Date: Wed, 23 Apr 2014 09:46:33 -0400 From: Anthony Jenkins <Scoobi_doo@yahoo.com> To: "freebsd-wireless@freebsd.org" <freebsd-wireless@freebsd.org> Subject: urtwn panic Message-ID: <5357C439.4040101@yahoo.com>
next in thread | raw e-mail | index | archive | help
Hi all,
Tried to send this a couple days ago, but for some reason none of my
emails post to the @freebsd.org mailing lists. Thinking it's my
@yahoo.com return address. If this doesn't post, I'll try the
@gmail.com one.
I'm getting a panic with the latest kernel (r264719) and the if_urtwn driver.
It happens ~75% of the time I plug the device into a USB port, and appears to
occur when the driver holds a non-sleepable mutex while calling a USB firmware
loading function which goes to sleep. I have a coredump available to triage.
Here's the device details (from Linux, since I can't reliably plug the thing into FreeBSD):
dmesg:
[330849.645998] usb 1-5: Product: 802.11n WLAN Adapter
[330849.646002] usb 1-5: Manufacturer: Realtek
[330849.646006] usb 1-5: SerialNumber: 00e04c000001
[330849.703666] cfg80211: Calling CRDA to update world regulatory domain
[330849.715428] cfg80211: World regulatory domain updated:
[330849.715434] cfg80211: (start_freq - end_freq @ bandwidth), (max_antenna_gain, max_eirp)
[330849.715437] cfg80211: (2402000 KHz - 2472000 KHz @ 40000 KHz), (300 mBi, 2000 mBm)
[330849.715439] cfg80211: (2457000 KHz - 2482000 KHz @ 40000 KHz), (300 mBi, 2000 mBm)
[330849.715441] cfg80211: (2474000 KHz - 2494000 KHz @ 20000 KHz), (300 mBi, 2000 mBm)
[330849.715443] cfg80211: (5170000 KHz - 5250000 KHz @ 40000 KHz), (300 mBi, 2000 mBm)
[330849.715445] cfg80211: (5735000 KHz - 5835000 KHz @ 40000 KHz), (300 mBi, 2000 mBm)
[330849.731410] rtl8192cu: Chip version 0x10
[330849.809018] rtl8192cu: MAC address: 00:0b:81:81:54:69
[330849.809023] rtl8192cu: Board Type 0
[330849.809266] rtl_usb: rx_max_size 15360, rx_urb_num 8, in_ep 1
[330849.809317] rtl8192cu: Loading firmware rtlwifi/rtl8192cufw_TMSC.bin
[330849.809506] usbcore: registered new interface driver rtl8192cu
[330849.818471] ieee80211 phy0: Selected rate control algorithm 'rtl_rc'
[330849.819740] rtlwifi: wireless switch is on
[330849.859663] rtl8192cu: MAC auto ON okay!
[330849.895265] rtl8192cu: Tx queue select: 0x05
[330850.256751] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready
[330850.258132] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready
ajenkins@kubuntu-ajenkins:~$ sudo lsusb -v -s 001:003
Bus 001 Device 003: ID 0bda:8176 Realtek Semiconductor Corp. RTL8188CUS 802.11n WLAN Adapter
Device Descriptor:
bLength 18
bDescriptorType 1
bcdUSB 2.00
bDeviceClass 0 (Defined at Interface level)
bDeviceSubClass 0
bDeviceProtocol 0
bMaxPacketSize0 64
idVendor 0x0bda Realtek Semiconductor Corp.
idProduct 0x8176 RTL8188CUS 802.11n WLAN Adapter
bcdDevice 2.00
iManufacturer 1 Realtek
iProduct 2 802.11n WLAN Adapter
iSerial 3 00e04c000001
bNumConfigurations 1
Configuration Descriptor:
bLength 9
bDescriptorType 2
wTotalLength 46
bNumInterfaces 1
bConfigurationValue 1
iConfiguration 0
bmAttributes 0x80
(Bus Powered)
MaxPower 500mA
Interface Descriptor:
bLength 9
bDescriptorType 4
bInterfaceNumber 0
bAlternateSetting 0
bNumEndpoints 4
bInterfaceClass 255 Vendor Specific Class
bInterfaceSubClass 255 Vendor Specific Subclass
bInterfaceProtocol 255 Vendor Specific Protocol
iInterface 0
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x81 EP 1 IN
bmAttributes 2
Transfer Type Bulk
Synch Type None
Usage Type Data
wMaxPacketSize 0x0200 1x 512 bytes
bInterval 0
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x02 EP 2 OUT
bmAttributes 2
Transfer Type Bulk
Synch Type None
Usage Type Data
wMaxPacketSize 0x0200 1x 512 bytes
bInterval 0
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x03 EP 3 OUT
bmAttributes 2
Transfer Type Bulk
Synch Type None
Usage Type Data
wMaxPacketSize 0x0200 1x 512 bytes
bInterval 0
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x84 EP 4 IN
bmAttributes 3
Transfer Type Interrupt
Synch Type None
Usage Type Data
wMaxPacketSize 0x0040 1x 64 bytes
bInterval 1
Device Qualifier (for other device speed):
bLength 10
bDescriptorType 6
bcdUSB 2.00
bDeviceClass 0 (Defined at Interface level)
bDeviceSubClass 0
bDeviceProtocol 0
bMaxPacketSize0 64
bNumConfigurations 1
Device Status: 0x0000
(Bus Powered)
Here's the FreeBSD coredump:
[root@ajenkins-hplaptop /usr/src]# kgdb
/usr/obj/usr/src/sys/MYKERNEL/kernel.debug /var/crash/vmcore.last
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "amd64-marcel-freebsd"...
