Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 5 Oct 2012 16:36:14 GMT
From:      Mark Atkinson <atkin901@gmail.com>
To:        freebsd-gnats-submit@FreeBSD.org
Subject:   kern/172364: cxbge_vlan_config() Fatal trap 12: page fault while in kernel mode
Message-ID:  <201210051636.q95GaEAG041077@red.freebsd.org>
Resent-Message-ID: <201210051640.q95GeBCk078166@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 

>Number:         172364
>Category:       kern
>Synopsis:       cxbge_vlan_config() Fatal trap 12: page fault while in kernel mode
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Oct 05 16:40:11 UTC 2012
>Closed-Date:
>Last-Modified:
>Originator:     Mark Atkinson
>Release:        10.0-CURRENT
>Organization:
>Environment:
FreeBSD chelsio 10.0-CURRENT FreeBSD 10.0-CURRENT #10 r241226: Fri Oct  5 08:39:34 PDT 2012     atkinson@chelsio:/usr/obj/usr/src/sys/CXGBETOE  amd64
>Description:
Entropy harvesting: interrupts ethernet point_to_point kickstart.
Fast boot: skipping disk checks.
Mounting local file systems:.
Writing entropy file:.
Setting hostname: chelsio.
lagg0: bpf attached
vlan2: bpf attached
vlan97: bpf attached
cxgbe0: link state changed to UP
cxgbe1: link state changed to UP
cxgbe2: link state changed to UP
cxgbe3: link state changed to UP
lagg0: link state changed to UP


Fatal trap 12: page fault while in kernel mode
cpuid = 4; apic id = 04
fault virtual address   = 0xa0
fault code              = supervisor read data, page not present
instruction pointer     = 0x20:0xffffffff819c602d
stack pointer           = 0x28:0xffffff8486f256f0
frame pointer           = 0x28:0xffffff8486f25710
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 32062 (ifconfig)
[ thread pid 32062 tid 100133 ]
Stopped at      cxgbe_vlan_config+0x2d: cmpb    $0x87,0xa0(%rax)
db> bt
Tracing pid 32062 tid 100133 td 0xfffffe00116e84b0
cxgbe_vlan_config() at cxgbe_vlan_config+0x2d
lagg_register_vlan() at lagg_register_vlan+0xaa
vlan_config() at vlan_config+0x36b
vlan_ioctl() at vlan_ioctl+0x266
ifioctl() at ifioctl+0x3df
kern_ioctl() at kern_ioctl+0x106
sys_ioctl() at sys_ioctl+0xfd
amd64_syscall() at amd64_syscall+0x32f
Xfast_syscall() at Xfast_syscall+0xf7
--- syscall (54, FreeBSD ELF64, sys_ioctl), rip = 0x80118426a, rsp = 0x7fffffffd408, rbp = 0x7fffffffdf2b ---
db> call doadump
Dumping 1345 out of 16337 MB:..2%..11%..21%..31%..41%..52%..61%..71%..81%..91%
Dump complete
= 0
db>


(kgdb) frame 10
#10 0xffffffff819c602d in cxgbe_vlan_config (arg=0xfffffe0008350800, 
    ifp=0xfffffe0008350800, vid=2)
    at /usr/src/sys/modules/cxgbe/if_cxgbe/../../../dev/cxgbe/t4_main.c:3001
3001            vlan = VLAN_DEVAT(ifp, vid);
(kgdb) p ipf
No symbol "ipf" in current context.
(kgdb) p ifp
$1 = (struct ifnet *) 0xfffffe0008350800
(kgdb) p *ifp
$2 = {if_softc = 0xfffffe000860d400, if_l2com = 0xfffffe000863d7c0, 
  if_vnet = 0x0, if_link = {tqe_next = 0xfffffe0008660800, 
    tqe_prev = 0xfffffe000863b018}, 
  if_xname = "cxgbe3\000\000\000\000\000\000\000\000\000", 
  if_dname = 0xfffffe00084fadd8 "cxgbe", if_dunit = 3, if_refcount = 1, 
  if_addrhead = {tqh_first = 0xfffffe0008644000, 
    tqh_last = 0xfffffe011f8924c0}, if_pcount = 0, if_carp = 0x0, 
  if_bpf = 0xfffffe000855f900, if_index = 4, if_index_reserved = 0, 
  if_vlantrunk = 0x0, if_flags = 34819, if_capabilities = 7096251, 
  if_capenable = 7079867, if_linkmib = 0x0, if_linkmiblen = 0, if_data = {
    ifi_type = 161 '&#65533;', ifi_physical = 0 '\0', ifi_addrlen = 6 '\006', 
    ifi_hdrlen = 14 '\016', ifi_link_state = 2 '\002', ifi_vhid = 0 '\0', 
    ifi_spare_char2 = 0 '\0', ifi_datalen = 152 '\230', ifi_mtu = 1500, 
    ifi_metric = 0, ifi_baudrate = 1410065408, ifi_ipackets = 0, 
    ifi_ierrors = 0, ifi_opackets = 0, ifi_oerrors = 0, ifi_collisions = 0, 
    ifi_ibytes = 0, ifi_obytes = 0, ifi_imcasts = 0, ifi_omcasts = 0, 
    ifi_iqdrops = 0, ifi_noproto = 0, ifi_hwassist = 24615, ifi_epoch = 1, 
    ifi_lastchange = {tv_sec = 1349453623, tv_usec = 195287}}, 
  if_multiaddrs = {tqh_first = 0xfffffe00117b9840, 
    tqh_last = 0xfffffe020440f440}, if_amcount = 0, 
  if_output = 0xffffffff81c13070 <lagg_port_output>, 
  if_input = 0xffffffff8094d560 <ether_input>, if_start = 0, 
  if_ioctl = 0xffffffff81c14750 <lagg_port_ioctl>, 
---Type <return> to continue, or q <return> to quit---
  if_init = 0xffffffff819c9560 <cxgbe_init>, 
  if_resolvemulti = 0xffffffff8094e290 <ether_resolvemulti>, 
  if_qflush = 0xffffffff819c7d20 <cxgbe_qflush>, 
  if_transmit = 0xffffffff819cc700 <cxgbe_transmit>, if_reassign = 0, 
  if_home_vnet = 0x0, if_addr = 0xfffffe0008644000, if_llsoftc = 0x0, 
  if_drv_flags = 64, if_snd = {ifq_head = 0x0, ifq_tail = 0x0, ifq_len = 0, 
    ifq_maxlen = 50, ifq_drops = 0, ifq_mtx = {lock_object = {
        lo_name = 0xfffffe0008350828 "cxgbe3", lo_flags = 16973824, 
        lo_data = 0, lo_witness = 0x0}, mtx_lock = 4}, ifq_drv_head = 0x0, 
    ifq_drv_tail = 0x0, ifq_drv_len = 0, ifq_drv_maxlen = 0, altq_type = 0, 
    altq_flags = 0, altq_disc = 0x0, altq_ifp = 0xfffffe0008350800, 
    altq_enqueue = 0, altq_dequeue = 0, altq_request = 0, altq_clfier = 0x0, 
    altq_classify = 0, altq_tbr = 0x0, altq_cdnr = 0x0}, 
  if_broadcastaddr = 0xffffffff80e6a3c0 "&#65533;&#65533;&#65533;&#65533;&#65533;&#65533;", if_bridge = 0x0, 
  if_label = 0x0, if_unused = {0x0, 0x0}, if_afdata = {0x0, 0x0, 
    0xfffffe000863ea00, 0x0 <repeats 25 times>, 0xfffffe000fb80b80, 0x0, 0x0, 
    0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, if_afdata_initialized = 2, 
  if_afdata_lock = {lock_object = {lo_name = 0xffffffff80e69cdb "if_afdata", 
      lo_flags = 69402624, lo_data = 0, lo_witness = 0x0}, rw_lock = 1}, 
  if_linktask = {ta_link = {stqe_next = 0xfffffe000863b3e0}, ta_pending = 2, 
    ta_priority = 0, ta_func = 0xffffffff809495b0 <do_link_state_change>, 
    ta_context = 0xfffffe0008350800}, if_addr_lock = {lock_object = {
      lo_name = 0xffffffff80e69cce "if_addr_lock", lo_flags = 69402624, 
---Type <return> to continue, or q <return> to quit---
      lo_data = 0, lo_witness = 0x0}, rw_lock = 1}, if_clones = {
    le_next = 0x0, le_prev = 0x0}, if_groups = {
    tqh_first = 0xfffffe0008390100, tqh_last = 0xfffffe0008390108}, 
  if_pf_kif = 0x0, if_lagg = 0xfffffe020411a080, if_description = 0x0, 
  if_fib = 0, if_alloctype = 6 '\006', if_cspare = "\000\000", if_ispare = {0, 
    0, 0, 0}, if_pspare = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}
(kgdb)


#define VLAN_DEVAT(_ifp, _vid)                                  \   
        (_ifp)->if_vlantrunk != NULL ? (*vlan_devat_p)((_ifp), (_vid)) : NULL

if_vlantrunk == 0x0 in the above dump.
>How-To-Repeat:
boot to single user mode, then exit with the following in rc.conf

# pseudo interfaces
cloned_interfaces="lagg0 vlan2 vlan97"

# lacp group
ifconfig_cxgbe0="up"
ifconfig_cxgbe1="up"
ifconfig_cxgbe2="up"
ifconfig_cxgbe3="up"
ifconfig_lagg0="laggproto lacp laggport cxgbe0 laggport cxgbe1 laggport cxgbe2 laggport cxgbe3"

# vlans
ifconfig_vlan2="inet x.x.x.x/x vlan 2 vlandev lagg0"
ifconfig_vlan97="inet y.y.y.y/y vlan 97 vlandev lagg0"
>Fix:


>Release-Note:
>Audit-Trail:
>Unformatted:

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201210051636.q95GaEAG041077>