From dada@sbox.tugraz.at  Thu Apr 24 07:09:55 2003
Return-Path: <dada@sbox.tugraz.at>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id CB4A437B401
	for <FreeBSD-gnats-submit@freebsd.org>; Thu, 24 Apr 2003 07:09:54 -0700 (PDT)
Received: from mailrelay02.tugraz.at (mailrelay02.tu-graz.ac.at [129.27.3.8])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 579B543F75
	for <FreeBSD-gnats-submit@freebsd.org>; Thu, 24 Apr 2003 07:09:53 -0700 (PDT)
	(envelope-from dada@sbox.tugraz.at)
Received: from localhost (webmail.tu-graz.ac.at [129.27.3.143])
	by mailrelay02.tugraz.at (8.12.9/8.12.9) with ESMTP id h3OE9o2c011940;
	Thu, 24 Apr 2003 16:09:50 +0200 (CEST)
Received: from subzr207.tu-graz.ac.at (subzr207.tu-graz.ac.at
	[129.27.43.207]) by webmail.tugraz.at (Horde) with HTTP for <dada@sbox>;
	Thu, 24 Apr 2003 16:09:51 +0200
Message-Id: <1051193391.2a44f75eab7d2@webmail.tugraz.at>
Date: Thu, 24 Apr 2003 16:09:51 +0200
From: dada@sbox.tugraz.at
To: FreeBSD-gnats-submit@freebsd.org
Cc: dada@sbox.tugraz.at
Subject: panic: malloc(M_WAITOK) in interrupt context

>Number:         51352
>Category:       kern
>Synopsis:       panic: malloc(M_WAITOK) in interrupt context
>Confidential:   no
>Severity:       serious
>Priority:       low
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Apr 24 07:10:04 PDT 2003
>Closed-Date:    Sun Nov 12 13:03:21 GMT 2006
>Last-Modified:  Sun Nov 12 13:03:21 GMT 2006
>Originator:     Martin Kammerhofer
>Release:        FreeBSD 4.8-STABLE i386
>Organization:
Graz University
>Environment:
System: FreeBSD box.at.home 4.8-STABLE FreeBSD 4.8-STABLE #1: Wed Apr 23
22:43:46 CEST 2003 toor@box.at.home:/usr/obj/usr/src-4.x/sys/LEND4 i386

>Description:
	Machine panics when resuming from APM suspend mode.
	(Repeated "panic" lines below are obtained with the little patch
	 below at "Fix:")

resumed from suspended mode (slept 00:00:02)
ata0: resetting devices .. ad0: DMA limited to UDMA33, non-ATA66 cable or device
panic: malloc(M_WAITOK) in interrupt context
panic: malloc(M_WAITOK) in interrupt context
panic: malloc(M_WAITOK) in interrupt context
panic: malloc(M_WAITOK) in interrupt context
done
ata1: resetting devices .. panic: malloc(M_WAITOK) in interrupt context
panic: malloc(M_WAITOK) in interrupt context
panic: malloc(M_WAITOK) in interrupt context
panic: malloc(M_WAITOK) in interrupt context
done

>How-To-Repeat:
	Compile, install and boot a i386 -STABLE kernel with
	        device apm0
		options INVARIANTS
		options INVARIANT_SUPPORT.
	Enable apm and suspend.
	# apm -e 1 && zzz

>Fix:
	I don't have a fix, only two lame workarounds:
	a) remove INVARIANTS from kernel, or
	b) downgrade the panic() to printf()

*** /usr/src-4.8/sys/kern/kern_malloc.c	Sat Mar 16 03:19:51 2002
--- /usr/src/sys/kern/kern_malloc.c	Sat Mar 16 03:19:51 2002
***************
*** 153,161 ****
  	register struct malloc_type *ksp = type;

  #if defined(INVARIANTS) && defined(__i386__)
! 	if (flags == M_WAITOK)
! 		KASSERT(intr_nesting_level == 0,
! 		   ("malloc(M_WAITOK) in interrupt context"));
  #endif
  	/*
  	 * Must be at splmem() prior to initializing segment to handle
--- 153,160 ----
  	register struct malloc_type *ksp = type;

  #if defined(INVARIANTS) && defined(__i386__)
! 	if (flags == M_WAITOK && intr_nesting_level != 0)
! 		 printf("panic: malloc(M_WAITOK) in interrupt context\n");
  #endif
  	/*
  	 * Must be at splmem() prior to initializing segment to handle



	Here is my kernel configuration:
machine		i386
ident		LEND4
maxusers	0
makeoptions	DEBUG=-g		#Build kernel with gdb(1) debug symbols
options 	PQ_CACHESIZE=512	# color for 512k/16k cache
options 	INCLUDE_CONFIG_FILE     # Include this file in kernel
options 	ROOTDEVNAME=\"ufs:ad0s1a\"
cpu		I686_CPU		# aka Pentium Pro(tm)
options 	CPU_ENABLE_SSE
options 	NO_F00F_HACK
options 	COMPAT_43
options 	USER_LDT		#allow user-level control of i386 ldt
options 	SYSVSHM		# include support for shared memory
options 	SYSVSEM		# include support for semaphores
options 	SYSVMSG		# include support for message queues
options 	DDB
options 	KTRACE			#kernel tracing
options 	INVARIANTS
options 	INVARIANT_SUPPORT
options 	PERFMON
options 	UCONSOLE
options 	USERCONFIG		#boot -c editor
options 	VISUAL_USERCONFIG	#visual boot -c editor
options 	INET			#Internet communications protocols
options 	IPSEC			#IP security
options 	IPSEC_ESP		#IP security (crypto; define w/ IPSEC)
pseudo-device	ether			#Generic Ethernet
pseudo-device	loop			#Network loopback device
pseudo-device	bpf			#Berkeley packet filter
pseudo-device	disc			#Discard device (ds0, ds1, etc)
pseudo-device	tun			#Tunnel driver (ppp(8), nos-tun(8))
pseudo-device	gre			#IP over IP tunneling
options 	IPFIREWALL		#firewall
options 	IPFW2			#use ipfw in 4.X-STABLE
options 	IPFIREWALL_VERBOSE	#enable logging to syslogd(8)
options 	IPFIREWALL_FORWARD	#enable transparent proxy support
options 	IPFIREWALL_VERBOSE_LIMIT=100	#limit verbosity
options 	IPDIVERT		#divert sockets
options 	IPSTEALTH		#support for stealth forwarding
options 	TCPDEBUG
options 	RANDOM_IP_ID
options                ACCEPT_FILTER_DATA
options                ACCEPT_FILTER_HTTP
options 	TCP_DROP_SYNFIN		#drop TCP packets with SYN+FIN
options 	ICMP_BANDLIM
options 	DUMMYNET
options         DEVICE_POLLING
options 	FFS			#Fast filesystem
options 	MFS			#Memory File System
options 	NFS			#Network File System
options 	CD9660			#ISO 9660 filesystem
options 	FDESC			#File descriptor filesystem
options 	KERNFS			#Kernel filesystem
options 	MSDOSFS			#MS DOS File System
options 	PROCFS			#Process filesystem
options 	FFS_ROOT		#FFS usable as root device
options 	SOFTUPDATES
options 	UFS_DIRHASH
options 	MD_ROOT
options 	MD_NSECT=40000
options 	NSWAPDEV=5
options 	QUOTA			#enable disk quotas
options 	SUIDDIR
options 	EXT2FS
options 	P1003_1B
options 	_KPOSIX_PRIORITY_SCHEDULING
options 	_KPOSIX_VERSION=199309L
options 	HZ=440
device		scbus			#base SCSI code
device		da			#SCSI direct access devices (aka disks)
device		cd			#SCSI CD-ROMs
device		pass			#CAM passthrough driver
options 	SCSI_DELAY=1000	# Be optimistic about Joe SCSI device
pseudo-device	pty		#Pseudo ttys
pseudo-device	speaker		#Play IBM BASIC-style noises out your speaker
pseudo-device	gzip		#Exec gzipped a.out's
pseudo-device	vn		#Vnode driver (turns a file into a device)
pseudo-device	md		#Memory/malloc disk
pseudo-device	snp		#Snoop device - to look at pty/vty/etc..
options 	LIBICONV
options 	MSGBUF_SIZE=40960
device		isa
device		atkbdc0	at isa? port IO_KBD
device		atkbd0	at atkbdc? irq 1
options 	ATKBD_DFLT_KEYMAP	# specify the built-in keymap
makeoptions	ATKBD_DFLT_KEYMAP="german.iso"
device		psm0	at atkbdc? irq 12
device		vga0	at isa?
options 	VGA_WIDTH90		# support 90 column modes
options 	VESA
pseudo-device	splash
device		sc0	at isa?
options 	MAXCONS=16		# number of virtual consoles
options 	SC_DFLT_FONT		# compile font in
makeoptions	SC_DFLT_FONT=iso
options 	SC_HISTORY_SIZE=2000	# number of history buffer lines
options 	SC_PIXEL_MODE		# add support for the raster text mode
options 	SC_NORM_ATTR="(FG_GREEN|BG_BLACK)"
options 	SC_NORM_REV_ATTR="(FG_YELLOW|BG_GREEN)"
options 	SC_KERNEL_CONS_ATTR="(FG_YELLOW|BG_BLACK)"
options 	SC_KERNEL_CONS_REV_ATTR="(FG_YELLOW|BG_BLUE)"
device		npx0	at nexus? port IO_NPX flags 0x0 irq 13
device		ata
device		atadisk		# ATA disk drives
device		atapicd		# ATAPI CDROM drives
device		atapifd		# ATAPI floppy drives
device		atapist		# ATAPI tape drives
device		atapicam	# emulate ATAPI devices as SCSI ditto via CAM
options 	ATA_STATIC_ID
device		fdc0	at isa? port IO_FD1 irq 6 drq 2
device		fd0	at fdc0 drive 0
device		fd1	at fdc0 drive 1
device		sio0	at isa? port IO_COM1 flags 0x10 irq 4
device		sio1	at isa? port IO_COM2            irq 3
device		pcm
device		sbc
device		pca0 at isa? port IO_TIMER1
device		apm0
device		joy0	at isa? port IO_GAME
device		pci
options 	PCI_ENABLE_IO_MODES
device		agp
device		ahc		# AHA2940 and onboard AIC7xxx devices
device		smbus		# Bus support, required for smb below.
device		intpm
device		smb
device		ppc0	at isa? irq 7
device		ppbus
device		vpo
device		lpt
device		plip
device		ppi
options		DIRECTIO
device		uhci
device		ohci
device		usb
device		ugen
device		ukbd
device		ulpt
device		ums
device		uscanner
options 	SHOW_BUSYBUFS	# List buffers that prevent root unmount

>Release-Note:
>Audit-Trail:

From: Mark Gooderum <mark@verniernetworks.com>
To: freebsd-gnats-submit@FreeBSD.org, dada@sbox.tugraz.at,
	Archie Cobbs <archie@packetdesign.com>
Cc:  
Subject: Re: kern/51352: panic: malloc(M_WAITOK) in interrupt context
Date: Mon, 19 May 2003 13:06:04 -0700

 I've managed to trigger this running a kernel with DIAGNOSTIC and 
 INVARIANTS - the core is always the traceback below.  This is running 4.7.
 
 The offending MALLOC() is in dup_sockaddr() - which takes a flag for 
 "canblock".  The dup_sockaddr() call is from sorecieve() which _always_ 
 calls dup_sockaddr() at splnet() with the canwait flag usually set to 
 true (always in this particular code path down from recvfrom() as far as 
 I can tell). Something here is a bug - if the MALLOC() blocks the socket 
 code can get back to where it is so the splnet() to protect that socket 
 is in fact not protecting the socket so I can see bad JuJu happening but 
 I haven't discerned the full nature of this juju.
 
 But I don't understand enough of the socket code yet to say whether I 
 can safely say don't wait always (as it looks like the code doesn't 
 particulary seem to check or care if the dup fails).
 
    IdlePTD at phsyical address 0x003de000
    initial pcb at physical address 0x00314bc0
    panicstr: malloc(M_WAITOK) in interrupt context
    panic messages:
    ---
    panic: malloc(M_WAITOK) in interrupt context
    Uptime: 1d8h15m51s
 
    dumping to dev #ad/0x20001, offset 4120
    dump ata0: resetting devices .. done
    61 60 59 58 57 56 55 54 53 52 51 50 49 48 47 46 45 44 43 42 41 40 39
    38 37 36 35 34 33 32 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16
    15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
    ---
    #0  dumpsys () at ../../kern/kern_shutdown.c:504
    504             if (dumping++) {
    (kgdb) where
    #0  dumpsys () at ../../kern/kern_shutdown.c:504
    #1  0xc01582f1 in boot (howto=260) at ../../kern/kern_shutdown.c:324
    #2  0xc015878d in panic (
        fmt=0xc02a7be0 "malloc(M_WAITOK) in interrupt context")
        at ../../kern/kern_shutdown.c:634
    #3  0xc01535fb in malloc (size=10, type=0xc02fbac0, flags=0)
        at ../../kern/kern_malloc.c:157
    #4  0xc017e9eb in dup_sockaddr (sa=0xc05e3114, canwait=1)
        at ../../kern/uipc_socket2.c:928
    #5  0xc017b5b2 in soreceive (so=0xc6db1bc0, psa=0xc7a23e9c,
    uio=0xc7a23ec8,
        mp0=0x0, controlp=0x0, flagsp=0xc7a23f24) at
    ../../kern/uipc_socket.c:777
    #6  0xc017f949 in recvit (p=0xc6938f60, s=14, mp=0xc7a23f0c,
        namelenp=0x855dd6c "\037") at ../../kern/uipc_syscalls.c:790
    #7  0xc017fbf0 in recvfrom (p=0xc6938f60, uap=0xc7a23f80)
        at ../../kern/uipc_syscalls.c:927
    #8  0xc024bed5 in syscall2 (frame={tf_fs = 138805295, tf_es = 138936367,
          tf_ds = 138936367, tf_edi = 139845116, tf_esi = 139844976,
          tf_ebp = 139845008, tf_isp = -945668140, tf_ebx = 139845116,
          tf_edx = 1048576, tf_ecx = 14, tf_eax = 29, tf_trapno = 22,
          tf_err = 2, tf_eip = 135653636, tf_cs = 31, tf_eflags = 535,
          tf_esp = 139844916, tf_ss = 47}) at ../../i386/i386/trap.c:1175
    #9  0xc023ecd5 in Xint0x80_syscall ()
    #10 0x807d25a in ?? ()
    #11 0x80a8050 in ?? ()
    #12 0x81463c1 in ?? ()
    #13 0x8147ae5 in ?? ()
    #14 0x8147a65 in ?? ()
    #15 0x855de7c in ?? ()
    Cannot access memory at address 0x158.
    (kgdb) up
    #1  0xc01582f1 in boot (howto=260) at ../../kern/kern_shutdown.c:324
    324                     dumpsys();
    (kgdb) up
    #2  0xc015878d in panic (
        fmt=0xc02a7be0 "malloc(M_WAITOK) in interrupt context")
        at ../../kern/kern_shutdown.c:634
    634             boot(bootopt);
    (kgdb) up
    #3  0xc01535fb in malloc (size=10, type=0xc02fbac0, flags=0)
        at ../../kern/kern_malloc.c:157
    157                     KASSERT(intr_nesting_level == 0,
    (kgdb) list
    152     #endif
    153             register struct malloc_type *ksp = type;
    154
    155     #if defined(INVARIANTS) && defined(__i386__)
    156             if (flags == M_WAITOK)
    157                     KASSERT(intr_nesting_level == 0,
    158                        ("malloc(M_WAITOK) in interrupt context"));
    159     #endif
    160             /*
    161              * Must be at splmem() prior to initializing segment
    to handle
    (kgdb) up
    #4  0xc017e9eb in dup_sockaddr (sa=0xc05e3114, canwait=1)
        at ../../kern/uipc_socket2.c:928
    928             MALLOC(sa2, struct sockaddr *, sa->sa_len, M_SONAME,
    (kgdb) list
    923             struct sockaddr *sa;
    924             int canwait;
    925     {
    926             struct sockaddr *sa2;
    927
    928             MALLOC(sa2, struct sockaddr *, sa->sa_len, M_SONAME,
    929                    canwait ? M_WAITOK : M_NOWAIT);
    930             if (sa2)
    931                     bcopy(sa, sa2, sa->sa_len);
    932             return sa2;
    (kgdb) up
    #5  0xc017b5b2 in soreceive (so=0xc6db1bc0, psa=0xc7a23e9c,
    uio=0xc7a23ec8,
        mp0=0x0, controlp=0x0, flagsp=0xc7a23f24) at
    ../../kern/uipc_socket.c:777
    777                             *psa = dup_sockaddr(mtod(m, struct
    sockaddr *),
    (kgdb) list
    772             nextrecord = m->m_nextpkt;
    773             if (pr->pr_flags & PR_ADDR) {
    774                     KASSERT(m->m_type == MT_SONAME, ("receive 1a"));
    775                     orig_resid = 0;
    776                     if (psa)
    777                             *psa = dup_sockaddr(mtod(m, struct
    sockaddr *),
    778                                                 mp0 == 0);
    779                     if (flags & MSG_PEEK) {
    780                             m = m->m_next;
    781                     } else {
    (kgdb)
 
 

From: Mark Gooderum <mark@verniernetworks.com>
To: Mark Gooderum <mark@verniernetworks.com>
Cc: freebsd-gnats-submit@FreeBSD.org, dada@sbox.tugraz.at,
	Archie Cobbs <archie@packetdesign.com>
Subject: Re: kern/51352: panic: malloc(M_WAITOK) in interrupt context
Date: Mon, 19 May 2003 14:00:05 -0700

 Sorry - probably a false alarm on my part - confusing splnet() with 
 intr_nesting_level.
 --
 Mark
 
 > I've managed to trigger this running a kernel with DIAGNOSTIC and 
 > INVARIANTS - the core is always the traceback below.  This is running 
 > 4.7.
 >
 > The offending MALLOC() is in dup_sockaddr() - which takes a flag for 
 > "canblock".  The dup_sockaddr() call is from sorecieve() which 
 > _always_ calls dup_sockaddr() at splnet() with the canwait flag 
 > usually set to true (always in this particular code path down from 
 > recvfrom() as far as I can tell). Something here is a bug - if the 
 > MALLOC() blocks the socket code can get back to where it is so the 
 > splnet() to protect that socket is in fact not protecting the socket 
 > so I can see bad JuJu happening but I haven't discerned the full 
 > nature of this juju.
 >
 > But I don't understand enough of the socket code yet to say whether I 
 > can safely say don't wait always (as it looks like the code doesn't 
 > particulary seem to check or care if the dup fails).
 >
 
 
State-Changed-From-To: open->feedback 
State-Changed-By: bms 
State-Changed-When: Mon Sep 25 10:21:28 UTC 2006 
State-Changed-Why:  
Do you still get this error in FreeBSD 5.x or 6.x? 
There were significant changes in the area of the kernel memory 
allocator with regards to allocation from interrupt handlers. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=51352 

From: "Bruce M. Simpson" <bms@FreeBSD.org>
To: freebsd-gnats-submit@FreeBSD.org
Cc:  
Subject: Re: kern/51352: panic: malloc(M_WAITOK) in interrupt context
Date: Fri, 29 Sep 2006 15:22:38 +0100

 Zitat von "Bruce M. Simpson" <bms@FreeBSD.org>:
 
 > Is the original panic still present, or is this new behaviour?
 >
 > Can you tell us more about what kind of hardware you have?
 >
 > APM is the common factor in both conditions you describe so it's  
 > important we know how APM is being entered, what kind of BIOS you  
 > have, etc.
 
 It's the same hardware (except now larger IDE disks) that produced the  
 original panic. An Intel BX440 based motherboard, the Asus P2B-S. The  
 BIOS
 is the latest 1013.
 ACPI does not work with this board, Linux automatically disables it at boot
 with a message like "P2B-S Rev. 0 motherboards have a known PCI  
 interrupt routing problem". However APM works fine (except with a  
 FreeBSD kernel with
 INVARIANTS).
 Btw running a kernel without INVARIANTS on this box is no problem for me ;-).
 
 HTH,
    Martin
 
 P.S.: Haven't seen the malloc panic with 6.x, but I did only 2 panics...
 
State-Changed-From-To: feedback->closed 
State-Changed-By: remko 
State-Changed-When: Sun Nov 12 13:03:20 UTC 2006 
State-Changed-Why:  
The submitter reports that the problem cannot be reproduced anymore (as 
I understood this). If I am incorrect please notify me. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=51352 
>Unformatted:
