Date: Sat, 03 May 2008 20:49:18 +0800 From: ganbold <ganbold@freebsd.org> To: freebsd-bugs@FreeBSD.org Cc: Ganbold <ganbold@micom.mng.net>, imp@freebsd.org, imp@bsdimp.com, bug-followup@FreeBSD.org Subject: Re: kern/120282: panic: resource_list_release: resource entry is not busy in FreeBSD-7.0 Message-ID: <481C5F4E.5080602@freebsd.org>
next in thread | raw e-mail | index | archive | help
More information (with recent 7.0-STABLE FreeBSD 7.0-STABLE #4: Sat May 3 19:15:56 ULAT 2008): ... Unread portion of the kernel message buffer: panic: resource_list_release: resource entry is not busy cpuid = 0 KDB: stack backtrace: db_trace_self_wrapper(c08d3a30,e43d0bb8,c065d76f,c08f78d4,0,...) at db_trace_self_wrapper+0x26 kdb_backtrace(c08f78d4,0,c08d3536,e43d0bc4,0,...) at kdb_backtrace+0x29 panic(c08d3536,3,10,0,c4093940,...) at panic+0x10f resource_list_release(c409b404,c4053480,c40a4d00,3,10,...) at resource_list_release+0xc2 bus_generic_rl_release_resource(c4053480,c40a4d00,3,10,c4080180) at bus_generic_rl_release_resource+0x77 bus_release_resource(c40a4d00,3,10,c4080180,c40a4d00,...) at bus_release_resource+0x67 ath_pci_detach(c40a4d00,c3f51850,c0967e90,979,4,...) at ath_pci_detach+0xb2 device_detach(c40a4d00,e43d0cac,e43d0cb0,c09b7e10,0,...) at device_detach+0x8c cardbus_detach_card(c4053480,c3faa0b8,c0926c3c,1df,c09ba780,...) at cardbus_detach_card+0xcd cbb_event_thread(c3fbc000,e43d0d38,c08cd248,307,c404d804,...) at cbb_event_thread+0x15a fork_exit(c05570e0,c3fbc000,e43d0d38) at fork_exit+0xb8 fork_trampoline() at fork_trampoline+0x8 --- trap 0, eip = 0, esp = 0xe43d0d70, ebp = 0 --- KDB: enter: panic panic: from debugger cpuid = 0 Uptime: 1m2s Physical memory: 1002 MB Dumping 61 MB: 46 30 14 #0 doadump () at pcpu.h:195 195 __asm __volatile("movl %%fs:0,%0" : "=r" (td)); (kgdb) bt #0 doadump () at pcpu.h:195 #1 0xc065d4de in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:418 #2 0xc065d7a3 in panic (fmt=Variable "fmt" is not available. ) at /usr/src/sys/kern/kern_shutdown.c:572 #3 0xc04668d7 in db_panic (addr=Could not find the frame base for "db_panic". ) at /usr/src/sys/ddb/db_command.c:446 #4 0xc04672dc in db_command (last_cmdp=0xc0999974, cmd_table=0x0, dopager=1) at /usr/src/sys/ddb/db_command.c:413 #5 0xc04673ea in db_command_loop () at /usr/src/sys/ddb/db_command.c:466 #6 0xc0468bdd in db_trap (type=3, code=0) at /usr/src/sys/ddb/db_main.c:228 #7 0xc0686276 in kdb_trap (type=3, code=0, tf=0xe43d0b44) at /usr/src/sys/kern/subr_kdb.c:524 #8 0xc0860f5f in trap (frame=0xe43d0b44) at /usr/src/sys/i386/i386/trap.c:648 #9 0xc084710b in calltrap () at /usr/src/sys/i386/i386/exception.s:139 #10 0xc06863fa in kdb_enter_why (why=0xc08d0f30 "panic", msg=0xc08d0f30 "panic") at cpufunc.h:60 #11 0xc065d78c in panic (fmt=0xc08d3536 "resource_list_release: resource entry is not busy") at /usr/src/sys/kern/kern_shutdown.c:556 #12 0xc0682b22 in resource_list_release (rl=0xc409b404, bus=0xc4053480, child=0xc40a4d00, type=3, rid=16, res=0xc4080180) at /usr/src/sys/kern/subr_bus.c:2777 #13 0xc0682c17 in bus_generic_rl_release_resource (dev=0xc4053480, child=0xc40a4d00, type=3, rid=16, r=0xc4080180) at /usr/src/sys/kern/subr_bus.c:3328 #14 0xc06827c7 in bus_release_resource (dev=0xc40a4d00, type=3, rid=16, r=0xc4080180) at bus_if.h:347 #15 0xc04aaaf2 in ath_pci_detach (dev=0xc40a4d00) at /usr/src/sys/dev/ath/if_ath_pci.c:223 #16 0xc0680ddc in device_detach (dev=0xc40a4d00) at device_if.h:212 #17 0xc04c3afd in cardbus_detach_card (cbdev=0xc4053480) at /usr/src/sys/dev/cardbus/cardbus.c:236 #18 0xc055723a in cbb_event_thread (arg=0xc3fbc000) at card_if.h:95 #19 0xc063bcb8 in fork_exit (callout=0xc05570e0 <cbb_event_thread>, arg=0xc3fbc000, frame=0xe43d0d38) at /usr/src/sys/kern/kern_fork.c:783 #20 0xc0847180 in fork_trampoline () at /usr/src/sys/i386/i386/exception.s:205 (kgdb) list 205 call fork_exit 206 addl $12,%esp 207 /* cut from syscall */ 208 209 /* 210 * Return via doreti to handle ASTs. 211 */ 212 MEXITCOUNT 213 jmp doreti 214 (kgdb) up #1 0xc065d4de in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:418 418 doadump(); (kgdb) up #2 0xc065d7a3 in panic (fmt=Variable "fmt" is not available. ) at /usr/src/sys/kern/kern_shutdown.c:572 572 boot(bootopt); (kgdb) up #3 0xc04668d7 in db_panic (addr=Could not find the frame base for "db_panic". ) at /usr/src/sys/ddb/db_command.c:446 446 panic("from debugger"); (kgdb) up #4 0xc04672dc in db_command (last_cmdp=0xc0999974, cmd_table=0x0, dopager=1) at /usr/src/sys/ddb/db_command.c:413 413 (*cmd->fcn)(addr, have_addr, count, modif); (kgdb) up #5 0xc04673ea in db_command_loop () at /usr/src/sys/ddb/db_command.c:466 466 db_command(&db_last_command, &db_command_table, /* dopager */ 1); (kgdb) up #6 0xc0468bdd in db_trap (type=3, code=0) at /usr/src/sys/ddb/db_main.c:228 228 db_command_loop(); (kgdb) up #7 0xc0686276 in kdb_trap (type=3, code=0, tf=0xe43d0b44) at /usr/src/sys/kern/subr_kdb.c:524 524 handled = kdb_dbbe->dbbe_trap(type, code); (kgdb) up #8 0xc0860f5f in trap (frame=0xe43d0b44) at /usr/src/sys/i386/i386/trap.c:648 648 if (kdb_trap(type, 0, frame)) (kgdb) up #9 0xc084710b in calltrap () at /usr/src/sys/i386/i386/exception.s:139 139 call trap Current language: auto; currently asm (kgdb) up #10 0xc06863fa in kdb_enter_why (why=0xc08d0f30 "panic", msg=0xc08d0f30 "panic") at cpufunc.h:60 60 __asm __volatile("int $3"); Current language: auto; currently c (kgdb) up #11 0xc065d78c in panic (fmt=0xc08d3536 "resource_list_release: resource entry is not busy") at /usr/src/sys/kern/kern_shutdown.c:556 556 kdb_enter_why(KDB_WHY_PANIC, "panic"); (kgdb) list 551 552 #ifdef KDB 553 if (newpanic && trace_on_panic) 554 kdb_backtrace(); 555 if (debugger_on_panic) 556 kdb_enter_why(KDB_WHY_PANIC, "panic"); 557 #ifdef RESTARTABLE_PANICS 558 /* See if the user aborted the panic, in which case we continue. */ 559 if (panicstr == NULL) { 560 #ifdef SMP (kgdb) up #12 0xc0682b22 in resource_list_release (rl=0xc409b404, bus=0xc4053480, child=0xc40a4d00, type=3, rid=16, res=0xc4080180) at /usr/src/sys/kern/subr_bus.c:2777 2777 panic("resource_list_release: resource entry is not busy"); (kgdb) list 2772 rle = resource_list_find(rl, type, rid); 2773 