From nobody@FreeBSD.org Wed Apr 30 12:03:29 2008 Return-Path: Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D01B11065675 for ; Wed, 30 Apr 2008 12:03:29 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21]) by mx1.freebsd.org (Postfix) with ESMTP id AA1AC8FC27 for ; Wed, 30 Apr 2008 12:03:29 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (localhost [127.0.0.1]) by www.freebsd.org (8.14.2/8.14.2) with ESMTP id m3UC2ol9049564 for ; Wed, 30 Apr 2008 12:02:50 GMT (envelope-from nobody@www.freebsd.org) Received: (from nobody@localhost) by www.freebsd.org (8.14.2/8.14.1/Submit) id m3UC2oMV049563; Wed, 30 Apr 2008 12:02:50 GMT (envelope-from nobody) Message-Id: <200804301202.m3UC2oMV049563@www.freebsd.org> Date: Wed, 30 Apr 2008 12:02:50 GMT From: Martin Sugioarto To: freebsd-gnats-submit@FreeBSD.org Subject: panic: blockable sleep lock with wpi(4) X-Send-Pr-Version: www-3.1 X-GNATS-Notify: >Number: 123256 >Category: kern >Synopsis: [wpi] panic: blockable sleep lock with wpi(4) >Confidential: no >Severity: non-critical >Priority: low >Responsible: bschmidt >State: closed >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Wed Apr 30 12:10:03 UTC 2008 >Closed-Date: Mon Dec 20 18:07:58 UTC 2010 >Last-Modified: Mon Dec 20 18:07:58 UTC 2010 >Originator: Martin Sugioarto >Release: FreeBSD 7.0-STABLE >Organization: >Environment: FreeBSD link.local 7.0-STABLE FreeBSD 7.0-STABLE #0: Thu Apr 24 23:21:01 CEST 2008 root@link.local:/usr/obj/usr/src/sys/LINK i386 >Description: While trying to scan for wireless networks (ifconfig wpi scan), a kernel panic occured. Here the dump: #0 doadump () at pcpu.h:195 #1 0xc04af2fb in db_fncall (dummy1=-988161792, dummy2=0, dummy3=0, dummy4=0xe6b34828 "\220�4�\200\225��HH��\203�V�\200\004��\r") at /usr/src/sys/ddb/db_command.c:514 #2 0xc04af85c in db_command (last_cmdp=0xc0ad1054, cmd_table=0x0, dopager=1) at /usr/src/sys/ddb/db_command.c:411 #3 0xc04af95d in db_command_loop () at /usr/src/sys/ddb/db_command.c:464 #4 0xc04b101f in db_trap (type=3, code=0) at /usr/src/sys/ddb/db_main.c:228 #5 0xc06f54ae in kdb_trap (type=3, code=0, tf=0xe6b349cc) at /usr/src/sys/kern/subr_kdb.c:524 #6 0xc097219b in trap (frame=0xe6b349cc) at /usr/src/sys/i386/i386/trap.c:648 #7 0xc095948b in calltrap () at /usr/src/sys/i386/i386/exception.s:139 #8 0xc06f560f in kdb_enter_why (why=0xc09f2a37 "panic", msg=0xc09f2a37 "panic") at cpufunc.h:60 #9 0xc06cbb3b in panic (fmt=0xc09f7c6f "blockable sleep lock (%s) %s @ %s:%d") at /usr/src/sys/kern/kern_shutdown.c:556 #10 0xc0705aa7 in witness_checkorder (lock=0xc0aef6b0, flags=Variable "flags" is not available. ) at /usr/src/sys/kern/subr_witness.c:876 #11 0xc06beeff in _mtx_lock_flags (m=0xc0aef6b0, opts=0, file=0xc0a2152b "/usr/src/sys/i386/i386/trap.c", line=656) at /usr/src/sys/kern/kern_mutex.c:183 #12 0xc09721cc in trap (frame=0xe6b34b4c) at /usr/src/sys/i386/i386/trap.c:656 #13 0xc095948b in calltrap () at /usr/src/sys/i386/i386/exception.s:139 #14 0xc096fbaf in cpu_switch () at /usr/src/sys/i386/i386/swtch.s:189 Previous frame inner to this frame (corrupt stack?) >How-To-Repeat: On Lenovo Thinkpad T60p: 1) Switch on wireless LAN. 2) kldload wpifw 3) kldload if_wpi 4) ifconfig wpi0 up 5) ifconfig wpi0 scan >Fix: >Release-Note: >Audit-Trail: State-Changed-From-To: open->feedback State-Changed-By: gavin State-Changed-When: Wed Apr 30 13:27:05 UTC 2008 State-Changed-Why: To submitter: Can you please give us the text of the panic itself? Especially important is the line that starts "panic: blockable sleep lock", but if you can copy down the whole lot (or provide a link to a good digital photo) that would be fine. Without this, there isn't enough info to begin to diagnose the problem Responsible-Changed-From-To: freebsd-bugs->gavin Responsible-Changed-By: gavin Responsible-Changed-When: Wed Apr 30 13:27:05 UTC 2008 Responsible-Changed-Why: Track http://www.freebsd.org/cgi/query-pr.cgi?pr=123256 State-Changed-From-To: feedback->open State-Changed-By: gavin State-Changed-When: Tue Jul 15 12:54:21 UTC 2008 State-Changed-Why: Feedback received http://www.freebsd.org/cgi/query-pr.cgi?pr=123256 From: Gavin Atkinson To: bug-followup@FreeBSD.org Cc: Subject: Re: kern/123256: [wpi] panic: blockable sleep lock with wpi(4) Date: Tue, 15 Jul 2008 13:54:17 +0100 Full panic details recieved from submitter: GNU gdb 6.1.1 [FreeBSD] Copyright 2004 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "i386-marcel-freebsd". Reading symbols from /boot/kernel/linprocfs.ko...Reading symbols from /boot/kernel/linprocfs.ko.symbols...done. done. Loaded symbols for /boot/kernel/linprocfs.ko Reading symbols from /boot/kernel/linux.ko...Reading symbols from /boot/kernel/linux.ko.symbols...done. done. Loaded symbols for /boot/kernel/linux.ko Reading symbols from /boot/kernel/linsysfs.ko...Reading symbols from /boot/kernel/linsysfs.ko.symbols...done. done. Loaded symbols for /boot/kernel/linsysfs.ko Reading symbols from /boot/kernel/sound.ko...Reading symbols from /boot/kernel/sound.ko.symbols...done. done. Loaded symbols for /boot/kernel/sound.ko Reading symbols from /boot/kernel/snd_hda.ko...Reading symbols from /boot/kernel/snd_hda.ko.symbols...done. done. Loaded symbols for /boot/kernel/snd_hda.ko Reading symbols from /boot/kernel/acpi_video.ko...Reading symbols from /boot/kernel/acpi_video.ko.symbols...done. done. Loaded symbols for /boot/kernel/acpi_video.ko Reading symbols from /boot/kernel/acpi.ko...Reading symbols from /boot/kernel/acpi.ko.symbols...done. done. Loaded symbols for /boot/kernel/acpi.ko Reading symbols from /boot/kernel/acpi_ibm.ko...Reading symbols from /boot/kernel/acpi_ibm.ko.symbols...done. done. Loaded symbols for /boot/kernel/acpi_ibm.ko Reading symbols from /boot/kernel/aio.ko...Reading symbols from /boot/kernel/aio.ko.symbols...done. done. Loaded symbols for /boot/kernel/aio.ko Reading symbols from /boot/modules/kqemu.ko...done. Loaded symbols for /boot/modules/kqemu.ko Reading symbols from /boot/kernel/ubtbcmfw.ko...Reading symbols from /boot/kernel/ubtbcmfw.ko.symbols...done. done. Loaded symbols for /boot/kernel/ubtbcmfw.ko Reading symbols from /boot/kernel/ng_ubt.ko...Reading symbols from /boot/kernel/ng_ubt.ko.symbols...done. done. Loaded symbols for /boot/kernel/ng_ubt.ko Reading symbols from /boot/kernel/netgraph.ko...Reading symbols from /boot/kernel/netgraph.ko.symbols...done. done. Loaded symbols for /boot/kernel/netgraph.ko Reading symbols from /boot/kernel/geom_eli.ko...Reading symbols from /boot/kernel/geom_eli.ko.symbols...done. done. Loaded symbols for /boot/kernel/geom_eli.ko Reading symbols from /boot/kernel/ng_btsocket.ko...Reading symbols from /boot/kernel/ng_btsocket.ko.symbols...done. done. Loaded symbols for /boot/kernel/ng_btsocket.ko Reading symbols from /boot/kernel/ng_bluetooth.ko...Reading symbols from /boot/kernel/ng_bluetooth.ko.symbols...done. done. Loaded symbols for /boot/kernel/ng_bluetooth.ko Reading symbols from /boot/kernel/ng_hci.ko...Reading symbols from /boot/kernel/ng_hci.ko.symbols...done. done. Loaded symbols for /boot/kernel/ng_hci.ko Reading symbols from /boot/kernel/ng_l2cap.ko...Reading symbols from /boot/kernel/ng_l2cap.ko.symbols...done. done. Loaded symbols for /boot/kernel/ng_l2cap.ko Reading symbols from /boot/kernel/ng_socket.ko...Reading symbols from /boot/kernel/ng_socket.ko.symbols...done. done. Loaded symbols for /boot/kernel/ng_socket.ko Reading symbols from /boot/kernel/wpifw.ko...Reading symbols from /boot/kernel/wpifw.ko.symbols...done. done. Loaded symbols for /boot/kernel/wpifw.ko Reading symbols from /boot/kernel/if_wpi.ko...Reading symbols from /boot/kernel/if_wpi.ko.symbols...done. done. Loaded symbols for /boot/kernel/if_wpi.ko Unread portion of the kernel message buffer: lock order reversal: 1st 0xc4888010 ieee80211com (802.11 com lock) @ /usr/src/sys/net80211/ieee80211_scan.c:382 2nd 0xc4889418 wpi0 (network driver) @ /usr/src/sys/modules/wpi/../../dev/wpi/if_wpi.c:1990 KDB: stack backtrace: db_trace_self_wrapper(c09f593d,e6aa78e0,c070608c,c09f7e3a,c4889418,...) at db_trace_self_wrapper+0x26 kdb_backtrace(c09f7e3a,c4889418,c4dbf390,c4b9a0d7,c4b99c81,...) at kdb_backtrace+0x29 witness_checkorder(c4889418,9,c4b99c81,7c6,3,...) at witness_checkorder+0x6a9 _mtx_lock_flags(c4889418,0,c4b99c81,7c6,c4bf0b38,...) at _mtx_lock_flags+0xb0 wpi_start(c410c800,c4888008,e6aa799c,c079206f,c410c800,...) at wpi_start+0x18e if_start(c410c800,0,c0a02fd6,184,6,...) at if_start+0x4f ieee80211_send_nulldata(c4da9000,944,28,976,0) at ieee80211_send_nulldata+0x1eb ieee80211_sta_pwrsave(c4888008,1,c48885a4,6,c09a7be0,...) at ieee80211_sta_pwrsave+0x200 scan_restart(c4bcd000,c4888008,c0a03af7,17e,c06c1374,...) at scan_restart+0x8a ieee80211_start_scan(c4888008,13,7fffffff,0,c4888fec,...) at ieee80211_start_scan+0x1df ieee80211_ioctl(c4888008,801c69ea,c539e060,831,801c69ea,...) at ieee80211_ioctl+0x14cd wpi_ioctl(c410c800,801c69ea,c539e060,c0a9bc64,c09ff11f,...) at wpi_ioctl+0x79 in_control(c52ed318,801c69ea,c539e060,c410c800,c4bf0aa0,...) at in_control+0xdd1 ifioctl(c52ed318,801c69ea,c539e060,c4bf0aa0,c4bf0aa0,...) at ifioctl+0x314 soo_ioctl(c448c798,801c69ea,c539e060,c50fa000,c4bf0aa0,...) at soo_ioctl+0x38e kern_ioctl(c4bf0aa0,3,801c69ea,c539e060,0,...) at kern_ioctl+0x246 ioctl(c4bf0aa0,e6aa7cfc,c,c09d315b,e6aa7d38,...) at ioctl+0x11d syscall(e6aa7d38) at syscall+0x2a1 Xint0x80_syscall() at Xint0x80_syscall+0x20 --- syscall (54, FreeBSD ELF32, ioctl), eip = 0x2816d223, esp = 0xbfbfdcac, ebp = 0xbfbfe4e8 --- lloocckk oorrddeerr rreevveerrssaall:: 11sstt 0x0cx0ca0fa8f4ac50d 8s cshmepd rleoncdke z0v o(ussc h(esdm pl orcekn)d e@z v/ouussr)/ s@r c//ussyrs//skrecr/ns/yssc/hie3d8_6u/lie3.8c6:/1m8p7_1m a c2hndde p.0cx:c01a0e2b845 0 2sncdr loc0kx c(0sacerbl4o5c0k )s c@r l/oucskr /(ssrccr/lsoycsk/)d e@v //suyssrc/osnrsc//ssyyssc/odnesv./cs:y2s5c2o6n sK/DsBy:s csotnasc.kc :ba2c5k2t6ra cKeD:B : stack backtrace: db_trace_self_wrapper(c09f593ddb,_ter6abc3e4_8sae8l,f_cw0r7a0p6p0e8rc(,cc0099ff579e33da,,ec60aabe0b842540,,..c.0)7 0a6t0 8c,c09f7e3a,c0aeb450,...) at db_trace_self_wrapper+0x26 db_trace_self_wrapper+0x26 kdb_backtrace(c09f7e3a,c0aeb450,kcd0b9_dbfabcdk9t,racc0e9(dfbcd099,f7ce039ad,fb6c50,a.e.b.4)5 0a,t c09dfbd9,c09dfbd9,c09dfb65,...) at kdb_backtrace+0x29 kdb_backtrace+0x29 witness_checkorder(c0aeb450,9,c09dfb65,9de,e6b348c8,...) at witness_checkorder(c0aeb450,9,c09dfb65,9de,c64814cc,...) at witness_checkorder+0x6a9 witness_checkorder+0x6a9 _mtx_lock_spin_flags(c0aeb450,0,c09dfb65,9de,c0aeb340,...) at _mtx_lock_spin_flags(c0aeb450,0,c09dfb65,9de,c0aeb340,...) at _mtx_lock_spin_flags+0xb6 _mtx_lock_spin_flags+0xb6 sc_puts(c0aeb340,e6b34907,1,6bafb4b8,c0a55520,...) at