FreeBSD Mail Archives

Date:      Mon, 18 May 2009 10:50:02 +0200
From:      Hans Petter Selasky <hselasky@c2i.net>
To:        freebsd-current@freebsd.org
Cc:        Lucius Windschuh <lwindschuh@googlemail.com>, current@freebsd.org
Subject:   Re: Panics and potential memory corruption when pulling out a uath device
Message-ID:  <200905181050.03154.hselasky@c2i.net>
In-Reply-To: <90a5caac0905171354k6e7c008eye18bd69aa543eaa6@mail.gmail.com>
References:  <90a5caac0905171354k6e7c008eye18bd69aa543eaa6@mail.gmail.com>

On Sunday 17 May 2009, Lucius Windschuh wrote:
> panic: mtx_lock() of destroyed mutex @
> /usr/src/sys/modules/wlan/../../net80211/ieee80211_node.c:1697
>
> (kgdb) bt
> #0 =C2=A0doadump () at pcpu.h:246
> #1 =C2=A00xc04949c9 in db_fncall (dummy1=3D-979506816, dummy2=3D0,
> dummy3=3D-1068655593, dummy4=3D0xf3c47988 "@\231\235=EF=BF=BD001") at
> /usr/src/sys/ddb/db_command.c:548
> #2 =C2=A00xc0494dc1 in db_command (last_cmdp=3D0xc0989c9c, cmd_table=3D0x=
0,
> dopager=3D1) at /usr/src/sys/ddb/db_command.c:445
> #3 =C2=A00xc0494f1a in db_command_loop () at /usr/src/sys/ddb/db_command.=
c:498
> #4 =C2=A00xc0496d7d in db_trap (type=3D3, code=3D0) at
> /usr/src/sys/ddb/db_main.c:229 #5 =C2=A00xc06579d6 in kdb_trap (type=3D3,=
 code=3D0,
> tf=3D0xf3c47b2c) at
> /usr/src/sys/kern/subr_kdb.c:534
> #6 =C2=A00xc088bdce in trap (frame=3D0xf3c47b2c) at
> /usr/src/sys/i386/i386/trap.c:685 #7 =C2=A00xc086f6fb in calltrap () at
> /usr/src/sys/i386/i386/exception.s:165 #8 =C2=A00xc0657b5a in kdb_enter
> (why=3D0xc08f8592 "panic", msg=3D0xc08f8592 "panic") at cpufunc.h:71
> #9 =C2=A00xc062a1a6 in panic (fmt=3D0xc08f6f47 "mtx_lock() of destroyed m=
utex
> @ %s:%d") at /usr/src/sys/kern/kern_shutdown.c:559
> #10 0xc061a925 in _mtx_lock_flags (m=3D0xc6af26b8, opts=3D0,
> file=3D0xc858faff
> "/usr/src/sys/modules/wlan/../../net80211/ieee80211_node.c",
> line=3D1697) at /usr/src/sys/kern/kern_mutex.c:174
> #11 0xc857445e in ieee80211_node_delucastkey (ni=3D0xc6af8000) at
> /usr/src/sys/modules/wlan/../../net80211/ieee80211_node.c:1697
> #12 0xc85760d6 in node_free (ni=3D0xc6af8000) at
> /usr/src/sys/modules/wlan/../../net80211/ieee80211_node.c:999
> #13 0xc8573992 in _ieee80211_free_node (ni=3D0xc6af8000) at
> /usr/src/sys/modules/wlan/../../net80211/ieee80211_node.c:1622
> #14 0xc84f5af0 in uath_bulk_tx_callback () from /boot/kernel/if_uath.ko
> #15 0xc0594d27 in usb2_callback_wrapper (pq=3D0xc9448030) at
> /usr/src/sys/dev/usb/usb_transfer.c:1962
> #16 0xc0592716 in usb2_command_wrapper (pq=3D0xc9448030, xfer=3D0x0) at
> /usr/src/sys/dev/usb/usb_transfer.c:2538
> #17 0xc05927f8 in usb2_callback_proc (_pm=3D0xc9448044) at
> /usr/src/sys/dev/usb/usb_transfer.c:1834
> #18 0xc058febe in usb2_process (arg=3D0xc58d8ca4) at
> /usr/src/sys/dev/usb/usb_process.c:139
> #19 0xc06036e8 in fork_exit (callout=3D0xc058fde0 <usb2_process>,
> arg=3D0xc58d8ca4, frame=3D0xf3c47d38) at /usr/src/sys/kern/kern_fork.c:830
> #20 0xc086f7a0 in fork_trampoline () at
> /usr/src/sys/i386/i386/exception.s:270

Regarding the first panic, there seems to be a detach race in both upgt and=
=20
uath, which is not USB related. Try this patch:

http://perforce.freebsd.org/chv.cgi?CH=3D162250

=2D-HPS

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200905181050.03154.hselasky>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation