sleeping without a mutex on aue(4)

From: Pyun YongHyeon <yongari_at_rndsoft.co.kr>
Date: Tue, 31 May 2005 16:27:42 +0900
Got this panic on recent 6-CURRENT.

[GDB will not be able to debug user-mode threads: /usr/lib/libthread_db.so: Undefined symbol "ps_pglobal_lookup"]
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-marcel-freebsd".
#0  doadump () at pcpu.h:165
165		__asm __volatile("movl %%fs:0,%0" : "=r" (td));
(kgdb) bt
#0  doadump () at pcpu.h:165
#1  0xc04935f5 in db_fncall (dummy1=0, dummy2=0, dummy3=1999, 
    dummy4=0xcc608830 "Àð~?") at /usr/src/sys/ddb/db_command.c:531
#2  0xc0493382 in db_command (last_cmdp=0xc07ee7c4, cmd_table=0x0, 
    aux_cmd_tablep=0xc07ad854, aux_cmd_tablep_end=0xc07ad858)
    at /usr/src/sys/ddb/db_command.c:349
#3  0xc0493495 in db_command_loop () at /usr/src/sys/ddb/db_command.c:455
#4  0xc04955d5 in db_trap (type=3, code=0) at /usr/src/sys/ddb/db_main.c:221
#5  0xc05ae9c7 in kdb_trap (type=0, code=0, tf=0xcc608988)
    at /usr/src/sys/kern/subr_kdb.c:471
#6  0xc0741288 in trap (frame=
      {tf_fs = -1065877496, tf_es = 40, tf_ds = -866123736, tf_edi = 1, tf_esi = -1065831033, tf_ebp = -866088496, tf_isp = -866088524, tf_ebx = -866088440, tf_edx = 0, tf_ecx = -1056878592, tf_eax = 18, tf_trapno = 3, tf_err = 0, tf_eip = -1067784512, tf_cs = 32, tf_eflags = 642, tf_esp = -1065824334, tf_ss = -1065832875})
    at /usr/src/sys/i386/i386/trap.c:581
#7  0xc072e2fa in calltrap () at /usr/src/sys/i386/i386/exception.s:139
#8  0xc0780008 in ?? ()
#9  0x00000028 in ?? ()
#10 0xcc600028 in ?? ()
#11 0x00000001 in ?? ()
#12 0xc078b587 in ?? ()
#13 0xcc6089d0 in ?? ()
#14 0xcc6089b4 in ?? ()
#15 0xcc608a08 in ?? ()
#16 0x00000000 in ?? ()
#17 0xc1015000 in ?? ()
---Type <return> to continue, or q <return> to quit---
#18 0x00000012 in ?? ()
#19 0x00000003 in ?? ()
#20 0x00000000 in ?? ()
#21 0xc05ae6c0 in kdb_enter (msg=0x0) at cpufunc.h:60
#22 0xc0590275 in panic (fmt=0xc078b587 "sleeping without a mutex")
    at /usr/src/sys/kern/kern_shutdown.c:537
#23 0xc059724d in msleep (ident=0xc1362d00, mtx=0x0, priority=76, 
    wmesg=0xc0783676 "usbsyn", timo=0) at /usr/src/sys/kern/kern_synch.c:138
#24 0xc052a0ac in usbd_transfer (xfer=0xc1362d00)
    at /usr/src/sys/dev/usb/usbdi.c:344
#25 0xc052a0dc in usbd_sync_transfer (xfer=0x0) at /usr/src/sys/dev/usb/usbdi.c:355
#26 0xc052aaad in usbd_do_request_flags_pipe (dev=0xc178c400, pipe=0x0, 
    req=0xcc608b14, data=0x0, flags=0, actlen=0x0, timeout=0)
    at /usr/src/sys/dev/usb/usbdi.c:978
#27 0xc052aa2c in usbd_do_request_flags (dev=0x0, req=0x0, data=0x0, flags=0, 
    actlen=0x0, timo=0) at /usr/src/sys/dev/usb/usbdi.c:949
#28 0xc052a9e7 in usbd_do_request (dev=0x0, req=0x0, data=0x0)
    at /usr/src/sys/dev/usb/usbdi.c:941
#29 0xc050993b in aue_csr_read_1 (sc=0x0, reg=0)
    at /usr/src/sys/dev/usb/if_aue.c:269
#30 0xc050a0db in aue_reset (sc=0xc1419000) at /usr/src/sys/dev/usb/if_aue.c:576
#31 0xc050ad61 in aue_init (xsc=0xc1419000) at /usr/src/sys/dev/usb/if_aue.c:1147
#32 0xc0614347 in ether_ioctl (ifp=0xc1419000, command=0, 
    data=0xc1797d00 "?}yÁÔ}yÁä}y?") at /usr/src/sys/net/if_ethersubr.c:994
#33 0xc050b273 in aue_ioctl (ifp=0xc1419000, command=2149607692, data=0x0)
    at /usr/src/sys/dev/usb/if_aue.c:1316
