Re: Deterministic panic due to non-sleepable lock with if_alc when reconfiguring interfaces

From: YongHyeon PYUN <pyunyh_at_gmail.com>
Date: Fri, 19 Aug 2011 10:06:39 -0700
On Fri, Aug 19, 2011 at 12:17:12AM -0700, Garrett Cooper wrote:
> On Thu, Aug 18, 2011 at 9:31 PM,  <mdf_at_freebsd.org> wrote:
> > On Thu, Aug 18, 2011 at 5:50 PM, Garrett Cooper <yanegomi_at_gmail.com> wrote:
> >> ? ?When loading if_alc as a module on my netbook and running
> >> /etc/rc.d/netif restart, I can deterministically panic my netbook with
> >> the following message:
> 
>     These repro steps were overly simplified. The complete steps are:
> 
> 1. Attach ethernet cable to alc(4) enabled NIC.
> 2. Boot up machine.
> 3. Login.
> 4. Physically remove ethernet cable from alc(4) enabled NIC.
> 5. Run `/etc/rc.d/netif restart' as root.
> 
> >> ) at _bus_dmamap_sync+0x51
> >> alc_stop(c3dbb000,0,c0c51844,93a,80206910,...) at alc_stop+0x24e
> >> alc_ioctl(c3d07400,80206910,c40423c0,c06a7935,c0914e3c,...) at alc_ioctl+0x22e
> >> ifioctl(c45029c0,80206910,c40423c0,c40505c0,c4528c00,...) at ifioctl+0xc98
> >> soo_ioctl(c4574e00,80206910,c40423c0,c413e680,c40505c0,...) at soo_ioctl+0x401
> >> kern_ioctl(c40505c0,3,80206910,c40423c0,c40423c0,...) at kern_ioctl+0x1d7
> >> ioctl(c40505c0,e6ca3cec,e6ca3d28,c08e929d,0,...) at ioctl+0x118
> >> syscallenter(c40505c0,e6ca3ce4,e6ca3ce4,0,0,...) at syscallenter+0x23f
> >> syscall(e6ca3d28) at syscall+0x2e
> >> Xint0x80_syscall() at Xint0x80_syscall+0x21
> >> --- syscall (54kernel trap 12 with interrupts disabled
> >> Kernel page fault with the following non-sleepable locks held:
> >> exclusive sleep mutex alc0 (network driver) r = 0 (0xc3dbc608) locked
> >> _at_ /usr/src/sys/modules/alc/../../dev/alc/if_alc.c:2362
> >> KDB: stack backtrace:
> >> db_trace_self_wrapper(c08e727a,80,6e726500,74206c65,20706172,...) at
> >> db_trace_self_wrapper+0x26
> >> kdb_backtrace(93a,0,ffffffff,c0ad6114,e6ca323c,...) at kdb_backtrace+0x2a
> >> _witness_debugger(c08e9f67,e6ca3250,4,1,0,...) at _witness_debugger+0x1e
> >> witness_warn(5,0,c0924fe1,c097df50,c3e42b00,...) at witness_warn+0x1f1
> >> trap(e6ca32dc) at trap+0x15a
> >> calltrap() at calltrap+0x6
> >>
> >> ? ?I tried to track down what the exact issue was, but I got lost
> >> (the locking sort of looks ok to me, but I'm still not an expert with
> >> mutex(9)).
> >> ? ?I still have the vmcore and can provide more helpful details when requested.
> >
> > The locking itself is almost certainly fine. ?The error message is not
> > very helpful, but what went wrong was the page fault. ?You just happen
> > to panic on a witness warning before vm_fault can panic due to a bad
> > address.
> >
> > The alc(4) maintainer would probably like info on the trap (line of
> > code and where the bad pointer came from).
> 
>     I talked to Xin a bit and as he noted the panic was just a symptom
> of the actual issue at hand. I think the problem is that the rx ring's
> rx_m value isn't set to NULL when an error occurred, but getting to
> the exact problem at hand, the following call is failing:
> 

Could you elaborate on this issue? alc(4) was designed to cope with
this kind error and not resetting rx_m to NULL is intentional
behavior such that alc(4) will reuse previously loaded DMA map and
buffer.

>         if (bus_dmamap_load_mbuf_sg(sc->alc_cdata.alc_rx_tag, // <-- HERE
>             sc->alc_cdata.alc_rx_sparemap, m, segs, &nsegs, 0) != 0) {
>                 m_freem(m);
>                 return (ENOBUFS);
>         }
> 
>     It's failing with ENOMEM. Still trying to determine what the exact
> reason for ENOMEM is from the x86 busdma code though..

bus_dmamap_load_mbuf_sg(9) can return ENOMEM if there is no
available resource and driver should be prepared to recover from
this kind of error.  However I wonder why this happens on almost
idle system.

> Thanks,
> -Garrett
> 
Received on Fri Aug 19 2011 - 15:06:46 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:40:16 UTC