2774 if (!rle) 2775 panic("resource_list_release: can't find resource"); 2776 if (!rle->res) 2777 panic("resource_list_release: resource entry is not busy"); 2778 2779 error = BUS_RELEASE_RESOURCE(device_get_parent(bus), child, 2780 type, rid, res); 2781 if (error) (kgdb) print rle $1 = (struct resource_list_entry *) 0xc08d0f30 (kgdb) print rle->res $2 = (struct resource *) 0x705f6e6f (kgdb) up #13 0xc0682c17 in bus_generic_rl_release_resource (dev=0xc4053480, child=0xc40a4d00, type=3, rid=16, r=0xc4080180) at /usr/src/sys/kern/subr_bus.c:3328 3328 return (resource_list_release(rl, dev, child, type, rid, r)); (kgdb) ------------------------------------------------------------------------------------------------------------------------------- I've made some printfs in subr_bus.c something like: ... printf("calling resource_list_release: ***1***\n"); if (passthrough) { printf("passthrough: calling resource_list_release: ***1***\n"); return (BUS_RELEASE_RESOURCE(device_get_parent(bus), child, type, rid, res)); } rle = resource_list_find(rl, type, rid); printf("resource_list_release: rle: %p\n",rle); printf("resource_list_release: res: %p\n",rle->res); if (!rle) panic("resource_list_release: can't find resource"); if (!rle->res) panic("resource_list_release: resource entry is not busy"); printf("calling resource_list_release: ***2***\n"); error = BUS_RELEASE_RESOURCE(device_get_parent(bus), child, type, rid, res); if (error) return (error); rle->res = NULL; return (0); ... printf messages appear in following order when I detach ath0 card: ... calling bus_release_resource: ***1*** calling resource_list_release: ***1*** resource_list_release: rle: 0xc4057840 resource_list_release: res: 0xc4093940 calling resource_list_release: ***2*** calling resource_list_release: ***1*** passthrough: calling resource_list_release: ***1*** calling bus_generic_release_resource: ***1*** calling resource_list_release: ***1*** passthrough: calling resource_list_release: ***1*** calling bus_generic_release_resource: ***1*** calling bus_release_resource: ***1*** calling resource_list_release: ***1*** resource_list_release: rle: 0xc4057600 resource_list_release: res: 0 panic: resource_list_release: resource entry is not busy ... I have a question here. Why is resource_list_release() called several times? Is it because it is trying to release resources from bottom to up of device tree? Correct me if I'm wrong here. As I understand during the last function call rle->res is null and it panics with message. Following fixes the problem: ... /* if (!rle->res) panic("resource_list_release: resource entry is not busy"); */ if (rle->res != NULL){ error = BUS_RELEASE_RESOURCE(device_get_parent(bus), child, type, rid, res); if (error) return (error); rle->res = NULL; } ... However I think this is a just bad workaround and not the correct fix. I think it is not fixing the root of the problem. Is there any idea how to fix this problem? Warner, can you look at this issue if you have time? thanks, Ganbold
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?481C5F4E.5080602>