From owner-freebsd-current@FreeBSD.ORG Tue Feb 8 18:27:22 2005 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4D5FB16A4CE for ; Tue, 8 Feb 2005 18:27:22 +0000 (GMT) Received: from mail-gw1.york.ac.uk (mail-gw1.york.ac.uk [144.32.128.246]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7A8F143D48 for ; Tue, 8 Feb 2005 18:27:21 +0000 (GMT) (envelope-from gavin.atkinson@ury.york.ac.uk) Received: from buffy.york.ac.uk (buffy.york.ac.uk [144.32.226.160]) by mail-gw1.york.ac.uk (8.12.10/8.12.10) with ESMTP id j18IRJk6000011; Tue, 8 Feb 2005 18:27:19 GMT Received: from buffy.york.ac.uk (localhost [127.0.0.1]) by buffy.york.ac.uk (8.13.1/8.13.1) with ESMTP id j18IRJPw001756; Tue, 8 Feb 2005 18:27:19 GMT (envelope-from gavin.atkinson@ury.york.ac.uk) Received: (from ga9@localhost) by buffy.york.ac.uk (8.13.1/8.13.1/Submit) id j18IRINg001755; Tue, 8 Feb 2005 18:27:18 GMT (envelope-from gavin.atkinson@ury.york.ac.uk) X-Authentication-Warning: buffy.york.ac.uk: ga9 set sender to gavin.atkinson@ury.york.ac.uk using -f From: Gavin Atkinson To: freebsd-current@freebsd.org Content-Type: text/plain Content-Transfer-Encoding: 7bit Date: Tue, 08 Feb 2005 18:27:17 +0000 Message-Id: <1107887237.793.26.camel@buffy.york.ac.uk> Mime-Version: 1.0 X-Mailer: Evolution 2.0.3 FreeBSD GNOME Team Port X-York-MailScanner: Found to be clean X-York-MailScanner-From: gavin.atkinson@ury.york.ac.uk Subject: fxp0 and vlan panic X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Feb 2005 18:27:22 -0000 Hey, There's an easily reproduceable panic involving configuring vlans on fxp cards. I've recreated it in single user mode on a top-of-tree -CURRENT machine as well as on a 5.3-STABLE machine. Enter full pathname of shell or RETURN for /bin/sh: # ifconfig vlan0 create # ifconfig vlan0 vlan 123 vlandev fxp0 # ifconfig vlan0 inet 1.2.3.4 lock order reversal 1st 0xc15f6268 fxp0 (network driver) @ /usr/src/sys/dev/fxp/if_fxp.c:2389 2nd 0xc14c7ad0 user map (user map) @ /usr/src/sys/vm/vm_map.c:2998 KDB: stack backtrace: kdb_backtrace(0,ffffffff,c08f7ae0,c08f8a08,c08852ac) at kdb_backtrace+0x29 witness_checkorder(c14c7ad0,9,c083d2a9,bb6) at witness_checkorder+0x54c _sx_xlock(c14c7ad0,c083d2a9,bb6) at _sx_xlock+0x50 _vm_map_lock_read(c14c7a8c,c083d2a9,bb6,2000046,c1595458) at _vm_map_lock_read+0x37 vm_map_lookup(cbdf3804,0,2,cbdf3808,cbdf37f8) at vm_map_lookup+0x28 vm_fault(c14c7a8c,0,2,8,c1594450) at vm_fault+0x66 trap_pfault(cbdf38cc,0,0) at trap_pfault+0xf2 trap(c15f0018,cbdf0010,c0630010,c15f6000,c15f6000) at trap+0x335 calltrap() at calltrap+0x5 --- trap 0xc, eip = 0xc051e966, esp = 0xcbdf390c, ebp = 0xcbdf3918 --- fxp_mc_setup(c15f6000) at fxp_mc_setup+0x62 fxp_ioctl(c15f6000,80206931,0) at fxp_ioctl+0x112 if_addmulti(c15f6000,cbdf3980,cbdf397c,c1667d48,cbdf3988) at if_addmulti+0x223 vlan_setmulti(c1667c40,cbdf39fc,c060a5d5,c088cd80,40) at vlan_setmulti+0x139 vlan_ioctl(c1733800,80206931,0) at vlan_ioctl+0x3e if_addmulti(c1733800,cbdf3a4c,cbdf3a48,cbdf3a4c,1c) at if_addmulti+0x223 in6_addmulti(cbdf3a9c,c1733800,cbdf3a94) at in6_addmulti+0x4c in6_update_ifa(c1733800,cbdf3b9c,0) at in6_update_ifa+0x4ce in6_ifattach_linklocal(c1733800,0) at in6_ifattach_linklocal+0xe5 in6_ifattach(c1733800,0,8040691a,8040691a,0) at in6_ifattach+0xa9 in6_if_up(c1733800) at