kern/51352: panic: malloc(M_WAITOK) in interrupt context
Mark Gooderum
mark at verniernetworks.com
Mon May 19 13:10:04 PDT 2003
The following reply was made to PR kern/51352; it has been noted by GNATS.
From: Mark Gooderum <mark at verniernetworks.com>
To: freebsd-gnats-submit at FreeBSD.org, dada at sbox.tugraz.at,
Archie Cobbs <archie at packetdesign.com>
Cc:
Subject: Re: kern/51352: panic: malloc(M_WAITOK) in interrupt context
Date: Mon, 19 May 2003 13:06:04 -0700
I've managed to trigger this running a kernel with DIAGNOSTIC and
INVARIANTS - the core is always the traceback below. This is running 4.7.
The offending MALLOC() is in dup_sockaddr() - which takes a flag for
"canblock". The dup_sockaddr() call is from sorecieve() which _always_
calls dup_sockaddr() at splnet() with the canwait flag usually set to
true (always in this particular code path down from recvfrom() as far as
I can tell). Something here is a bug - if the MALLOC() blocks the socket
code can get back to where it is so the splnet() to protect that socket
is in fact not protecting the socket so I can see bad JuJu happening but
I haven't discerned the full nature of this juju.
But I don't understand enough of the socket code yet to say whether I
can safely say don't wait always (as it looks like the code doesn't
particulary seem to check or care if the dup fails).
IdlePTD at phsyical address 0x003de000
initial pcb at physical address 0x00314bc0
panicstr: malloc(M_WAITOK) in interrupt context
panic messages:
---
panic: malloc(M_WAITOK) in interrupt context
Uptime: 1d8h15m51s
dumping to dev #ad/0x20001, offset 4120
dump ata0: resetting devices .. done
61 60 59 58 57 56 55 54 53 52 51 50 49 48 47 46 45 44 43 42 41 40 39
38 37 36 35 34 33 32 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16
15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
---
#0 dumpsys () at ../../kern/kern_shutdown.c:504
504 if (dumping++) {
(kgdb) where
#0 dumpsys () at ../../kern/kern_shutdown.c:504
#1 0xc01582f1 in boot (howto=260) at ../../kern/kern_shutdown.c:324
#2 0xc015878d in panic (
fmt=0xc02a7be0 "malloc(M_WAITOK) in interrupt context")
at ../../kern/kern_shutdown.c:634
#3 0xc01535fb in malloc (size=10, type=0xc02fbac0, flags=0)
at ../../kern/kern_malloc.c:157
#4 0xc017e9eb in dup_sockaddr (sa=0xc05e3114, canwait=1)
at ../../kern/uipc_socket2.c:928
#5 0xc017b5b2 in soreceive (so=0xc6db1bc0, psa=0xc7a23e9c,
uio=0xc7a23ec8,
mp0=0x0, controlp=0x0, flagsp=0xc7a23f24) at
../../kern/uipc_socket.c:777
#6 0xc017f949 in recvit (p=0xc6938f60, s=14, mp=0xc7a23f0c,
namelenp=0x855dd6c "\037") at ../../kern/uipc_syscalls.c:790
#7 0xc017fbf0 in recvfrom (p=0xc6938f60, uap=0xc7a23f80)
at ../../kern/uipc_syscalls.c:927
#8 0xc024bed5 in syscall2 (frame={tf_fs = 138805295, tf_es = 138936367,
tf_ds = 138936367, tf_edi = 139845116, tf_esi = 139844976,
tf_ebp = 139845008, tf_isp = -945668140, tf_ebx = 139845116,
tf_edx = 1048576, tf_ecx = 14, tf_eax = 29, tf_trapno = 22,
tf_err = 2, tf_eip = 135653636, tf_cs = 31, tf_eflags = 535,
tf_esp = 139844916, tf_ss = 47}) at ../../i386/i386/trap.c:1175
#9 0xc023ecd5 in Xint0x80_syscall ()
#10 0x807d25a in ?? ()
#11 0x80a8050 in ?? ()
#12 0x81463c1 in ?? ()
#13 0x8147ae5 in ?? ()
#14 0x8147a65 in ?? ()
#15 0x855de7c in ?? ()
Cannot access memory at address 0x158.
(kgdb) up
#1 0xc01582f1 in boot (howto=260) at ../../kern/kern_shutdown.c:324
324 dumpsys();
(kgdb) up
#2 0xc015878d in panic (
fmt=0xc02a7be0 "malloc(M_WAITOK) in interrupt context")
at ../../kern/kern_shutdown.c:634
634 boot(bootopt);
(kgdb) up
#3 0xc01535fb in malloc (size=10, type=0xc02fbac0, flags=0)
at ../../kern/kern_malloc.c:157
157 KASSERT(intr_nesting_level == 0,
(kgdb) list
152 #endif
153 register struct malloc_type *ksp = type;
154
155 #if defined(INVARIANTS) && defined(__i386__)
156 if (flags == M_WAITOK)
157 KASSERT(intr_nesting_level == 0,
158 ("malloc(M_WAITOK) in interrupt context"));
159 #endif
160 /*
161 * Must be at splmem() prior to initializing segment
to handle
(kgdb) up
#4 0xc017e9eb in dup_sockaddr (sa=0xc05e3114, canwait=1)
at ../../kern/uipc_socket2.c:928
928 MALLOC(sa2, struct sockaddr *, sa->sa_len, M_SONAME,
(kgdb) list
923 struct sockaddr *sa;
924 int canwait;
925 {
926 struct sockaddr *sa2;
927
928 MALLOC(sa2, struct sockaddr *, sa->sa_len, M_SONAME,
929 canwait ? M_WAITOK : M_NOWAIT);
930 if (sa2)
931 bcopy(sa, sa2, sa->sa_len);
932 return sa2;
(kgdb) up
#5 0xc017b5b2 in soreceive (so=0xc6db1bc0, psa=0xc7a23e9c,
uio=0xc7a23ec8,
mp0=0x0, controlp=0x0, flagsp=0xc7a23f24) at
../../kern/uipc_socket.c:777
777 *psa = dup_sockaddr(mtod(m, struct
sockaddr *),
(kgdb) list
772 nextrecord = m->m_nextpkt;
773 if (pr->pr_flags & PR_ADDR) {
774 KASSERT(m->m_type == MT_SONAME, ("receive 1a"));
775 orig_resid = 0;
776 if (psa)
777 *psa = dup_sockaddr(mtod(m, struct
sockaddr *),
778 mp0 == 0);
779 if (flags & MSG_PEEK) {
780 m = m->m_next;
781 } else {
(kgdb)
More information about the freebsd-bugs
mailing list