From owner-freebsd-bugs  Sat Mar  1  6: 0:42 2003
Delivered-To: freebsd-bugs@hub.freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 5916D37B401
	for <freebsd-bugs@hub.freebsd.org>; Sat,  1 Mar 2003 06:00:30 -0800 (PST)
Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21])
	by mx1.FreeBSD.org (Postfix) with ESMTP id E650743F93
	for <freebsd-bugs@hub.freebsd.org>; Sat,  1 Mar 2003 06:00:28 -0800 (PST)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1])
	by freefall.freebsd.org (8.12.6/8.12.6) with ESMTP id h21E0SNS099414
	for <freebsd-bugs@freefall.freebsd.org>; Sat, 1 Mar 2003 06:00:28 -0800 (PST)
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.12.6/8.12.6/Submit) id h21E0SnB099413;
	Sat, 1 Mar 2003 06:00:28 -0800 (PST)
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 5F75137B401
	for <FreeBSD-gnats-submit@freebsd.org>; Sat,  1 Mar 2003 05:55:01 -0800 (PST)
Received: from grosbein.pp.ru (www2.svzserv.kemerovo.su [213.184.65.86])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 4A01D43FDD
	for <FreeBSD-gnats-submit@freebsd.org>; Sat,  1 Mar 2003 05:54:26 -0800 (PST)
	(envelope-from eugen@grosbein.pp.ru)
Received: from grosbein.pp.ru (smmsp@localhost [127.0.0.1])
	by grosbein.pp.ru (8.12.7/8.12.7) with ESMTP id h21DsJpU000941
	for <FreeBSD-gnats-submit@freebsd.org>; Sat, 1 Mar 2003 20:54:19 +0700 (KRAT)
	(envelope-from eugen@grosbein.pp.ru)
Received: (from eugen@localhost)
	by grosbein.pp.ru (8.12.7/8.12.7/Submit) id h21DlMQh000456;
	Sat, 1 Mar 2003 20:47:22 +0700 (KRAT)
Message-Id: <200303011347.h21DlMQh000456@grosbein.pp.ru>
Date: Sat, 1 Mar 2003 20:47:22 +0700 (KRAT)
From: Eugene Grosbein <eugen@grosbein.pp.ru>
Reply-To: Eugene Grosbein <eugen@grosbein.pp.ru>
To: FreeBSD-gnats-submit@FreeBSD.org
X-Send-Pr-Version: 3.113
Subject: kern/48808: uhid(4)-related repeatable kernel panic in 4.8-PRERELEASE
Sender: owner-freebsd-bugs@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-bugs.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-bugs>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-bugs>
X-Loop: FreeBSD.org


>Number:         48808
>Category:       kern
>Synopsis:       uhid(4)-related repeatable kernel panic in 4.8-PRERELEASE
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sat Mar 01 06:00:28 PST 2003
>Closed-Date:
>Last-Modified:
>Originator:     Eugene Grosbein
>Release:        FreeBSD 4.8-PRERELEASE i386
>Organization:
Svyaz Service JSC
>Environment:
System: FreeBSD grosbein.pp.ru 4.8-PRERELEASE FreeBSD 4.8-PRERELEASE #0: Sat Mar 1 20:19:18 KRAT 2003 eu@grosbein.pp.ru:/usr/local/obj/usr/local/src/sys/DADV i386
		Sources cvsup'd 23 Feb 2003.

>Description:
		4.8-PRERELEASE panices after open/detach/attach/open
		of APC BackUPS CS BK500EI USB (uhid0).

		Here is debug trace:

Script started on Sat Mar  1 20:34:55 2003
GNU gdb 4.18 (FreeBSD)
Copyright 1998 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-unknown-freebsd"...Deprecated bfd_read called at /usr/local/src/gnu/usr.bin/binutils/gdb/../../../../contrib/gdb/gdb/dbxread.c line 2627 in elfstab_build_psymtabs
Deprecated bfd_read called at /usr/local/src/gnu/usr.bin/binutils/gdb/../../../../contrib/gdb/gdb/dbxread.c line 933 in fill_symbuf

IdlePTD at phsyical address 0x003b7000
initial pcb at physical address 0x0030e860
panicstr: page fault
panic messages:
---
Fatal trap 12: page fault while in kernel mode
fault virtual address	= 0x64696875
fault code		= supervisor read, page not present
instruction pointer	= 0x8:0xc015b087
stack pointer	        = 0x10:0xcf5c3cc4
frame pointer	        = 0x10:0xcf5c3ce0
code segment		= base 0x0, limit 0xfffff, type 0x1b
			= DPL 0, pres 1, def32 1, gran 1
processor eflags	= interrupt enabled, resume, IOPL = 0
current process		= 16 (cat)
interrupt mask		= net tty bio cam 
trap number		= 12
panic: page fault

syncing disks... 
done
Uptime: 47s

dumping to dev #ad/0x20011, offset 128
dump ata1: resetting devices .. ad2: invalidating queued requests
done
319 318 317 316 315 314 313 312 311 310 309 308 307 306 305 304 303 302 301 300 299 298 297 296 295 294 293 292 291 290 289 288 287 286 285 284 283 282 281 280 279 278 277 276 275 274 273 272 271 270 269 268 267 266 265 264 263 262 261 260 259 258 257 256 255 254 253 252 251 250 249 248 247 246 245 244 243 242 241 240 239 238 237 236 235 234 233 232 231 230 229 228 227 226 225 224 223 222 221 220 219 218 217 216 215 214 213 212 211 210 209 208 207 206 205 204 203 202 201 200 199 198 197 196 195 194 193 192 191 190 189 188 187 186 185 184 183 182 181 180 179 178 177 176 175 174 173 172 171 170 169 168 167 166 165 164 163 162 161 160 159 158 157 156 155 154 153 152 151 150 149 148 147 146 145 144 143 142 141 140 139 138 137 136 135 134 133 132 131 130 129 128 127 126 125 124 123 122 121 120 119 118 117 116 115 114 113 112 111 110 109 108 107 106 105 104 103 102 101 100 99 98 97 96 95 94 93 92 91 90 89 88 87 86 85 84 83 82 81 80 79 78 77 76 75 74 73 72 71 70 69 68 67 66 65 64 6!
 3 62 61 60 59 58 57 56 55 54 53 52 51 50 49 48 47 46 45 44 43 42 41 40 39 38 37 36 35 34 33 32 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0 
---
#0  dumpsys () at /usr/local/src/sys/kern/kern_shutdown.c:487
487		if (dumping++) {
(kgdb) where
#0  dumpsys () at /usr/local/src/sys/kern/kern_shutdown.c:487
#1  0xc015f898 in boot (howto=256)
    at /usr/local/src/sys/kern/kern_shutdown.c:316
#2  0xc015fce5 in panic (fmt=0xc02bec4c "%s")
    at /usr/local/src/sys/kern/kern_shutdown.c:595
#3  0xc026d008 in trap_fatal (frame=0xcf5c3c84, eva=1684629621)
    at /usr/local/src/sys/i386/i386/trap.c:974
#4  0xc026cc9d in trap_pfault (frame=0xcf5c3c84, usermode=0, eva=1684629621)
    at /usr/local/src/sys/i386/i386/trap.c:867
#5  0xc026c82f in trap (frame={tf_fs = -816054256, tf_es = -1071579120, 
      tf_ds = -1052901360, tf_edi = -1070723776, tf_esi = -1070538352, 
      tf_ebp = -816038688, tf_isp = -816038736, tf_ebx = -1070723776, 
      tf_edx = 4, tf_ecx = 4, tf_eax = 1684629621, tf_trapno = 12, tf_err = 0, 
      tf_eip = -1072320377, tf_cs = 8, tf_eflags = 66050, 
      tf_esp = -1051861572, tf_ss = 12})
    at /usr/local/src/sys/i386/i386/trap.c:466
#6  0xc015b087 in malloc (size=12, type=0xc02e0d40, flags=1)
    at /usr/local/src/sys/kern/kern_malloc.c:243
#7  0xc02107d3 in uhci_allocm (bus=0xc13dd000, dma=0xc14dddbc, size=12)
    at /usr/local/src/sys/dev/usb/uhci.c:497
#8  0xc0214bc6 in usbd_transfer (xfer=0xc14ddd80)
    at /usr/local/src/sys/dev/usb/usbdi.c:259
#9  0xc0214ad3 in usbd_open_pipe_intr (iface=0xc0c1c360, address=129, 
    flags=4 '\004', pipe=0xc13eca8c, priv=0xc13eca80, buffer=0xc13e66a0, 
---Type <return> to continue, or q <return> to quit---
    len=12, cb=0xc0219d18 <uhid_intr>, ival=-1)
    at /usr/local/src/sys/dev/usb/usbdi.c:195
#10 0xc0219e60 in uhidopen (dev=0xc13eca00, flag=1, mode=8192, p=0xcddd82a0)
    at /usr/local/src/sys/dev/usb/uhid.c:408
#11 0xc019987a in spec_open (ap=0xcf5c3e08)
    at /usr/local/src/sys/miscfs/specfs/spec_vnops.c:193
#12 0xc0199775 in spec_vnoperate (ap=0xcf5c3e08)
    at /usr/local/src/sys/miscfs/specfs/spec_vnops.c:119
#13 0xc01ff085 in ufs_vnoperatespec (ap=0xcf5c3e08)
    at /usr/local/src/sys/ufs/ufs/ufs_vnops.c:2394
#14 0xc01955c4 in vn_open (ndp=0xcf5c3ed4, fmode=1, cmode=0) at vnode_if.h:189
#15 0xc01913f8 in open (p=0xcddd82a0, uap=0xcf5c3f80)
    at /usr/local/src/sys/kern/vfs_syscalls.c:1028
#16 0xc026d279 in syscall2 (frame={tf_fs = 47, tf_es = 47, tf_ds = 47, 
      tf_edi = 134564965, tf_esi = -1077936691, tf_ebp = -1077936992, 
      tf_isp = -816037932, tf_ebx = -1077936692, tf_edx = 0, tf_ecx = 1, 
      tf_eax = 5, tf_trapno = 12, tf_err = 2, tf_eip = 134532092, tf_cs = 31, 
      tf_eflags = 659, tf_esp = -1077937036, tf_ss = 47})
    at /usr/local/src/sys/i386/i386/trap.c:1175
#17 0xc0260295 in Xint0x80_syscall ()
#18 0x804833b in ?? ()
#19 0x804813e in ?? ()
(kgdb) frame 6
#6  0xc015b087 in malloc (size=12, type=0xc02e0d40, flags=1)
    at /usr/local/src/sys/kern/kern_malloc.c:243
243		va = kbp->kb_next;
(kgdb) p va
$1 = 0x64696875 <Address 0x64696875 out of bounds>
(kgdb) quit

Script done on Sat Mar  1 20:35:09 2003


		Here is my kernel config:

#for strings -n 3 /kernel | grep ^___ | sed -e 's/^___//' > MYKERNEL
options		INCLUDE_CONFIG_FILE

machine		i386
#cpu		I386_CPU
#cpu		I486_CPU
#cpu		I586_CPU
cpu		I686_CPU
options		CPU_ENABLE_SSE 		#enables SSE/MMX2 instructions support.
ident		DADV
maxusers	128

makeoptions	DEBUG=-g		#Build kernel with gdb(1) debug symbols

#options 	MATH_EMULATE		#Support for x87 emulation
options		CLK_CALIBRATION_LOOP
options		"CLK_USE_I8254_CALIBRATION"
options		CLK_USE_TSC_CALIBRATION

options 	INET			#InterNETworking
#options 	INET6			#IPv6 communications protocols
options 	FFS			#Berkeley Fast Filesystem
options 	FFS_ROOT		#FFS usable as root device [keep this!]
#options 	MFS			#Memory Filesystem
#options 	MD_ROOT			#MD is a potential root device
#options 	NFS			#Network Filesystem
#options 	NFS_ROOT		#NFS usable as root device, NFS required
options 	MSDOSFS			#MSDOS Filesystem
#options 	CD9660			#ISO 9660 Filesystem
#options 	CD9660_ROOT		#CD-ROM usable as root, CD9660 required
options 	PROCFS			#Process filesystem
#options		EXT2FS			#Linux ext2 filesystem
options 	COMPAT_43		#Compatible with BSD 4.3 [KEEP THIS!]
options 	SCSI_DELAY=15000	#Delay (in ms) before probing SCSI
options 	UCONSOLE		#Allow users to grab the console
options 	USERCONFIG		#boot -c editor
options 	VISUAL_USERCONFIG	#visual boot -c editor
options 	KTRACE			#ktrace(1) support
options		CPU_SUSP_HLT
#options		"NO_F00F_HACK"
options		USER_LDT
options		PPP_BSDCOMP
options		PPP_DEFLATE
options		PPP_FILTER

options 	SYSVSHM			#SYSV-style shared memory
options 	SYSVMSG			#SYSV-style message queues
options 	SYSVSEM			#SYSV-style semaphores

options         SHMALL=4097
options         SHMMAXPGS=4097
options         SHMMAX=(SHMMAXPGS*PAGE_SIZE+1)
options         SEMMAP=255
options         SEMMNI=235
options         SEMMNS=255
options         SEMMNU=235
options         SEMMSL=255
options         SEMOPM=201
options         SEMUME=201
		    
options 	P1003_1B		#Posix P1003_1B real-time extensions
options 	_KPOSIX_PRIORITY_SCHEDULING
options		_KPOSIX_VERSION=199309L
options		ICMP_BANDLIM		#Rate limit bad replies

#options		FDESC
options		NSWAPDEV=4

device		isa
device		eisa
device		pci
options		AUTO_EOI_1

# Floppy drives
device		fdc0	at isa? port IO_FD1 irq 6 drq 2
device		fd0	at fdc0 drive 0
#device		fd1	at fdc0 drive 1

# ATA and ATAPI devices
#device		ata0	at isa? port IO_WD1 irq 14 flags 0xb0ffb0ff
#device		ata1	at isa? port IO_WD2 irq 15 flags 0xb0ffb0ff
device		ata
device		atadisk			# ATA disk drives
device		atapicd			# ATAPI CDROM drives
#device		atapifd			# ATAPI floppy drives
#device		atapist			# ATAPI tape drives
options 	ATA_STATIC_ID		#Static device numbering

# atkbdc0 controls both the keyboard and the PS/2 mouse
device		atkbdc0	at isa? port IO_KBD
device		atkbd0	at atkbdc? irq 1

# Options for atkbd:
options 	ATKBD_DFLT_KEYMAP	# specify the built-in keymap
makeoptions	ATKBD_DFLT_KEYMAP="ru.koi8-r.pdwn"

device		psm0	at atkbdc? irq 12

device		vga0	at isa?
options		VESA
options		VGA_WIDTH90

# splash screen/screen saver
pseudo-device	splash

# syscons is the default console driver, resembling an SCO console
device		sc0	at isa?
options 	SC_DFLT_FONT		# compile font in
makeoptions	SC_DFLT_FONT=cp866

options		MAXCONS=24
options		SC_HISTORY_SIZE=1000
options		SC_MOUSE_CHAR=0x03
#options		SC_TWOBUTTON_MOUSE
options		SC_PIXEL_MODE

# Floating point support - do not disable.
device		npx0	at nexus? port IO_NPX irq 13

# Power management support (see LINT for more options)
#device		apm0    at nexus? flags 0x31 # Advanced Power Management
device		apm0    at nexus?	     # Advanced Power Management

# Serial (COM) ports
device		sio0	at isa? port IO_COM1 flags 0x10 irq 4
device		sio1	at isa? port IO_COM2 irq 3

device		miibus
device		fxp

# Parallel port
device		ppc0	at isa? irq 7
device		ppbus		# Parallel port bus (required)
device		lpt		# Printer
#device		plip		# TCP/IP over parallel
device		ppi		# Parallel port interface device

