Reproducible FreeBSD 6.0-BETA2 panic - probably ATA-ng related

From: Fabian Keil <freebsd-listen_at_fabiankeil.de>
Date: Sun, 21 Aug 2005 15:01:25 +0200
I own a Plextor PlexWriter Premium, the drive has a buggy firmware
which crashes if you try to burn multi session in SAO mode.

On FreeBSD 5.2 and 5.3 the drive "just" disappears from the bus: 

root_at_datenspeicher.localhost atacontrol list
ATA channel 0:
    Master:  ad0 <WDC WD205AA/05.05B05> ATA/ATAPI rev 4
    Slave:   ad1 <MAXTOR 4K040H2/A08.1500> ATA/ATAPI rev 5
ATA channel 1:
    Master:      no device present
    Slave:  acd0 <PLEXTOR CD-R PREMIUM/1.05> ATA/ATAPI rev 0
root_at_datenspeicher.localhost cdrecord dev=1,1,0 -dao -multi -dummy tsize=100000s /dev/random
Cdrecord 2.00.3 (i386-unknown-freebsd5.2) Copyright (C) 1995-2002 Jörg Schilling
scsidev: '1,1,0'
scsibus: 1 target: 1 lun: 0
Using libscg version 'schily-0.7'
Device type    : Removable CD-ROM
Version        : 0
Response Format: 1
Vendor_info    : 'PLEXTOR '
Identifikation : 'CD-R   PREMIUM  '
Revision       : '1.05'
Device seems to be: Generic mmc CD-RW.
Using generic SCSI-3/mmc CD-R driver (mmc_cdr).
Driver flags   : MMC-3 SWABAUDIO BURNFREE VARIREC 
Supported modes: TAO PACKET SAO SAO/R96P SAO/R96R RAW/R16 RAW/R96P RAW/R96R
Starting to write CD/DVD at speed 52 in dummy SAO mode for multi session.
Last chance to quit, starting dummy write    0 seconds. Operation starts.
[a long time nothing ]
^C[after doing atacontrol reinit 1 on another shell:]cdrecord: Caught interrupt.
root_at_datenspeicher.localhost atacontrol list
ATA channel 0:
    Master:  ad0 <WDC WD205AA/05.05B05> ATA/ATAPI rev 4
    Slave:   ad1 <MAXTOR 4K040H2/A08.1500> ATA/ATAPI rev 5
ATA channel 1:
    Master:      no device present
    Slave:       no device present


On FreeBSD 6.0-BETA2 a panic is caused:

fk_at_africanqueen ~ $atacontrol list
ATA channel 0:
    Master: acd0 <LITE-ON DVDRW SOHW-1693S/KS0A> ATA/ATAPI revision 5
    Slave:   ad1 <WDC WD800BB-00CAA1/17.07W17> ATA/ATAPI revision 5
ATA channel 1:
    Master: acd1 <LITE-ON LTR-48125W/VS0D> ATA/ATAPI revision 0
    Slave:  acd2 <PLEXTOR CD-R PREMIUM/1.05> ATA/ATAPI revision 0
ATA channel 2:
    Master:  ad4 <SAMSUNG SV1204H/RK100-15> ATA/ATAPI revision 6
    Slave:       no device present
ATA channel 3:
    Master:      no device present
    Slave:       no device present

fk_at_africanqueen ~ $cdrecord dev=1,1,0 -sao -multi -dummy tsize=1s -v /dev/random 
Cdrecord-Clone 2.01.01a03 (i386-unknown-freebsd6.0) Copyright (C) 1995-2005 Jörg Schilling
TOC Type: 3 = CD-ROM XA mode 2
cdrecord: Operation not permitted. WARNING: Cannot do mlockall(2).
cdrecord: WARNING: This causes a high risk for buffer underruns.
scsidev: '1,1,0'
scsibus: 1 target: 1 lun: 0
Using libscg version 'schily-0.8'.
SCSI buffer size: 64512
atapi: 0
Device type    : Removable CD-ROM
Version        : 0
Response Format: 1
Vendor_info    : 'PLEXTOR '
Identifikation : 'CD-R   PREMIUM  '
Revision       : '1.05'
Device seems to be: Generic mmc CD-RW.
Current: 0x0009
Profile: 0x0008 
Profile: 0x0009 (current)
Profile: 0x000A 
Using generic SCSI-3/mmc   CD-R/CD-RW driver (mmc_cdr).
Driver flags   : MMC-3 SWABAUDIO BURNFREE VARIREC GIGAREC FORCESPEED SPEEDREAD SINGLESESSION HIDECDR 
Supported modes: TAO PACKET SAO SAO/R96P SAO/R96R RAW/R16 RAW/R96P RAW/R96R
Drive buf size : 4802784 = 4690 KB
Drive DMA Speed: 27687 kB/s 157x CD 19x DVD
FIFO size      : 4194304 = 4096 KB
Track 01: data     0 MB         padsize:  598 KB
Total size:        0 MB (00:04.00) = 300 sectors
Lout start:        1 MB (00:06/00) = 300 sectors
Current Secsize: 2048
ATIP info from disk:
  Indicated writing power: 4
  Is not unrestricted
  Is not erasable
  Disk sub type: Medium Type A, low Beta category (A-) (2)
  ATIP start of lead in:  -12508 (97:15/17)
  ATIP start of lead out: 359845 (79:59/70)
Disk type:    Short strategy type (Phthalocyanine or similar)
Manuf. index: 22
Manufacturer: Ritek Co.
Single session is OFF.
Hide CDR is OFF.
Speed-Read is OFF.
GigaRec is off.
Blocks total: 359845 Blocks current: 359845 Blocks remaining: 359545
Forcespeed is OFF.
Power-Rec is ON.
Power-Rec write speed:     52x (recommended)
Starting to write CD/DVD at speed 52 in dummy SAO mode for multi session.
Last chance to quit, starting dummy write    0 seconds. Operation starts.
Waiting for reader process to fill input buffer ... input buffer ready.
BURN-Free is OFF.
Sending CUE sheet...
Writing pregap for track 1 at -150
[Panic after a few minutes]

Fatal trap 12: page fault while in kernel mode
cpuid = 0; apic id = 00
fault virtual address   = 0x3b0
fault code              = supervisor read, page not present
instruction pointer     = 0x20:0xc046f132
stack pointer           = 0x28:0xd44b0cc8
frame pointer           = 0x28:0xd44b0cd8
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, def32 1, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 2 (g_event)
panic: from debugger
cpuid = 0
Uptime: 22m47s
Dumping 511 MB (2 chunks)
  chunk 0: 1MB (158 pages) ... ok
  chunk 1: 511MB (130800 pages) 495 479 463 447 431 415 399 383 367 351 335 319 303 287 271 255 239 2                       
23 207 191 175 159 143 127 111 95 79 63 47 31 15

#0  doadump () at pcpu.h:165
165     pcpu.h: No such file or directory.
        in pcpu.h
(kgdb) where 
#0  doadump () at pcpu.h:165
#1  0xc04f4154 in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:397
#2  0xc04f4469 in panic (fmt=0xc066ff84 "from debugger") at /usr/src/sys/kern/kern_shutdown.c:553
#3  0xc044e3d9 in db_panic (addr=-1069092558, have_addr=0, count=-1, modif=0xd44b0aec "")
    at /usr/src/sys/ddb/db_command.c:435
#4  0xc044e370 in db_command (last_cmdp=0xc06d97e4, cmd_table=0x0, aux_cmd_tablep=0xc06a37cc, 
    aux_cmd_tablep_end=0xc06a37d0) at /usr/src/sys/ddb/db_command.c:349
#5  0xc044e438 in db_command_loop () at /usr/src/sys/ddb/db_command.c:455
#6  0xc044ffd9 in db_trap (type=12, code=0) at /usr/src/sys/ddb/db_main.c:221
#7  0xc050c160 in kdb_trap (type=12, code=0, tf=0xd44b0c88) at /usr/src/sys/kern/subr_kdb.c:473
#8  0xc064b8d8 in trap_fatal (frame=0xd44b0c88, eva=944) at /usr/src/sys/i386/i386/trap.c:832
#9  0xc064b61f in trap_pfault (frame=0xd44b0c88, usermode=0, eva=944)
    at /usr/src/sys/i386/i386/trap.c:752
#10 0xc064b289 in trap (frame=
      {tf_fs = 8, tf_es = 40, tf_ds = 40, tf_edi = 0, tf_esi = 0, tf_ebp = -733279016, tf_isp = -7332                       
79052, tf_ebx = -1044868864, tf_edx = 4, tf_ecx = 1, tf_eax = 0, tf_trapno = 12, tf_err = 0, tf_eip =                       
 -1069092558, tf_cs = 32, tf_eflags = 590470, tf_esp = 6, tf_ss = -1044868864})
    at /usr/src/sys/i386/i386/trap.c:442
#11 0xc063992a in calltrap () at /usr/src/sys/i386/i386/exception.s:139
#12 0x00000008 in ?? ()
#13 0x00000028 in ?? ()
#14 0x00000028 in ?? ()
#15 0x00000000 in ?? ()
#16 0x00000000 in ?? ()
#17 0xd44b0cd8 in ?? ()
#18 0xd44b0cb4 in ?? ()
#19 0xc1b89100 in ?? ()
#20 0x00000004 in ?? ()
#21 0x00000001 in ?? ()
#22 0x00000000 in ?? ()
#23 0x0000000c in ?? ()
#24 0x00000000 in ?? ()
#25 0xc046f132 in acd_geom_detach (arg=0xc1b89100, flag=0) at /usr/src/sys/dev/ata/atapi-cd.c:199
#26 0xc04bf9ef in one_event () at /usr/src/sys/geom/geom_event.c:198
#27 0xc04bfa79 in g_run_events () at /usr/src/sys/geom/geom_event.c:218
#28 0xc04c10dd in g_event_procbody () at /usr/src/sys/geom/geom_kern.c:141
#29 0xc04e1098 in fork_exit (callout=0xc04c1070 <g_event_procbody>, arg=0x0, frame=0xd44b0d38)
    at /usr/src/sys/kern/kern_fork.c:789
#30 0xc063998c in fork_trampoline () at /usr/src/sys/i386/i386/exception.s:208

