From owner-freebsd-current@FreeBSD.ORG  Tue Dec  7 13:25:16 2004
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 9754916A4CE; Tue,  7 Dec 2004 13:25:16 +0000 (GMT)
Received: from moutng.kundenserver.de (moutng.kundenserver.de
	[212.227.126.171])	by mx1.FreeBSD.org (Postfix) with ESMTP
	id CB2BC43D45; Tue,  7 Dec 2004 13:25:15 +0000 (GMT)
	(envelope-from max@love2party.net)
Received: from [212.227.126.208] (helo=mrelayng.kundenserver.de)
	by moutng.kundenserver.de with esmtp (Exim 3.35 #1)
	id 1CbfL8-00032Z-00; Tue, 07 Dec 2004 14:25:14 +0100
Received: from [217.227.158.40] (helo=donor.laier.local)
	by mrelayng.kundenserver.de with asmtp (TLSv1:RC4-MD5:128)
	(Exim 3.35 #1)
	id 1CbfL8-0001E9-00; Tue, 07 Dec 2004 14:25:14 +0100
From: Max Laier <max@love2party.net>
To: Robert Watson <rwatson@freebsd.org>
Date: Tue, 7 Dec 2004 14:25:39 +0100
User-Agent: KMail/1.7.1
References: <Pine.NEB.3.96L.1041207124807.99587I-100000@fledge.watson.org>
In-Reply-To: <Pine.NEB.3.96L.1041207124807.99587I-100000@fledge.watson.org>
MIME-Version: 1.0
Content-Type: multipart/signed;
  boundary="nextPart5864589.AEktvzQOIo";
  protocol="application/pgp-signature";
  micalg=pgp-sha1
Content-Transfer-Encoding: 7bit
Message-Id: <200412071425.47840.max@love2party.net>
X-Provags-ID: kundenserver.de abuse@kundenserver.de
	auth:61c499deaeeba3ba5be80f48ecc83056
cc: Poul-Henning Kamp <phk@phk.freebsd.dk>
cc: current@freebsd.org
Subject: Re: Protocol timer running before protocol init (Re: current panic
	igmp related ?)
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Dec 2004 13:25:17 -0000

--nextPart5864589.AEktvzQOIo
Content-Type: multipart/mixed;
  boundary="Boundary-01=_V9atBeVGf/h7x4/"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--Boundary-01=_V9atBeVGf/h7x4/
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

On Tuesday 07 December 2004 13:50, Robert Watson wrote:
> On Tue, 7 Dec 2004, Poul-Henning Kamp wrote:
> > Timecounters tick every 1.000 msec
> > panic: mtx_lock() of spin mutex (null) @ ../../../netinet/igmp.c:431
> > cpuid =3D 0
> > KDB: enter: panic
> > [thread pid 37 tid 100013 ]
> > Stopped at      kdb_enter+0x2c: leave
> > db> trace
> > Tracing pid 37 tid 100013 td 0xc3485480
> > kdb_enter(c06d85e0,100,c3485480,1af,c06e0fec) at kdb_enter+0x2c
> > panic(c06d7ac5,0,c06e0fec,1af,c0713fc4) at panic+0x17f
> > _mtx_lock_flags(c0738740,0,c06e0fec,1af,e4c97cc8) at _mtx_lock_flags+0x=
82
> > igmp_slowtimo(e,0,e4c97cf4,c050683a,0) at igmp_slowtimo+0x19
> > pfslowtimo(0,27,0,2,2) at pfslowtimo+0x66
> > softclock(0,0,0,c34d07e0,0) at softclock+0x10a
> > ithread_loop(c34cf100,e4c97d48,c34cf100,c04e9200,0) at ithread_loop+0x1=
8e
> > fork_exit(c04e9200,c34cf100,e4c97d48) at fork_exit+0x7e
> > fork_trampoline() at fork_trampoline+0x8
> > --- trap 0x1, eip =3D 0, esp =3D 0xe4c97d7c, ebp =3D 0 ---
>
> igmp_mtx looks to be uninitialized here (BSS memory).  This suggests that
> igmp_slowtimo is being called before igmp_init(), which strikes me as
> somewhat odd.  There's recently been some rerrangement of the domain
> initialization code to correct potentially related problems, but perhaps
> things aren't quite there yet.  CC'ing Max on general principle. :-)

That's not mine. Didn't touch the protosw parts ;)=20

Still, the attached diff might help. It looks like we try to use Giant to=20
protect the pfslowtimo() array walking, thus we must make sure that we hold=
=20
Giant long enough while we set things up. I hope protosw_init() and therein=
=20
called pr_init()s are fine with Giant hold. It'd surprise me, if not.

=2D-=20
/"\  Best regards,                      | mlaier@freebsd.org
\ /  Max Laier                          | ICQ #67774661
 X   http://pf4freebsd.love2party.net/  | mlaier@EFnet
/ \  ASCII Ribbon Campaign              | Against HTML Mail and News

--Boundary-01=_V9atBeVGf/h7x4/
Content-Type: text/x-diff;
  charset="iso-8859-1";
  name="GIANTprotosw_init.diff"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: attachment;
	filename="GIANTprotosw_init.diff"

Index: uipc_domain.c
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
RCS file: /usr/store/mlaier/fcvs/src/sys/kern/uipc_domain.c,v
retrieving revision 1.42
diff -u -r1.42 uipc_domain.c
=2D-- uipc_domain.c	2 Dec 2004 15:47:15 -0000	1.42
+++ uipc_domain.c	7 Dec 2004 13:19:59 -0000
@@ -337,12 +337,12 @@
 	/* Copy the new struct protosw over the spacer. */
 	bcopy(npr, fpr, sizeof(*fpr));
=20
=2D	/* Job is done, no more protection required. */
=2D	mtx_unlock(&Giant);
=2D
 	/* Initialize and activate the protocol. */
 	protosw_init(fpr);
=20
+	/* Job is done, no more protection required. */
+	mtx_unlock(&Giant);
+
 	return (0);
 }
=20

--Boundary-01=_V9atBeVGf/h7x4/--

--nextPart5864589.AEktvzQOIo
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (FreeBSD)

iD8DBQBBta9bXyyEoT62BG0RAhYfAJ4zMrV97Fosq4R0hSCX5AQAHYg+RACePkK1
oloCFM4hGQ54hgVpsg7C8qk=
=pHRu
-----END PGP SIGNATURE-----

--nextPart5864589.AEktvzQOIo--