#device		joy0	at isa? port IO_GAME

# Pseudo devices - the number indicates how many units to allocated.
pseudo-device	loop		# Network loopback
pseudo-device	ether		# Ethernet support
pseudo-device	sl	2	# Kernel SLIP
pseudo-device	ppp	2	# Kernel PPP
pseudo-device	tun		# Packet tunnel.
pseudo-device	pty	16	# Pseudo-ttys (telnet etc)
#pseudo-device	md		# Memory "disks"
pseudo-device	gif	4	# IPv6 and IPv4 tunneling
pseudo-device	faith	1	# IPv6-to-IPv4 relaying (translation)
pseudo-device	snp
#pseudo-device	vn
pseudo-device	gzip		# Exec gzipped a.out's
pseudo-device	speaker

# The `bpf' pseudo-device enables the Berkeley Packet Filter.
# Be aware of the administrative consequences of enabling this!
pseudo-device	bpf		#Berkeley packet filter
options		MSGBUF_SIZE=40960

device pcm

#options		QUOTA
options		IPFIREWALL
options		IPFIREWALL_VERBOSE
#options 	"IPFIREWALL_VERBOSE_LIMIT=100"
options		IPDIVERT
options		IPSTEALTH

options		DUMMYNET
options		SOFTUPDATES

#device		smbus0
#device		iicbus0
#device		iicbb0
#device		intpm0
#device		smb0	at smbus?

device		smbus
#device		iicbus
#device		iicbb
device		intpm
#device		alpm
#device		ichsmb
device		smb

#device		ic
#device		iic
#device		iicsmb

options		DDB
options		DDB_UNATTENDED

#options		LIBMCHAIN
#options		LIBICONV
#options		NETSMB
#options		NETSMBCRYPTO

options		RANDOM_IP_ID
#options		SMBFS

options		UFS_DIRHASH
options		PQ_CACHESIZE=128	# color for 128k/16k cache
options		SHOW_BUSYBUFS

device		uhci
#device		ohci
device		usb
device		uscanner
device		ugen
device		uhid
device		ucom
device		tap

#options		SHUTDOWN_BEEP

options         IPSEC                   #IP security
options         IPSEC_ESP               #IP security (crypto; define w/ IPSEC)


		Here is my dmesg output:

Copyright (c) 1992-2003 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
	The Regents of the University of California. All rights reserved.
FreeBSD 4.8-PRERELEASE #0: Sat Mar  1 20:19:18 KRAT 2003
    eu@grosbein.pp.ru:/usr/local/obj/usr/local/src/sys/DADV
Timecounter "i8254"  frequency 1193164 Hz
CPU: Intel Celeron (902.03-MHz 686-class CPU)
  Origin = "GenuineIntel"  Id = 0x68a  Stepping = 10
  Features=0x383f9ff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE>
real memory  = 335478784 (327616K bytes)
config> flags atkbd 0x0
config> quit
avail memory = 322293760 (314740K bytes)
Preloaded elf kernel "kernel" at 0xc0398000.
Preloaded userconfig_script "/boot/kernel.conf" at 0xc039809c.
VESA: v2.0, 4096k memory, flags:0x1, mode table:0xc00c0e38 (c0000e38)
VESA: S3 Incorporated Trio3D.
Pentium Pro MTRR support enabled
Using $PIR table, 8 entries at 0xc00fdef0
apm0: <APM BIOS> on motherboard
apm0: found APM BIOS v1.2, connected at v1.2
npx0: <math processor> on motherboard
npx0: INT 16 interface
pcib0: <Intel 82443BX (440 BX) host to PCI bridge> on motherboard
pci0: <PCI bus> on pcib0
pcib1: <Intel 82443BX (440 BX) PCI-PCI (AGP) bridge> at device 1.0 on pci0
pci1: <PCI bus> on pcib1
pci1: <S3 Trio3D graphics accelerator> at 0.0
isab0: <Intel 82371AB PCI to ISA bridge> at device 7.0 on pci0
isa0: <ISA bus> on isab0
atapci0: <Intel PIIX4 ATA33 controller> port 0xf000-0xf00f at device 7.1 on pci0
ata0: at 0x1f0 irq 14 on atapci0
ata1: at 0x170 irq 15 on atapci0
uhci0: <Intel 82371AB/EB (PIIX4) USB controller> port 0xe000-0xe01f irq 11 at device 7.2 on pci0
usb0: <Intel 82371AB/EB (PIIX4) USB controller> on uhci0
usb0: USB revision 1.0
uhub0: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub0: 2 ports with 2 removable, self powered
uscanner0: Hewlett-Packard HP ScanJet 2200C, rev 1.10/1.00, addr 2
uhid0: American Power Conversion Back-UPS 500 FW: 6.5.I USB FW: c1 , rev 1.10/1.00, addr 3, iclass 3/0
intpm0: <Intel 82371AB Power management controller> port 0x5000-0x500f irq 9 at device 7.3 on pci0
intpm0: I/O mapped 5000
intpm0: intr IRQ 9 enabled revision 0
smbus0: <System Management Bus> on intsmb0
smb0: <SMBus general purpose I/O> on smbus0
intpm0: PM I/O mapped 4000 
fxp0: <Intel Pro 10/100B/100+ Ethernet> port 0xe400-0xe43f mem 0xe5000000-0xe50fffff,0xe5100000-0xe5100fff irq 10 at device 15.0 on pci0
fxp0: Ethernet address 00:90:27:a7:5c:72
inphy0: <i82555 10/100 media interface> on miibus0
inphy0:  10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
orm0: <Option ROM> at iomem 0xc0000-0xc7fff on isa0
fdc0: <NEC 72065B or clone> at port 0x3f0-0x3f5,0x3f7 irq 6 drq 2 on isa0
fdc0: FIFO enabled, 8 bytes threshold
fd0: <1440-KB 3.5" drive> on fdc0 drive 0
atkbdc0: <Keyboard controller (i8042)> at port 0x60,0x64 on isa0
atkbd0: <AT Keyboard> irq 1 on atkbdc0
psm0: <PS/2 Mouse> irq 12 on atkbdc0
psm0: model NetMouse/NetScroll Optical, device ID 0
vga0: <Generic ISA VGA> at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0
sc0: <System console> on isa0
sc0: VGA <24 virtual consoles, flags=0x200>
sio0 at port 0x3f8-0x3ff irq 4 flags 0x10 on isa0
sio0: type 16550A
sio1 at port 0x2f8-0x2ff irq 3 on isa0
sio1: type 16550A
ppc0: <Parallel port> at port 0x378-0x37f irq 7 on isa0
ppc0: SMC-like chipset (ECP/EPP/PS2/NIBBLE) in COMPATIBLE mode
ppc0: FIFO with 16/16/16 bytes threshold
lpt0: <Printer> on ppbus0
lpt0: Interrupt-driven port
ppi0: <Parallel I/O> on ppbus0
pcm0: <Yamaha OPL-SAx> at port 0x220-0x22f,0x530-0x537,0x388-0x38f,0x330-0x331,0x370-0x371 irq 5 drq 0,1 on isa0
IP packet filtering initialized, divert enabled, rule-based forwarding enabled, default to deny, unlimited logging
DUMMYNET initialized (011031)
IPsec: Initialized Security Association Processing.
ad0: 6149MB <WDC AC26400B> [13328/15/63] at ata0-master UDMA33
ad2: 39266MB <IC35L040AVER07-0> [79780/16/63] at ata1-master tagged UDMA33
acd0: CD-RW <SONY CD-RW CRX140E> at ata0-slave UDMA33
Mounting root from ufs:/dev/ad2s1a

>How-To-Repeat:

	This is 100% repeateable with mentiones BackUPS
	connected to USB port using original APC cable.

	1. Boot system into single mode (for simplicity, 
	   it panices in the multiuser too).
	2. Run usbd(8) without arguments (won't trigger without it).
	3. run "cat /dev/uhid0"
	4. Physically detach UPS from USB: unplug its control cable.
	   Wait until usbd detaches device. cat will fail with i/o error.
	5. Plug control cable back, wait until usbd reattaches device.
	6. run "cat /dev/uhid0" again and get kernel panic immediately.

>Fix:

	Unknown for me.
>Release-Note:
>Audit-Trail:
>Unformatted:

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message