Unread portion of the kernel message buffer:
Sleeping on "fwload" with the following non-sleepable locks held:
exclusive sleep mutex urtwn0 (network driver) r = 0 (0xfffffe00175fe348)
locked @ /usr/src/sys/dev/usb/usb_request.c:722
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame
0xfffffe0447e095e0
kdb_backtrace() at kdb_backtrace+0x39/frame 0xfffffe0447e09690
witness_warn() at witness_warn+0x4b5/frame 0xfffffe0447e09750
_sleep() at _sleep+0x70/frame 0xfffffe0447e097f0
firmware_get() at firmware_get+0x13a/frame 0xfffffe0447e09850
urtwn_init_locked() at urtwn_init_locked+0x18cd/frame 0xfffffe0447e09910
urtwn_ioctl() at urtwn_ioctl+0x12a/frame 0xfffffe0447e09960
taskqueue_run_locked() at taskqueue_run_locked+0xf0/frame 0xfffffe0447e099c0
taskqueue_thread_loop() at taskqueue_thread_loop+0x9b/frame
0xfffffe0447e099f0
fork_exit() at fork_exit+0x84/frame 0xfffffe0447e09a30
fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe0447e09a30
--- trap 0, rip = 0, rsp = 0xfffffe0447e09af0, rbp = 0 ---
Sleeping thread (tid 100892, pid 0) owns a non-sleepable lock
KDB: stack backtrace of thread 100892:
sched_switch() at sched_switch+0x47f/frame 0xfffffe0447e096a0
mi_switch() at mi_switch+0x179/frame 0xfffffe0447e096e0
sleepq_switch() at sleepq_switch+0x152/frame 0xfffffe0447e09720
sleepq_wait() at sleepq_wait+0x43/frame 0xfffffe0447e09750
_sleep() at _sleep+0x366/frame 0xfffffe0447e097f0
firmware_get() at firmware_get+0x13a/frame 0xfffffe0447e09850
urtwn_init_locked() at urtwn_init_locked+0x18cd/frame 0xfffffe0447e09910
urtwn_ioctl() at urtwn_ioctl+0x12a/frame 0xfffffe0447e09960
taskqueue_run_locked() at taskqueue_run_locked+0xf0/frame 0xfffffe0447e099c0
taskqueue_thread_loop() at taskqueue_thread_loop+0x9b/frame
0xfffffe0447e099f0
fork_exit() at fork_exit+0x84/frame 0xfffffe0447e09a30
fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe0447e09a30
--- trap 0, rip = 0, rsp = 0xfffffe0447e09af0, rbp = 0 ---
panic: sleeping thread
cpuid = 3
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame
0xfffffe0447e814b0
kdb_backtrace() at kdb_backtrace+0x39/frame 0xfffffe0447e81560
vpanic() at vpanic+0x124/frame 0xfffffe0447e815a0
panic() at panic+0x43/frame 0xfffffe0447e81600
propagate_priority() at propagate_priority+0x2fd/frame 0xfffffe0447e81640
turnstile_wait() at turnstile_wait+0x34f/frame 0xfffffe0447e81690
__mtx_lock_sleep() at __mtx_lock_sleep+0x1b6/frame 0xfffffe0447e81710
__mtx_lock_flags() at __mtx_lock_flags+0x102/frame 0xfffffe0447e81760
urtwn_ioctl() at urtwn_ioctl+0x41/frame 0xfffffe0447e817b0
ifioctl() at ifioctl+0x8f5/frame 0xfffffe0447e81870
kern_ioctl() at kern_ioctl+0x22b/frame 0xfffffe0447e818d0
sys_ioctl() at sys_ioctl+0x13c/frame 0xfffffe0447e81920
amd64_syscall() at amd64_syscall+0x25a/frame 0xfffffe0447e81a30
Xfast_syscall() at Xfast_syscall+0xfb/frame 0xfffffe0447e81a30
--- syscall (54, FreeBSD ELF64, sys_ioctl), rip = 0x800fa342a, rsp =
0x7fffffffdc88, rbp = 0x7fffffffe500 ---
KDB: enter: panic
Reading symbols from /boot/kernel/zfs.ko.symbols...done.
Loaded symbols for /boot/kernel/zfs.ko.symbols
Reading symbols from /boot/kernel/opensolaris.ko.symbols...done.
Loaded symbols for /boot/kernel/opensolaris.ko.symbols
...
#0 doadump (textdump=0) at pcpu.h:219
219 pcpu.h: No such file or directory.
in pcpu.h
(kgdb) where
#0 doadump (textdump=0) at pcpu.h:219
#1 0xffffffff802fb8ae in db_dump (dummy=<value optimized out>, dummy2=0,
dummy3=0, dummy4=0x0) at /usr/src/sys/ddb/db_command.c:543
#2 0xffffffff802fb34d in db_command (cmd_table=0x0)
at /usr/src/sys/ddb/db_command.c:449
#3 0xffffffff802fb0c4 in db_command_loop ()
at /usr/src/sys/ddb/db_command.c:502
#4 0xffffffff802fda90 in db_trap (type=<value optimized out>, code=0)
at /usr/src/sys/ddb/db_main.c:231
#5 0xffffffff80628289 in kdb_trap (type=3, code=0, tf=<value optimized
out>)
at /usr/src/sys/kern/subr_kdb.c:656
#6 0xffffffff808ad8ae in trap (frame=0xfffffe0447e81490)
at /usr/src/sys/amd64/amd64/trap.c:573
#7 0xffffffff80892262 in calltrap ()
at /usr/src/sys/amd64/amd64/exception.S:231
#8 0xffffffff806279ee in kdb_enter (why=0xffffffff809d5a90 "panic",
msg=<value optimized out>) at cpufunc.h:63
#9 0xffffffff805f0594 in vpanic (fmt=<value optimized out>,
ap=<value optimized out>) at /usr/src/sys/kern/kern_shutdown.c:749
#10 0xffffffff805f0603 in panic (fmt=0xffffffff80d41e50 "\004")
at /usr/src/sys/kern/kern_shutdown.c:685
#11 0xffffffff8063ab6d in propagate_priority (td=<value optimized out>)
at /usr/src/sys/kern/subr_turnstile.c:226
---Type <return> to continue, or q <return> to quit---
#12 0xffffffff8063b43f in turnstile_wait (ts=0xfffff801253a56c0,
owner=<value optimized out>, queue=0)
at /usr/src/sys/kern/subr_turnstile.c:742
#13 0xffffffff805dbb76 in __mtx_lock_sleep (c=0xfffffe00175fe360,
tid=18446735283083894784, opts=<value optimized out>,
file=<value optimized out>, line=<value optimized out>)
at /usr/src/sys/kern/kern_mutex.c:508
#14 0xffffffff805db912 in __mtx_lock_flags (c=<value optimized out>,
opts=0,
file=0xffffffff81ab33e8
"/usr/src/sys/modules/usb/urtwn/../../../dev/usb/wlan/if_urtwn.c",
line=1787) at /usr/src/sys/kern/kern_mutex.c:223
#15 0xffffffff81aa9b51 in urtwn_ioctl (ifp=0xfffff80125a3e800,
cmd=3223349575,
data=0xfffff80011577780 "urtwn0")
at /usr/src/sys/modules/usb/urtwn/../../../dev/usb/wlan/if_urtwn.c:1787
#16 0xffffffff806bad65 in ifioctl (so=0xfffff80192990828, cmd=3223349575,
data=0xfffff80011577780 "urtwn0", td=0xfffff80145e16000)
at /usr/src/sys/net/if.c:2465
#17 0xffffffff80648c5b in kern_ioctl (td=<value optimized out>,
fd=<value optimized out>, com=<value optimized out>) at file.h:323
#18 0xffffffff806489dc in sys_ioctl (td=0xfffff80145e16000,
uap=0xfffffe0447e819c0) at /usr/src/sys/kern/sys_generic.c:702
#19 0xffffffff808ae78a in amd64_syscall (td=0xfffff80145e16000, traced=0)
at subr_syscall.c:133
#20 0xffffffff8089254b in Xfast_syscall ()
---Type <return> to continue, or q <return> to quit---
at /usr/src/sys/amd64/amd64/exception.S:390
#21 0x0000000800fa342a in ?? ()
Previous frame inner to this frame (corrupt stack?)
Current language: auto; currently minimal
(kgdb)
Thanks in advance,
Anthony Jenkins
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5357C439.4040101>