Gavin Atkinson wrote: > Hey, > > There's an easily reproduceable panic involving configuring vlans on fxp > cards. I've recreated it in single user mode on a top-of-tree -CURRENT > machine as well as on a 5.3-STABLE machine. I reported this during December. http://article.gmane.org/gmane.os.freebsd.current/63657 and it's now on the LOR list. > > Enter full pathname of shell or RETURN for /bin/sh: > # ifconfig vlan0 create > # ifconfig vlan0 vlan 123 vlandev fxp0 > # ifconfig vlan0 inet 1.2.3.4 > lock order reversal > 1st 0xc15f6268 fxp0 (network driver) _at_ /usr/src/sys/dev/fxp/if_fxp.c:2389 > 2nd 0xc14c7ad0 user map (user map) _at_ /usr/src/sys/vm/vm_map.c:2998 > KDB: stack backtrace: > kdb_backtrace(0,ffffffff,c08f7ae0,c08f8a08,c08852ac) at kdb_backtrace+0x29 > witness_checkorder(c14c7ad0,9,c083d2a9,bb6) at witness_checkorder+0x54c > _sx_xlock(c14c7ad0,c083d2a9,bb6) at _sx_xlock+0x50 > _vm_map_lock_read(c14c7a8c,c083d2a9,bb6,2000046,c1595458) at > _vm_map_lock_read+0x37 vm_map_lookup(cbdf3804,0,2,cbdf3808,cbdf37f8) at > vm_map_lookup+0x28 vm_fault(c14c7a8c,0,2,8,c1594450) at vm_fault+0x66 > trap_pfault(cbdf38cc,0,0) at trap_pfault+0xf2 > trap(c15f0018,cbdf0010,c0630010,c15f6000,c15f6000) at trap+0x335 > calltrap() at calltrap+0x5 > --- trap 0xc, eip = 0xc051e966, esp = 0xcbdf390c, ebp = 0xcbdf3918 --- > fxp_mc_setup(c15f6000) at fxp_mc_setup+0x62 > fxp_ioctl(c15f6000,80206931,0) at fxp_ioctl+0x112 > if_addmulti(c15f6000,cbdf3980,cbdf397c,c1667d48,cbdf3988) at > if_addmulti+0x223 vlan_setmulti(c1667c40,cbdf39fc,c060a5d5,c088cd80,40) at > vlan_setmulti+0x139 vlan_ioctl(c1733800,80206931,0) at vlan_ioctl+0x3e > if_addmulti(c1733800,cbdf3a4c,cbdf3a48,cbdf3a4c,1c) at if_addmulti+0x223 > in6_addmulti(cbdf3a9c,c1733800,cbdf3a94) at in6_addmulti+0x4c > in6_update_ifa(c1733800,cbdf3b9c,0) at in6_update_ifa+0x4ce > in6_ifattach_linklocal(c1733800,0) at in6_ifattach_linklocal+0xe5 > in6_ifattach(c1733800,0,8040691a,8040691a,0) at in6_ifattach+0xa9 > in6_if_up(c1733800) at in6_if_up+0x13 > ifioctl(c173da60,8040691a,c1667dc0,c1594450,0) at ifioctl+0x1f8 > soo_ioctl(c1724708,8040691a,c1667dc0,c14b9780,c1594450) at soo_ioctl+0x2db > ioctl(c1594450,cbdf3d14,3,2,282) at ioctl+0x370 > syscall(2f,2f,2f,80543a0,1) at syscall+0x213 > Xint0x80_syscall() at Xint0x80_syscall+0x1f > --- syscall (54, FreeBSD ELF32, ioctl), eip = 0x280c44f3, esp = > 0xbfbfe5cc, ebp = 0xbfbfee18 --- > > > Fatal trap 12: page fault while in kernel mode > cpuid = 0; apic id = 00 > fault virtual address = 0x0 > fault code = supervisor write, page not present > instruction pointer = 0x8:0xc051e966 > stack pointer = 0x10:0xcbdf390c > frame pointer = 0x10:0xcbdf3918 > code segment = base 0x0, limit 0xfffff, type 0x1b > = DPL 0, pres 1, def32 1, gran 1 > processor eflags = interrupt enabled, resume, IOPL = 0 > current process = 56 (ifconfig) > [thread pid 56 tid 100043 ] > Stopped at fxp_mc_setup+0x62: movw $0,0(%eax) > db> > db> tr > Tracing pid 56 tid 100043 td 0xc1594450 > fxp_mc_setup(c15f6000) at fxp_mc_setup+0x62 > fxp_ioctl(c15f6000,80206931,0) at fxp_ioctl+0x112 > if_addmulti(c15f6000,cbdf3980,cbdf397c,c1667d48,cbdf3988) at > if_addmulti+0x223 vlan_setmulti(c1667c40,cbdf39fc,c060a5d5,c088cd80,40) at > vlan_setmulti+0x139 vlan_ioctl(c1733800,80206931,0) at vlan_ioctl+0x3e > if_addmulti(c1733800,cbdf3a4c,cbdf3a48,cbdf3a4c,1c) at if_addmulti+0x223 > in6_addmulti(cbdf3a9c,c1733800,cbdf3a94) at in6_addmulti+0x4c > in6_update_ifa(c1733800,cbdf3b9c,0) at in6_update_ifa+0x4ce > in6_ifattach_linklocal(c1733800,0) at in6_ifattach_linklocal+0xe5 > in6_ifattach(c1733800,0,8040691a,8040691a,0) at in6_ifattach+0xa9 > in6_if_up(c1733800) at in6_if_up+0x13 > ifioctl(c173da60,8040691a,c1667dc0,c1594450,0) at ifioctl+0x1f8 > soo_ioctl(c1724708,8040691a,c1667dc0,c14b9780,c1594450) at soo_ioctl+0x2db > ioctl(c1594450,cbdf3d14,3,2,282) at ioctl+0x370 > syscall(2f,2f,2f,80543a0,1) at syscall+0x213 > Xint0x80_syscall() at Xint0x80_syscall+0x1f > --- syscall (54, FreeBSD ELF32, ioctl), eip = 0x280c44f3, esp = > 0xbfbfe5cc, ebp = 0xbfbfee18 --- > > fxp_mc_setup+0x62 seems to correspond to the following code in > sys/dev/fxp/if_fxp.c: (line 2554) > > > /* > * Add a NOP command with interrupt so that we are > notified * when all TX commands have been processed. > */ > txp = sc->fxp_desc.tx_last->tx_next; > txp->tx_mbuf = NULL; > --> txp->tx_cb->cb_status = 0; > txp->tx_cb->cb_command = htole16(FXP_CB_COMMAND_NOP | > FXP_CB_COMMAND_S | FXP_CB_COMMAND_I); > > txp->tx_cb is NULL at this point. This seems to be because fxp_init() > has never been called. (both validated by instrumenting the code in > question) > > Note also that the panic does not seem to occur if you do anything with > fxp0 before doing something with the vlans. For example, assigning it > an address, or even just bringing it up seems to prevent the panic. > > In this situation, where should fxp_init be called from? Presumably > it's not the responsibility of the vlan code - as when it gets called we > could already be using the interface and reinitialising it wouldn't be a > nice thing to do. But then, what should be initialising it? > > And as an aside, is the detour via inet6 correct for what is entirely > inet4? > > Sadly I can't get a dump on this machine. dmesg below. > > Gavin > > GDB: no debug ports present > KDB: debugger backends: ddb > KDB: current backend: ddb > Copyright (c) 1992-2005 The FreeBSD Project. > Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 > The Regents of the University of California. All rights reserved. > FreeBSD 6.0-CURRENT #0: Mon Feb 7 13:10:26 GMT 2005 > root_at_thi.bu.nker.net:/usr/obj/usr/src/sys/GENERIC > WARNING: WITNESS option enabled, expect reduced performance. > Timecounter "i8254" frequency 1193182 Hz quality 0 > CPU: Intel(R) Pentium(R) III Mobile CPU 1000MHz (995.96-MHz 686-class > CPU) > Origin = "GenuineIntel" Id = 0x6b1 Stepping = 1 > Features=0x383f9ff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE> > real memory = 251002880 (239 MB) > avail memory = 236322816 (225 MB) > npx0: [FAST] > npx0: <math processor> on motherboard > npx0: INT 16 interface > acpi0: <TOSHIB 750> on motherboard > acpi0: Power Button (fixed) > Timecounter "ACPI-safe" frequency 3579545 Hz quality 1000 > acpi_timer0: <24-bit timer at 3.579545MHz> port 0xee08-0xee0b on acpi0 > cpu0: <ACPI CPU (3 Cx states)> on acpi0 > pcib0: <ACPI Host-PCI bridge> port 0xcf8-0xcff on acpi0 > pci_link0: <ACPI PCI Link LNKA> irq 11 on acpi0 > pci_link1: <ACPI PCI Link LNKB> irq 11 on acpi0 > pci_link2: <ACPI PCI Link LNKD> irq 11 on acpi0 > pci_link3: <ACPI PCI Link LNKC> irq 11 on acpi0 > pci_link4: <ACPI PCI Link LNKH> irq 11 on acpi0 > pci_link5: <ACPI PCI Link LNKG> irq 11 on acpi0 > pci0: <ACPI PCI bus> on pcib0 > pcib1: <ACPI PCI-PCI bridge> at device 1.0 on pci0 > pci1: <ACPI PCI bus> on pcib1 > pci1: <display, VGA> at device 0.0 (no driver attached) > ohci0: <AcerLabs M5237 (Aladdin-V) USB controller> mem > 0xf7eff000-0xf7efffff irq 11 at device 2.0 on pci0 ohci0: [GIANT-LOCKED] > usb0: OHCI version 1.0, legacy support > usb0: SMM does not respond, resetting > usb0: <AcerLabs M5237 (Aladdin-V) USB controller> on ohci0 > usb0: USB revision 1.0 > uhub0: AcerLabs OHCI root hub, class 9/0, rev 1.00/1.00, addr 1 > uhub0: 3 ports with 3 removable, self powered > atapci0: <AcerLabs Aladdin UDMA66 controller> port > 0xeff0-0xefff,0x376,0x170-0x177,0x3f6,0x1f0-0x1f7 at device 4.0 on pci0 > ata0: channel #0 on atapci0 ata1: channel #1 on atapci0 > pcm0: <Acer Labs M5451> port 0xed00-0xedff mem 0xf7efe000-0xf7efefff irq > 11 at device 6.0 on pci0 pcm0: <Asahi Kasei AK4543 AC97 Codec> > pcm0: [GIANT-LOCKED] > isab0: <PCI-ISA bridge> at device 7.0 on pci0 > isa0: <ISA bus> on isab0 > pci0: <bridge, PCI-unknown> at device 8.0 (no driver attached) > fxp0: <Intel 82550 Pro/100 Ethernet> port 0xeb40-0xeb7f mem > 0xf7ec0000-0xf7edffff,0xf7efd000-0xf7efdfff irq 11 at device 10.0 on pci0 > miibus0: <MII bus> on fxp0 inphy0: <i82555 10/100 media interface> on > miibus0 > inphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto > fxp0: Ethernet address: 00:00:39:7e:f8:36 > cbb0: <ToPIC100 PCI-CardBus Bridge> at device 17Card bus> on cbb0 > cbb1: <ToPIC100 PCI-CardBus Bridge> at device 17.1 on pci0 > cardbus1: <CardBus bus> on cbb1 > pccard1: <16-bit PCCard bus> on cbb1 > pci0: <base peripheral> at device 18.0 (no driver attached) > acpi_lid0: <Control Method Lid Switch> on acpi0 > acpi_cmbat0: <Control Method Battery> on acpi0 > acpi_cmbat1: <Control Method Battery> on acpi0 > acpi_acad0: <AC Adapter> on acpi0 > acpi_tz0: <Thermal Zone> on acpi0 > atkbdc0: <Keyboard controller (i8042)> port 0x64,0x60 irq 1 on acpi0 > atkbd0: <AT Keyboard> irq 1 on atkbdc0 > kbd0 at atkbd0 > atkbd0: [GIANT-LOCKED] > psm0: <PS/2 Mouse> irq 12 on atkbdc0 > psm0: [GIANT-LOCKED] > psm0: model IntelliMouse, device ID 3 > sio0: <16550A-compatible COM port> port 0x3f8-0x3ff irq 4 flags 0x10 on > acpi0 sio0: type 16550A, console > ppc0: <ECP parallel printer port> port 0x778-0x77a,0x378-0x37a irq 7 drq 3 > on acpi0 ppc0: SMC-like chipset (ECP/EPP/PS2/NIBBLE) in COMPATIBLE mode > ppc0: FIFO with 16/16/15 bytes threshold > ppbus0: <Parallel port bus> on ppc0 > plip0: <PLIP network interface> on ppbus0 > lpt0: <Printer> on ppbus0 > lpt0: Interrupt-driven port > ppi0: <Parallel I/O> on ppbus0 > pmtimer0 on isa0 > orm0: <ISA Option ROMs> at iomem 0xe0000-0xeffff,0xc0000-0xcbfff on isa0 > sc0: <System console> at flags 0x100 on isa0 > sc0: VGA <16 virtual consoles, flags=0x100> > sio1: configured irq 3 not in bitmap of probed irqs 0 > sio1: port may not be enabled > vga0: <Generic ISA VGA> at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0 > Timecounter "TSC" frequency 995964893 Hz quality 800 > Timecounters tick every 1.000 msec > ad0: 19077MB <FUJITSU MHT2020AT/009A> [38760/16/63] at ata0-master UDMA66 > acd0: CDROM <CD-224E-BA/7.7C> at ata1-master UDMA33 > Trying to mount root from ufs:/dev/ad0s1a > Enter full pathname of shell or RETURN for /bin/sh: > > _______________________________________________ > freebsd-current_at_freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-current > To unsubscribe, send any mail to "freebsd-current-unsubscribe_at_freebsd.org" -- othermark atkin901 at nospam dot yahoo dot com (!wired)?(coffee++):(wired);Received on Mon Feb 14 2005 - 19:56:47 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:28 UTC