Otherwise the system runs stable, from time to time I get:

lock order reversal
 1st 0xc073cf40 UMA lock (UMA lock) _at_ /usr/src/sys/vm/uma_core.c:1494
 2nd 0xc1060144 system map (system map) _at_ /usr/src/sys/vm/vm_map.c:2317
KDB: stack backtrace:
kdb_backtrace(0,ffffffff,c06f2218,c06f2358,c06b8864) at kdb_backtrace+0x29
witness_checkorder(c1060144,9,c069605a,90d) at witness_checkorder+0x564
_mtx_lock_flags(c1060144,0,c069605a,90d) at _mtx_lock_flags+0x5b
_vm_map_lock(c10600c0,c069605a,90d) at _vm_map_lock+0x26
vm_map_remove(c10600c0,c1f03000,c1f04000,d56cbc0c,c05fdd29) at vm_map_remove+0x1f
kmem_free(c10600c0,c1f03000,1000,d56cbc3c,c05fd6d6) at kmem_free+0x25
page_free(c1f03000,1000,2) at page_free+0x29
zone_drain(c104a960) at zone_drain+0x26a
zone_foreach(c05fd46c,d56cbcec,c060f657,d56cbc74,246) at zone_foreach+0x37
uma_reclaim(d56cbc74,246,0,d56cbc80,c04ec719) at uma_reclaim+0x12
vm_pageout_scan(0,c073d3a0,0,c0697547,604) at vm_pageout_scan+0x103
vm_pageout(0,d56cbd38,0,c06104ac,0) at vm_pageout+0x2c3
fork_exit(c06104ac,0,d56cbd38) at fork_exit+0xa0
fork_trampoline() at fork_trampoline+0x8
--- trap 0x1, eip = 0, esp = 0xd56cbd6c, ebp = 0 ---

which looks like <http://sources.zabbadoz.net/freebsd/lor.html#007>
and is marked as harmless.

My Kernel is attached, it is GENERIC plus atapicam minus some stuff
I don't need. I cvsupped and rebuild world yesterday, system is 
FreeBSD 6.0-BETA2 #2: Sun Aug 21 12:28:33 CEST 2005.

The firmware bug is known to be present in the Plextor PX-W4824TA
as well, one should be able to reproduce the panic with that drive,
however I don't own one.

vmcore, dmesg output and kernel.debug can be downloaded at:
<http://www.fabiankeil.de/tmp/kernel.debug+vmcore+dmesg.tar> (20MB)

I'd be glad to provide more information if needed, but
I will be cut from the internet from this evening till Friday.

Fabian
-- 
http://www.fabiankeil.de/


-- 
http://www.fabiankeil.de/
Received on Sun Aug 21 2005 - 11:02:46 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:41 UTC