Hey, There's an easily reproduceable panic involving configuring vlans on fxp cards. I've recreated it in single user mode on a top-of-tree -CURRENT machine as well as on a 5.3-STABLE machine. Enter full pathname of shell or RETURN for /bin/sh: # ifconfig vlan0 create # ifconfig vlan0 vlan 123 vlandev fxp0 # ifconfig vlan0 inet 1.2.3.4 lock order reversal 1st 0xc15f6268 fxp0 (network driver) _at_ /usr/src/sys/dev/fxp/if_fxp.c:2389 2nd 0xc14c7ad0 user map (user map) _at_ /usr/src/sys/vm/vm_map.c:2998 KDB: stack backtrace: kdb_backtrace(0,ffffffff,c08f7ae0,c08f8a08,c08852ac) at kdb_backtrace+0x29 witness_checkorder(c14c7ad0,9,c083d2a9,bb6) at witness_checkorder+0x54c _sx_xlock(c14c7ad0,c083d2a9,bb6) at _sx_xlock+0x50 _vm_map_lock_read(c14c7a8c,c083d2a9,bb6,2000046,c1595458) at _vm_map_lock_read+0x37 vm_map_lookup(cbdf3804,0,2,cbdf3808,cbdf37f8) at vm_map_lookup+0x28 vm_fault(c14c7a8c,0,2,8,c1594450) at vm_fault+0x66 trap_pfault(cbdf38cc,0,0) at trap_pfault+0xf2 trap(c15f0018,cbdf0010,c0630010,c15f6000,c15f6000) at trap+0x335 calltrap() at calltrap+0x5 --- trap 0xc, eip = 0xc051e966, esp = 0xcbdf390c, ebp = 0xcbdf3918 --- fxp_mc_setup(c15f6000) at fxp_mc_setup+0x62 fxp_ioctl(c15f6000,80206931,0) at fxp_ioctl+0x112 if_addmulti(c15f6000,cbdf3980,cbdf397c,c1667d48,cbdf3988) at if_addmulti+0x223 vlan_setmulti(c1667c40,cbdf39fc,c060a5d5,c088cd80,40) at vlan_setmulti+0x139 vlan_ioctl(c1733800,80206931,0) at vlan_ioctl+0x3e if_addmulti(c1733800,cbdf3a4c,cbdf3a48,cbdf3a4c,1c) at if_addmulti+0x223 in6_addmulti(cbdf3a9c,c1733800,cbdf3a94) at in6_addmulti+0x4c in6_update_ifa(c1733800,cbdf3b9c,0) at in6_update_ifa+0x4ce in6_ifattach_linklocal(c1733800,0) at in6_ifattach_linklocal+0xe5 in6_ifattach(c1733800,0,8040691a,8040691a,0) at in6_ifattach+0xa9 in6_if_up(c1733800) at in6_if_up+0x13 ifioctl(c173da60,8040691a,c1667dc0,c1594450,0) at ifioctl+0x1f8 soo_ioctl(c1724708,8040691a,c1667dc0,c14b9780,c1594450) at soo_ioctl+0x2db ioctl(c1594450,cbdf3d14,3,2,282) at ioctl+0x370 syscall(2f,2f,2f,80543a0,1) at syscall+0x213 Xint0x80_syscall() at Xint0x80_syscall+0x1f --- syscall (54, FreeBSD ELF32, ioctl), eip = 0x280c44f3, esp = 0xbfbfe5cc, ebp = 0xbfbfee18 --- Fatal trap 12: page fault while in kernel mode cpuid = 0; apic id = 00 fault virtual address = 0x0 fault code = supervisor write, page not present instruction pointer = 0x8:0xc051e966 stack pointer = 0x10:0xcbdf390c frame pointer = 0x10:0xcbdf3918 code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, def32 1, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 56 (ifconfig) [thread pid 56 tid 100043 ] Stopped at fxp_mc_setup+0x62: movw $0,0(%eax) db> db> tr Tracing pid 56 tid 100043 td 0xc1594450 fxp_mc_setup(c15f6000) at fxp_mc_setup+0x62 fxp_ioctl(c15f6000,80206931,0) at fxp_ioctl+0x112 if_addmulti(c15f6000,cbdf3980,cbdf397c,c1667d48,cbdf3988) at if_addmulti+0x223 vlan_setmulti(c1667c40,cbdf39fc,c060a5d5,c088cd80,40) at vlan_setmulti+0x139 vlan_ioctl(c1733800,80206931,0) at vlan_ioctl+0x3e if_addmulti(c1733800,cbdf3a4c,cbdf3a48,cbdf3a4c,1c) at if_addmulti+0x223 in6_addmulti(cbdf3a9c,c1733800,cbdf3a94) at in6_addmulti+0x4c in6_update_ifa(c1733800,cbdf3b9c,0) at in6_update_ifa+0x4ce in6_ifattach_linklocal(c1733800,0) at in6_ifattach_linklocal+0xe5 in6_ifattach(c1733800,0,8040691a,8040691a,0) at in6_ifattach+0xa9 in6_if_up(c1733800) at in6_if_up+0x13 ifioctl(c173da60,8040691a,c1667dc0,c1594450,0) at ifioctl+0x1f8 soo_ioctl(c1724708,8040691a,c1667dc0,c14b9780,c1594450) at soo_ioctl+0x2db ioctl(c1594450,cbdf3d14,3,2,282) at ioctl+0x370 syscall(2f,2f,2f,80543a0,1) at syscall+0x213 Xint0x80_syscall() at Xint0x80_syscall+0x1f --- syscall (54, FreeBSD ELF32, ioctl), eip = 0x280c44f3, esp = 0xbfbfe5cc, ebp = 0xbfbfee18 --- fxp_mc_setup+0x62 seems to correspond to the following code in sys/dev/fxp/if_fxp.c: (line 2554) /* * Add a NOP command with interrupt so that we are notified * when all TX commands have been processed. */ txp = sc->fxp_desc.tx_last->tx_next; txp->tx_mbuf = NULL; --> txp->tx_cb->cb_status = 0; txp->tx_cb->cb_command = htole16(FXP_CB_COMMAND_NOP | FXP_CB_COMMAND_S | FXP_CB_COMMAND_I); txp->tx_cb is NULL at this point. This seems to be because fxp_init() has never been called. (both validated by instrumenting the code in question) Note also that the panic does not seem to occur if you do anything with fxp0 before doing something with the vlans. For example, assigning it an address, or even just bringing it up seems to prevent the panic. In this situation, where should fxp_init be called from? Presumably it's not the responsibility of the vlan code - as when it gets called we could already be using the interface and reinitialising it wouldn't be a nice thing to do. But then, what should be initialising it? And as an aside, is the detour via inet6 correct for what is entirely inet4? Sadly I can't get a dump on this machine. dmesg below. Gavin GDB: no debug ports present KDB: debugger backends: ddb KDB: current backend: ddb Copyright (c) 1992-2005 The FreeBSD Project. Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 The Regents of the University of California. All rights reserved. FreeBSD 6.0-CURRENT #0: Mon Feb 7 13:10:26 GMT 2005 root_at_thi.bu.nker.net:/usr/obj/usr/src/sys/GENERIC WARNING: WITNESS option enabled, expect reduced performance. Timecounter "i8254" frequency 1193182 Hz quality 0 CPU: Intel(R) Pentium(R) III Mobile CPU 1000MHz (995.96-MHz 686-class CPU) Origin = "GenuineIntel" Id = 0x6b1 Stepping = 1 Features=0x383f9ff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE> real memory = 251002880 (239 MB) avail memory = 236322816 (225 MB) npx0: [FAST] npx0: <math processor> on motherboard npx0: INT 16 interface acpi0: <TOSHIB 750> on motherboard acpi0: Power Button (fixed) Timecounter "ACPI-safe" frequency 3579545 Hz quality 1000 acpi_timer0: <24-bit timer at 3.579545MHz> port 0xee08-0xee0b on acpi0 cpu0: <ACPI CPU (3 Cx states)> on acpi0 pcib0: <ACPI Host-PCI bridge> port 0xcf8-0xcff on acpi0 pci_link0: <ACPI PCI Link LNKA> irq 11 on acpi0 pci_link1: <ACPI PCI Link LNKB> irq 11 on acpi0 pci_link2: <ACPI PCI Link LNKD> irq 11 on acpi0 pci_link3: <ACPI PCI Link LNKC> irq 11 on acpi0 pci_link4: <ACPI PCI Link LNKH> irq 11 on acpi0 pci_link5: <ACPI PCI Link LNKG> irq 11 on acpi0 pci0: <ACPI PCI bus> on pcib0 pcib1: <ACPI PCI-PCI bridge> at device 1.0 on pci0 pci1: <ACPI PCI bus> on pcib1 pci1: <display, VGA> at device 0.0 (no driver attached) ohci0: <AcerLabs M5237 (Aladdin-V) USB controller> mem 0xf7eff000-0xf7efffff irq 11 at device 2.0 on pci0 ohci0: [GIANT-LOCKED] usb0: OHCI version 1.0, legacy support usb0: SMM does not respond, resetting usb0: <AcerLabs M5237 (Aladdin-V) USB controller> on ohci0 usb0: USB revision 1.0 uhub0: AcerLabs OHCI root hub, class 9/0, rev 1.00/1.00, addr 1 uhub0: 3 ports with 3 removable, self powered atapci0: <AcerLabs Aladdin UDMA66 controller> port 0xeff0-0xefff,0x376,0x170-0x177,0x3f6,0x1f0-0x1f7 at device 4.0 on pci0 ata0: channel #0 on atapci0 ata1: channel #1 on atapci0 pcm0: <Acer Labs M5451> port 0xed00-0xedff mem 0xf7efe000-0xf7efefff irq 11 at device 6.0 on pci0 pcm0: <Asahi Kasei AK4543 AC97 Codec> pcm0: [GIANT-LOCKED] isab0: <PCI-ISA bridge> at device 7.0 on pci0 isa0: <ISA bus> on isab0 pci0: <bridge, PCI-unknown> at device 8.0 (no driver attached) fxp0: <Intel 82550 Pro/100 Ethernet> port 0xeb40-0xeb7f mem 0xf7ec0000-0xf7edffff,0xf7efd000-0xf7efdfff irq 11 at device 10.0 on pci0 miibus0: <MII bus> on fxp0 inphy0: <i82555 10/100 media interface> on miibus0 inphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto fxp0: Ethernet address: 00:00:39:7e:f8:36 cbb0: <ToPIC100 PCI-CardBus Bridge> at device 17Card bus> on cbb0 cbb1: <ToPIC100 PCI-CardBus Bridge> at device 17.1 on pci0 cardbus1: <CardBus bus> on cbb1 pccard1: <16-bit PCCard bus> on cbb1 pci0: <base peripheral> at device 18.0 (no driver attached) acpi_lid0: <Control Method Lid Switch> on acpi0 acpi_cmbat0: <Control Method Battery> on acpi0 acpi_cmbat1: <Control Method Battery> on acpi0 acpi_acad0: <AC Adapter> on acpi0 acpi_tz0: <Thermal Zone> on acpi0 atkbdc0: <Keyboard controller (i8042)> port 0x64,0x60 irq 1 on acpi0 atkbd0: <AT Keyboard> irq 1 on atkbdc0 kbd0 at atkbd0 atkbd0: [GIANT-LOCKED] psm0: <PS/2 Mouse> irq 12 on atkbdc0 psm0: [GIANT-LOCKED] psm0: model IntelliMouse, device ID 3 sio0: <16550A-compatible COM port> port 0x3f8-0x3ff irq 4 flags 0x10 on acpi0 sio0: type 16550A, console ppc0: <ECP parallel printer port> port 0x778-0x77a,0x378-0x37a irq 7 drq 3 on acpi0 ppc0: SMC-like chipset (ECP/EPP/PS2/NIBBLE) in COMPATIBLE mode ppc0: FIFO with 16/16/15 bytes threshold ppbus0: <Parallel port bus> on ppc0 plip0: <PLIP network interface> on ppbus0 lpt0: <Printer> on ppbus0 lpt0: Interrupt-driven port ppi0: <Parallel I/O> on ppbus0 pmtimer0 on isa0 orm0: <ISA Option ROMs> at iomem 0xe0000-0xeffff,0xc0000-0xcbfff on isa0 sc0: <System console> at flags 0x100 on isa0 sc0: VGA <16 virtual consoles, flags=0x100> sio1: configured irq 3 not in bitmap of probed irqs 0 sio1: port may not be enabled vga0: <Generic ISA VGA> at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0 Timecounter "TSC" frequency 995964893 Hz quality 800 Timecounters tick every 1.000 msec ad0: 19077MB <FUJITSU MHT2020AT/009A> [38760/16/63] at ata0-master UDMA66 acd0: CDROM <CD-224E-BA/7.7C> at ata1-master UDMA33 Trying to mount root from ufs:/dev/ad0s1a Enter full pathname of shell or RETURN for /bin/sh:Received on Tue Feb 08 2005 - 17:27:22 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:27 UTC