#34 0xc061fcb5 in in_ifinit (ifp=0xc1419000, ia=0xc1797d00, sin=0x0, scrub=0)
---Type <return> to continue, or q <return> to quit---
    at /usr/src/sys/netinet/in.c:692
#35 0xc061f276 in in_control (so=0x0, cmd=1, data=0xc17716c0 "aue0", 
    ifp=0xc1419000, td=0xc1497d80) at /usr/src/sys/netinet/in.c:421
#36 0xc0610fdd in ifioctl (so=0xc152c7c8, cmd=2151704858, data=0xc17716c0 "aue0", 
    td=0xc1497d80) at /usr/src/sys/net/if.c:1512
#37 0xc05c548f in soo_ioctl (fp=0x0, cmd=2151704858, data=0xc17716c0, 
    active_cred=0xc178b600, td=0xc1497d80) at /usr/src/sys/kern/sys_socket.c:214
#38 0xc05be70d in ioctl (td=0xc1497d80, uap=0xcc608d04) at file.h:258
#39 0xc0741bd0 in syscall (frame=
      {tf_fs = 59, tf_es = 59, tf_ds = 59, tf_edi = 134570912, tf_esi = 1, tf_ebp = -1077940984, tf_isp = -866087580, tf_ebx = 134579328, tf_edx = 134582045, tf_ecx = 0, tf_eax = 54, tf_trapno = 12, tf_err = 2, tf_eip = 671966111, tf_cs = 51, tf_eflags = 582, tf_esp = -1077943140, tf_ss = 59}) at /usr/src/sys/i386/i386/trap.c:959
#40 0xc072e34f in Xint0x80_syscall () at /usr/src/sys/i386/i386/exception.s:200
#41 0x0000003b in ?? ()
#42 0x0000003b in ?? ()
#43 0x0000003b in ?? ()
#44 0x080563a0 in ?? ()
#45 0x00000001 in ?? ()
#46 0xbfbfed08 in ?? ()
#47 0xcc608d64 in ?? ()
#48 0x08058480 in ?? ()
#49 0x08058f1d in ?? ()
#50 0x00000000 in ?? ()
#51 0x00000036 in ?? ()
#52 0x0000000c in ?? ()
#53 0x00000002 in ?? ()
---Type <return> to continue, or q <return> to quit---
#54 0x280d639f in ?? ()
#55 0x00000033 in ?? ()
#56 0x00000246 in ?? ()
#57 0xbfbfe49c in ?? ()
#58 0x0000003b in ?? ()
#59 0x00000000 in ?? ()
#60 0x00000000 in ?? ()
#61 0x00000000 in ?? ()
#62 0x00000000 in ?? ()
#63 0x07cb4000 in ?? ()
#64 0xc1793800 in ?? ()
#65 0xc1497d80 in ?? ()
#66 0xcc608a14 in ?? ()
#67 0xcc6089f0 in ?? ()
#68 0xc12c0180 in ?? ()
#69 0xc05a4f80 in sched_switch (td=0x1, newtd=0x8058480, flags=Cannot access memory at address 0xbfbfed18
)
    at /usr/src/sys/kern/sched_4bsd.c:971
Previous frame inner to this frame (corrupt stack?)
(kgdb) frame 24
#24 0xc052a0ac in usbd_transfer (xfer=0xc1362d00)
    at /usr/src/sys/dev/usb/usbdi.c:344
344			tsleep(xfer, PRIBIO, "usbsyn", 0);
(kgdb) l
339			return (err);
340		s = splusb();
341		if (!xfer->done) {
342			if (pipe->device->bus->use_polling)
343				panic("usbd_transfer: not done");
344			tsleep(xfer, PRIBIO, "usbsyn", 0);
345		}
346		splx(s);
347		return (xfer->status);
348	}
(kgdb) frame 29
#29 0xc050993b in aue_csr_read_1 (sc=0x0, reg=0)
    at /usr/src/sys/dev/usb/if_aue.c:269
269		err = usbd_do_request(sc->aue_udev, &req, &val);
(kgdb) l
264		req.bRequest = AUE_UR_READREG;
265		USETW(req.wValue, 0);
266		USETW(req.wIndex, reg);
267		USETW(req.wLength, 1);
268	
269		err = usbd_do_request(sc->aue_udev, &req, &val);
270	
271		AUE_UNLOCK(sc);
272	
273		if (err) {

I guess dropping AUE_LOCK() before calling usbd_do_request() would fix
the panic. But is it OK invoking usbd_do_request() wihtout a lock
held? Should usbd_xfer_handle have a pointer to a lock to drop before
calling msleep(9)?

-- 
Regards,
Pyun YongHyeon
http://www.kr.freebsd.org/~yongari	|	yongari_at_freebsd.org
Received on Tue May 31 2005 - 05:27:43 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:35 UTC