kern/79420: panic using uplcom or uftdi serial adaptor and modem
(USB)
mike at sentex.net
mike at sentex.net
Thu Mar 31 21:10:14 PST 2005
>Number: 79420
>Category: kern
>Synopsis: panic using uplcom or uftdi serial adaptor and modem (USB)
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Fri Apr 01 05:10:11 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator: Mike Tancsa
>Release: FreeBSD 5.4-PRERELEASE i386
>Organization:
Sentex Communications
>Environment:
System: FreeBSD releng5-865.sentex.ca 5.4-PRERELEASE FreeBSD 5.4-PRERELEASE #9: Thu Mar 31 17:28:54 EST 2005 mdtancsa at releng5-865.sentex.ca:/usr/obj/usr/src/sys/pioneer i386
>Description:
If an application is blasting out data on a modem attached to a USB serial adaptor the box will eventually
panic. On the box I was testing on, about 1 to 4 hrs
[releng5-865]# kgdb kernel.debug /var/crash/vmcore.14
[GDB will not be able to debug user-mode threads: /usr/lib/libthread_db.so: Undefined symbol "ps_pglobal_lookup"]
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i386-marcel-freebsd".
#0 doadump () at pcpu.h:159
159 __asm __volatile("movl %%fs:0,%0" : "=r" (td));
(kgdb) bt
#0 doadump () at pcpu.h:159
#1 0xc0520f5a in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:410
#2 0xc05211f0 in panic (fmt=0xc06fdc75 "uhci_abort_xfer: not in process context") at /usr/src/sys/kern/kern_shutdown.c:566
#3 0xc04c7143 in uhci_abort_xfer (xfer=0xc1910300, status=USBD_NORMAL_COMPLETION) at /usr/src/sys/dev/usb/uhci.c:1958
#4 0xc04c70c5 in uhci_device_bulk_abort (xfer=0xc1910300) at /usr/src/sys/dev/usb/uhci.c:1921
#5 0xc04d43b7 in usbd_ar_pipe (pipe=0xc19bf500) at /usr/src/sys/dev/usb/usbdi.c:762
#6 0xc04d411b in usbd_abort_pipe (pipe=0xc19bf500) at /usr/src/sys/dev/usb/usbdi.c:556
#7 0xc04c3d4d in ucomstopread (sc=0x0) at /usr/src/sys/dev/usb/ucom.c:1160
#8 0xc04c3912 in ucomstop (tp=0xc166ee00, flag=1) at /usr/src/sys/dev/usb/ucom.c:934
#9 0xc054c88f in ttyflush (tp=0xc166ee00, rw=1) at /usr/src/sys/kern/tty.c:1420
#10 0xc054ac49 in ttyinput (c=26, tp=0xc166ee00) at /usr/src/sys/kern/tty.c:445
#11 0xc04c3c3d in ucomreadcb (xfer=0xc1910300, p=0xc1617e80, status=USBD_NORMAL_COMPLETION) at linedisc.h:122
#12 0xc04d44f8 in usb_transfer_complete (xfer=0xc1910300) at /usr/src/sys/dev/usb/usbdi.c:851
#13 0xc04c69ab in uhci_idone (ii=0x0) at /usr/src/sys/dev/usb/uhci.c:1500
#14 0xc04c6888 in uhci_check_intr (sc=0xc15e0000, ii=0xc191036c) at /usr/src/sys/dev/usb/uhci.c:1375
#15 0xc04c67da in uhci_softintr (v=0xc15e0000) at /usr/src/sys/dev/usb/uhci.c:1305
#16 0xc04d1995 in usb_schedsoftintr (bus=0x0) at /usr/src/sys/dev/usb/usb.c:864
#17 0xc04c67a7 in uhci_intr1 (sc=0xc15e0000) at /usr/src/sys/dev/usb/uhci.c:1275
#18 0xc04c6638 in uhci_intr (arg=0xc15e0000) at /usr/src/sys/dev/usb/uhci.c:1190
#19 0xc050d86d in ithread_loop (arg=0xc14f7400) at /usr/src/sys/kern/kern_intr.c:547
#20 0xc050cb00 in fork_exit (callout=0xc050d71c <ithread_loop>, arg=0xc14f7400, frame=0xcbc67d48)
at /usr/src/sys/kern/kern_fork.c:790
#21 0xc06a3fec in fork_trampoline () at /usr/src/sys/i386/i386/exception.s:209
(kgdb) bt full
#0 doadump () at pcpu.h:159
No locals.
#1 0xc0520f5a in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:410
first_buf_printf = 1
#2 0xc05211f0 in panic (fmt=0xc06fdc75 "uhci_abort_xfer: not in process context") at /usr/src/sys/kern/kern_shutdown.c:566
td = (struct thread *) 0xc14fa000
bootopt = 260
newpanic = 0
ap = 0xc14fa000 "Ä\001PÁðêOÁ"
buf = "uhci_abort_xfer: not in process context", '\0' <repeats 216 times>
#3 0xc04c7143 in uhci_abort_xfer (xfer=0xc1910300, status=USBD_NORMAL_COMPLETION) at /usr/src/sys/dev/usb/uhci.c:1958
uxfer = (struct uhci_xfer *) 0xc1910300
ii = (uhci_intr_info_t *) 0xc191036c
upipe = (struct uhci_pipe *) 0xc19bf500
sc = (uhci_softc_t *) 0xc15e0000
std = (uhci_soft_td_t *) 0x0
#4 0xc04c70c5 in uhci_device_bulk_abort (xfer=0xc1910300) at /usr/src/sys/dev/usb/uhci.c:1921
No locals.
#5 0xc04d43b7 in usbd_ar_pipe (pipe=0xc19bf500) at /usr/src/sys/dev/usb/usbdi.c:762
xfer = 0x0
#6 0xc04d411b in usbd_abort_pipe (pipe=0xc19bf500) at /usr/src/sys/dev/usb/usbdi.c:556
err = USBD_NORMAL_COMPLETION
#7 0xc04c3d4d in ucomstopread (sc=0x0) at /usr/src/sys/dev/usb/ucom.c:1160
No locals.
#8 0xc04c3912 in ucomstop (tp=0xc166ee00, flag=1) at /usr/src/sys/dev/usb/ucom.c:934
sc = (struct ucom_softc *) 0xc1617e80
#9 0xc054c88f in ttyflush (tp=0xc166ee00, rw=1) at /usr/src/sys/kern/tty.c:1420
No locals.
#10 0xc054ac49 in ttyinput (c=26, tp=0xc166ee00) at /usr/src/sys/kern/tty.c:445
iflag = 11010
lflag = 1483
cc = (cc_t *) 0xc166eeb4 "\004ÿÿ\177\027\025\022\b\003\034\032\031\021\023\026\017\001"
i = 0
err = 0
#11 0xc04c3c3d in ucomreadcb (xfer=0xc1910300, p=0xc1617e80, status=USBD_NORMAL_COMPLETION) at linedisc.h:122
sc = (struct ucom_softc *) 0xc1617e80
tp = (struct tty *) 0xc166ee00
err = USBD_NORMAL_COMPLETION
cc = 10
cp = (u_char *) 0xc15e9e6d "\032\033\034\035\036\037 !\"#æçèéêëìíîøùúûüýþÿ"
lostcc = 0
#12 0xc04d44f8 in usb_transfer_complete (xfer=0xc1910300) at /usr/src/sys/dev/usb/usbdi.c:851
pipe = 0xc19bf500
dmap = (usb_dma_t *) 0xc191033c
sync = 0
erred = 0
---Type <return> to continue, or q <return> to quit---
repeat = 0
polling = 0
#13 0xc04c69ab in uhci_idone (ii=0x0) at /usr/src/sys/dev/usb/uhci.c:1500
xfer = 0xc1910300
upipe = (struct uhci_pipe *) 0xc19bf500
std = (uhci_soft_td_t *) 0x0
status = 0
nstatus = 0
actlen = 55
#14 0xc04c6888 in uhci_check_intr (sc=0xc15e0000, ii=0xc191036c) at /usr/src/sys/dev/usb/uhci.c:1375
std = (uhci_soft_td_t *) 0x0
lstd = (uhci_soft_td_t *) 0xc15e5f80
status = 0
#15 0xc04c67da in uhci_softintr (v=0xc15e0000) at /usr/src/sys/dev/usb/uhci.c:1305
sc = (uhci_softc_t *) 0xc15e0000
ii = (uhci_intr_info_t *) 0x0
nextii = (uhci_intr_info_t *) 0x0
#16 0xc04d1995 in usb_schedsoftintr (bus=0x0) at /usr/src/sys/dev/usb/usb.c:864
No locals.
#17 0xc04c67a7 in uhci_intr1 (sc=0xc15e0000) at /usr/src/sys/dev/usb/uhci.c:1275
status = 1
ack = 1
#18 0xc04c6638 in uhci_intr (arg=0xc15e0000) at /usr/src/sys/dev/usb/uhci.c:1190
sc = (uhci_softc_t *) 0x0
#19 0xc050d86d in ithread_loop (arg=0xc14f7400) at /usr/src/sys/kern/kern_intr.c:547
ithd = (struct ithd *) 0xc14f7400
ih = (struct intrhand *) 0xc15db740
td = (struct thread *) 0xc14fa000
p = (struct proc *) 0xc15001c4
count = 0
warming = 0
warned = 0
#20 0xc050cb00 in fork_exit (callout=0xc050d71c <ithread_loop>, arg=0xc14f7400, frame=0xcbc67d48)
at /usr/src/sys/kern/kern_fork.c:790
p = (struct proc *) 0xc15001c4
td = (struct thread *) 0x0
#21 0xc06a3fec in fork_trampoline () at /usr/src/sys/i386/i386/exception.s:209
No locals.
(kgdb)
[releng5-865]# cat /var/run/dmesg.boot
Copyright (c) 1992-2005 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
The Regents of the University of California. All rights reserved.
FreeBSD 5.4-PRERELEASE #9: Thu Mar 31 17:28:54 EST 2005
mdtancsa at releng5-865.sentex.ca:/usr/obj/usr/src/sys/pioneer
Timecounter "i8254" frequency 1193182 Hz quality 0
CPU: Intel(R) Celeron(R) CPU 2.40GHz (2400.41-MHz 686-class CPU)
Origin = "GenuineIntel" Id = 0xf33 Stepping = 3
Features=0xbfebfbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CLFLUSH,DTS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE>
real memory = 267321344 (254 MB)
avail memory = 251940864 (240 MB)
ACPI APIC Table: <AOpen AWRDACPI>
ioapic0 <Version 2.0> irqs 0-23 on motherboard
npx0: <math processor> on motherboard
npx0: INT 16 interface
acpi0: <AOpen AWRDACPI> on motherboard
acpi0: Power Button (fixed)
Timecounter "ACPI-fast" frequency 3579545 Hz quality 1000
acpi_timer0: <24-bit timer at 3.579545MHz> port 0x4008-0x400b on acpi0
cpu0: <ACPI CPU> on acpi0
acpi_button0: <Power Button> on acpi0
pcib0: <ACPI Host-PCI bridge> port 0xcf8-0xcff on acpi0
pci0: <ACPI PCI bus> on pcib0
agp0: <Intel 82865G (865G GMCH) SVGA controller> port 0xd000-0xd007 mem 0xfa000000-0xfa07ffff,0xf0000000-0xf7ffffff irq 16 at device 2.0 on pci0
agp0: detected 892k stolen memory
agp0: aperture size is 128M
uhci0: <Intel 82801EB (ICH5) USB controller USB-A> port 0xc000-0xc01f irq 16 at device 29.0 on pci0
usb0: <Intel 82801EB (ICH5) USB controller USB-A> on uhci0
usb0: USB revision 1.0
uhub0: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub0: 2 ports with 2 removable, self powered
uhci1: <Intel 82801EB (ICH5) USB controller USB-B> port 0xc400-0xc41f irq 19 at device 29.1 on pci0
usb1: <Intel 82801EB (ICH5) USB controller USB-B> on uhci1
usb1: USB revision 1.0
uhub1: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub1: 2 ports with 2 removable, self powered
uhci2: <Intel 82801EB (ICH5) USB controller USB-C> port 0xc800-0xc81f irq 18 at device 29.2 on pci0
usb2: <Intel 82801EB (ICH5) USB controller USB-C> on uhci2
usb2: USB revision 1.0
uhub2: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub2: 2 ports with 2 removable, self powered
uhci3: <Intel 82801EB (ICH5) USB controller USB-D> port 0xcc00-0xcc1f irq 16 at device 29.3 on pci0
usb3: <Intel 82801EB (ICH5) USB controller USB-D> on uhci3
usb3: USB revision 1.0
uhub3: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub3: 2 ports with 2 removable, self powered
pcib1: <ACPI PCI-PCI bridge> at device 30.0 on pci0
pci1: <ACPI PCI bus> on pcib1
rl0: <RealTek 8139 10/100BaseTX> port 0xa000-0xa0ff mem 0xf9000000-0xf90000ff irq 16 at device 4.0 on pci1
miibus0: <MII bus> on rl0
rlphy0: <RealTek internal media interface> on miibus0
rlphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
rl0: Ethernet address: 00:50:fc:f9:6b:7a
pci1: <simple comms, UART> at device 5.0 (no driver attached)
fxp0: <Intel 82801BA (D865) Pro/100 VE Ethernet> port 0xa800-0xa83f mem 0xf9001000-0xf9001fff irq 20 at device 8.0 on pci1
miibus1: <MII bus> on fxp0
inphy0: <i82562ET 10/100 media interface> on miibus1
inphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
fxp0: Ethernet address: 00:01:80:54:b3:b8
puc0: <Lava Computers Quattro-PCI serial port> port 0xb000-0xb007,0xac00-0xac07 irq 18 at device 10.0 on pci1
sio4: <Lava Computers Quattro-PCI serial port> on puc0
sio4: type 16550A
sio4: unable to activate interrupt in fast mode - using normal mode
sio5: <Lava Computers Quattro-PCI serial port> on puc0
sio5: type 16550A
sio5: unable to activate interrupt in fast mode - using normal mode
puc1: <Lava Computers Quattro-PCI serial port> port 0xb800-0xb807,0xb400-0xb407 irq 18 at device 10.1 on pci1
sio6: <Lava Computers Quattro-PCI serial port> on puc1
sio6: type 16550A
sio6: unable to activate interrupt in fast mode - using normal mode
sio7: <Lava Computers Quattro-PCI serial port> on puc1
sio7: type 16550A
sio7: unable to activate interrupt in fast mode - using normal mode
isab0: <PCI-ISA bridge> at device 31.0 on pci0
isa0: <ISA bus> on isab0
atapci0: <Intel ICH5 UDMA100 controller> port 0xf000-0xf00f,0x376,0x170-0x177,0x3f6,0x1f0-0x1f7 at device 31.1 on pci0
ata0: channel #0 on atapci0
ata1: channel #1 on atapci0
pci0: <serial bus, SMBus> at device 31.3 (no driver attached)
acpi_tz0: <Thermal Zone> on acpi0
fdc0: <floppy drive controller> port 0x3f7,0x3f0-0x3f5 irq 6 drq 2 on acpi0
sio0: <16550A-compatible COM port> port 0x3f8-0x3ff irq 4 flags 0x10 on acpi0
sio0: type 16550A, console
sio1: <16550A-compatible COM port> port 0x2f8-0x2ff irq 3 on acpi0
sio1: type 16550A
atkbdc0: <Keyboard controller (i8042)> port 0x64,0x60 irq 1 on acpi0
atkbd0: <AT Keyboard> irq 1 on atkbdc0
kbd0 at atkbd0
orm0: <ISA Option ROM> at iomem 0xc0000-0xc9fff on isa0
sc0: <System console> at flags 0x100 on isa0
sc0: VGA <16 virtual consoles, flags=0x300>
vga0: <Generic ISA VGA> at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0
ucom0: FTDI USB FAST SERIAL ADAPTER, rev 2.00/5.00, addr 2
Timecounter "TSC" frequency 2400412599 Hz quality 800
Timecounters tick every 10.000 msec
Fast IPsec: Initialized Security Association Processing.
ipfw2 initialized, divert disabled, rule-based forwarding disabled, default to accept, logging limited to 31000 packets/entry by default
ad0: 38166MB <ST340014A/3.06> [77545/16/63] at ata0-master UDMA100
Mounting root from ufs:/dev/ad0s1a
WARNING: / was not properly dismounted
[releng5-865]#
>How-To-Repeat:
connect via dialup modem on the other end of an USB-RS232 adaptor (uplcom of utfdi)
and run the following program
#!/usr/bin/perl
#
# replace $target with an IP you can ping across the dialup connection
#
srand (time ^ $$ ^ unpack "%L*", `ps axww | gzip`);
$target="192.168.1.10";
while (1) {
$len = int(rand( 1200 ) ) + 25;
$cnt = int(rand( 20 ) ) + 1;
$slp = int(rand( 9 ) ) + 1;
$cmd="/sbin/ping -q -i .5 -c $cnt -s $len $target";
select(undef, undef, undef, (1/$slp));
system($cmd);
}
>Fix:
More details and analysis at
http://lists.freebsd.org/pipermail/freebsd-usb/2005-March/000855.html
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list