sc_puts(c0aeb340,e6ab0883,1,6b000004,c0a55520,...) at sc_puts+0x82 sc_puts+0x82 sc_cnputc(c0a55520,6b,e6b34a90,5,6b,...) at sc_cnputc(c0a55520,6b,e6ab0a0c,5,6b,...) at sc_cnputc+0xc3 sc_cnputc+0xc3 cnputc(6b,e6b34a90,e6b3495c,c06f96cb,d7,...) at cnputc(6b,e6ab0a0c,e6ab08d8,c06f96cb,0,...) at cnputc+0x5c cnputc+0x5c putcons(d7,e6b34960,1704c15,e6b34b4c,c0a215ee,...) at putcons(0,c0a16330,1000386,e6ab0ac8,c0a215ee,...) at putcons+0x19 putcons+0x19 putchar(6b,e6b34a90,246,c0afb4b8,e6b34990,...) at putchar(6b,e6ab0a0c,e6ab0956,c4abe880,c0afb4b8,...) at putchar+0x5b putchar+0x5b kvprintf(c0a215ed,c06f9670,e6b34a90,a,e6b34abc,...) at kvprintf(c0a215ed,c06f9670,e6ab0a0c,a,e6ab0a38,...) at kvprintf+0x7c kvprintf+0x7c printf(c0a215ed,13,c52c6880,e6b34ad0,c53372ac,...) at printf(c0a215ed,13,e6ab0a58,0,c5271000,...) at printf+0x4e printf+0x4e trap(e6b34b4c) at trap(e6ab0ac8) at trap+0xcd trap+0xcd calltrap() at calltrap() at calltrap+0x6 --- trap 0x13, eip = 0xc096fbaf, esp = 0xe6b34b8c, ebp = 0xe6b34bc0 --- calltrap+0x6 --- trap 0x13, eip = 0xc0966ebc, esp = 0xe6ab0b08, ebp = 0xe6ab0b28 --- cpu_switch(c52c6880,0,1,17b,f418cdc3,...) at smp_tlb_shootdown(e6ab0b50,c096b5b2,c1432000,c1433000,c14329d9,...) at cpu_switch+0xb7 smp_tlb_shootdown+0x8d mi_switch(1,0,c09f6cc3,2e2,c52bc370,...) at mi_switch+0x215 smp_invlpg_range(c1432000,c1433000,c14329d9,bfbfdde8,1,...) at smp_invlpg_range+0x1c turnstile_wait(c52bc370,c4bf0aa0,0,190,c536de1c,...) at turnstile_wait+0x4ba pmap_invalidate_range(c0b5d120,c1432000,c1433000) at _mtx_lock_sleep(pcm5a3p6_dien1vca,licd5a2tce6_8r8a0n,g0e,+c00x94ff13 58,8d,...) at _mtx_lock_sleep+0x179 pmap_qremove(c1432000,1,e6ab0c58,90,c0a50040,...) at _mtx_lock_flags(c536de1c,0,c09f1358,8d,e6b34cd4,...) at pmap_qremove+0x55 _mtx_lock_flags+0xe3 memrw(c3fl7ofc6k0_0m,tx(e6ca5b306cd5e81,c0,,01,a4c,009,f.3.4.2)f ,aetb ,0,...) at lock_mtx+0x29 memrw+0x1b8 giant_read(_cs3lfe7efp6(00c,536ed6ea0b00,c5c85,306,d0e,1cc,,.0.,.)c 0a9te 7fbe,0,...) at giant_read+0x58 _sleep+0x400 devfs_read_f(c5000630,e6ab0c58,c5273b00,0,c4abe880,...) at taskqueue_thread_loop(c48899b4,e6b34d38,c09eed5c,307,c53372ac,...) at devfs_read_f+0x6e taskqueue_thread_loop+0xae dofileread(e6ab0c58,ffffffff,ffffffff,0,c5000630,...) at fork_exit(c06ff85b,c48899b4,e6b34d38) at dofileread+0x90 fork_exit+0xb8 fork_trampoline() at kern_readv(c4abe880,4,e6ab0c58,bfbfddf4,0,...) at fork_trampoline+0x8 --- trap 0, eip = 0, esp = 0xe6b34d70, ebp = 0 --- kernel trap 19 with interrupts disabled panic: blockable sleep lock (sleep mutex) Giant @ /usr/src/sys/i386/ik3e8r6n/_trreaapd.vc+:06x5562 cpuid = 0 KDB: stack backtrace: db_trace_self_wrapper(c09f593d,e6b34a40,c06cbb1e,c0a1fed7,0,...) at db_trace_self_wrapper+0x26 read(c4abe880,e6ab0cfc,c,c09f852c,c0705530,...) at read+0x51 kdb_backtrace(c0a1fed7,0,c09f7c6f,e6b34a4c,0,...) at kdb_backtrace+0x29 syscall(e6ab0d38) at panic(c09f7c6f,c0a16a9c,c0a0e795,c0a2152b,290,...) at syscall+0x2a1 panic+0x10f Xint0x80_syscall() at Xint0x80_syscall+0x20 --- syscall (3witness_checkorder(c0aef6b0,9,c0a2152b,290,6da,...) at , FreeBSD ELF32, read), eip = 0x28162283, esp = 0xbfbfdc4c, ebp = 0xbfbfdc88 --- kernel trap 19 with interrupts disabled <4>NMI: power fail witness_checkorder+0xc4 _mtx_lock_flags(c0aef6b0,0,c0a2152b,290,c53372ac,...) at _mtx_lock_flags+0xb0 trap(e6b34b4c) at trap+0x5cb calltrap() at calltrap+0x6 --- trap 0x13, eip = 0xc096fbaf, esp = 0xe6b34b8c, ebp = 0xe6b34bc0 --- cpu_switch(c52c6880,0,1,17b,f418cdc3,...) at cpu_switch+0xb7 mi_switch(1,0,c09f6cc3,2e2,c52bc370,...) at mi_switch+0x215 turnstile_wait(c52bc370,c4bf0aa0,0,190,c536de1c,...) at turnstile_wait+0x4ba _mtx_lock_sleep(c536de1c,c52c6880,0,c09f1358,8d,...) at _mtx_lock_sleep+0x179 _mtx_lock_flags(c536de1c,0,c09f1358,8d,e6b34cd4,...) at _mtx_lock_flags+0xe3 lock_mtx(c536de1c,0,c09f342f,eb,0,...) at lock_mtx+0x29 _sleep(c536de00,c536de1c,0,c09e7fbe,0,...) at _sleep+0x400 taskqueue_thread_loop(c48899b4,e6b34d38,c09eed5c,307,c53372ac,...) at taskqueue_thread_loop+0xae fork_exit(c06ff85b,c48899b4,e6b34d38) at fork_exit+0xb8 fork_trampoline() at fork_trampoline+0x8 --- trap 0, eip = 0, esp = 0xe6b34d70, ebp = 0 --- KDB: enter: panic Physical memory: 1010 MB Dumping 144 MB: 129 113 97 81 65 49 33 17 1 #0 doadump () at pcpu.h:195 in pcpu.h (kgdb) quit Responsible-Changed-From-To: gavin->freebsd-net Responsible-Changed-By: gavin Responsible-Changed-When: Fri Aug 1 17:42:56 UTC 2008 Responsible-Changed-Why: Over to maintainers. Hopefully the backtrace is enough to understand what is happening here. http://www.freebsd.org/cgi/query-pr.cgi?pr=123256 State-Changed-From-To: open->feedback State-Changed-By: bschmidt State-Changed-When: Mon Dec 20 13:33:04 UTC 2010 State-Changed-Why: Is that still an issue on a recent stable/7 setup? I'm, not able to reproduce this. Responsible-Changed-From-To: freebsd-net->bschmidt Responsible-Changed-By: bschmidt Responsible-Changed-When: Mon Dec 20 13:33:04 UTC 2010 Responsible-Changed-Why: over to me http://www.freebsd.org/cgi/query-pr.cgi?pr=123256 State-Changed-From-To: feedback->closed State-Changed-By: bschmidt State-Changed-When: Mon Dec 20 18:07:16 UTC 2010 State-Changed-Why: OP has no longer access to the hardware and I'm not able to reproduce this. Therefore close this PR. http://www.freebsd.org/cgi/query-pr.cgi?pr=123256 >Unformatted: