Date: Thu, 11 Dec 2003 01:31:38 -0600 From: Gordon Burditt <gordonb@airmail.net> To: FreeBSD-gnats-submit@FreeBSD.org Cc: gordonb@airmail.net Subject: kern/60131: Page fault on disconnect of USB device Message-ID: <E1AULIQ-000Iyz-Ot@hammy.burditt.org> Resent-Message-ID: <200312110740.hBB7eKOx053423@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 60131 >Category: kern >Synopsis: Page fault on disconnect of USB device >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Wed Dec 10 23:40:18 PST 2003 >Closed-Date: >Last-Modified: >Originator: Gordon Burditt >Release: FreeBSD 5.2-BETA i386 >Organization: >Environment: System: FreeBSD hammy.burditt.org 4.9-STABLE FreeBSD 4.9-STABLE #7: Sat Nov 22 14:13:11 CST 2003 gordon@hammy.burditt.org:/scratch5/i386-obj/usr/src/sys/HAMMY i386 Reporting from FreeBSD 4.9, laptop runs -CURRENT. FreeBSD-CURRENT (identifies itself as FreeBSD 5.2-BETA), from December 3, 2003 The GPS device is a serial-to-USB converter with a serial GPS. port 1 addr 2: low speed, power 150 mA, config 1, Talon Technology 4800 baud serial interface(0x0001), Talon Technology(0x0a99), rev 1.05 It is detected as ugen0. My gpsd daemon (my own code) opens /dev/ugen0.1, loops doing fgets() and stuffs data into a mmap()ed shared memory segment. If it detects an error, it closes the device, waits a few seconds, and tries to open it again. >Description: If I disconnect my USB GPS device, I get a kernel page fault. At the time of the disconnect, my gpsd daemon has /dev/ugen0.1 open and the device is sending data more or less continually. The panic does not occur if the device is not open (although it is still sending data more or less continually). From the stack trace it appears gpsd detects an error, closes the device, and panics in close. This started to be a problem with FreeBSD-CURRENT cvsup'd around November 18 and was not a problem with an earlier kernel estimated to be 2 months earlier. It is still a problem with FreeBSD-CURRENT on December 3. >How-To-Repeat: Boot laptop with GPS connected. gpsd starts. Disconnect USB connector. Kaboom! panic: page fault panic messages: --- Fatal trap 12: page fault while in kernel mode fault virtual address = 0xc2d852a0 fault code = supervisor write, page not present instruction pointer = 0x8:0xc05f3806 stack pointer = 0x10:0xd714cb24 frame pointer = 0x10:0xd714cb4c code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, def32 1, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 1311 (gpsd) trap number = 12 panic: page fault syncing disks, buffers remaining... 1972 1972 1970 1970 1970 1970 1970 1970 1970 1970 1970 1970 1970 1970 1970 1970 1970 1970 1970 1970 1970 1970 giving up on 1171 buffers Uptime: 2h1m4s stray irq7 Shutting down ACPI Automatic reboot in 15 seconds - press a key on the console to abort --> Press a key on the console to reboot, --> or switch off the system now. Rebooting... Copyright (c) 1992-2003 The FreeBSD Project. Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 The Regents of the University of California. All rights reserved. FreeBSD 5.2-BETA #1: Wed Dec 3 20:29:36 CST 2003 gordon@book.burditt.org:/home/obj/usr/src/sys/BOOK Preloaded elf kernel "/boot/kernel/kernel" at 0xc0ad0000. Preloaded elf module "/boot/kernel/snd_via82c686.ko" at 0xc0ad0244. Preloaded elf module "/boot/kernel/snd_pcm.ko" at 0xc0ad02f8. Preloaded elf module "/boot/kernel/aout.ko" at 0xc0ad03a4. Preloaded elf module "/boot/kernel/if_ath.ko" at 0xc0ad0450. Preloaded elf module "/boot/kernel/ath_hal.ko" at 0xc0ad04fc. Timecounter "i8254" frequency 1193182 Hz quality 0 CPU: AMD Athlon(tm) Processor (1000.04-MHz 686-class CPU) Origin = "AuthenticAMD" Id = 0x662 Stepping = 2 Features=0x383f9ff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE> AMD Features=0xc0480000<MP,AMIE,DSP,3DNow!> real memory = 268435456 (256 MB) avail memory = 251027456 (239 MB) Pentium Pro MTRR support enabled acpi0: <SONY K5 > on motherboard pcibios: BIOS version 2.10 Using $PIR table, 6 entries at 0xc00fdf60 acpi0: Power Button (fixed) Timecounter "ACPI-safe" frequency 3579545 Hz quality 1000 acpi_timer0: <32-bit timer at 3.579545MHz> port 0x8008-0x800b on acpi0 acpi_cpu0: <CPU> on acpi0 acpi_tz0: <Thermal Zone> on acpi0 acpi_button0: <Sleep Button> on acpi0 pcib0: <ACPI Host-PCI bridge> port 0xcf8-0xcff on acpi0 pci0: <ACPI PCI bus> on pcib0 pcib0: slot 7 INTD is routed to irq 9 pcib0: slot 7 INTD is routed to irq 9 pcib0: slot 7 INTC is routed to irq 5 pcib0: slot 7 INTC is routed to irq 5 pcib0: slot 10 INTA is routed to irq 9 pcib0: slot 10 INTB is routed to irq 10 pcib0: slot 14 INTA is routed to irq 9 pcib0: slot 16 INTA is routed to irq 10 agp0: <VIA 82C8363 (Apollo KT133A) host to PCI bridge> mem 0xf0000000-0xf7ffffff at device 0.0 on pci0 pcib1: <ACPI PCI-PCI bridge> at device 1.0 on pci0 pci1: <ACPI PCI bus> on pcib1 pcib1: slot 0 INTA is routed to irq 5 pci1: <display, VGA> at device 0.0 (no driver attached) isab0: <PCI-ISA bridge> at device 7.0 on pci0 isa0: <ISA bus> on isab0 atapci0: <VIA 82C686B UDMA100 controller> port 0x1c40-0x1c4f at device 7.1 on pci0 atapci0: Correcting VIA config for southbridge data corruption bug ata0: at 0x1f0 irq 14 on atapci0 ata0: [MPSAFE] ata1: at 0x170 irq 15 on atapci0 ata1: [MPSAFE] uhci0: <VIA 83C572 USB controller> port 0x1c00-0x1c1f irq 9 at device 7.2 on pci0 uhci0: LegSup = 0x0000 usb0: <VIA 83C572 USB controller> on uhci0 usb0: USB revision 1.0 uhub0: VIA UHCI root hub, class 9/0, rev 1.00/1.00, addr 1 uhub0: 2 ports with 2 removable, self powered ugen0: Talon Technology Talon Technology 4800 baud serial interface, rev 1.00/1.05, addr 2 uhci1: <VIA 83C572 USB controller> port 0x1c20-0x1c3f irq 9 at device 7.3 on pci0 uhci1: LegSup = 0x0000 usb1: <VIA 83C572 USB controller> on uhci1 usb1: USB revision 1.0 uhub1: VIA UHCI root hub, class 9/0, rev 1.00/1.00, addr 1 uhub1: 2 ports with 2 removable, self powered isab1: <PCI-ISA bridge> at device 7.4 on pci0 device_probe_and_attach: isab1 attach returned 6 pcm0: <VIA VT82C686A> port 0x1c50-0x1c53,0x1c54-0x1c57,0x1000-0x10ff irq 5 at device 7.5 on pci0 pcm0: <Analog Devices AD1881A AC97 Codec> pci0: <simple comms> at device 7.6 (no driver attached) cbb0: <TI1420 PCI-CardBus Bridge> mem 0x88000000-0x88000fff irq 9 at device 10.0 on pci0 cardbus0: <CardBus bus> on cbb0 pccard0: <16-bit PCCard bus> on cbb0 cbb0: [MPSAFE] cbb1: <TI1420 PCI-CardBus Bridge> mem 0x88001000-0x88001fff irq 10 at device 10.1 on pci0 cardbus1: <CardBus bus> on cbb1 pccard1: <16-bit PCCard bus> on cbb1 cbb1: [MPSAFE] fwohci0: <Texas Instruments TSB12LV26> mem 0xe8000000-0xe8003fff,0xe8004000-0xe80047ff irq 9 at device 14.0 on pci0 fwohci0: OHCI version 1.0 (ROM=1) fwohci0: No. of Isochronous channel is 4. fwohci0: EUI64 08:00:46:03:01:13:53:bc fwohci0: Phy 1394a available S400, 1 ports. fwohci0: Link S400, max_rec 2048 bytes. firewire0: <IEEE1394(FireWire) bus> on fwohci0 fwe0: <Ethernet over FireWire> on firewire0 if_fwe0: Fake Ethernet address: 0a:00:46:13:53:bc sbp0: <SBP-2/SCSI over FireWire> on firewire0 fwohci0: Initiate bus reset fwohci0: BUS reset fwohci0: node_id=0xc000ffc0, gen=1, CYCLEMASTER mode firewire0: 1 nodes, maxhop <= 0, cable IRM = 0 (me) firewire0: bus manager 0 (me) rl0: <RealTek 8139 10/100BaseTX> port 0x1800-0x18ff mem 0xe8004800-0xe80048ff irq 10 at device 16.0 on pci0 rl0: Ethernet address: 08:00:46:59:6d:f9 miibus0: <MII bus> on rl0 rlphy0: <RealTek internal media interface> on miibus0 rlphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto acpi_acad0: <AC Adapter> on acpi0 acpi_cmbat0: <Control Method Battery> on acpi0 acpi_cmbat1: <Control Method Battery> on acpi0 acpi_lid0: <Control Method Lid Switch> on acpi0 speaker0 port 0x61 on acpi0 fdc0: <Enhanced floppy controller (i82077, NE72065 or clone)> port 0x3f7,0x3f0-0x3f5 irq 6 drq 2 on acpi0 fdc0: FIFO enabled, 8 bytes threshold fd0: <1440-KB 3.5" drive> on fdc0 drive 0 sio0 port 0x3f8-0x3ff irq 4 on acpi0 sio0: type 16550A atkbdc0: <Keyboard controller (i8042)> port 0x64,0x60 irq 1 on acpi0 atkbd0: <AT Keyboard> flags 0x1 irq 1 on atkbdc0 kbd0 at atkbd0 psm0: <PS/2 Mouse> irq 12 on atkbdc0 psm0: model GlidePoint, device ID 0 acpi_ec0: <Embedded Controller: GPE 0x1> port 0x66,0x62 on acpi0 npx0: [FAST] npx0: <math processor> on motherboard npx0: INT 16 interface orm0: <Option ROMs> at iomem 0xdc000-0xdffff,0xd0000-0xd3fff,0xc0000-0xcffff on isa0 pmtimer0 on isa0 ppc0: parallel port not found. sc0: <System console> at flags 0x100 on isa0 sc0: VGA <16 virtual consoles, flags=0x300> sio1: configured irq 3 not in bitmap of probed irqs 0 sio1: port may not be enabled vga0: <Generic ISA VGA> at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0 Timecounter "TSC" frequency 1000041097 Hz quality 800 Timecounters tick every 10.000 msec ipfw2 initialized, divert enabled, rule-based forwarding enabled, default to deny, logging unlimited IPv6 packet filtering initialized, unlimited logging IPsec: Initialized Security Association Processing. acpi_cpu: throttling enabled, 16 steps (100% to 6.2%), currently 100.0% system power profile changed to 'economy' wi0: <The Linksys Group, Inc. Instant Wireless Network PC Card> at port 0x100-0x13f irq 9 function 0 config 1 on pccard0 wi0: 802.11 address: 00:06:25:18:30:d8 wi0: using RF:PRISM3(PCMCIA) wi0: Intersil Firmware: Primary (1.1.0), Station (1.4.2) wi0: 11b rates: 1Mbps 2Mbps 5.5Mbps 11Mbps GEOM: create disk ad0 dp=0xc2f1da60 ad0: 19077MB <TOSHIBA MK2018GAP> [38760/16/63] at ata0-master UDMA100 acd0: CDRW <UJDA720 DVD/CDRW> at ata1-master PIO4 ACPI-0438: *** Error: Handler for [EmbeddedControl] returned AE_NO_HARDWARE_RESPONSE ACPI-1287: *** Error: Method execution failed [\\_SB_.BAT2._STA] (Node 0xc2d5e540), AE_NO_HARDWARE_RESPONSE ACPI-0175: *** Error: Method execution failed [\\_SB_.BAT2._STA] (Node 0xc2d5e540), AE_NO_HARDWARE_RESPONSE system power profile changed to 'performance' Mounting root from ufs:/dev/ad0s2a WARNING: / was not properly dismounted WARNING: /home was not properly dismounted WARNING: /tmp was not properly dismounted WARNING: /usr was not properly dismounted WARNING: /usr/X11R6 was not properly dismounted WARNING: /usr/local was not properly dismounted WARNING: /var was not properly dismounted /var: mount pending error: blocks 4 files 1 key_spdadd: a SP entry exists already. key_spdadd: a SP entry exists already. key_spdadd: a SP entry exists already. key_spdadd: a SP entry exists already. ugen0: at uhub0 port 1 (addr 2) disconnected ugen0: detached Fatal trap 12: page fault while in kernel mode fault virtual address = 0xc2d852a0 fault code = supervisor write, page not present instruction pointer = 0x8:0xc05f3806 stack pointer = 0x10:0xd67c9b24 frame pointer = 0x10:0xd67c9b4c code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, def32 1, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 365 (gpsd) trap number = 12 panic: page fault syncing disks, buffers remaining... 2203 2203 2201 2200 2200 2200 2200 2200 2200 2200 2200 2200 2200 2200 2200 2200 2200 2200 2200 2200 2200 2200 2200 giving up on 1303 buffers Uptime: 1d2h39m11s Dumping 256 MB 16 32 48 64 80 96 112 128 144 160 176 192 208 224 240 --- Reading symbols from /boot/kernel/snd_via82c686.ko... (no debugging symbols found)...done. Loaded symbols for /boot/kernel/snd_via82c686.ko Reading symbols from /boot/kernel/snd_pcm.ko...(no debugging symbols found)... done. Loaded symbols for /boot/kernel/snd_pcm.ko Reading symbols from /boot/kernel/aout.ko...(no debugging symbols found)... done. Loaded symbols for /boot/kernel/aout.ko Reading symbols from /boot/kernel/if_ath.ko...(no debugging symbols found)... done. Loaded symbols for /boot/kernel/if_ath.ko Reading symbols from /boot/kernel/ath_hal.ko...(no debugging symbols found)... done. Loaded symbols for /boot/kernel/ath_hal.ko Reading symbols from /boot/kernel/ntfs.ko...(no debugging symbols found)... done. Loaded symbols for /boot/kernel/ntfs.ko Reading symbols from /boot/kernel/green_saver.ko... (no debugging symbols found)...done. Loaded symbols for /boot/kernel/green_saver.ko Reading symbols from /boot/kernel/linux.ko...(no debugging symbols found)... done. Loaded symbols for /boot/kernel/linux.ko #0 0xc065f8cb in doadump () (kgdb) bt #0 0xc065f8cb in doadump () #1 0xc065fe08 in boot () #2 0xc06600f8 in panic () #3 0xc0836a2c in trap_fatal () #4 0xc08366f2 in trap_pfault () #5 0xc08362fd in trap () #6 0xc0828798 in calltrap () #7 0xc0629476 in spec_close () #8 0xc0628398 in spec_vnoperate () #9 0xc06bf5d6 in vn_close () #10 0xc06c0460 in vn_closefile () #11 0xc06452d9 in fdrop_locked () #12 0xc06443ee in fdrop () #13 0xc064439c in closef () #14 0xc06425b8 in close () #15 0xc0836d40 in syscall () #16 0xc08287ed in Xint0x80_syscall () (kgdb) >Fix: Kill daemon before disconnecting USB device (which is a nuisance). Gordon L. Burditt >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E1AULIQ-000Iyz-Ot>