Date: 12 Oct 2003 08:27:33 -0000 From: Richard Letts <richard-freebsd@illuin.org> To: FreeBSD-gnats-submit@FreeBSD.org Subject: i386/57881: ripping audio CDs causes kernel panic Message-ID: <20031012082733.1161.qmail@illuin.org> Resent-Message-ID: <200310120830.h9C8UHLR018011@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 57881
>Category: i386
>Synopsis: ripping audio CDs causes kernel panic
>Confidential: no
>Severity: critical
>Priority: medium
>Responsible: freebsd-i386
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Sun Oct 12 01:30:17 PDT 2003
>Closed-Date:
>Last-Modified:
>Originator: Richard Letts
>Release: FreeBSD 4.9-RC i386
>Organization:
illuin.org
>Environment:
System: FreeBSD hobbiton.illuin.org 4.9-RC FreeBSD 4.9-RC #34: Sun Oct 12 02:49:57 CDT 2003 richard@hobbiton.illuin.org:/usr/obj/usr/src/sys/HOBBITON i386
>Description:
accepting to RIP anc audio CD on my system causes a kernel panic using any of cdda2wav, cdparanoia or dagrab
rrun 2/0
acd0: read data overrun 2/0
.. and so on for 467 times
Fatal trap 12: page fault while in kernel mode
fault virtual address = 0x99
fault code = supervisor read, page not present
instruction pointer = 0x8:0xc015c270
stack pointer = 0x10:0xc0365094
frame pointer = 0x10:0xc03650c0
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, def32 1, gran 1
processor eflags = interrupt enabled, resume, IOPL = 0
current process = Idle
interrupt mask = bio
trap number = 12
panic: page fault
syncing disks...
Fatal trap 12: page fault while in kernel mode
fault virtual address = 0x30
fault code = supervisor read, page not present
instruction pointer = 0x8:0xc0274e80
stack pointer = 0x10:0xc0364eb8
frame pointer = 0x10:0xc0364ec0
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, def32 1, gran 1
processor eflags = interrupt enabled, resume, IOPL = 0
current process = Idle
interrupt mask = bio
trap number = 12
panic: page fault
Uptime: 3m22s
dumping to dev #ad/0x20001, offset 3145856
dump ata0: resetting devices .. done
511 510 509 508 507 506 505 504 503 502 501 500 499 498 497 496 495 494 493 492 491 490 489 488 487 486 485 484 483 482 481 480 479 478 477 476 475 474 473 472 471 470 469 468 467 466 465 464 463 462 461 460 459 458 457 456 455 454 453 452 451 450 449 448 447 446 445 444 443 442 441 440 439 438 437 436 435 434 433 432 431 430 429 428 427 426 425 424 423 422 421 420 419 418 417 416 415 414 413 412 411 410 409 408 407 406 405 404 403 402 401 400 399 398 397 396 395 394 393 392 391 390 389 388 387 386 385 384 383 382 381 380 379 378 377 376 375 374 373 372 371 370 369 368 367 366 365 364 363 362 361 360 359 358 357 356 355 354 353 352 351 350 349 348 347 346 345 344 343 342 341 340 339 338 337 336 335 334 333 332 331 330 329 328 327 326 325 324 323 322 321 320 319 318 317 316 315 314 313 312 311 310 309 308 307 306 305 304 303 302 301 300 299 298 297 296 295 294 293 292 291 290 289 288 287 286 285 284 283 282 281 280 279 278 277 276 275 274 273 272 271 270 269 268 267 266 265 26
4 263 262 261 260 259 258 257 256 255 254 253 252 251 250 249 248 247 246 245 244 243 242 241 240 239 238 237 236 235 234 233 232 231 230 229 228 227 226 225 224 223 222 221 220 219 218 217 216 215 214 213 212 211 210 209 208 207 206 205 204 203 202 201 200 199 198 197 196 195 194 193 192 191 190 189 188 187 186 185 184 183 182 181 180 179 178 177 176 175 174 173 172 171 170 169 168 167 166 165 164 163 162 161 160 159 158 157 156 155 154 153 152 151 150 149 148 147 146 145 144 143 142 141 140 139 138 137 136 135 134 133 132 131 130 129 128 127 126 125 124 123 122 121 120 119 118 117 116 115 114 113 112 111 110 109 108 107 106 105 104 103 102 101 100 99 98 97 96 95 94 93 92 91 90 89 88 87 86 85 84 83 82 81 80 79 78 77 76 75 74 73 72 71 70 69 68 67 66 65 64 63 62 61 60 59 58 57 56 55 54 53 52 51 50 49 48 47 46 45 44 43 42 41 40 39 38 37 36 35 34 33 32 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0 succeeded
Automatic reboot in 15 seconds - press a key on the console to abort
Rebooting...
Copyright (c) 1992-2003 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
The Regents of the University of California. All rights reserved.
FreeBSD 4.9-RC #34: Sun Oct 12 02:49:57 CDT 2003
richard@hobbiton.illuin.org:/usr/obj/usr/src/sys/HOBBITON
Timecounter "i8254" frequency 1193182 Hz
CPU: AMD Athlon(tm) XP 1700+ (1466.42-MHz 686-class CPU)
Origin = "AuthenticAMD" Id = 0x662 Stepping = 2
Features=0x383fbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE>
AMD Features=0xc0480000<MP,AMIE,DSP,3DNow!>
real memory = 536805376 (524224K bytes)
avail memory = 517861376 (505724K bytes)
Preloaded elf kernel "kernel" at 0xc045a000.
netsmb_dev: loaded
Pentium Pro MTRR support enabled
md0: Malloc disk
Using $PIR table, 10 entries at 0xc00f7d90
npx0: <math processor> on motherboard
npx0: INT 16 interface
pcib0: <Host to PCI bridge> on motherboard
pci0: <PCI bus> on pcib0
pcib1: <PCI to PCI bridge (vendor=1106 device=b099)> at device 1.0 on pci0
pci1: <PCI bus> on pcib1
pci1: <NVidia Riva Ultra Vanta TNT2 graphics accelerator> at 0.0 irq 11
dc0: <82c169 PNIC 10/100BaseTX> port 0xd800-0xd8ff mem 0xdffcff00-0xdffcffff irq 10 at device 7.0 on pci0
dc0: Ethernet address: 00:02:e3:09:0a:09
miibus0: <MII bus> on dc0
ukphy0: <Generic IEEE 802.3u media interface> on miibus0
ukphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
wi0: <Intersil Prism2.5> mem 0xdddff000-0xdddfffff irq 10 at device 8.0 on pci0
wi0: 802.11 address: 00:09:5b:68:58:95
wi0: using RF:PRISM2.5 MAC:ISL3874A(Mini-PCI)
wi0: Intersil Firmware: Primary 1.00.07, Station 1.03.06
ohci0: <NEC uPD 9210 USB controller> mem 0xdffcd000-0xdffcdfff irq 11 at device 11.0 on pci0
usb0: OHCI version 1.0
usb0: <NEC uPD 9210 USB controller> on ohci0
usb0: USB revision 1.0
uhub0: NEC OHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub0: 3 ports with 3 removable, self powered
ohci1: <NEC uPD 9210 USB controller> mem 0xdffce000-0xdffcefff irq 10 at device 11.1 on pci0
usb1: OHCI version 1.0
usb1: <NEC uPD 9210 USB controller> on ohci1
usb1: USB revision 1.0
uhub1: NEC OHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub1: 2 ports with 2 removable, self powered
pci0: <USB controller> at 11.2 irq 10
atapci0: <Promise ATA100 controller> port 0xdc00-0xdc3f,0xe000-0xe003,0xe400-0xe407,0xe800-0xe803,0xec00-0xec07 mem 0xdffe0000-0xdfffffff irq 10 at device 12.0 on pci0
ata2: at 0xec00 on atapci0
ata3: at 0xe400 on atapci0
isab0: <PCI to ISA bridge (vendor=1106 device=3074)> at device 17.0 on pci0
isa0: <ISA bus> on isab0
atapci1: <VIA 8233 ATA100 controller> port 0xfc00-0xfc0f at device 17.1 on pci0
ata0: at 0x1f0 irq 14 on atapci1
ata1: at 0x170 irq 15 on atapci1
uhci0: <VIA 83C572 USB controller> port 0xc800-0xc81f irq 10 at device 17.2 on pci0
usb2: <VIA 83C572 USB controller> on uhci0
usb2: USB revision 1.0
uhub2: VIA UHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub2: 2 ports with 2 removable, self powered
uhci1: <VIA 83C572 USB controller> port 0xcc00-0xcc1f irq 10 at device 17.3 on pci0
usb3: <VIA 83C572 USB controller> on uhci1
usb3: USB revision 1.0
uhub3: VIA UHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub3: 2 ports with 2 removable, self powered
uhci2: <VIA 83C572 USB controller> port 0xd000-0xd01f irq 10 at device 17.4 on pci0
usb4: <VIA 83C572 USB controller> on uhci2
usb4: USB revision 1.0
uhub4: VIA UHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub4: 2 ports with 2 removable, self powered
pcm0: <VIA VT8233 (pre)> port 0xd400-0xd4ff irq 10 at device 17.5 on pci0
pcm0: <Avance Logic ALC200 AC97 Codec>
isa0: too many memory ranges
pmtimer0 on isa0
fdc0: <NEC 72065B or clone> at port 0x3f0-0x3f5,0x3f7 irq 6 drq 2 on isa0
fdc0: FIFO enabled, 8 bytes threshold
fd0: <1440-KB 3.5" drive> on fdc0 drive 0
atkbdc0: <Keyboard controller (i8042)> at port 0x60,0x64 on isa0
atkbd0: <AT Keyboard> flags 0x1 irq 1 on atkbdc0
kbd0 at atkbd0
psm0: <PS/2 Mouse> irq 12 on atkbdc0
psm0: model IntelliMouse, device ID 3
vga0: <Generic ISA VGA> at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0
sc0: <System console> at flags 0x100 on isa0
sc0: VGA <16 virtual consoles, flags=0x300>
sio0 at port 0x3f8-0x3ff irq 4 flags 0x10 on isa0
sio0: type 16550A
sio1 at port 0x2f8-0x2ff irq 3 on isa0
sio1: type 16550A
ppc0: <Parallel port> at port 0x378-0x37f irq 7 on isa0
ppc0: SMC-like chipset (ECP/EPP/PS2/NIBBLE) in COMPATIBLE mode
ppc0: FIFO with 16/16/9 bytes threshold
lpt0: <Printer> on ppbus0
lpt0: Interrupt-driven port
ppi0: <Parallel I/O> on ppbus0
unknown: <PNP0000> can't assign resources
unknown: <PNP0303> can't assign resources
unknown: <PNP0501> can't assign resources
unknown: <PNP0501> can't assign resources
unknown: <PNP0401> can't assign resources
unknown: <PNP0700> can't assign resources
unknown: <PNP0f13> can't assign resources
DUMMYNET initialized (011031)
IP packet filtering initialized, divert enabled, rule-based forwarding enabled, default to accept, logging limited to 100 packets/entry by default
BRIDGE 020214 loaded
IPsec: Initialized Security Association Processing.
ad0: 58644MB <IC35L060AVER07-0> [119150/16/63] at ata0-master UDMA100
ar0: 43979MB <ATA RAID0 array> [5606/255/63] status: READY subdisks:
0 READY ad6: 43979MB <IBM-DTLA-307045> [89355/16/63] at ata3-master UDMA100
afd0: 96MB <IOMEGA ZIP 100 ATAPI> [96/64/32] at ata1-master PIO0
acd0: CD-RW <CR-48X9TE> at ata2-master PIO4
Mounting root from ufs:/dev/ad0s1a
cd0 at ata2 bus 0 target 0 lun 0
cd0: <MITSUMI CR-48X9TE 1.0C> Removable CD-ROM SCSI-0 device
cd0: 16.000MB/s transfers
cd0: cd present [204395 x 2048 byte records]
da0 at ata1 bus 0 target 0 lun 0
da0: <IOMEGA ZIP 100 14.A> Removable Direct Access SCSI-0 device
da0: 3.300MB/s transfers
da0: Attempt to query device size failed: NOT READY, Medium not present
WARNING: / was not properly dismounted
----
results of kernel debugging:
#0 dumpsys () at /usr/src/sys/kern/kern_shutdown.c:487
487 if (dumping++) {
(kgdb) where
#0 dumpsys () at /usr/src/sys/kern/kern_shutdown.c:487
#1 0xc0184cc3 in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:316
#2 0xc01850e8 in poweroff_wait (junk=0xc035b74c, howto=-1070222769)
at /usr/src/sys/kern/kern_shutdown.c:595
#3 0xc02f443e in trap_fatal (frame=0xc0364e78, eva=48)
at /usr/src/sys/i386/i386/trap.c:974
#4 0xc02f4111 in trap_pfault (frame=0xc0364e78, usermode=0, eva=48)
at /usr/src/sys/i386/i386/trap.c:867
#5 0xc02f3cfb in trap (frame={tf_fs = 16, tf_es = 16, tf_ds = 16,
tf_edi = -1069740000, tf_esi = 0, tf_ebp = -1070182720,
tf_isp = -1070182748, tf_ebx = -1070075876, tf_edx = 6868032,
tf_ecx = 33, tf_eax = 0, tf_trapno = 12, tf_err = 0,
tf_eip = -1071165824, tf_cs = 8, tf_eflags = 66050, tf_esp = 0,
tf_ss = 0}) at /usr/src/sys/i386/i386/trap.c:466
#6 0xc0274e80 in acquire_lock (lk=0xc037f01c)
at /usr/src/sys/ufs/ffs/ffs_softdep.c:266
#7 0xc02794a2 in softdep_fsync_mountdev (vp=0xd69e0c00)
at /usr/src/sys/ufs/ffs/ffs_softdep.c:4024
#8 0xc027d6da in ffs_fsync (ap=0xc0364f34)
at /usr/src/sys/ufs/ffs/ffs_vnops.c:134
#9 0xc027c363 in ffs_sync (mp=0xc230a600, waitfor=2, cred=0xc1454900,
p=0xc03d1020) at vnode_if.h:558
#10 0xc01b6083 in sync (p=0xc03d1020, uap=0x0)
at /usr/src/sys/kern/vfs_syscalls.c:577
#11 0xc0184a5e in boot (howto=256) at /usr/src/sys/kern/kern_shutdown.c:235
#12 0xc01850e8 in poweroff_wait (junk=0xc035b74c, howto=-1070222769)
at /usr/src/sys/kern/kern_shutdown.c:595
#13 0xc02f443e in trap_fatal (frame=0xc0365054, eva=153)
at /usr/src/sys/i386/i386/trap.c:974
#14 0xc02f4111 in trap_pfault (frame=0xc0365054, usermode=0, eva=153)
at /usr/src/sys/i386/i386/trap.c:867
#15 0xc02f3cfb in trap (frame={tf_fs = 16, tf_es = 16, tf_ds = 16,
tf_edi = -1037047808, tf_esi = 6868032, tf_ebp = -1070182208,
tf_isp = -1070182272, tf_ebx = 1, tf_edx = -1038236624,
tf_ecx = -1037047800, tf_eax = -1037047800, tf_trapno = 12, tf_err = 0,
tf_eip = -1072315792, tf_cs = 8, tf_eflags = 66118,
tf_esp = -1038236672, tf_ss = 6868032})
at /usr/src/sys/i386/i386/trap.c:466
#16 0xc015c270 in afd_start (atadev=0xc21dc430) at /usr/src/sys/sys/buf.h:423
#17 0xc01576d2 in atapi_start (atadev=0xc21dc430)
at /usr/src/sys/dev/ata/atapi-all.c:241
#18 0xc014a5d4 in ata_start (ch=0xc21dc400)
at /usr/src/sys/dev/ata/ata-all.c:692
#19 0xc014a4f5 in ata_intr (data=0xc21dc400)
at /usr/src/sys/dev/ata/ata-all.c:650
#20 0xc02fc5c5 in intr_mux (arg=0xc144d160)
at /usr/src/sys/i386/isa/intr_machdep.c:601
#21 0xc02ee066 in cpu_idle () at /usr/src/sys/i386/i386/machdep.c:998
(kgdb) up 15
#15 0xc02f3cfb in trap (frame={tf_fs = 16, tf_es = 16, tf_ds = 16,
tf_edi = -1037047808, tf_esi = 6868032, tf_ebp = -1070182208,
tf_isp = -1070182272, tf_ebx = 1, tf_edx = -1038236624,
tf_ecx = -1037047800, tf_eax = -1037047800, tf_trapno = 12, tf_err = 0,
tf_eip = -1072315792, tf_cs = 8, tf_eflags = 66118,
tf_esp = -1038236672, tf_ss = 6868032})
at /usr/src/sys/i386/i386/trap.c:466
466 (void) trap_pfault(&frame, FALSE, eva);
(kgdb) up
#16 0xc015c270 in afd_start (atadev=0xc21dc430) at /usr/src/sys/sys/buf.h:423
423 } else if (bp == TAILQ_FIRST(&head->queue))
(kgdb) list
418 head->switch_point = TAILQ_NEXT(bp, b_act);
419 if (bp == head->insert_point) {
420 head->insert_point = TAILQ_PREV(bp, buf_queue, b_act);
421 if (head->insert_point == NULL)
422 head->last_pblkno = 0;
423 } else if (bp == TAILQ_FIRST(&head->queue))
424 head->last_pblkno = bp->b_pblkno;
425 TAILQ_REMOVE(&head->queue, bp, b_act);
426 if (TAILQ_FIRST(&head->queue) == head->switch_point)
427 head->switch_point = NULL;
>How-To-Repeat:
Use any of cdprarnoia, cdda2wav or darip to copy audio cd contents.
>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20031012082733.1161.qmail>