Date: Wed, 1 Mar 2006 00:49:31 +0700 (KRAT) From: Eugene Grosbein <eugen@grosbein.pp.ru> To: FreeBSD-gnats-submit@FreeBSD.org Subject: usb/93949: ugen(4)-related repeatable kernel panic in 6.1-PRERELEASE Message-ID: <200602281749.k1SHnVtf001083@grosbein.pp.ru> Resent-Message-ID: <200602281800.k1SI0BE2079306@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 93949
>Category: usb
>Synopsis: ugen(4)-related repeatable kernel panic in 6.1-PRERELEASE
>Confidential: no
>Severity: critical
>Priority: high
>Responsible: freebsd-usb
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Tue Feb 28 18:00:11 GMT 2006
>Closed-Date:
>Last-Modified:
>Originator: Eugene Grosbein
>Release: FreeBSD 6.1-PRERELEASE i386
>Organization:
Svyaz Service JSC
>Environment:
System: FreeBSD grosbein.pp.ru 6.1-PRERELEASE FreeBSD 6.1-PRERELEASE #4: Sun Feb 19 19:52:24 KRAT 2006 eu@grosbein.pp.ru:/mnt/usr/local/obj6/usr/src/sys/DADV i386
apcupsd-3.10.18_1 from ports and APC BackUPS CS BK500EI USB (uhid0)
>Description:
6.1-PRERELEASE panices after open/detach of
APC BackUPS CS BK500EI USB (ugen0).
Here is kgdb backtrace:
Script started on Wed Mar 1 00:31:59 2006
[GDB will not be able to debug user-mode threads: /usr/lib/libthread_db.so: Undefined symbol "ps_pglobal_lookup"]
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i386-marcel-freebsd".
Unread portion of the kernel message buffer:
Fatal trap 12: page fault while in kernel mode
fault virtual address = 0xc39662f4
fault code = supervisor write, page not present
instruction pointer = 0x20:0xc058da90
stack pointer = 0x28:0xdd044b80
frame pointer = 0x28:0xdd044b80
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, def32 1, gran 1
processor eflags = interrupt enabled, resume, IOPL = 0
current process = 625 (apcupsd)
trap number = 12
panic: page fault
Uptime: 2m49s
Dumping 575 MB (2 chunks)
chunk 0: 1MB (159 pages) ... ok
chunk 1: 575MB (147184 pages) 559 543 527 511 495 479 463 447 431 415 399 383 367 351 335 319 303 287 271 255 239 223 207 191 175 159 143 127 111 95 79 63 47 31 15
#0 doadump () at pcpu.h:165
165 __asm __volatile("movl %%fs:0,%0" : "=r" (td));
(kgdb) bt
#0 doadump () at pcpu.h:165
#1 0xc05620b0 in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:399
#2 0xc05623f9 in panic (fmt=0xc0771b57 "%s")
at /usr/src/sys/kern/kern_shutdown.c:555
#3 0xc07424ec in trap_fatal (frame=0xdd044b40, eva=0)
at /usr/src/sys/i386/i386/trap.c:836
#4 0xc07421c2 in trap_pfault (frame=0xdd044b40, usermode=0, eva=3281412852)
at /usr/src/sys/i386/i386/trap.c:744
#5 0xc0741d7f in trap (frame=
{tf_fs = -586940408, tf_es = -1067974616, tf_ds = -1065418712, tf_edi = -1011551872, tf_esi = 0, tf_ebp = -586921088, tf_isp = -586921108, tf_ebx = 35, tf_edx = -1011551872, tf_ecx = -1065417088, tf_eax = -1013554452, tf_trapno = 12, tf_err = 2, tf_eip = -1067918704, tf_cs = 32, tf_eflags = 590466, tf_esp = -586920752, tf_ss = -1067919632}) at /usr/src/sys/i386/i386/trap.c:434
#6 0xc072ee9a in calltrap () at /usr/src/sys/i386/i386/exception.s:139
#7 0xc058da90 in clear_selinfo_list (td=0xc3b4f180)
at /usr/src/sys/kern/sys_generic.c:1078
#8 0xc058d6f0 in poll (td=0xc3b4f180, uap=0xdd044d04)
at /usr/src/sys/kern/sys_generic.c:977
#9 0xc07428e0 in syscall (frame=
{tf_fs = 59, tf_es = 59, tf_ds = 59, tf_edi = 672399684, tf_esi = 0, tf_ebp = 134676376, tf_isp = -586920604, tf_ebx = 672407692, tf_edx = -1077941152, tf_ecx = 9530, tf_eax = 209, tf_trapno = 12, tf_err = 2, tf_eip = 672126536, tf_cs = 51, tf_eflags = 515, tf_esp = 134676284, tf_ss = 59})
---Type <return> to continue, or q <return> to quit---
at /usr/src/sys/i386/i386/trap.c:981
#10 0xc072eeef in Xint0x80_syscall ()
at /usr/src/sys/i386/i386/exception.s:200
#11 0x00000033 in ?? ()
Previous frame inner to this frame (corrupt stack?)
(kgdb) frame 7
#7 0xc058da90 in clear_selinfo_list (td=0xc3b4f180)
at /usr/src/sys/kern/sys_generic.c:1078
1078 TAILQ_FOREACH(si, &td->td_selq, si_thrlist)
(kgdb) p si
$1 = (struct selinfo *) 0xc39662ec
(kgdb) p *si
Cannot access memory at address 0xc39662ec
(kgdb) quit
Script done on Wed Mar 1 00:32:22 2006
Here comes my kernel config:
machine i386
cpu I686_CPU
ident DADV
# To statically compile in device wiring instead of /boot/device.hints
#hints "GENERIC.hints" # Default places to look for devices.
makeoptions DEBUG=-g # Build kernel with gdb(1) debug symbols
#options SCHED_ULE # ULE scheduler
options SCHED_4BSD # 4BSD scheduler
options PREEMPTION # Enable kernel thread preemption
options INET # InterNETworking
#options INET6 # IPv6 communications protocols
options FFS # Berkeley Fast Filesystem
options SOFTUPDATES # Enable FFS soft updates support
options UFS_ACL # Support for access control lists
options UFS_DIRHASH # Improve performance on big directories
#options MD_ROOT # MD is a potential root device
options NFSCLIENT # Network Filesystem Client
options NFSSERVER # Network Filesystem Server
#options NFS_ROOT # NFS usable as /, requires NFSCLIENT
options MSDOSFS # MSDOS Filesystem
options LIBICONV
options MSDOSFS_ICONV
options CD9660 # ISO 9660 Filesystem
options PROCFS # Process filesystem (requires PSEUDOFS)
options PSEUDOFS # Pseudo-filesystem framework
options GEOM_GPT # GUID Partition Tables.
options COMPAT_43 # Compatible with BSD 4.3 [KEEP THIS!]
options COMPAT_FREEBSD4 # Compatible with FreeBSD4
#options COMPAT_FREEBSD5 # Compatible with FreeBSD5
options SCSI_DELAY=5000 # Delay (in ms) before probing SCSI
options KTRACE # ktrace(1) support
options SYSVSHM # SYSV-style shared memory
options SYSVMSG # SYSV-style message queues
options SYSVSEM # SYSV-style semaphores
options _KPOSIX_PRIORITY_SCHEDULING # POSIX P1003_1B real-time extensions
options KBD_INSTALL_CDEV # install a CDEV entry in /dev
options ADAPTIVE_GIANT # Giant mutex is adaptive.
device apic # I/O APIC
# Bus support.
#device eisa
device pci
# Floppy drives
device fdc
# ATA and ATAPI devices
device ata
device atadisk # ATA disk drives
#device ataraid # ATA RAID drives
device atapicd # ATAPI CDROM drives
#device atapifd # ATAPI floppy drives
#device atapist # ATAPI tape drives
options ATA_STATIC_ID # Static device numbering
# SCSI Controllers
#device ahb # EISA AHA1742 family
#device ahc # AHA2940 and onboard AIC7xxx devices
#device ahd # AHA39320/29320 and onboard AIC79xx devices
#device amd # AMD 53C974 (Tekram DC-390(T))
#device isp # Qlogic family
##device ispfw # Firmware for QLogic HBAs- normally a module
#device mpt # LSI-Logic MPT-Fusion
##device ncr # NCR/Symbios Logic
#device sym # NCR/Symbios Logic (newer chipsets + those of `ncr')
#device trm # Tekram DC395U/UW/F DC315U adapters
#device adv # Advansys SCSI adapters
#device adw # Advansys wide SCSI adapters
#device aha # Adaptec 154x SCSI adapters
#device aic # Adaptec 15[012]x SCSI adapters, AIC-6[23]60.
#device bt # Buslogic/Mylex MultiMaster SCSI adapters
#device ncv # NCR 53C500
#device nsp # Workbit Ninja SCSI-3
#device stg # TMC 18C30/18C50
# SCSI peripherals
device scbus # SCSI bus (required for SCSI)
#device ch # SCSI media changers
device da # Direct Access (disks)
device sa # Sequential Access (tape etc)
device cd # CD
device pass # Passthrough device (direct SCSI access)
device ses # SCSI Environmental Services (and SAF-TE)
# atkbdc0 controls both the keyboard and the PS/2 mouse
device atkbdc # AT keyboard controller
device atkbd # AT keyboard
device psm # PS/2 mouse
options KBD_RESETDELAY=500
options KBD_MAXWAIT=10
options KBD_MAXRETRY=10
options PSM_DEBUG=2
device vga # VGA video card driver
device splash # Splash screen and screen saver support
# syscons is the default console driver, resembling an SCO console
device sc
# Enable this for the pcvt (VT220 compatible) console driver
#device vt
#options XSERVER # support for X server on a vt console
#options FAT_CURSOR # start with block cursor
device agp # support several AGP chipsets
device drm
device radeondrm
# Power management support (see NOTES for more options)
#device apm
# Add suspend/resume support for the i8254.
device pmtimer
# Serial (COM) ports
device sio # 8250, 16[45]50 based serial ports
# Parallel port
device ppc
device ppbus # Parallel port bus (required)
device lpt # Printer
#device plip # TCP/IP over parallel
device ppi # Parallel port interface device
#device vpo # Requires scbus and da
# If you've got a "dumb" serial or parallel PCI card that is
# supported by the puc(4) glue driver, uncomment the following
# line to enable it (connects to the sio and/or ppc drivers):
#device puc
# PCI Ethernet NICs.
#device de # DEC/Intel DC21x4x (``Tulip'')
#device em # Intel PRO/1000 adapter Gigabit Ethernet Card
#device ixgb # Intel PRO/10GbE Ethernet Card
#device txp # 3Com 3cR990 (``Typhoon'')
#device vx # 3Com 3c590, 3c595 (``Vortex'')
# PCI Ethernet NICs that use the common MII bus controller code.
# NOTE: Be sure to keep the 'device miibus' line in order to use these NICs!
device miibus # MII bus support
#device bfe # Broadcom BCM440x 10/100 Ethernet
#device bge # Broadcom BCM570xx Gigabit Ethernet
#device dc # DEC/Intel 21143 and various workalikes
device fxp # Intel EtherExpress PRO/100B (82557, 82558)
#device lge # Level 1 LXT1001 gigabit Ethernet
#device nge # NatSemi DP83820 gigabit Ethernet
#device nve # nVidia nForce MCP on-board Ethernet Networking
#device pcn # AMD Am79C97x PCI 10/100(precedence over 'lnc')
#device re # RealTek 8139C+/8169/8169S/8110S
#device rl # RealTek 8129/8139
#device sf # Adaptec AIC-6915 (``Starfire'')
#device sis # Silicon Integrated Systems SiS 900/SiS 7016
#device sk # SysKonnect SK-984x & SK-982x gigabit Ethernet
#device ste # Sundance ST201 (D-Link DFE-550TX)
#device ti # Alteon Networks Tigon I/II gigabit Ethernet
#device tl # Texas Instruments ThunderLAN
#device tx # SMC EtherPower II (83c170 ``EPIC'')
#device vge # VIA VT612x gigabit Ethernet
#device vr # VIA Rhine, Rhine II
#device wb # Winbond W89C840F
#device xl # 3Com 3c90x (``Boomerang'', ``Cyclone'')
# ISA Ethernet NICs. pccard NICs included.
#device cs # Crystal Semiconductor CS89x0 NIC
# 'device ed' requires 'device miibus'
#device ed # NE[12]000, SMC Ultra, 3c503, DS8390 cards
#device ex # Intel EtherExpress Pro/10 and Pro/10+
device ep # Etherlink III based cards
#device fe # Fujitsu MB8696x based cards
#device ie # EtherExpress 8/16, 3C507, StarLAN 10 etc.
#device lnc # NE2100, NE32-VL Lance Ethernet cards
#device sn # SMC's 9000 series of Ethernet chips
#device xe # Xircom pccard Ethernet
# ISA devices that use the old ISA shims
#device le
# Pseudo devices.
device loop # Network loopback
device random # Entropy device
device ether # Ethernet support
#device sl # Kernel SLIP
device ppp # Kernel PPP
device tun # Packet tunnel.
device pty # Pseudo-ttys (telnet etc)
device md # Memory "disks"
device gif # IPv6 and IPv4 tunneling
#device faith # IPv6-to-IPv4 relaying (translation)
device tap #Virtual Ethernet driver
# The `bpf' device enables the Berkeley Packet Filter.
# Be aware of the administrative consequences of enabling this!
# Note that 'bpf' is required for DHCP.
device bpf # Berkeley packet filter
# USB support
device uhci # UHCI PCI->USB interface
device ohci # OHCI PCI->USB interface
device ehci # EHCI PCI->USB interface (USB 2.0)
device usb # USB Bus (required)
#device udbp # USB Double Bulk Pipe devices
device ugen # Generic
device uhid # "Human Interface Devices"
#device ukbd # Keyboard
#device ulpt # Printer
device umass # Disks/Mass storage - Requires scbus and da
#device ums # Mouse
#device ural # Ralink Technology RT2500USB wireless NICs
#device urio # Diamond Rio 500 MP3 player
device uscanner # Scanners
# USB Ethernet, requires miibus
#device aue # ADMtek USB Ethernet
#device axe # ASIX Electronics USB Ethernet
#device cdce # Generic USB over Ethernet
#device cue # CATC USB Ethernet
#device kue # Kawasaki LSI USB Ethernet
#device rue # RealTek RTL8150 USB Ethernet
# FireWire support
device firewire # FireWire bus code
device sbp # SCSI over FireWire (Requires scbus and da)
device fwe # Ethernet over FireWire (non-standard!)
options IPSEC
options IPSEC_ESP
options IPSEC_FILTERGIF
options IPFIREWALL
options IPFIREWALL_FORWARD
options IPFIREWALL_FORWARD_EXTENDED
options IPDIVERT
options DUMMYNET
options NETGRAPH # netgraph(4) system
options NETGRAPH_ETHER
options NETGRAPH_PPPOE
options NETGRAPH_SOCKET
device sound
device snd_mss
options COMPAT_LINUX
options LINPROCFS
>How-To-Repeat:
This is 100% repeateable with mentioned BackUPS
connected to USB port using original APC cable.
1. Install apcupsd-3.10.18_1 from ports, configure it.
Here comes my /usr/local/etc/apcupsd/apcupsd.conf
UPSNAME BackUPS CS 500
UPSCABLE usb
UPSTYPE usb
LOCKFILE /var/spool/lock
ONBATTERYDELAY 6
BATTERYLEVEL 5
MINUTES 1
TIMEOUT 0
ANNOY 300
ANNOYDELAY 60
NOLOGON disable
KILLDELAY 0
NETSERVER on
NISIP 127.0.0.1
NISPORT 3551
EVENTSFILE /var/log/apcupsd.events
EVENTSFILEMAX 100
UPSCLASS standalone
UPSMODE disable
STATTIME 600
STATFILE /var/log/apcupsd.status
LOGSTATS off
DATATIME 600
2. Run usbd.
3. Run apcupsd and test that it has opened ugen using apcaccess.
4. Physically detach UPS from USB: unplug its control cable.
A couple of seconds later a panic occures.
>Fix:
Unknown for me.
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200602281749.k1SHnVtf001083>