kern/95512: [uplcom] uplcom(4) causes system hangups

Kyryll A Mirnenko aka Mirya mirya at matrix.ua
Sat Apr 29 16:10:19 UTC 2006 

The following reply was made to PR kern/95512; it has been noted by GNATS.

From: Kyryll A Mirnenko aka Mirya <mirya at matrix.ua>
To: bug-followup at freebsd.org,
 mirya at matrix.ua
Cc:  
Subject: Re: kern/95512: [uplcom] uplcom(4) causes system hangups
Date: Sat, 29 Apr 2006 19:07:54 +0300

 Here's full sequence for RELENG_6_1 / -O0 kernel with full debug (including 
 WITNESS/INVARIANTS) (up to posting date):
 
 1) I use
 USB-Serial Controller(0x2303), Prolific Technology Inc.(0x067b), rev 3.00
 according to usbdevs
 2) call out using ppp as described
 3) start getty to listen on ttyU0
 4) received 2 messages from kernel:
 putc to a clist with no reserved cblocks
 5) getty processes call-in, receiving couple of "clist" messages together with
 ucom0: open bulk out error (addr 2): IN_USE
 6) modem hangs up, no link established
 7) now when trying to access cuaU0/ttyU0 (e.g. with tip(1), etc), getting 
 "device not configured" error
 8) plugging out hardware device
 9) panic
 backtrace:
 
 Fatal trap 12: page fault while in kernel mode
 fault virtual address	= 0x4
 fault code		= supervisor read, page not present
 instruction pointer	= 0x20:0xc04f37ac
 stack pointer	        = 0x28:0xca77cb54
 frame pointer	        = 0x28:0xca77cba8
 code segment		= base 0x0, limit 0xfffff, type 0x1b
 			= DPL 0, pres 1, def32 1, gran 1
 processor eflags	= interrupt enabled, resume, IOPL = 0
 current process		= 22 (irq10: rl0 uhci0)
 panic: from debugger
 KDB: stack backtrace:
 Syncing disks, buffers remaining... 130 130 130 130 130 130 130 130 130 130 
 130 130 130 130 130 130 130 130 130 130 
 Giving up on 130 buffers
 Uptime: 23m44s
 Dumping 222 MB (2 chunks)
   chunk 0: 1MB (159 pages) ... ok
   chunk 1: 222MB (56800 pages) 206 190 174 158 142 126 110 94 78 62 46 30 14
 
 #0  doadump () at ../../../kern/kern_shutdown.c:235
 235		dumptid = curthread->td_tid;
 (kgdb) bt full
 #0  doadump () at ../../../kern/kern_shutdown.c:235
 No locals.
 #1  0xc05b1a47 in boot (howto=256) at ../../../kern/kern_shutdown.c:402
 	first_buf_printf = 0
 #2  0xc05b1dce in panic (fmt=0xc0802860 "from debugger")
     at ../../../kern/kern_shutdown.c:558
 	td = (struct thread *) 0xc1fb8180
 	bootopt = 256
 	newpanic = 1
 	ap = 0xca77c8d8 "\220ÉwÊ\204ÞEÀ¬7OÀ"
 	buf = "from debugger", '\0' <repeats 242 times>
 #3  0xc045def2 in db_panic (addr=-1068550228, have_addr=0, count=-1, 
     modif=0xca77c908 "") at ../../../ddb/db_command.c:438
 No locals.
 #4  0xc045de84 in db_command (last_cmdp=0xc08a0004, cmd_table=0x0, 
     aux_cmd_tablep=0xc085e150, aux_cmd_tablep_end=0xc085e154)
     at ../../../ddb/db_command.c:350
 	cmd = (struct command *) 0xc0802850
 	t = 1
 	modif = 
 "\000\035\221À\000\000\000\000\r\000\000\000\r\000\000\000\000\000\000\000\001\000\000\000<ÉwÊ 
 \035\221À4Éwʲ6{À\002\000\000\000PÉwÊÓò_À 
 \\\005Â`ÉwÊ7\bFÀ\006/\200À \004FÀ\000\000\000\000\020\000\000\000lÉwÊ\000\000\000\000PcYÀ\235ùEÀ\000\t\212À0\001\212Àx\000\000\0007\bFÀ\220ÉwÊ*úEÀ"
 	addr = -1068550228
 	count = -1
 	have_addr = 0
 	result = 0
 #5  0xc045df77 in db_command_loop () at ../../../ddb/db_command.c:458
 No locals.
 #6  0xc04603f7 in db_trap (type=12, code=0) at ../../../ddb/db_main.c:221
 	jb = {{_jb = {-1039836128, -898119252, -898119168, -1067883696, 0, 
       -1069153381, -1067622757, -1064658720, -898119168, -1067622328, 
       -1040481920, 0}}}
 	prev_jb = (void *) 0x0
 	bkpt = 0
 	watchpt = 0
 #7  0xc05d60f5 in kdb_trap (type=12, code=0, tf=0xca77cb14)
     at ../../../kern/subr_kdb.c:473
 	handled = 524930
 #8  0xc07d873f in trap_fatal (frame=0xca77cb14, eva=4)
     at ../../../i386/i386/trap.c:827
 	eflags = 524930
 	code = 0
 	type = 12
 	ss = 40
 	esp = -898118828
 	softseg = {ssd_base = 0, ssd_limit = 1048575, ssd_type = 27, 
   ssd_dpl = 0, ssd_p = 1, ssd_xx = 12, ssd_xx1 = 0, ssd_def32 = 1, 
   ssd_gran = 1}
 	msg = 0xc08574d7 "page fault"
 #9  0xc07d8362 in trap_pfault (frame=0xca77cb14, usermode=0, eva=4)
     at ../../../i386/i386/trap.c:744
 	va = 0
 	vm = (struct vmspace *) 0xc08a5120
 	map = 0xc08a5120
 	rv = 1
 	ftype = 1 '\001'
 	td = (struct thread *) 0xc1fb8180
 	p = (struct proc *) 0xc202520c
 #10 0xc07d7ddf in trap (frame=
       {tf_fs = -898170872, tf_es = 40, tf_ds = 40, tf_edi = 0, tf_esi = 
 -1067883696, tf_ebp = -898118744, tf_isp = -898118848, tf_ebx = -1039836128, 
 tf_edx = 0, tf_ecx = -898118872, tf_eax = 0, tf_trapno = 12, tf_err = 0, 
 tf_eip = -1068550228, tf_cs = 32, tf_eflags = 590406, tf_esp = -1038417024, 
 tf_ss = -1039810560}) at ../../../i386/i386/trap.c:434
 	td = (struct thread *) 0xc1fb8180
 	p = (struct proc *) 0xc202520c
 	sticks = 0
 	i = 0
 	ucode = 0
 	type = 12
 	code = 0
 	eva = 4
 #11 0xc07c014a in calltrap () at ../../../i386/i386/exception.s:139
 No locals.
 #12 0xc04f37ac in uhci_device_bulk_start (xfer=0xc22a6600)
     at ../../../dev/usb/uhci.c:1868
 	upipe = (struct uhci_pipe *) 0xc21b0380
 	dev = 0xc21b0900
 	sc = (uhci_softc_t *) 0xc205c000
 	ii = (uhci_intr_info_t *) 0xc22a6670
 	data = (uhci_soft_td_t *) 0x0
 	dataend = (uhci_soft_td_t *) 0x0
 	sqh = (uhci_soft_qh_t *) 0xc2066da0
 	err = USBD_NORMAL_COMPLETION
 	len = 0
 	isread = 0
 	endpt = 0
 	s = -898118720
 #13 0xc05091e1 in usbd_start_next (pipe=0xc21c9400)
     at ../../../dev/usb/usbdi.c:933
 	xfer = 0xc22a6600
 	err = 3257559552
 #14 0xc0509139 in usb_transfer_complete (xfer=0xc22a6100)
     at ../../../dev/usb/usbdi.c:874
 	pipe = 0xc21c9400
 	dmap = (usb_dma_t *) 0xc22a613c
 	sync = 0
 	erred = 0
 	repeat = 0
 	polling = 0
 #15 0xc04f2bbc in uhci_idone (ii=0xc22a6170) at ../../../dev/usb/uhci.c:1499
 	xfer = 0xc22a6100
 	upipe = (struct uhci_pipe *) 0xc21c9400
 	std = (uhci_soft_td_t *) 0xc2065ec0
 	status = 4456448
 	nstatus = 947913727
 	actlen = 0
 #16 0xc04f29f7 in uhci_check_intr (sc=0xc205c000, ii=0xc22a6170)
     at ../../../dev/usb/uhci.c:1374
 	std = (uhci_soft_td_t *) 0xc2065ea0
 	lstd = (uhci_soft_td_t *) 0xc2065f00
 	status = 541394943
 #17 0xc04f28d3 in uhci_softintr (v=0xc205c000) at ../../../dev/usb/uhci.c:1304
 	sc = (uhci_softc_t *) 0xc205c000
 	ii = (uhci_intr_info_t *) 0xc22a6170
 	nextii = (uhci_intr_info_t *) 0xc2023870
 #18 0xc0504c27 in usb_schedsoftintr (bus=0xc205c000)
     at ../../../dev/usb/usb.c:871
 No locals.
 #19 0xc04f2882 in uhci_intr1 (sc=0xc205c000) at ../../../dev/usb/uhci.c:1274
 	status = 2
 	ack = 2
 #20 0xc04f24f1 in uhci_intr (arg=0xc205c000) at ../../../dev/usb/uhci.c:1189
 	sc = (uhci_softc_t *) 0xc205c000
 #21 0xc059623a in ithread_execute_handlers (p=0xc202520c, ie=0xc1faa780)
     at ../../../kern/kern_intr.c:684
 	ih = (struct intr_handler *) 0xc2058dc0
 	ihn = (struct intr_handler *) 0x0
 #22 0xc05963fa in ithread_loop (arg=0xc2055c20)
     at ../../../kern/kern_intr.c:767
 	intr_event = (struct intr_thread *) 0xc2055c20
 	ie = (struct intr_event *) 0xc1faa780
 	td = (struct thread *) 0xc1fb8180
 	p = (struct proc *) 0xc202520c
 	__func__ = "ithread_loop"
 #23 0xc0594c19 in fork_exit (callout=0xc0596350 <ithread_loop>, 
     arg=0xc2055c20, frame=0xca77cd38) at ../../../kern/kern_fork.c:805
 	p = (struct proc *) 0xc202520c
 	td = (struct thread *) 0xc1fb8180
 #24 0xc07c01ac in fork_trampoline () at ../../../i386/i386/exception.s:208
 No locals.
 -- 
 Regards, Mirya
 ICQ #313898202

More information about the freebsd-bugs mailing list