Bug #9

panic with HEAD

Added by steve.mynott over 8 years ago. Updated almost 8 years ago.

Status:ClosedStart date:
Priority:HighDue date:
Assignee:-% Done:

0%

Category:-
Target version:-

Description

I get a panic with HEAD of a few hours ago apparently related to the wi device

can supply kernel/vmcore whatever if needed....

wi0: <WaveLAN/IEEE> at port 0x100-0x13f irq 10 function 0 config 1 on pccard0
wi0: using Lucent Technologies, WaveLAN/IEEE
wi0: Lucent Firmware: Station (6.6.1)

Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i386-dragonfly"...
panic: from debugger
panic messages:
---
panic: assertion: (ifp->if_serializer)->last_td == curthread in ether_input
panic: from debugger
Uptime: 2m54s
wi0: detached
kthread 0xc60b0c00 cbb0 has exited

dumping to dev #ad/0x20001, offset 1541344
dump ata0: resetting devices .. done
255 254 253 252 251 250 249 248 247 246 245 244 243 242 241 240 239 238 237 236
235 234 233 232 231 230 229 228 227 226 225 224 223 222 221 220 219 218 217 216
215 214 213 212 211 210 209 208 207 206 205 204 203 202 201 200 199 198 197 196
195 194 193 192 191 190 189 188 187 186 185 184 183 182 181 180 179 178 177 176
175 174 173 172 171 170 169 168 167 166 165 164 163 162 161 160 159 158 157 156
155 154 153 152 151 150 149 148 147 146 145 144 143 142 141 140 139 138 137 136
135 134 133 132 131 130 129 128 127 126 125 124 123 122 121 120 119 118 117 116
115 114 113 112 111 110 109 108 107 106 105 104 103 102 101 100 99 98 97 96 95 9
4 93 92 91 90 89 88 87 86 85 84 83 82 81 80 79 78 77 76 75 74 73 72 71 70 69 68
67 66 65 64 63 62 61 60 59 58 57 56 55 54 53 52 51 50 49 48 47 46 45 44 43 42 41
40 39 38 37 36 35 34 33 32 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 1
4 13 12 11 10 9 8 7 6 5 4 3 2 1 0
---
#0 dumpsys () at /usr/src/sys/kern/kern_shutdown.c:527
527 if (dumping++) {
dumpsys () at /usr/src/sys/kern/kern_shutdown.c:527
527 if (dumping++) {
(kgdb) bt full
#0 dumpsys () at /usr/src/sys/kern/kern_shutdown.c:527
error = -1067716444
#1 0xc02aa344 in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:360
No locals.
#2 0xc02aa7f6 in panic (fmt=0xc04f3e5c "from debugger")
at /usr/src/sys/kern/kern_shutdown.c:673
bootopt = 260
newpanic = 0
buf = "from debugger\000p->if_serializer)->last_td == curthread in ether
_input", '\0' <repeats 187 times>
#3 0xc01622ae in db_panic (addr=-1068907114, have_addr=0, count=-1,
modif=0xcda82a3c "") at /usr/src/sys/ddb/db_command.c:449
No locals.
#4 0xc0162243 in db_command (last_cmdp=0xc05a9af0, cmd_table=0x0,
aux_cmd_tablep=0xc054d5ec, aux_cmd_tablep_end=0xc054d604)
at /usr/src/sys/ddb/db_command.c:345
cmd = (struct command *) 0xc04cbab8
t = 0
modif = "\000\a\000\000\000\000\000\000\200\026_?\200\026_?\000\000\000\
000d*??r2I?\001\000\000\000\001\000\000\000\200\026_?\204*???0I?@?^?\aK\000 x\00
0\000\000?Z?\000\000\000\000\234*??c<\026???O???J?x\000\000\000??J?\000\000\000
\000?Z??5\026??Z?\210\234Z?x\000\000\000\003\000\000"
addr = -1068907114
count = -1
have_addr = 0
result = 0
#5 0xc0162323 in db_command_loop () at /usr/src/sys/ddb/db_command.c:471
No locals.
#6 0xc0165000 in db_trap (type=3, code=0) at /usr/src/sys/ddb/db_trap.c:72
bkpt = 0
#7 0xc049c240 in kdb_trap (type=3, code=0, regs=0xcda82b54)
at /usr/src/sys/i386/i386/db_interface.c:150
ddb_mode = 1
---Type <return> to continue, or q <return> to quit---
#8 0xc04b07b2 in trap (frame=
{tf_fs = 24, tf_es = 16, tf_ds = 16, tf_edi = 1, tf_esi = -1068268612, tf_
ebp = -844616804, tf_isp = -844616832, tf_ebx = 256, tf_edx = -1072988160, tf_ec
x = 32, tf_eax = 18, tf_trapno = 3, tf_err = 0, tf_eip = -1068907114, tf_cs = 8,
tf_eflags = 658, tf_esp = -1068410192, tf_ss = -1068483217})
at /usr/src/sys/i386/i386/trap.c:811
gd = (struct globaldata *) 0x3
td = (struct thread *) 0xc05bf0a4
lp = (struct lwp *) 0x0
p = (struct proc *) 0x0
sticks = 0
i = 0
ucode = 0
type = 3
code = 0
eva = 0
__func__ = "trap"
#9 0xc049d51f in calltrap () at /usr/src/sys/i386/i386/exception.s:774
No locals.
#10 0x00000018 in ?? ()
No symbol table info available.
#11 0x00000010 in ?? ()
No symbol table info available.
#12 0x00000010 in ?? ()
No symbol table info available.
#13 0x00000001 in ?? ()
No symbol table info available.
#14 0xc05383bc in ?? ()
No symbol table info available.
#15 0xcda82b9c in ?? ()
No symbol table info available.
#16 0xcda82b80 in ?? ()
No symbol table info available.
---Type <return> to continue, or q <return> to quit---
#17 0x00000100 in ?? ()
No symbol table info available.
#18 0xc00b8000 in ?? ()
No symbol table info available.
#19 0x00000020 in ?? ()
No symbol table info available.
#20 0x00000012 in ?? ()
No symbol table info available.
#21 0x00000003 in ?? ()
No symbol table info available.
#22 0x00000000 in ?? ()
No symbol table info available.
#23 0xc049c596 in Debugger (msg=0x0) at cpufunc.h:68
in_Debugger = 1 '\001'
#24 0xc02aa7ee in panic (
fmt=0xc05383bc "assertion: (ifp->if_serializer)->last_td == curthread in %s"
) at /usr/src/sys/kern/kern_shutdown.c:671
bootopt = 256
newpanic = 1
buf = "from debugger\000p->if_serializer)->last_td == curthread in ether
_input", '\0' <repeats 187 times>
#25 0xc03100ed in ether_input (ifp=0xc9876000, eh=0x0, m=0xc126a800)
at /usr/src/sys/net/if_ethersubr.c:568
save_eh = {ether_dhost = "\006\000\000\000\b\002",
ether_shost = "?\000\000\002-\t", ether_type = 36198}
__func__ = "ether_input"
#26 0xc03100ad in ether_input_internal (ifp=0x0, m=0x0)
at /usr/src/sys/net/if_ethersubr.c:539
No locals.
#27 0xc031fde3 in ieee80211_input (ifp=0xc9876000, m=0xc126a800,
ni=0xc1189f38, rssi=106, rstamp=1400552)
at /usr/src/sys/netproto/802_11/ieee80211_input.c:302
ic = (struct ieee80211com *) 0xc9876000
---Type <return> to continue, or q <return> to quit---
wh = (struct ieee80211_frame *) 0x0
eh = (struct ether_header *) 0x0
m1 = (struct mbuf *) 0x0
len = 0
dir = 2 '\002'
type = 8 '\b'
subtype = 168 '?'
bssid = (uint8_t *) 0x0
rxseq = 0
__func__ = "ieee80211_input"
#28 0xc027b64d in wi_rx_intr (sc=0xc1189f38)
at /usr/src/sys/dev/netif/wi/if_wi.c:1504
ic = (struct ieee80211com *) 0xc9876000
ifp = (struct ifnet *) 0xc9876000
frmhdr = {wi_status = 8192, wi_rx_tstamp1 = 24296, wi_rx_tstamp0 = 21,
wi_rx_silence = 54 '6', wi_rx_signal = 106 'j', wi_rx_rate = 110 'n',
wi_rx_flow = 0 '\0', wi_tx_rtry = 0 '\0', wi_tx_rate = 0 '\0',
wi_tx_ctl = 0, wi_whdr = {i_fc = "\bB", i_dur = "?",
i_addr1 = "\000\002-\tf\215", i_addr2 = "\000\r\223\201e?",
i_addr3 = "\000\r\223!?<", i_seq = "p\027", i_addr4 = "[&\204\016,\221"},
wi_dat_len = 36, wi_ehdr = {ether_dhost = "\000\002-\tf\215",
ether_shost = "\000\r\223!?<", ether_type = 9216}}
m = (struct mbuf *) 0xc126a800
wh = (struct ieee80211_frame *) 0xc126a838
ni = (struct ieee80211_node *) 0xc1189f38
fid = 251
len = 36
rssi = 106
status = 0
rstamp = 1400552
#29 0xc0279507 in wi_intr (arg=0xc9876000)
at /usr/src/sys/dev/netif/wi/if_wi.c:591
sc = (struct wi_softc *) 0xc9876000
---Type <return> to continue, or q <return> to quit---
ifp = (struct ifnet *) 0xc9876000
status = 32769
#30 0xc0398d84 in pccard_intr (arg=0xc1169f00)
at /usr/src/sys/bus/pccard/pccard.c:1209
pf = (struct pccard_function *) 0xc1169f00
reg = 0
doisr = 1
#31 0xc016c1ef in cbb_intr (arg=0xc12c96c8)
at /usr/src/sys/dev/pccard/pccbb/pccbb.c:1060
sc = (struct cbb_softc *) 0xc12c96c8
sockevent = 0
ih = (struct cbb_intrhand *) 0xc1041e40
#32 0xc028e8fb in ithread_handler (arg=0xa)
at /usr/src/sys/kern/kern_intr.c:750
info = (struct intr_info *) 0xc05bf0a0
use_limit = 0
lticks = 17325
lcount = 0
intr = 10
list = (struct intrec **) 0xc05bf0a0
rec = 0x0
nrec = 0x0
gd = 0xff800000
ill_timer = {node = {tqe_next = 0x0, tqe_prev = 0x0}, queue = 0x0,
time = 0, periodic = 0, func = 0, data = 0x0, flags = 0, gd = 0x0}
ill_count = 18
#33 0xc02b0b2f in lwkt_create (func=0, arg=0x0, tdp=0xc05bf0a4, template=0x0,
ifp = (struct ifnet *) 0xc9876000
status = 32769
#30 0xc0398d84 in pccard_intr (arg=0xc1169f00)
at /usr/src/sys/bus/pccard/pccard.c:1209
pf = (struct pccard_function *) 0xc1169f00
reg = 0
doisr = 1
#31 0xc016c1ef in cbb_intr (arg=0xc12c96c8)
at /usr/src/sys/dev/pccard/pccbb/pccbb.c:1060
sc = (struct cbb_softc *) 0xc12c96c8
sockevent = 0
ih = (struct cbb_intrhand *) 0xc1041e40
#32 0xc028e8fb in ithread_handler (arg=0xa)
at /usr/src/sys/kern/kern_intr.c:750
info = (struct intr_info *) 0xc05bf0a0
use_limit = 0
lticks = 17325
lcount = 0
intr = 10
list = (struct intrec **) 0xc05bf0a0
rec = 0x0
nrec = 0x0
gd = 0xff800000
ill_timer = {node = {tqe_next = 0x0, tqe_prev = 0x0}, queue = 0x0,
time = 0, periodic = 0, func = 0, data = 0x0, flags = 0, gd = 0x0}
ill_count = 18
#33 0xc02b0b2f in lwkt_create (func=0, arg=0x0, tdp=0xc05bf0a4, template=0x0,
tdflags=---Can't read userspace from dump, or kernel process---

) at /usr/src/sys/kern/lwkt_thread.c:1362
td = 0xff8003a8
Previous frame inner to this frame (corrupt stack?)

History

#1 Updated by sepherosa over 8 years ago

Please try:
http://leaf.dragonflybsd.org/~sephe/if_wi_ser.diff

Hope it will work for you.

Best Regards,
sephe

#2 Updated by dillon over 8 years ago

:
:Please try:
:http://leaf.dragonflybsd.org/~sephe/if_wi_ser.diff
:
:Hope it will work for you.
:
:Best Regards,
:sephe

That looks good. Go ahead and commit it as soon as we get positive
feedback from Steve (or even if you don't, since the current state of
affairs is a panic with that driver).

Another few odds and ends that I missed with that big serialization
commit. I'm sure there are more.

-Matt
Matthew Dillon
<>

#3 Updated by steve.mynott over 8 years ago

On 12/11/05, Sepherosa Ziehau <> wrote:
> Please try:
> http://leaf.dragonflybsd.org/~sephe/if_wi_ser.diff
>
> Hope it will work for you.

Unfortunately it doesn't!

Also db> now loops with a lwkt_thread (or similar) error when I type
panic so I can't get a coredump!

HEAD from about Nov 23 still works fine

I'll copy by hand the screen message tomorrow when I am less tired.

Cheers Steve

#4 Updated by slynko over 8 years ago

In db> type call dumpsys
It must throw coredump properly

>
> HEAD from about Nov 23 still works fine
>
> I'll copy by hand the screen message tomorrow when I am less tired.
>
> Cheers Steve
>

#5 Updated by steve.mynott over 8 years ago

with sephe's patch...
Copyright 2004 Free Software Foundation, Inc.GDB is free software, covered by the GNU General Public License, and you arewelcome to change it and/or distribute copies of it under certain conditions.Type "show copying" to see the conditions.There is absolutely no warranty for GDB. Type "show warranty" for details.This GDB was configured as "i386-dragonfly"...panic: assertion: (ifp->if_serializer)->last_td == curthread in ether_inputpanic messages:---panic: assertion: (ifp->if_serializer)->last_td == curthread in ether_input
dumping to dev #ad/0x20001, offset 1541344dump ata0: resetting devices .. done255 254 253 252 251 250 249 248 247 246 245 244 243 242 241 240 239238 237 236 235 234 233 232 231 230 229 228 227 226 225 224 223 222221 220 219 218 217 216 215 214 213 212 211 210 209 208 207 206 205204 203 202 201 200 199 198 197 196 195 194 193 192 191 190 189 188187 186 185 184 183 182 181 180 179 178 177 176 175 174 173 172 171170 169 168 167 166 165 164 163 162 161 160 159 158 157 156 155 154153 152 151 150 149 148 147 146 145 144 143 142 141 140 139 138 137136 135 134 133 132 131 130 129 128 127 126 125 124 123 122 121 120119 118 117 116 115 114 113 112 111 110 109 108 107 106 105 104 103102 101 100 99 98 97 96 95 94 93 92 91 90 89 88 87 86 85 84 83 82 8180 79 78 77 76 75 74 73 72 71 70 69 68 67 66 65 64 63 62 61 60 59 5857 56 55 54 53 52 51 50 49 48 47 46 45 44 43 42 41 40 39 38 37 36 3534 33 32 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 1211 10 9 8 7 6 5 4 3 2 1 0---#0 0xc0!
2aa349 in sysctl_kern_dumpdev (oidp=0x0, arg1=0x0, arg2=0, req=0xb) at /usr/src/sys/kern/kern_shutdown.c:511511 }0xc02aa349 in sysctl_kern_dumpdev (oidp=0x0, arg1=0x0, arg2=0, req=0xb) at /usr/src/sys/kern/kern_shutdown.c:511(kgdb) bt full#0 0xc02aa349 in sysctl_kern_dumpdev (oidp=0x0, arg1=0x0, arg2=0, req=0xb) at /usr/src/sys/kern/kern_shutdown.c:511 error = 0 ndumpdev = 1541344#1 0xc0162489 in db_fncall (dummy1=1936, dummy2=0, dummy3=-844617152, dummy4=0xcda82a3c "?\a") at /usr/src/sys/ddb/db_command.c:548 fn_addr = -1070947530 args = {0 <repeats 11 times>} nargs = 11 retval = 0 func = (fcn_10args_t *) 0xc02aa336 <sysctl_kern_dumpdev+79> t = 0#2 0xc0162243 in db_command (last_cmdp=0xc05a98d0, cmd_table=0x0, aux_cmd_tablep=0xc054d3e0, aux_cmd_tablep_end=0xc054d3f8) at /usr/src/sys/ddb/db_command.c:345 cmd = (struct command *) 0xc0556080 t = 0 modif = "?\a\000\000\000\000\000\000`\024_?`\024_?\000\000\000\000d*??.0I?\00!
1\000\000\000\001\000\000\000`\024_?\204*?Ͷ.I??^?\aK\000 x\00!
0\000\00
0??Z?\0000\000\000\000\234*??c<\026???O?\223?J?x\000\000\000\224?J?\000\000\000\000??Z??5\026???Z?\000\231Z?x\000\000\000\003\000\000" addr = 1936 count = -844617152 have_addr = 0 result = 0#3 0xc0162323 in db_command_loop () at /usr/src/sys/ddb/db_command.c:471No locals.#4 0xc0165000 in db_trap (type=3, code=0) at /usr/src/sys/ddb/db_trap.c:69 bkpt = 0#5 0xc049bffc in kdb_trap (type=3, code=0, regs=0xcda82b54) at /usr/src/sys/i386/i386/db_interface.c:149 ddb_mode = 1#6 0xc04b0572 in trap (frame=---Type <return> to continue, or q <return> to quit--- {tf_fs = 24, tf_es = 16, tf_ds = 16, tf_edi = 1, tf_esi =-1068269136, tf_ebp = -844616804, tf_isp = -844616832, tf_ebx = 256,tf_edx = -1072988160, tf_ecx = 32, tf_eax = 18, tf_trapno = 3, tf_err= 0, tf_eip = -1068907694, tf_cs = 8, tf_eflags = 658, tf_esp =-1068410704, tf_ss = -1068483729}) at /usr/src/sys/i386/i386/trap.c:811 gd = (struct globaldata *) 0x3 td = (struct thread *) 0xc05bee84 !
lp = (struct lwp *) 0x0 p = (struct proc *) 0x0 sticks = 0 i = 0 ucode = 0 type = 3 code = 0 eva = 0 __func__ = "trap"#7 0xc049d2df in alltraps_with_regs_pushed () at /usr/src/sys/i386/i386/exception.s:767No locals.#8 0x00000018 in ?? ()No symbol table info available.#9 0x00000010 in ?? ()No symbol table info available.#10 0x00000010 in ?? ()No symbol table info available.#11 0x00000001 in ?? ()No symbol table info available.#12 0xc05381b0 in ?? ()No symbol table info available.#13 0xcda82b9c in ?? ()No symbol table info available.#14 0xcda82b80 in ?? ()No symbol table info available.---Type <return> to continue, or q <return> to quit---#15 0x00000100 in ?? ()No symbol table info available.#16 0xc00b8000 in ?? ()No symbol table info available.#17 0x00000020 in ?? ()No symbol table info available.#18 0x00000012 in ?? ()No symbol table info available.#19 0x00000003 in ?? ()No symbol table info available.#20 0x00000000 in ?? ()No symbol table i!
nfo available.#21 0xc049c352 in Debugger (msg=0x0) at /usr/!
src/sys/
i386/i386/db_interface.c:335 in_Debugger = 1 '\001'#22 0xc02aa59e in panic ( fmt=0xc05381b0 "assertion: (ifp->if_serializer)->last_td ==curthread in %s") at /usr/src/sys/kern/kern_shutdown.c:670 bootopt = 256 newpanic = 1 buf = "assertion: (ifp->if_serializer)->last_td == curthread inether_input", '\0' <repeats 187 times>#23 0xc030fea9 in ether_input (ifp=0xc9876000, eh=0x0, m=0xc126a500) at thread.h:78 save_eh = {ether_dhost = "\006\000\000\000\b\002", ether_shost = "?\000\000\002-\t", ether_type = 36198} __func__ = "ether_input"#24 0xc030fe69 in ether_input_internal (ifp=0x0, m=0x0) at /usr/src/sys/net/if_ethersubr.c:539No locals.#25 0xc031fb9f in ieee80211_input (ifp=0xc9876000, m=0xc126a500, ni=0xc1189f38, rssi=112, rstamp=2954817974) at /usr/src/sys/netproto/802_11/ieee80211_input.c:301---Type <return> to continue, or q <return> to quit--- ic = (struct ieee80211com *) 0xc9876000 wh = (struct ieee80211_frame *) 0x0 eh = (struct !
ether_header *) 0x0 m1 = (struct mbuf *) 0x0 len = 0 dir = 2 '\002' type = 8 '\b' subtype = 165 '?' bssid = (uint8_t *) 0x0 rxseq = 0 __func__ = "ieee80211_input"#26 0xc027b3b3 in wi_rx_intr (sc=0xc1189f38) at /usr/src/sys/dev/netif/wi/if_wi.c:1480 ic = (structieee80211com *) 0xc9876000 ifp = (struct ifnet *) 0xc9876000 frmhdr = {wi_status = 8192, wi_rx_tstamp1 = 61878, wi_rx_tstamp0 = 45086, wi_rx_silence = 58 ':', wi_rx_signal = 112 'p', wi_rx_rate = 110 'n', wi_rx_flow = 0 '\0', wi_tx_rtry = 10 '\n', wi_tx_rate = 0 '\0', wi_tx_ctl = 0, wi_whdr = {i_fc = "\bB", i_dur = "?", i_addr1 = "\000\002-\tf\215", i_addr2 = "\000\r\223\201e?", i_addr3 = "\000\r\223!?<", i_seq = "@?", i_addr4 = "\031ج?\211"}, wi_dat_len = 36, wi_ehdr = {ether_dhost = "\000\002-\tf\215", ether_shost = "\000\r\223!?<", ether_type = 9216}} m = (struct mbuf *) 0xc126a500 wh = (struct ieee80211_frame *) 0xc126a538 ni = (struct ieee80211_node *) 0x!
c1189f38 fid = 271 len = 36 rssi = 112 status = 0 !
rstam
p = 2954817974#27 0xc02794e4 in wi_intr (arg=0xc9876000) at bus_at386.h:216 sc = (struct wi_softc *) 0xc9876000---Type <return> to continue, or q <return> to quit--- ifp = (struct ifnet *) 0xc9876000 status = 32769#28 0xc0398b40 in pccard_intr (arg=0xc1169f00) at /usr/src/sys/bus/pccard/pccard.c:1208 pf = (struct pccard_function *) 0xc1169f00 reg = 0 doisr = 1#29 0xc016c1ef in cbb_intr (arg=0xc12c96c8) at /usr/src/sys/dev/pccard/pccbb/pccbb.c:277 sc = (struct cbb_softc *) 0xc12c96c8 sockevent = 0 ih = (struct cbb_intrhand *) 0xc1041e40#30 0xc028e6ab in ithread_handler (arg=0xa) at /usr/src/sys/kern/kern_intr.c:747 info = (struct intr_info *) 0xc05bee80 use_limit = 0 lticks = 17261 lcount = 0 intr = 10 list = (struct intrec **) 0xc05bee80 rec = 0x0 nrec = 0x0 gd = 0xff800000 ill_timer = {node = {tqe_next = 0x0, tqe_prev = 0x0}, queue = 0x0, time = 0, periodic = 0, func = 0, data = 0x0, flags = 0, gd = 0x0} !
ill_count = 18#31 0xc02b08ef in lwkt_create (func=0, arg=0x0, tdp=0xc05bee84, template=0x0, tdflags=---Can't read userspace from dump, or kernel process---
) at /usr/src/sys/kern/lwkt_thread.c:1364 td = 0xff8003a8Previous frame inner to this frame (corrupt stack?)(kgdb)

#6 Updated by dillon over 8 years ago

:with sephe's patch...

That code path should be properly locked by Sephe's patch. Double check
that the whole patch is applied (I've included it below).

-Matt

Index: dev/netif/wi/if_wi.c
===================================================================
RCS file: /cvs/src/sys/dev/netif/wi/if_wi.c,v
retrieving revision 1.32
diff -u -r1.32 if_wi.c
--- dev/netif/wi/if_wi.c 22 Nov 2005 00:24:34 -0000 1.32
+++ dev/netif/wi/if_wi.c 12 Dec 2005 23:56:16 -0000
@@ -82,6 +82,7 @@
#include <sys/random.h>
#include <sys/syslog.h>
#include <sys/sysctl.h>
+#include <sys/serialize.h>
#include <sys/thread2.h>

#include <machine/bus.h>
@@ -484,7 +485,8 @@

error = bus_setup_intr(dev, sc->irq, INTR_MPSAFE,
- wi_intr, sc, &sc->wi_intrhand, NULL);
+ wi_intr, sc, &sc->wi_intrhand,
+ ifp->if_serializer);
if (error) {
ieee80211_ifdetach(ifp);
device_printf(dev, "bus_setup_intr() failed! (%d)\n", error);
@@ -503,9 +505,8 @@
{
struct wi_softc *sc = device_get_softc(dev);
struct ifnet *ifp = &sc->sc_ic.ic_if;
- WI_LOCK_DECL();

- WI_LOCK(sc);
+ lwkt_serialize_enter(ifp->if_serializer);

/* check if device was removed */
sc->wi_gone |= !bus_child_present(dev);
@@ -514,7 +515,9 @@

ieee80211_ifdetach(ifp);
wi_free(dev);
- WI_UNLOCK(sc);
+
+ lwkt_serialize_exit(ifp->if_serializer);
+
return (0);
}

@@ -522,8 +525,11 @@
wi_shutdown(device_t dev)
{
struct wi_softc *sc = device_get_softc(dev);
+ struct ifnet *ifp = &sc->sc_if;

- wi_stop(&sc->sc_if, 1);
+ lwkt_serialize_enter(ifp->if_serializer);
+ wi_stop(ifp, 1);
+ lwkt_serialize_exit(ifp->if_serializer);
}

#ifdef DEVICE_POLLING
@@ -573,7 +579,6 @@
struct wi_softc *sc = arg;
struct ifnet *ifp = &sc->sc_ic.ic_if;
u_int16_t status;
- WI_LOCK_DECL();

if (sc->wi_gone || !sc->sc_enabled || (ifp->if_flags & IFF_UP) == 0) {
CSR_WRITE_2(sc, WI_INT_EN, 0);
@@ -581,8 +586,6 @@
return;
}

- WI_LOCK(sc);
-
/* Disable interrupts. */
CSR_WRITE_2(sc, WI_INT_EN, 0);

@@ -603,8 +606,6 @@
/* Re-enable interrupts. */
CSR_WRITE_2(sc, WI_INT_EN, WI_INTRS);

- WI_UNLOCK(sc);
-
return;
}

@@ -617,14 +618,9 @@
struct wi_joinreq join;
int i;
int error = 0, wasenabled;
- WI_LOCK_DECL();
-
- WI_LOCK(sc);

- if (sc->wi_gone) {
- WI_UNLOCK(sc);
+ if (sc->wi_gone)
return;
- }

if ((wasenabled = sc->sc_enabled))
wi_stop(ifp, 1);
@@ -785,15 +781,13 @@
if (sc->sc_firmware_type != WI_LUCENT)
wi_write_rid(sc, WI_RID_JOIN_REQ, &join, sizeof(join));
}
-
- WI_UNLOCK(sc);
return;
out:
if (error) {
if_printf(ifp, "interface not running\n");
wi_stop(ifp, 1);
}
- WI_UNLOCK(sc);
+
DPRINTF((ifp, "wi_init: return %d\n", error));
return;
}
@@ -803,9 +797,6 @@
{
struct ieee80211com *ic = (struct ieee80211com *) ifp;
struct wi_softc *sc = ifp->if_softc;
- WI_LOCK_DECL();
-
- WI_LOCK(sc);

DELAY(100000);

@@ -830,8 +821,6 @@
sc->sc_false_syns = 0;
sc->sc_naps = 0;
ifp->if_timer = 0;
-
- WI_UNLOCK(sc);
}

static void
@@ -844,18 +833,12 @@
struct mbuf *m0;
struct wi_frame frmhdr;
int cur, fid, off, error;
- WI_LOCK_DECL();
-
- WI_LOCK(sc);

- if (sc->wi_gone) {
- WI_UNLOCK(sc);
+ if (sc->wi_gone)
return;
- }
- if (sc->sc_flags & WI_FLAGS_OUTRANGE) {
- WI_UNLOCK(sc);
+
+ if (sc->sc_flags & WI_FLAGS_OUTRANGE)
return;
- }

memset(&frmhdr, 0, sizeof(frmhdr));
cur = sc->sc_txnext;
@@ -961,8 +944,6 @@
}
sc->sc_txnext = cur = (cur + 1) % sc->sc_ntxbuf;
}
-
- WI_UNLOCK(sc);
}

static int
@@ -1060,9 +1041,6 @@
u_int8_t nodename[IEEE80211_NWID_LEN];
int error = 0;
struct wi_req wreq;
- WI_LOCK_DECL();
-
- WI_LOCK(sc);

if (sc->wi_gone) {
error = ENODEV;
@@ -1191,9 +1169,7 @@
error = 0;
}
out:
- WI_UNLOCK(sc);
-
- return (error);
+ return error;
}

static int
Index: dev/netif/wi/if_wi_pci.c
===================================================================
RCS file: /cvs/src/sys/dev/netif/wi/if_wi_pci.c,v
retrieving revision 1.7
diff -u -r1.7 if_wi_pci.c
--- dev/netif/wi/if_wi_pci.c 30 Jun 2005 17:11:28 -0000 1.7
+++ dev/netif/wi/if_wi_pci.c 12 Dec 2005 23:56:16 -0000
@@ -48,6 +48,8 @@
#include <sys/module.h>
#include <sys/bus.h>
#include <sys/thread.h>
+#include <sys/serialize.h>
+#include <sys/thread2.h>

#include <machine/bus.h>
#include <machine/resource.h>
@@ -240,12 +242,15 @@
{
struct wi_softc *sc;
struct ifnet *ifp;
+
sc = device_get_softc(dev);
ifp = &sc->sc_if;

+ lwkt_serialize_enter(ifp->if_serializer);
wi_stop(ifp, 1);
+ lwkt_serialize_exit(ifp->if_serializer);

- return (0);
+ return 0;
}

static int
@@ -253,11 +258,16 @@
{
struct wi_softc *sc;
struct ifnet *ifp;
+
sc = device_get_softc(dev);
ifp = &sc->sc_if;

- if (sc->wi_bus_type != WI_BUS_PCI_NATIVE)
- return (0);
+ lwkt_serialize_enter(ifp->if_serializer);
+
+ if (sc->wi_bus_type != WI_BUS_PCI_NATIVE) {
+ lwkt_serialize_exit(ifp->if_serializer);
+ return 0;
+ }

if (ifp->if_flags & IFF_UP) {
ifp->if_init(ifp->if_softc);
@@ -265,5 +275,7 @@
ifp->if_start(ifp);
}

- return (0);
+ lwkt_serialize_exit(ifp->if_serializer);
+
+ return 0;
}
Index: dev/netif/wi/if_wivar.h
===================================================================
RCS file: /cvs/src/sys/dev/netif/wi/if_wivar.h,v
retrieving revision 1.8
diff -u -r1.8 if_wivar.h
--- dev/netif/wi/if_wivar.h 30 Jun 2005 15:57:27 -0000 1.8
+++ dev/netif/wi/if_wivar.h 12 Dec 2005 23:56:16 -0000
@@ -209,13 +209,6 @@
#define WI_RSSI_TO_DBM(sc, rssi) (MIN((sc)->sc_max_rssi, \
MAX((sc)->sc_min_rssi, (rssi))) - (sc)->sc_dbm_offset)

-/*
- * Various compat hacks/kludges
- */
-#define WI_LOCK_DECL()
-#define WI_LOCK(_sc) crit_enter()
-#define WI_UNLOCK(_sc) crit_exit()
-
int wi_attach(device_t);
int wi_detach(device_t);
void wi_shutdown(device_t);

#7 Updated by steve.mynott over 8 years ago

OK I reapplied the patch and recompiled for luck and did:-

brandy:sys/dev/netif/wi # grep serialize.h if_wi.c
#include <sys/serialize.h>
brandy:sys/dev/netif/wi # sum if_wi.c
32845 83 if_wi.c

[snip]

(kgdb) bt full
#0 dumpsys () at /usr/src/sys/kern/kern_shutdown.c:527
error = 11
#1 0xc01624a9 in db_fncall (dummy1=1936, dummy2=0, dummy3=-844617152,
dummy4=0xcda82a3c "?\a") at /usr/src/sys/ddb/db_command.c:548
fn_addr = -1070947510
args = {0 <repeats 11 times>}
nargs = 11
retval = 0
func = (fcn_10args_t *) 0xc02aa34a <dumpsys>
t = 0
#2 0xc0162263 in db_command (last_cmdp=0xc05a98d0, cmd_table=0x0,
aux_cmd_tablep=0xc054d3e0, aux_cmd_tablep_end=0xc054d3f8)
at /usr/src/sys/ddb/db_command.c:345
cmd = (struct command *) 0xc0556080
t = 0
modif =
"?\a\000\000\000\000\000\000`\024_?`\024_?\000\000\000\000d*??B0I?\001\000\000\000\001\000\000\000`\024_?\204*???.I?
?^?\aK\000 x\000\000\000??Z?\000\000\000\000\234*??\203<\026???O???J?x\000\000\000??J?\000\000\000\000??Z?\0176\026???Z?\000\231Z?x\000\000\000\003\000\000"
addr = 1936
count = -844617152
have_addr = 0
result = 0
#3 0xc0162343 in db_command_loop () at /usr/src/sys/ddb/db_command.c:471
No locals.
#4 0xc0165020 in db_trap (type=3, code=0) at /usr/src/sys/ddb/db_trap.c:72
bkpt = 0
#5 0xc049c010 in kdb_trap (type=3, code=0, regs=0xcda82b54)
at /usr/src/sys/i386/i386/db_interface.c:150
ddb_mode = 1
#6 0xc04b0582 in trap (frame=
{tf_fs = 24, tf_es = 16, tf_ds = 16, tf_edi = 1, tf_esi =
-1068269136, tf_ebp = -844616804, tf_isp = -844616832, tf_ebx = 256,
tf_edx = -1072988160, tf_ec---Type <return> to continue, or q <return>
to quit---
x = 32, tf_eax = 18, tf_trapno = 3, tf_err = 0, tf_eip = -1068907674,
tf_cs = 8, tf_eflags = 658, tf_esp = -1068410704, tf_ss =
-1068483729})
at /usr/src/sys/i386/i386/trap.c:811
gd = (struct globaldata *) 0x3
td = (struct thread *) 0xc05bee84
lp = (struct lwp *) 0x0
p = (struct proc *) 0x0
sticks = 0
i = 0
ucode = 0
type = 3
code = 0
eva = 0
__func__ = "trap"
#7 0xc049d2ef in calltrap () at /usr/src/sys/i386/i386/exception.s:774
No locals.
#8 0x00000018 in ?? ()
No symbol table info available.
#9 0x00000010 in ?? ()
No symbol table info available.
#10 0x00000010 in ?? ()
No symbol table info available.
#11 0x00000001 in ?? ()
No symbol table info available.
#12 0xc05381b0 in ?? ()
No symbol table info available.
#13 0xcda82b9c in ?? ()
No symbol table info available.
#14 0xcda82b80 in ?? ()
No symbol table info available.
#15 0x00000100 in ?? ()
No symbol table info available.
#16 0xc00b8000 in ?? ()
---Type <return> to continue, or q <return> to quit---
No symbol table info available.
#17 0x00000020 in ?? ()
No symbol table info available.
#18 0x00000012 in ?? ()
No symbol table info available.
#19 0x00000003 in ?? ()
No symbol table info available.
#20 0x00000000 in ?? ()
No symbol table info available.
#21 0xc049c366 in Debugger (msg=0x0) at cpufunc.h:68
in_Debugger = 1 '\001'
#22 0xc02aa5b2 in panic (
fmt=0xc05381b0 "assertion: (ifp->if_serializer)->last_td ==
curthread in %s") at /usr/src/sys/kern/kern_shutdown.c:671
bootopt = 256
newpanic = 1
buf = "assertion: (ifp->if_serializer)->last_td == curthread
in ether_input", '\0' <repeats 187 times>
#23 0xc030febd in ether_input (ifp=0xc9876000, eh=0x0, m=0xcea40800)
at /usr/src/sys/net/if_ethersubr.c:568
save_eh = {ether_dhost = "\006\000\000\000\b\n",
ether_shost = "?\000\000\002-\t", ether_type = 36198}
__func__ = "ether_input"
#24 0xc030fe7d in ether_input_internal (ifp=0x0, m=0x0)
at /usr/src/sys/net/if_ethersubr.c:539
No locals.
#25 0xc031fbb3 in ieee80211_input (ifp=0xc9876000, m=0xcea40800,
ni=0xc1189f38, rssi=114, rstamp=279618)
at /usr/src/sys/netproto/802_11/ieee80211_input.c:302
ic = (struct ieee80211com *) 0xc9876000
wh = (struct ieee80211_frame *) 0x0
eh = (struct ether_header *) 0x0
m1 = (struct mbuf *) 0x0
---Type <return> to continue, or q <return> to quit---
len = 0
dir = 2 '\002'
type = 8 '\b'
subtype = 8 '\b'
bssid = (uint8_t *) 0x0
rxseq = 0
__func__ = "ieee80211_input"
#26 0xc027b3c7 in wi_rx_intr (sc=0xc1189f38)
at /usr/src/sys/dev/netif/wi/if_wi.c:1480
ic = (struct ieee80211com *) 0xc9876000
ifp = (struct ifnet *) 0xc9876000
frmhdr = {wi_status = 8192, wi_rx_tstamp1 = 17474, wi_rx_tstamp0 = 4,
wi_rx_silence = 55 '7', wi_rx_signal = 114 'r', wi_rx_rate = 110 'n',
wi_rx_flow = 0 '\0', wi_tx_rtry = 0 '\0', wi_tx_rate = 0 '\0',
wi_tx_ctl = 0, wi_whdr = {i_fc = "\bJ", i_dur = "?",
i_addr1 = "\000\002-\tf\215", i_addr2 = "\000\r\223\201e?",
i_addr3 = "\000\r\223!?<", i_seq = "p'", i_addr4 = "?\n!+?\\"},
wi_dat_len = 36, wi_ehdr = {ether_dhost = "\000\002-\tf\215",
ether_shost = "\000\r\223!?<", ether_type = 9216}}
m = (struct mbuf *) 0xcea40800
wh = (struct ieee80211_frame *) 0xcea40838
ni = (struct ieee80211_node *) 0xc1189f38
fid = 231
len = 36
rssi = 114
status = 0
rstamp = 279618
#27 0xc02794f8 in wi_intr (arg=0xc9876000)
at /usr/src/sys/dev/netif/wi/if_wi.c:594
sc = (struct wi_softc *) 0xc9876000
ifp = (struct ifnet *) 0xc9876000
status = 32769
#28 0xc0398b54 in pccard_intr (arg=0xc1169f00)
---Type <return> to continue, or q <return> to quit---
at /usr/src/sys/bus/pccard/pccard.c:1209
pf = (struct pccard_function *) 0xc1169f00
reg = 0
doisr = 1
#29 0xc016c20f in cbb_intr (arg=0xc12c96c8)
at /usr/src/sys/dev/pccard/pccbb/pccbb.c:1060
sc = (struct cbb_softc *) 0xc12c96c8
sockevent = 0
ih = (struct cbb_intrhand *) 0xc1041e40
#30 0xc028e6bf in ithread_handler (arg=0xa)
at /usr/src/sys/kern/kern_intr.c:750
info = (struct intr_info *) 0xc05bee80
use_limit = 0
lticks = 20257
lcount = 0
intr = 10
list = (struct intrec **) 0xc05bee80
rec = 0x0
nrec = 0x0
gd = 0xff800000
ill_timer = {node = {tqe_next = 0x0, tqe_prev = 0x0}, queue = 0x0,
time = 0, periodic = 0, func = 0, data = 0x0, flags = 0, gd = 0x0}
ill_count = 12
#31 0xc02b0903 in lwkt_create (func=0, arg=0x0, tdp=0xc05bee84, template=0x0,
tdflags=---Can't read userspace from dump, or kernel process---

) at /usr/src/sys/kern/lwkt_thread.c:1368
td = 0xff8003a8
Previous frame inner to this frame (corrupt stack?)
(kgdb)

#8 Updated by dillon over 8 years ago

:OK I reapplied the patch and recompiled for luck and did:-
:
:brandy:sys/dev/netif/wi # grep serialize.h if_wi.c
:#include <sys/serialize.h>
:brandy:sys/dev/netif/wi # sum if_wi.c
:32845 83 if_wi.c

Ok, I think I've figured out what the problem is. The pccard code
is ignoring the serializer argument to bus_setup_intr().

I'm going to commit the if_wi patch because that part of it is
correct, and then I'm going to track down the pccard code in
question.

-Matt

#9 Updated by dillon over 8 years ago

Ok Steve, update your kernel sources again just to sync up the patch
I committed to if_wi (which is the same one you already have), and
then try this patch on top of that.

The issue is that the cardbus code's handling of BUS_SETUP_INTR ignores
the serializer passed into it from IF_WI. I think this will deal with
the case properly but I can't test it.

-Matt

Index: bus/pccard/pccard.c
===================================================================
RCS file: /cvs/src/sys/bus/pccard/pccard.c,v
retrieving revision 1.14
diff -u -r1.14 pccard.c
--- bus/pccard/pccard.c 27 Jun 2005 02:27:10 -0000 1.14
+++ bus/pccard/pccard.c 16 Dec 2005 20:58:17 -0000
@@ -1222,7 +1222,7 @@
if (func->intr_handler != NULL)
panic("Only one interrupt handler per function allowed");
err = bus_generic_setup_intr(dev, child, irq, flags, pccard_intr,
- func, cookiep, NULL);
+ func, cookiep, serializer);
if (err != 0)
return (err);
func->intr_handler = intr;
Index: dev/pccard/pccbb/pccbb.c
===================================================================
RCS file: /cvs/src/sys/dev/pccard/pccbb/pccbb.c,v
retrieving revision 1.11
diff -u -r1.11 pccbb.c
--- dev/pccard/pccbb/pccbb.c 12 Oct 2005 17:35:54 -0000 1.11
+++ dev/pccard/pccbb/pccbb.c 16 Dec 2005 21:03:41 -0000
@@ -803,6 +803,7 @@
*cookiep = ih;
ih->intr = intr;
ih->arg = arg;
+ ih->serializer = serializer;
KKASSERT(serializer == NULL); /* not yet supported */
STAILQ_INSERT_TAIL(&sc->intr_handlers, ih, entries);
/*
@@ -1057,7 +1058,13 @@
}
if (sc->flags & CBB_CARD_OK) {
STAILQ_FOREACH(ih, &sc->intr_handlers, entries) {
- (*ih->intr)(ih->arg);
+ if (ih->serializer) {
+ lwkt_serialize_handler_call(ih->serializer,
+ (inthand2_t)ih->intr, ih->arg,
+ NULL);
+ } else {
+ (*ih->intr)(ih->arg);
+ }
}

}
Index: dev/pccard/pccbb/pccbbvar.h
===================================================================
RCS file: /cvs/src/sys/dev/pccard/pccbb/pccbbvar.h,v
retrieving revision 1.1
diff -u -r1.1 pccbbvar.h
--- dev/pccard/pccbb/pccbbvar.h 10 Feb 2004 07:55:47 -0000 1.1
+++ dev/pccard/pccbb/pccbbvar.h 16 Dec 2005 21:01:05 -0000
@@ -36,6 +36,7 @@
struct cbb_intrhand {
driver_intr_t *intr;
void *arg;
+ struct lwkt_serialize *serializer;
STAILQ_ENTRY(cbb_intrhand) entries;
};

#10 Updated by corecode over 8 years ago

fix committed

Also available in: Atom PDF