
 >               ENST   //   46 rue Barrault   //   75634 PARIS CEDEX 13
 > 
 
 -- 
 Ernst de Haan
 Java Architect
 Jollem Information Technology
 
     "Come to me all who are weary and burdened
         and I will give you rest" -- Jesus Christ

From: Thomas Quinot <thomas@cuivre.fr.eu.org>
To: freebsd-gnats-submit@FreeBSD.org
Cc: stable@freebsd.org
Subject: Re: kern/24596: sysinstall crash: Page fault while in kernel mode
Date: Sat, 16 Jun 2001 01:41:10 +0200

 After makeing kernel and world and recompiling sysinstall from
 a freshly-cvsupped source tree, I still get a panic right after
 the 'probing devices' message. Excerpts from kgdb session follow.
 If any other system information or any further forensics are
 necessary, please feel free to ask. :)
 
 I am very intrigued by this crash dump. Why dp can be NULL at this
 point is beyond my understanding.
 
 Thomas.
 
 Script started on Sat Jun 16 01:26:24 2001
 $ uname -a
 FreeBSD melusine.cuivre.fr.eu.org 4.3-STABLE FreeBSD 4.3-STABLE #4: Fri Jun 15 01:25:04 CEST 2001     thomas@melusine.cuivre.fr.eu.org:/usr/obj/usr/src/sys/MELUSINE  i386
 $ gdb -k /usr/obj/usr/src/sys/MELUSINE/kernel.debug /var/crash/vmcore.0
 GNU gdb 4.18
 Copyright 1998 Free Software Foundation, Inc.
 GDB is free software, covered by the GNU General Public License, and you are
 welcome to change it and/or distribute copies of it under certain conditions.
 Type "show copying" to see the conditions.
 There is absolutely no warranty for GDB.  Type "show warranty" for details.
 This GDB was configured as "i386-unknown-freebsd"...
 
 IdlePTD 4087808
 initial pcb at 343a60
 panicstr: page fault
 panic messages:
 ---
 Fatal trap 12: page fault while in kernel mode
 fault virtual address	= 0x0
 fault code		= supervisor read, page not present
 instruction pointer	= 0x8:0xc0176cfa
 stack pointer	        = 0x10:0xc8fcad58
 frame pointer	        = 0x10:0xc8fcad74
 code segment		= base 0x0, limit 0xfffff, type 0x1b
 			= DPL 0, pres 1, def32 1, gran 1
 processor eflags	= interrupt enabled, resume, IOPL = 0
 current process		= 541 (sysinstall)
 interrupt mask		= none
 trap number		= 12
 panic: page fault
 
 syncing disks... 53 3 1 
 done
 Uptime: 51s
 
 dumping to dev #ad/0x20009, offset 270360
 dump ata0: resetting devices .. done
 127 126 125 124 123 122 121 120 119 118 117 116 115 114 113 112 111 110 109 108 107 106 105 104 103 102 101 100 99 98 97 96 95 94 93 92 91 90 89 88 87 86 85 84 83 82 81 80 79 78 77 76 75 74 73 72 71 70 69 68 67 66 65 64 63 62 61 60 59 58 57 56 55 54 53 52 51 50 49 48 47 46 45 44 43 42 41 40 39 38 37 36 35 34 33 32 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0 
 ---
 #0  dumpsys () at /usr/src/sys/kern/kern_shutdown.c:472
 472		if (dumping++) {
 (kgdb) bt
 #0  dumpsys () at /usr/src/sys/kern/kern_shutdown.c:472
 #1  0xc016d761 in boot (howto=256) at /usr/src/sys/kern/kern_shutdown.c:312
 #2  0xc016daf9 in panic (fmt=0xc02ec7cf "page fault")
     at /usr/src/sys/kern/kern_shutdown.c:559
 #3  0xc02a4506 in trap_fatal (frame=0xc8fcad18, eva=0)
     at /usr/src/sys/i386/i386/trap.c:951
 #4  0xc02a41c5 in trap_pfault (frame=0xc8fcad18, usermode=0, eva=0)
     at /usr/src/sys/i386/i386/trap.c:844
 #5  0xc02a3d6b in trap (frame={tf_fs = -922353648, tf_es = -1070661616, 
       tf_ds = -933822448, tf_edi = 0, tf_esi = -1060864640, 
       tf_ebp = -922964620, tf_isp = -922964668, tf_ebx = -1060872140, 
       tf_edx = 1, tf_ecx = 0, tf_eax = 0, tf_trapno = 12, tf_err = 0, 
       tf_eip = -1072206598, tf_cs = 8, tf_eflags = 66118, 
       tf_esp = -1060864640, tf_ss = 1}) at /usr/src/sys/i386/i386/trap.c:443
 #6  0xc0176cfa in diskopen (dev=0xc0cb0580, oflags=1, devtype=8192, 
     p=0xc857c040) at /usr/src/sys/kern/subr_disk.c:189
 #7  0xc01a4cd2 in spec_open (ap=0xc8fcadf4)
     at /usr/src/sys/miscfs/specfs/spec_vnops.c:193
 #8  0xc01a4bd9 in spec_vnoperate (ap=0xc8fcadf4)
     at /usr/src/sys/miscfs/specfs/spec_vnops.c:119
 #9  0xc023cf19 in ufs_vnoperatespec (ap=0xc8fcadf4)
     at /usr/src/sys/ufs/ufs/ufs_vnops.c:2391
 #10 0xc01a0a68 in vn_open (ndp=0xc8fcaec4, fmode=1, cmode=1164)
     at vnode_if.h:189
 #11 0xc019c920 in open (p=0xc857c040, uap=0xc8fcaf80)
     at /usr/src/sys/kern/vfs_syscalls.c:995
 #12 0xc02a47a6 in syscall2 (frame={tf_fs = 47, tf_es = 47, tf_ds = 47, 
       tf_edi = -1077939732, tf_esi = 0, tf_ebp = -1077943140, 
       tf_isp = -922964012, tf_ebx = -1077939732, tf_edx = 110, 
       tf_ecx = 135105439, tf_eax = 5, tf_trapno = 12, tf_err = 2, 
       tf_eip = 134909580, tf_cs = 31, tf_eflags = 643, tf_esp = -1077943264, 
       tf_ss = 47}) at /usr/src/sys/i386/i386/trap.c:1150
 #13 0xc0296015 in Xint0x80_syscall ()
 #14 0x804b29a in ?? ()
 #15 0x80576c5 in ?? ()
 #16 0x8048137 in ?? ()
 (kgdb) fr 6
 #6  0xc0176cfa in diskopen (dev=0xc0cb0580, oflags=1, devtype=8192, 
     p=0xc857c040) at /usr/src/sys/kern/subr_disk.c:189
 189			error = dp->d_devsw->d_open(pdev, oflags, devtype, p);
 (kgdb) print dp
 $1 = (struct disk *) 0x0
 (kgdb) print pdev
 $2 = 0xc0c47d80
 (kgdb) print *pdev
 $3 = {si_flags = 0, si_udev = 69378, si_hash = {le_next = 0xc0342818, 
     le_prev = 0xc0c48a88}, si_hlist = {slh_first = 0x0}, 
   si_name = "cd0", '\000' <repeats 12 times>, si_drv1 = 0x0, si_drv2 = 0x0, 
   si_devsw = 0xc033e540, si_devfs = 0x0, si_bdevfs = 0x0, 
   si_iosize_max = 65536, __si_u = {__si_tty = {__sit_tty = 0xc0c46034}, 
     __si_disk = {__sid_disk = 0xc0c46034, __sid_mountpoint = 0x0, 
       __sid_bsize_phys = 0, __sid_bsize_best = 0}}}
 (kgdb) print pdev->si_disk
 There is no member named si_disk.
 (kgdb) print pdev->__si_u.__si_disk.__sid_disk
 $4 = (struct disk *) 0xc0c46034
 (kgdb) print pdev->si_iosize_max
 $5 = 65536
 (kgdb) print pdev->__si_u.__si_disk.__sid_disk->d_slice
 $6 = (struct diskslices *) 0x0
 (kgdb) print dp
 $7 = (struct disk *) 0x0
 
 Script done on Sat Jun 16 01:33:30 2001
 -- 
     Thomas.Quinot@Cuivre.FR.EU.ORG

From: Thomas Quinot <thomas@cuivre.fr.eu.org>
To: freebsd-gnats-submit@FreeBSD.org, stable@freebsd.org
Cc:  
Subject: Re: kern/24596: sysinstall crash: Page fault while in kernel mode
Date: Sat, 16 Jun 2001 16:40:53 +0200

 Le 2001-06-16, Thomas Quinot crivait :
 
 > (kgdb) print *pdev
 > $3 = {si_flags = 0, si_udev = 69378, si_hash = {le_next = 0xc0342818, 
 >     le_prev = 0xc0c48a88}, si_hlist = {slh_first = 0x0}, 
 >   si_name = "cd0", '\000' <repeats 12 times>, si_drv1 = 0x0, si_drv2 = 0x0, 
 >   si_devsw = 0xc033e540, si_devfs = 0x0, si_bdevfs = 0x0, 
 >   si_iosize_max = 65536, __si_u = {__si_tty = {__sit_tty = 0xc0c46034}, 
 >     __si_disk = {__sid_disk = 0xc0c46034, __sid_mountpoint = 0x0, 
 >       __sid_bsize_phys = 0, __sid_bsize_best = 0}}}
 
 Since we had some indication (si_name) that this problem was related
 to cd0 (an HP Surestore CDW 6020) I investigated that direction a bit further.
 I was able to recreate a similar crash when trying to mount a CD, but
 the crash dump was of no help (the stack frame pointer was apparently
 wrong, and gdb was unable to produce a backtrace).
 
 However, I noted that these crashes occur only when one specific
 faulty disc is present in the CD burner at boot time (a failed disc
 that was not fixated correctly). When this CD is in the drive at boot
 time, I get the following messages:
 
 (cd0:sym0:0:2:0): got CAM status 0x4c
 (cd0:sym0:0:2:0): fatal error, failed to attach to device
 (cd0:sym0:0:2:0): lost device
 (cd0:sym0:0:2:0): removing device entry
 
 When the CD is not in the drive at boot time, I get no such error, and
 sysinstall and mounting a CD work correctly afterward.
 
 Hope this helps,
 Thomas.
 
 -- 
     Thomas.Quinot@Cuivre.FR.EU.ORG
Responsible-Changed-From-To: freebsd-bugs->dd 
Responsible-Changed-By: dd 
Responsible-Changed-When: Tue Jul 10 00:16:08 PDT 2001 
Responsible-Changed-Why:  
I have a patch to fix this. 

http://www.FreeBSD.org/cgi/query-pr.cgi?pr=24596 
State-Changed-From-To: open->closed 
State-Changed-By: dd 
State-Changed-When: Tue Jul 10 22:16:34 PDT 2001 
State-Changed-Why:  
fix applied to -current, thanks for the report. 

http://www.FreeBSD.org/cgi/query-pr.cgi?pr=24596 
>Unformatted:
