From owner-freebsd-current@FreeBSD.ORG  Tue Nov 25 12:52:35 2003
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 39E0C16A4CE
	for <current@freebsd.org>; Tue, 25 Nov 2003 12:52:35 -0800 (PST)
Received: from mx.dsl.isometry.net (cpc3-oxfd2-6-0-cust207.oxfd.cable.ntl.com
	[81.103.193.207])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 5304F43FCB
	for <current@freebsd.org>; Tue, 25 Nov 2003 12:52:31 -0800 (PST)
	(envelope-from robin@isometry.net)
Received: from isometry.net (ishadow.dsl.isometry.net [195.137.51.150])
	by mx.dsl.isometry.net (Postfix) with ESMTP id 26A21AA
	for <current@freebsd.org>; Tue, 25 Nov 2003 20:52:27 +0000 (UTC)
Message-ID: <3FC3C109.8030101@isometry.net>
Date: Tue, 25 Nov 2003 20:52:25 +0000
From: Robin Breathe <robin@isometry.net>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US;
	rv:1.6b) Gecko/20031119 Thunderbird/0.4a
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: current@freebsd.org
Content-Type: multipart/mixed;
 boundary="------------050406030803040301080709"
Subject: netgraph/ng_eiface double panic & turnstile/sio lock order reversal
 in 5.2-BETA
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 25 Nov 2003 20:52:35 -0000

This is a multi-part message in MIME format.
--------------050406030803040301080709
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit

I've been experiencing a repeatable panic using ng_eiface(4) on -CURRENT 
of the last few days.


Environment:
FreeBSD twiddle.local 5.2-BETA FreeBSD 5.2-BETA #0: Tue Nov 25 19:28:22 
UTC 2003     root@twiddle.local:/home/data/work/usr/src/sys/TWIDDLE  i386

Description:
Shutting down an ng_eiface node which has a non-zero lladdr causes a panic.

How-To-Repeat:
Configure an ng_eiface(4) node, set its lladdr with ifconfig(8), shut it 
down:

################

# cat >/tmp/ngctl
  mkpeer . eiface hook ether
  name .:hook vif0
  rmhook . hook

# ngctl -f /tmp/ngctl
# ifconfig ngeth0 link '00:bd:03:11:25:01'
# ngctl shutdown vif0:
lock order reversal
  1st 0xc0765d8c turnstile chain (turnstile chain) @ 
/usr/src/sys/kern/subr_turnstile.c:370
  2nd 0xc079a500 sio (sio) @ /usr/src/sys/dev/sio/sio.c:3203
Stack backtrace:
backtrace(c070794e,c079a500,c07502c0,c07502c0,c0719757) at backtrace+0x17
witness_lock(c079a500,8,c0719757,c83,3f8) at witness_lock+0x672
_mtx_lock_spin_flags(c079a500,0,c0719757,c83,1) at _mtx_lock_spin_flags+0xda
siocnputc(c0750440,6b,5,ddcb08b4,6b) at siocnputc+0x81
cnputc(6b,c076e780,1,c4a40500,c071d675) at cnputc+0x7a
putchar(6b,ddcb08b4,c053a72d,c076e800,1) at putchar+0x6c
kvprintf(c071d674,c0564b80,ddcb08b4,a,ddcb08d4) at kvprintf+0x8d
printf(c071d674,c,c056ced2,c078ac40,38) at printf+0x57
trap(c0760018,c0760010,c0760010,0,c4a40500) at trap+0xd7
calltrap() at calltrap+0x5
--- trap 0xc, eip = 0xc056a146, esp = 0xddcb0958, ebp = 0xddcb0978 ---
turnstile_wait(0,c479b9c8,1103bd00,1cc,c479b9c8) at turnstile_wait+0x86
_mtx_lock_sleep(c479b9c8,0,c070c7ca,250,c49efe7c) at _mtx_lock_sleep+0x115
_mtx_lock_flags(c479b9c8,0,c070c7ca,250,c0538e1c) at _mtx_lock_flags+0x97
if_detach(c479b808,c4d64300,ddcb0a58,c4dbfa51,c479b808) at if_detach+0x394
ether_ifdetach(c479b808,c070d32d,820,c4d64300,c4d64300) at 
ether_ifdetach+0x30
ng_eiface_rmnode(c4d64300,0,0,c4d64300,c4d64300) at ng_eiface_rmnode+0x61
ng_rmnode(c4d64300,0,0,0,0) at ng_rmnode+0xc7
ng_generic_msg(c4d64300,c48b7780,0,c0768598,c07acfd4) at 
ng_generic_msg+0x11f
ng_apply_item(c4d64300,c48b7780,c070d32d,7d6,c48b7780) at 
ng_apply_item+0x365
ng_snd_item(c48b7780,0,c47a4360,0,0) at ng_snd_item+0x7b6
ngc_send(c4ab4780,0,c1d12800,c47a4820,0) at ngc_send+0x146
sosend(c4ab4780,c47a4820,ddcb0c4c,c1d12800,0) at sosend+0x4cd
kern_sendit(c4a40500,3,ddcb0cc4,0,0) at kern_sendit+0x17c
sendit(c4a40500,3,ddcb0cc4,0,804f034) at sendit+0x16e
sendto(c4a40500,ddcb0d14,c071d6f6,3ee,6) at sendto+0x5b
syscall(2f,2f,2f,bfbfe9c0,bfbfe9c2) at syscall+0x2c0
Xint0x80_syscall() at Xint0x80_syscall+0x1d
--- syscall (133), eip = 0x280c58cf, esp = 0xbfbfe96c, ebp = 0xbfbfebe8 ---
kernel trap 12 with interrupts disabled


Fatal trap 12: page fault while in kernel mode
fault virtual address   = 0x1103bd00
fault code              = supervisor read, page not present
instruction pointer     = 0x8:0xc056a146
stack pointer           = 0x10:0xddcb0958
frame pointer           = 0x10:0xddcb0978
code segment            = base 0x0, limit 0xfffff, type 0x1b
                         = DPL 0, pres 1, def32 1, gran 1
processor eflags        = resume, IOPL = 0
current process         = 582 (ngctl)
kernel: type 12 trap, code=0
Stopped at      turnstile_wait+0x86:    movl    0(%edx),%eax
db> panic
panic: from debugger
Debugger("panic")


Fatal trap 3: breakpoint instruction fault while in kernel mode
instruction pointer     = 0x8:0xc06a9254
stack pointer           = 0x10:0xddcb0720
frame pointer           = 0x10:0xddcb072c
code segment            = base 0x0, limit 0xfffff, type 0x1b
                         = DPL 0, pres 1, def32 1, gran 1
processor eflags        = IOPL = 0
current process         = 582 (ngctl)
Stopped at      turnstile_wait+0x86:    movl    0(%edx),%eax
db> where
turnstile_wait(0,c479b9c8,1103bd00,1cc,c479b9c8) at turnstile_wait+0x86
_mtx_lock_sleep(c479b9c8,0,c070c7ca,250,c49efe7c) at _mtx_lock_sleep+0x115
_mtx_lock_flags(c479b9c8,0,c070c7ca,250,c0538e1c) at _mtx_lock_flags+0x97
if_detach(c479b808,c4d64300,ddcb0a58,c4dbfa51,c479b808) at if_detach+0x394
ether_ifdetach(c479b808,c070d32d,820,c4d64300,c4d64300) at 
ether_ifdetach+0x30
ng_eiface_rmnode(c4d64300,0,0,c4d64300,c4d64300) at ng_eiface_rmnode+0x61
ng_rmnode(c4d64300,0,0,0,0) at ng_rmnode+0xc7
ng_generic_msg(c4d64300,c48b7780,0,c0768598,c07acfd4) at 
ng_generic_msg+0x11f
ng_apply_item(c4d64300,c48b7780,c070d32d,7d6,c48b7780) at 
ng_apply_item+0x365
ng_snd_item(c48b7780,0,c47a4360,0,0) at ng_snd_item+0x7b6
ngc_send(c4ab4780,0,c1d12800,c47a4820,0) at ngc_send+0x146
sosend(c4ab4780,c47a4820,ddcb0c4c,c1d12800,0) at sosend+0x4cd
kern_sendit(c4a40500,3,ddcb0cc4,0,0) at kern_sendit+0x17c
sendit(c4a40500,3,ddcb0cc4,0,804f034) at sendit+0x16e
sendto(c4a40500,ddcb0d14,c071d6f6,3ee,6) at sendto+0x5b
syscall(2f,2f,2f,bfbfe9c0,bfbfe9c2) at syscall+0x2c0
Xint0x80_syscall() at Xint0x80_syscall+0x1d
--- syscall (133, FreeBSD ELF32, sendto), eip = 0x280c58cf, esp = 
0xbfbfe96c, ebp = 0xbfbfebe8 ---
db> panic
panic: from debugger
Uptime: 2m3s
panic: mi_switch: switch in a critical section
Uptime: 2m3s
panic: msleep
Uptime: 2m3s
# repeated a few times
Uptime: 2m3s
panic: msleep
Uptime: 2m3s
panic: msleep

Fatal double fault:
eip = 0xc053a580
esp = 0xddcaf000
ebp = 0xddcaf030
panic: double fault
Uptime: 2m3s
panic: msleep
Uptime: 2m3s
# repeated a few more times
panic: msleep
Uptime: 2m3s
panic: msleep
spin lock sched lock held by Console: serial port

################

Notes:
With kernel debugging options disabled, but still 'options DDB; 
makeoptions DEBUG=-g', the LOR doesn't show up, but the netgraph panic 
is still present.
The above panic is from -CURRENT as of Tue Nov 25 18:00:00 UTC 2003.

This, at least superficially, looks similar to kern/55784 filed against 
4.8-STABLE.

Find attached a full dmesg, with example script, panic and kernel 
config. The system is failing to dump core. I'll happily help debug this 
as much as is necessary before 5.2-REL.

Hopeful,
- Robin

-- 
Robin Breathe              robin@isometry.net              +441865741800

--------------050406030803040301080709
Content-Type: text/plain;
 name="ng_eiface_panic.txt"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
 filename="ng_eiface_panic.txt"

Copyright (c) 1992-2003 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
        The Regents of the University of California. All rights reserved.
FreeBSD 5.2-BETA #0: Tue Nov 25 19:28:22 UTC 2003
    root@twiddle.local:/home/data/work/usr/src/sys/TWIDDLE
Preloaded elf kernel "/boot/kernel/kernel" at 0xc0848000.
Timecounter "i8254" frequency 1193182 Hz quality 0
CPU: Intel(R) Pentium(R) III CPU - S         1400MHz (1407.05-MHz 686-class CPU)
  Origin = "GenuineIntel"  Id = 0x6b4  Stepping = 4
  Features=0x383fbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE>
real memory  = 536784896 (511 MB)
avail memory = 511860736 (488 MB)
ACPI APIC Table: <ASUS   TUSL2-C >
ioapic0 <Version 2.0> irqs 0-23 on motherboard
Pentium Pro MTRR support enabled
VESA: v3.0, 32768k memory, flags:0x1, mode table:0xc07af442 (1000022)
VESA: NVidia
acpi0: <ASUS   TUSL2-C > on motherboard
acpi0: Overriding SCI Interrupt from IRQ 9 to IRQ 20
pcibios: BIOS version 2.10
Using $PIR table, 11 entries at 0xc00f13a0
acpi0: Power Button (fixed)
Timecounter "ACPI-fast" frequency 3579545 Hz quality 1000
acpi_timer0: <24-bit timer at 3.579545MHz> port 0xe408-0xe40b on acpi0
acpi_cpu0: <CPU> on acpi0
acpi_button0: <Power Button> on acpi0
pcib0: <ACPI Host-PCI bridge> port 0xcf8-0xcff on acpi0
pci0: <ACPI PCI bus> on pcib0
agp0: <Intel 82815 (i815 GMCH) host to PCI bridge> mem 0xf8000000-0xfbffffff at device 0.0 on pci0
pcib1: <ACPI PCI-PCI bridge> at device 1.0 on pci0
pci1: <ACPI PCI bus> on pcib1
pci1: <display, VGA> at device 0.0 (no driver attached)
pcib2: <ACPI PCI-PCI bridge> at device 30.0 on pci0
pci2: <ACPI PCI bus> on pcib2
ahc0: <Adaptec 29160 Ultra160 SCSI adapter> port 0xd800-0xd8ff mem 0xed800000-0xed800fff irq 21 at device 9.0 on pci2
aic7892: Ultra160 Wide Channel A, SCSI Id=7, 32/253 SCBs
fxp0: <Intel 82550 Pro/100 Ethernet> port 0xd400-0xd43f mem 0xec800000-0xec81ffff,0xed000000-0xed000fff irq 22 at device 10.0 on pci2
fxp0: Ethernet address 00:02:b3:a7:de:2b
miibus0: <MII bus> on fxp0
inphy0: <i82555 10/100 media interface> on miibus0
inphy0:  10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
pcib3: <PCI-PCI bridge> at device 11.0 on pci2
pci3: <PCI bus> on pcib3
pcib3: slot 8 INTA is routed to irq 23
pcib3: slot 8 INTB is routed to irq 20
pcib3: slot 8 INTC is routed to irq 21
pcib3: slot 11 INTA is routed to irq 22
ohci0: <NEC uPD 9210 USB controller> mem 0xec000000-0xec000fff irq 23 at device 8.0 on pci3
usb0: OHCI version 1.0
usb0: <NEC uPD 9210 USB controller> on ohci0
usb0: USB revision 1.0
uhub0: NEC OHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub0: 3 ports with 3 removable, self powered
ohci1: <NEC uPD 9210 USB controller> mem 0xeb800000-0xeb800fff irq 20 at device 8.1 on pci3
usb1: OHCI version 1.0
usb1: <NEC uPD 9210 USB controller> on ohci1
usb1: USB revision 1.0
uhub1: NEC OHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub1: 2 ports with 2 removable, self powered
pci3: <serial bus, USB> at device 8.2 (no driver attached)
fwohci0: <Texas Instruments TSB12LV26> mem 0xea000000-0xea003fff,0xea800000-0xea8007ff irq 22 at device 11.0 on pci3
fwohci0: OHCI version 1.0 (ROM=1)
fwohci0: No. of Isochronous channel is 4.
fwohci0: EUI64 00:50:42:b5:00:01:11:36
fwohci0: Phy 1394a available S400, 3 ports.
fwohci0: Link S400, max_rec 2048 bytes.
firewire0: <IEEE1394(FireWire) bus> on fwohci0
sbp0: <SBP-2/SCSI over FireWire> on firewire0
fwohci0: Initiate bus reset
fwohci0: BUS reset
fwohci0: node_id=0xc800ffc0, gen=1, CYCLEMASTER mode
firewire0: 1 nodes, maxhop <= 0, cable IRM = 0 (me)
firewire0: bus manager 0 (me)
pci2: <multimedia, audio> at device 12.0 (no driver attached)
pci2: <input device> at device 12.1 (no driver attached)
isab0: <PCI-ISA bridge> at device 31.0 on pci0
isa0: <ISA bus> on isab0
atapci0: <Intel ICH2 UDMA100 controller> port 0xa800-0xa80f at device 31.1 on pci0
ata0: at 0x1f0 irq 14 on atapci0
ata0: [MPSAFE]
ata1: at 0x170 irq 15 on atapci0
ata1: [MPSAFE]
uhci0: <Intel 82801BA/BAM (ICH2) USB controller USB-A> port 0xa400-0xa41f irq 19 at device 31.2 on pci0
usb2: <Intel 82801BA/BAM (ICH2) USB controller USB-A> on uhci0
usb2: USB revision 1.0
uhub2: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub2: 2 ports with 2 removable, self powered
ichsmb0: <Intel 82801BA (ICH2) SMBus controller> port 0xe800-0xe80f irq 17 at device 31.3 on pci0
smbus0: <System Management Bus> on ichsmb0
smb0: <SMBus generic I/O> on smbus0
uhci1: <Intel 82801BA/BAM (ICH2) USB controller USB-B> port 0xa000-0xa01f irq 23 at device 31.4 on pci0
usb3: <Intel 82801BA/BAM (ICH2) USB controller USB-B> on uhci1
usb3: USB revision 1.0
uhub3: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub3: 2 ports with 2 removable, self powered
sio0 port 0x3f8-0x3ff irq 4 on acpi0
sio0: type 16550A, console
sio1 port 0x2f8-0x2ff irq 3 on acpi0
sio1: type 16550A
atkbdc0: <Keyboard controller (i8042)> port 0x64,0x60 irq 1 on acpi0
npx0: [FAST]
stray irq13
npx0: <math processor> on motherboard
npx0: INT 16 interface
orm0: <Option ROM> at iomem 0xd4000-0xd57ff on isa0
pmtimer0 on isa0
sc0: <System console> at flags 0x100 on isa0
sc0: VGA <16 virtual consoles, flags=0x100>
vga0: <Generic ISA VGA> at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0
Timecounter "TSC" frequency 1407045712 Hz quality 800
Timecounters tick every 1.000 msec
acd0: DVDROM <JLMS XJ-HD166S> at ata0-master PIO4
Waiting 10 seconds for SCSI devices to settle
GEOM: create disk da0 dp=0xc4a06050
da0 at ahc0 bus 0 target 0 lun 0
da0: <FUJITSU MAP3367NP 5605> Fixed Direct Access SCSI-3 device
da0: 160.000MB/s transfers (80.000MHz, offset 127, 16bit), Tagged Queueing Enabled
da0: 34732MB (71132959 512 byte sectors: 64H 32S/T 34732C)
Mounting root from ufs:/dev/da0s1a
Loading configuration files.
Entropy harvesting: interrupts ethernet point_to_point.
kernel dumps on /dev/da0s1b
swapon: adding /dev/da0s1b as swap device
Starting file system checks:
/dev/da0s1a: FILE SYSTEM CLEAN; SKIPPING CHECKS
/dev/da0s1a: clean, 92026 free (778 frags, 11406 blocks, 0.6% fragmentation)
/dev/da0s1e: FILE SYSTEM CLEAN; SKIPPING CHECKS
/dev/da0s1e: clean, 3544678 free (28734 frags, 439493 blocks, 0.7% fragmentation)
/dev/da0s1d: FILE SYSTEM CLEAN; SKIPPING CHECKS
/dev/da0s1d: clean, 185934 free (110 frags, 23228 blocks, 0.0% fragmentation)
/dev/da0s2d: FILE SYSTEM CLEAN; SKIPPING CHECKS
/dev/da0s2d: clean, 1006689 free (33 frags, 125832 blocks, 0.0% fragmentation)
/dev/da0s2e: FILE SYSTEM CLEAN; SKIPPING CHECKS
/dev/da0s2e: clean, 1133573 free (789 frags, 141598 blocks, 0.0% fragmentation)
/dev/da0s2f: FILE SYSTEM CLEAN; SKIPPING CHECKS
/dev/da0s2f: clean, 9025368 free (1392 frags, 1127997 blocks, 0.0% fragmentation)
Setting hostname: twiddle.local.
fxp0: Microcode loaded, int_delay: 1000 usec  bundle_max: 6
fxp0: Microcode loaded, int_delay: 1000 usec  bundle_max: 6
fxp0: flags=9843<UP,BROADCAST,RUNNING,SIMPLEX,LINK0,MULTICAST> mtu 1500
        options=3<RXCSUM,TXCSUM>
        inet 195.137.51.153 netmask 0xfffffff0 broadcast 195.137.51.159
        inet6 fe80::202:b3ff:fea7:de2b%fxp0 prefixlen 64 tentative scopeid 0x1
        ether 00:02:b3:a7:de:2b
        media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
        inet 127.0.0.1 netmask 0xff000000
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2
add net default: gateway 195.137.51.158
Additional routing options:.
hw.bus.devctl_disable: 0 -> 1
Mounting NFS file systems:.
Starting syslogd.
Nov 25 19:43:03 twiddle syslogd: kernel boot file is /boot/kernel/kernel
Checking for core dump...
savecore: no dumps found
Turning on accounting.
NFS access cache time=2
Nov 25 19:43:03 twiddle kernel: Accounting enabled
ELF ldconfig path: /lib /usr/lib /usr/lib/compat /usr/X11R6/lib /usr/local/lib
a.out ldconfig path: /usr/lib/aout /usr/lib/compat/aout /usr/X11R6/lib/aout
Recovering vi editor sessions:.
Starting usbd.
Starting local daemons:.
Updating motd.
Starting ntpd.
Configuring syscons: blanktime.
Starting sshd.
Initial i386 initialization:.
Additional ABI support:.
Starting cron.
Local package initialization:.
Additional TCP options:.
Starting background file system checks in 60 seconds.

Tue Nov 25 19:43:06 UTC 2003

FreeBSD/i386
FreeBSD/i386 (twiddle.local) (console)

login: root
Nov 25 19:44:05 twiddle login: ROOT LOGIN (root) ON console
Last login: Tue Nov 25 19:03:06 on console
Copyright (c) 1992-2003 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
        The Regents of the University of California. All rights reserved.

FreeBSD 5.2-BETA (TWIDDLE) #0: Tue Nov 25 19:28:22 UTC 2003

You have new mail.
twiddle# uname -a
FreeBSD twiddle.local 5.2-BETA FreeBSD 5.2-BETA #0: Tue Nov 25 19:28:22 UTC 2003     root@twiddle.local:/home/data/work/usr/src/sys/TWIDDLE  i386
twiddle# cat ./panic
#!/bin/sh -x

################################################################################
# 
# How to repeat the panic:
#

cat <<'EOF' >/tmp/ngctl.cmd
 list
 mkpeer . eiface hook ether
 name .:hook vif0
 rmhook . hook
 list
 show vif0:
EOF
ngctl -f /tmp/ngctl.cmd

ifconfig ngeth0
ifconfig ngeth0 link '00:bd:03:11:25:01'
ifconfig ngeth0

ngctl show vif0:
sleep 1

ngctl shutdown vif0:
# !PANIC

################################################################################

twiddle# ./panic
+ cat
+ ngctl -f /tmp/ngctl.cmd
There are 2 total nodes:
  Name: ngctl576        Type: socket          ID: 00000002   Num hooks: 0
  Name: fxp0            Type: ether           ID: 00000001   Num hooks: 0
There are 4 total nodes:
  Name: ngeth0          Type: ether           ID: 00000004   Num hooks: 0
  Name: vif0            Type: eiface          ID: 00000003   Num hooks: 0
  Name: ngctl576        Type: socket          ID: 00000002   Num hooks: 0
  Name: fxp0            Type: ether           ID: 00000001   Num hooks: 0
  Name: vif0            Type: eiface          ID: 00000003   Num hooks: 0
+ ifconfig ngeth0
ngeth0: flags=8802<BROADCAST,SIMPLEX,MULTICAST> mtu 1500
        ether 00:00:00:00:00:00
+ ifconfig ngeth0 link 00:bd:03:11:25:01
+ ifconfig ngeth0
ngeth0: flags=8802<BROADCAST,SIMPLEX,MULTICAST> mtu 1500
        ether 00:bd:03:11:25:01
+ ngctl show vif0:
  Name: vif0            Type: eiface          ID: 00000003   Num hooks: 0
+ sleep 1
+ ngctl shutdown vif0:
lock order reversal
 1st 0xc0765d8c turnstile chain (turnstile chain) @ /usr/src/sys/kern/subr_turnstile.c:370
 2nd 0xc079a500 sio (sio) @ /usr/src/sys/dev/sio/sio.c:3203
Stack backtrace:
backtrace(c070794e,c079a500,c07502c0,c07502c0,c0719757) at backtrace+0x17
witness_lock(c079a500,8,c0719757,c83,3f8) at witness_lock+0x672
_mtx_lock_spin_flags(c079a500,0,c0719757,c83,1) at _mtx_lock_spin_flags+0xda
siocnputc(c0750440,6b,5,ddcb08b4,6b) at siocnputc+0x81
cnputc(6b,c076e780,1,c4a40500,c071d675) at cnputc+0x7a
putchar(6b,ddcb08b4,c053a72d,c076e800,1) at putchar+0x6c
kvprintf(c071d674,c0564b80,ddcb08b4,a,ddcb08d4) at kvprintf+0x8d
printf(c071d674,c,c056ced2,c078ac40,38) at printf+0x57
trap(c0760018,c0760010,c0760010,0,c4a40500) at trap+0xd7
calltrap() at calltrap+0x5
--- trap 0xc, eip = 0xc056a146, esp = 0xddcb0958, ebp = 0xddcb0978 ---
turnstile_wait(0,c479b9c8,1103bd00,1cc,c479b9c8) at turnstile_wait+0x86
_mtx_lock_sleep(c479b9c8,0,c070c7ca,250,c49efe7c) at _mtx_lock_sleep+0x115
_mtx_lock_flags(c479b9c8,0,c070c7ca,250,c0538e1c) at _mtx_lock_flags+0x97
if_detach(c479b808,c4d64300,ddcb0a58,c4dbfa51,c479b808) at if_detach+0x394
ether_ifdetach(c479b808,c070d32d,820,c4d64300,c4d64300) at ether_ifdetach+0x30
ng_eiface_rmnode(c4d64300,0,0,c4d64300,c4d64300) at ng_eiface_rmnode+0x61
ng_rmnode(c4d64300,0,0,0,0) at ng_rmnode+0xc7
ng_generic_msg(c4d64300,c48b7780,0,c0768598,c07acfd4) at ng_generic_msg+0x11f
ng_apply_item(c4d64300,c48b7780,c070d32d,7d6,c48b7780) at ng_apply_item+0x365
ng_snd_item(c48b7780,0,c47a4360,0,0) at ng_snd_item+0x7b6
ngc_send(c4ab4780,0,c1d12800,c47a4820,0) at ngc_send+0x146
sosend(c4ab4780,c47a4820,ddcb0c4c,c1d12800,0) at sosend+0x4cd
kern_sendit(c4a40500,3,ddcb0cc4,0,0) at kern_sendit+0x17c
sendit(c4a40500,3,ddcb0cc4,0,804f034) at sendit+0x16e
sendto(c4a40500,ddcb0d14,c071d6f6,3ee,6) at sendto+0x5b
syscall(2f,2f,2f,bfbfe9c0,bfbfe9c2) at syscall+0x2c0
Xint0x80_syscall() at Xint0x80_syscall+0x1d
--- syscall (133), eip = 0x280c58cf, esp = 0xbfbfe96c, ebp = 0xbfbfebe8 ---
kernel trap 12 with interrupts disabled


Fatal trap 12: page fault while in kernel mode
fault virtual address   = 0x1103bd00
fault code              = supervisor read, page not present
instruction pointer     = 0x8:0xc056a146
stack pointer           = 0x10:0xddcb0958
frame pointer           = 0x10:0xddcb0978
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, def32 1, gran 1
processor eflags        = resume, IOPL = 0
current process         = 582 (ngctl)
kernel: type 12 trap, code=0
Stopped at      turnstile_wait+0x86:    movl    0(%edx),%eax
db> where
turnstile_wait(0,c479b9c8,1103bd00,1cc,c479b9c8) at turnstile_wait+0x86
_mtx_lock_sleep(c479b9c8,0,c070c7ca,250,c49efe7c) at _mtx_lock_sleep+0x115
_mtx_lock_flags(c479b9c8,0,c070c7ca,250,c0538e1c) at _mtx_lock_flags+0x97
if_detach(c479b808,c4d64300,ddcb0a58,c4dbfa51,c479b808) at if_detach+0x394
ether_ifdetach(c479b808,c070d32d,820,c4d64300,c4d64300) at ether_ifdetach+0x30
ng_eiface_rmnode(c4d64300,0,0,c4d64300,c4d64300) at ng_eiface_rmnode+0x61
ng_rmnode(c4d64300,0,0,0,0) at ng_rmnode+0xc7
ng_generic_msg(c4d64300,c48b7780,0,c0768598,c07acfd4) at ng_generic_msg+0x11f
ng_apply_item(c4d64300,c48b7780,c070d32d,7d6,c48b7780) at ng_apply_item+0x365
ng_snd_item(c48b7780,0,c47a4360,0,0) at ng_snd_item+0x7b6
ngc_send(c4ab4780,0,c1d12800,c47a4820,0) at ngc_send+0x146
sosend(c4ab4780,c47a4820,ddcb0c4c,c1d12800,0) at sosend+0x4cd
kern_sendit(c4a40500,3,ddcb0cc4,0,0) at kern_sendit+0x17c
sendit(c4a40500,3,ddcb0cc4,0,804f034) at sendit+0x16e
sendto(c4a40500,ddcb0d14,c071d6f6,3ee,6) at sendto+0x5b
syscall(2f,2f,2f,bfbfe9c0,bfbfe9c2) at syscall+0x2c0
Xint0x80_syscall() at Xint0x80_syscall+0x1d
--- syscall (133, FreeBSD ELF32, sendto), eip = 0x280c58cf, esp = 0xbfbfe96c, ebp = 0xbfbfebe8 ---
db> panic
panic: from debugger
Debugger("panic")


Fatal trap 3: breakpoint instruction fault while in kernel mode
instruction pointer     = 0x8:0xc06a9254
stack pointer           = 0x10:0xddcb0720
frame pointer           = 0x10:0xddcb072c
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, def32 1, gran 1
processor eflags        = IOPL = 0
current process         = 582 (ngctl)
Stopped at      turnstile_wait+0x86:    movl    0(%edx),%eax
db> where
turnstile_wait(0,c479b9c8,1103bd00,1cc,c479b9c8) at turnstile_wait+0x86
_mtx_lock_sleep(c479b9c8,0,c070c7ca,250,c49efe7c) at _mtx_lock_sleep+0x115
_mtx_lock_flags(c479b9c8,0,c070c7ca,250,c0538e1c) at _mtx_lock_flags+0x97
if_detach(c479b808,c4d64300,ddcb0a58,c4dbfa51,c479b808) at if_detach+0x394
ether_ifdetach(c479b808,c070d32d,820,c4d64300,c4d64300) at ether_ifdetach+0x30
ng_eiface_rmnode(c4d64300,0,0,c4d64300,c4d64300) at ng_eiface_rmnode+0x61
ng_rmnode(c4d64300,0,0,0,0) at ng_rmnode+0xc7
ng_generic_msg(c4d64300,c48b7780,0,c0768598,c07acfd4) at ng_generic_msg+0x11f
ng_apply_item(c4d64300,c48b7780,c070d32d,7d6,c48b7780) at ng_apply_item+0x365
ng_snd_item(c48b7780,0,c47a4360,0,0) at ng_snd_item+0x7b6
ngc_send(c4ab4780,0,c1d12800,c47a4820,0) at ngc_send+0x146
sosend(c4ab4780,c47a4820,ddcb0c4c,c1d12800,0) at sosend+0x4cd
kern_sendit(c4a40500,3,ddcb0cc4,0,0) at kern_sendit+0x17c
sendit(c4a40500,3,ddcb0cc4,0,804f034) at sendit+0x16e
sendto(c4a40500,ddcb0d14,c071d6f6,3ee,6) at sendto+0x5b
syscall(2f,2f,2f,bfbfe9c0,bfbfe9c2) at syscall+0x2c0
Xint0x80_syscall() at Xint0x80_syscall+0x1d
--- syscall (133, FreeBSD ELF32, sendto), eip = 0x280c58cf, esp = 0xbfbfe96c, ebp = 0xbfbfebe8 ---
db> panic
panic: from debugger
Uptime: 2m3s
panic: mi_switch: switch in a critical section
Uptime: 2m3s
panic: msleep
Uptime: 2m3s
panic: msleep
Uptime: 2m3s
panic: msleep
Uptime: 2m3s
panic: msleep
Uptime: 2m3s
panic: msleep
Uptime: 2m3s
panic: msleep
Uptime: 2m3s
panic: msleep
Uptime: 2m3s
panic: msleep
Uptime: 2m3s
panic: msleep
Uptime: 2m3s
panic: msleep
Uptime: 2m3s
panic: msleep
Uptime: 2m3s
panic: msleep
Uptime: 2m3s
panic: msleep
Uptime: 2m3s
panic: msleep
Uptime: 2m3s
panic: msleep
Uptime: 2m3s
panic: msleep
Uptime: 2m3s
panic: msleep
Uptime: 2m3s
panic: msleep

Fatal double fault:
eip = 0xc053a580
esp = 0xddcaf000
ebp = 0xddcaf030
panic: double fault
Uptime: 2m3s
panic: msleep
Uptime: 2m3s
panic: msleep
Uptime: 2m3s
panic: msleep
Uptime: 2m3s
panic: msleep
Uptime: 2m3s
panic: msleep
Uptime: 2m3s
panic: msleep
Uptime: 2m3s
panic: msleep
Uptime: 2m3s
panic: msleep
Uptime: 2m3s
panic: msleep
Uptime: 2m3s
panic: msleep
Uptime: 2m3s
panic: msleep
Uptime: 2m3s
panic: msleep
Uptime: 2m3s
panic: msleep
Uptime: 2m3s
panic: msleep
Uptime: 2m3s
panic: msleep
Uptime: 2m3s
panic: msleep
Uptime: 2m3s
panic: msleep
Uptime: 2m3s
panic: msleep
Uptime: 2m3s
panic: msleep
Uptime: 2m3s
panic: msleep
Uptime: 2m3s
panic: msleep
Uptime: 2m3s
panic: msleep
spin lock sched lock held by Console: serial port

################################################################################
################################################################################

twiddle# cat /usr/src/sys/i386/conf/TWIDDLE
#
# TWIDDLE -- kernel configuration file for FreeBSD/i386
#

machine         i386
cpu             I686_CPU
ident           TWIDDLE

options         INCLUDE_CONFIG_FILE     # Include this file in kernel
options         ROOTDEVNAME=\"ufs:da0s1a\"

# Debugging for use in -current
options         DDB                     #Enable the kernel debugger
makeoptions     DEBUG=-g                #Build kernel with gdb(1) debug symbols

options         INVARIANTS              #Enable calls of extra sanity checking
options         INVARIANT_SUPPORT       #Extra sanity checks of internal structures, required by INVARIANTS
options         WITNESS                 #Enable checks to detect deadlocks and cycles
#options        WITNESS_SKIPSPIN        #Don't run witness on spinlocks for speed

# Network performance options
options         ZERO_COPY_SOCKETS       #zero_copy(9)
options         DEVICE_POLLING          #polling(4)
options         HZ=1000                 #Smoother packet processing

#To statically compile in device wiring instead of /boot/device.hints
#hints          "TWIDDLE.hints"         #Default places to look for devices.

options         SCHED_4BSD              #4BSD scheduler
#options        SCHED_ULE               #Alternative SMP scheduler
options         INET                    #InterNETworking
options         INET6                   #IPv6 communications protocols
options         FFS                     #Berkeley Fast Filesystem
options         SOFTUPDATES             #Enable FFS soft updates support
options         UFS_ACL                 #Support for access control lists
options         UFS_DIRHASH             #Improve performance on big directories
options         MD_ROOT                 #MD is a potential root device
options         NFSCLIENT               #Network Filesystem Client
options         NFSSERVER               #Network Filesystem Server
#options        NFS_ROOT                #NFS usable as root device, requires NFSCLIENT
#options        MSDOSFS                 #MSDOS Filesystem
options         CD9660                  #ISO 9660 Filesystem
options         PROCFS                  #Process filesystem (requires PSEUDOFS)
options         PSEUDOFS                #Pseudo-filesystem framework
options         COMPAT_43               #Compatible with BSD 4.3 [KEEP THIS!]
options         COMPAT_FREEBSD4         #Compatible with FreeBSD4
options         SCSI_DELAY=10000        #Delay (in ms) before probing SCSI
options         KTRACE                  #ktrace(1) support
options         SYSVSHM                 #SYSV-style shared memory
options         SYSVMSG                 #SYSV-style message queues
options         SYSVSEM                 #SYSV-style semaphores
options         _KPOSIX_PRIORITY_SCHEDULING #Posix P1003_1B real-time extensions
options         KBD_INSTALL_CDEV        # install a CDEV entry in /dev
#options        AHC_REG_PRETTY_PRINT    # Print register bitfields in debug
                                        # output.  Adds ~128k to driver.
#options        AHD_REG_PRETTY_PRINT    # Print register bitfields in debug
                                        # output.  Adds ~215k to driver.

device          apic

device          acpi
device          isa
device          pci

# SMBus for healthd
device          smbus                   # Bus support, required for smb below.
device          intpm
device          ichsmb
device          smb
device          iicbus
device          iicbb
device          iic
device          iicsmb

# Floppy drives
#device         fdc

# ATA and ATAPI devices
device          ata
device          atadisk                 # ATA disk drives
device          atapicd                 # ATAPI CDROM drives
options         ATA_STATIC_ID           #Static device numbering

# SCSI Controllers
device          ahc             # AHA2940 and onboard AIC7xxx devices
#device         ahd             # AHA39320/29320 and onboard AIC79xx devices

# SCSI peripherals
device          scbus           # SCSI bus (required)
#device         ch              # SCSI media changers
device          da              # Direct Access (disks)
device          sa              # Sequential Access (tape etc)
device          cd              # CD
device          pass            # Passthrough device (direct SCSI access)
device          ses             # SCSI Environmental Services (and SAF-TE)

# RAID controllers
#device         twe             # 3ware ATA RAID

# atkbdc0 controls both the keyboard and the PS/2 mouse
device          atkbdc          # AT keyboard controller
device          atkbd           # AT keyboard
device          psm             # PS/2 mouse

device          vga             # VGA video card driver

device          splash          # Splash screen and screen saver support

# syscons is the default console driver, resembling an SCO console
device          sc
options         SC_HISTORY_SIZE=2048

# Enable this for the pcvt (VT220 compatible) console driver
#device         vt
#options        XSERVER                 # support for X server on a vt console
#options        FAT_CURSOR              # start with block cursor

device          agp             # support several AGP chipsets

options         VESA            # SUpport for VESA video modes

# Floating point support - do not disable.
device          npx

# Power management support (see NOTES for more options)
#device         apm
# Add suspend/resume support for the i8254.
device          pmtimer

# -- sio(4): Serial (COM) ports
device          sio             # 8250, 16[45]50 based serial ports
options         CONSPEED=115200 # speed for serial console
                                # (default 9600)

# -- ppc(4): Parallel port
#device         ppc
#device         ppbus           # Parallel port bus (required)
#device         lpt             # Printer
#device         ppi             # Parallel port interface device

# PCI Ethernet NICs that use the common MII bus controller code.
# NOTE: Be sure to keep the 'device miibus' line in order to use these NICs!
device          miibus          # MII bus support
device          fxp             # Intel EtherExpress PRO/100B (82557, 82558)
device          bge             # Broadcom BCM570xx Gigabit Ethernet

# -- netgraph(4)
options         NETGRAPH
options         NETGRAPH_ETHER  # No autoload

# Pseudo devices - the number indicates how many units to allocate.
device          random          # Entropy device
device          loop            # Network loopback
device          ether           # Ethernet support
#device         sl              # Kernel SLIP
#device         ppp             # Kernel PPP
device          tun             # Packet tunnel.
device          pty             # Pseudo-ttys (telnet etc)
device          md              # Memory "disks"
device          gif             # IPv6 and IPv4 tunneling
device          faith           # IPv6-to-IPv4 relaying (translation)

# The `bpf' device enables the Berkeley Packet Filter.
# Be aware of the administrative consequences of enabling this!
device          bpf             # Berkeley packet filter

# USB support
device          uhci            # UHCI PCI->USB interface
device          ohci            # OHCI PCI->USB interface
device          usb             # USB Bus (required)
#device         udbp            # USB Double Bulk Pipe devices
device          ugen            # Generic
device          uhid            # "Human Interface Devices"
device          ukbd            # Keyboard
device          ums             # Mouse

# FireWire support
device          firewire        # FireWire bus code
device          sbp             # SCSI over FireWire (Requires scbus and da)
#device         fwe             # Ethernet over FireWire (non-standard!)


--------------050406030803040301080709--