in6_if_up+0x13 ifioctl(c173da60,8040691a,c1667dc0,c1594450,0) at ifioctl+0x1f8 soo_ioctl(c1724708,8040691a,c1667dc0,c14b9780,c1594450) at soo_ioctl+0x2db ioctl(c1594450,cbdf3d14,3,2,282) at ioctl+0x370 syscall(2f,2f,2f,80543a0,1) at syscall+0x213 Xint0x80_syscall() at Xint0x80_syscall+0x1f --- syscall (54, FreeBSD ELF32, ioctl), eip = 0x280c44f3, esp = 0xbfbfe5cc, ebp = 0xbfbfee18 --- Fatal trap 12: page fault while in kernel mode cpuid = 0; apic id = 00 fault virtual address = 0x0 fault code = supervisor write, page not present instruction pointer = 0x8:0xc051e966 stack pointer = 0x10:0xcbdf390c frame pointer = 0x10:0xcbdf3918 code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, def32 1, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 56 (ifconfig) [thread pid 56 tid 100043 ] Stopped at fxp_mc_setup+0x62: movw $0,0(%eax) db> db> tr Tracing pid 56 tid 100043 td 0xc1594450 fxp_mc_setup(c15f6000) at fxp_mc_setup+0x62 fxp_ioctl(c15f6000,80206931,0) at fxp_ioctl+0x112 if_addmulti(c15f6000,cbdf3980,cbdf397c,c1667d48,cbdf3988) at if_addmulti+0x223 vlan_setmulti(c1667c40,cbdf39fc,c060a5d5,c088cd80,40) at vlan_setmulti+0x139 vlan_ioctl(c1733800,80206931,0) at vlan_ioctl+0x3e if_addmulti(c1733800,cbdf3a4c,cbdf3a48,cbdf3a4c,1c) at if_addmulti+0x223 in6_addmulti(cbdf3a9c,c1733800,cbdf3a94) at in6_addmulti+0x4c in6_update_ifa(c1733800,cbdf3b9c,0) at in6_update_ifa+0x4ce in6_ifattach_linklocal(c1733800,0) at in6_ifattach_linklocal+0xe5 in6_ifattach(c1733800,0,8040691a,8040691a,0) at in6_ifattach+0xa9 in6_if_up(c1733800) at in6_if_up+0x13 ifioctl(c173da60,8040691a,c1667dc0,c1594450,0) at ifioctl+0x1f8 soo_ioctl(c1724708,8040691a,c1667dc0,c14b9780,c1594450) at soo_ioctl+0x2db ioctl(c1594450,cbdf3d14,3,2,282) at ioctl+0x370 syscall(2f,2f,2f,80543a0,1) at syscall+0x213 Xint0x80_syscall() at Xint0x80_syscall+0x1f --- syscall (54, FreeBSD ELF32, ioctl), eip = 0x280c44f3, esp = 0xbfbfe5cc, ebp = 0xbfbfee18 --- fxp_mc_setup+0x62 seems to correspond to the following code in sys/dev/fxp/if_fxp.c: (line 2554) /* * Add a NOP command with interrupt so that we are notified * when all TX commands have been processed. */ txp = sc->fxp_desc.tx_last->tx_next; txp->tx_mbuf = NULL; --> txp->tx_cb->cb_status = 0; txp->tx_cb->cb_command = htole16(FXP_CB_COMMAND_NOP | FXP_CB_COMMAND_S | FXP_CB_COMMAND_I); txp->tx_cb is NULL at this point. This seems to be because fxp_init() has never been called. (both validated by instrumenting the code in question) Note also that the panic does not seem to occur if you do anything with fxp0 before doing something with the vlans. For example, assigning it an address, or even just bringing it up seems to prevent the panic. In this situation, where should fxp_init be called from? Presumably it's not the responsibility of the vlan code - as when it gets called we could already be using the interface and reinitialising it wouldn't be a nice thing to do. But then, what should be initialising it? And as an aside, is the detour via inet6 correct for what is entirely inet4? Sadly I can't get a dump on this machine. dmesg below. Gavin GDB: no debug ports present KDB: debugger backends: ddb KDB: current backend: ddb Copyright (c) 1992-2005 The FreeBSD Project. Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 The Regents of the University of California. All rights reserved. FreeBSD 6.0-CURRENT #0: Mon Feb 7 13:10:26 GMT 2005 root@thi.bu.nker.net:/usr/obj/usr/src/sys/GENERIC WARNING: WITNESS option enabled, expect reduced performance. Timecounter "i8254" frequency 1193182 Hz quality 0 CPU: Intel(R) Pentium(R) III Mobile CPU 1000MHz (995.96-MHz 686-class CPU) Origin = "GenuineIntel" Id = 0x6b1 Stepping = 1 Features=0x383f9ff real memory = 251002880 (239 MB) avail memory = 236322816 (225 MB) npx0: [FAST] npx0: on motherboard npx0: INT 16 interface acpi0: on motherboard acpi0: Power Button (fixed) Timecounter "ACPI-safe" frequency 3579545 Hz quality 1000 acpi_timer0: <24-bit timer at 3.579545MHz> port 0xee08-0xee0b on acpi0 cpu0: on acpi0 pcib0: port 0xcf8-0xcff on acpi0 pci_link0: irq 11 on acpi0 pci_link1: irq 11 on acpi0 pci_link2: irq 11 on acpi0 pci_link3: irq 11 on acpi0 pci_link4: irq 11 on acpi0 pci_link5: irq 11 on acpi0 pci0: on pcib0 pcib1: at device 1.0 on pci0 pci1: on pcib1 pci1: at device 0.0 (no driver attached) ohci0: mem 0xf7eff000-0xf7efffff irq 11 at device 2.0 on pci0 ohci0: [GIANT-LOCKED] usb0: OHCI version 1.0, legacy support usb0: SMM does not respond, resetting usb0: on ohci0 usb0: USB revision 1.0 uhub0: AcerLabs OHCI root hub, class 9/0, rev 1.00/1.00, addr 1 uhub0: 3 ports with 3 removable, self powered atapci0: port 0xeff0-0xefff,0x376,0x170-0x177,0x3f6,0x1f0-0x1f7 at device 4.0 on pci0 ata0: channel #0 on atapci0 ata1: channel #1 on atapci0 pcm0: port 0xed00-0xedff mem 0xf7efe000-0xf7efefff irq 11 at device 6.0 on pci0 pcm0: pcm0: [GIANT-LOCKED] isab0: at device 7.0 on pci0 isa0: on isab0 pci0: at device 8.0 (no driver attached) fxp0: port 0xeb40-0xeb7f mem 0xf7ec0000-0xf7edffff,0xf7efd000-0xf7efdfff irq 11 at device 10.0 on pci0 miibus0: on fxp0 inphy0: on miibus0 inphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto fxp0: Ethernet address: 00:00:39:7e:f8:36 cbb0: at device 17Card bus> on cbb0 cbb1: at device 17.1 on pci0 cardbus1: on cbb1 pccard1: <16-bit PCCard bus> on cbb1 pci0: at device 18.0 (no driver attached) acpi_lid0: on acpi0 acpi_cmbat0: on acpi0 acpi_cmbat1: on acpi0 acpi_acad0: on acpi0 acpi_tz0: on acpi0 atkbdc0: port 0x64,0x60 irq 1 on acpi0 atkbd0: irq 1 on atkbdc0 kbd0 at atkbd0 atkbd0: [GIANT-LOCKED] psm0: irq 12 on atkbdc0 psm0: [GIANT-LOCKED] psm0: model IntelliMouse, device ID 3 sio0: <16550A-compatible COM port> port 0x3f8-0x3ff irq 4 flags 0x10 on acpi0 sio0: type 16550A, console ppc0: port 0x778-0x77a,0x378-0x37a irq 7 drq 3 on acpi0 ppc0: SMC-like chipset (ECP/EPP/PS2/NIBBLE) in COMPATIBLE mode ppc0: FIFO with 16/16/15 bytes threshold ppbus0: on ppc0 plip0: on ppbus0 lpt0: on ppbus0 lpt0: Interrupt-driven port ppi0: on ppbus0 pmtimer0 on isa0 orm0: at iomem 0xe0000-0xeffff,0xc0000-0xcbfff on isa0 sc0: at flags 0x100 on isa0 sc0: VGA <16 virtual consoles, flags=0x100> sio1: configured irq 3 not in bitmap of probed irqs 0 sio1: port may not be enabled vga0: at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0 Timecounter "TSC" frequency 995964893 Hz quality 800 Timecounters tick every 1.000 msec ad0: 19077MB [38760/16/63] at ata0-master UDMA66 acd0: CDROM at ata1-master UDMA33 Trying to mount root from ufs:/dev/ad0s1a Enter full pathname of shell or RETURN for /bin/sh: