Date: Sun, 11 Feb 2001 06:20:01 -0800 (PST) From: Stas Kisel <stask@tiger.unisquad.com> To: freebsd-bugs@FreeBSD.org Subject: Re: kern/24608: FreeBSD 4.2 Panics in Realtek rl driver Message-ID: <200102111420.f1BEK1d03832@freefall.freebsd.org>
index | next in thread | raw e-mail
The following reply was made to PR kern/24608; it has been noted by GNATS.
From: Stas Kisel <stask@tiger.unisquad.com>
To: freebsd-gnats-submit@FreeBSD.org
Cc: myleal@spliceip.com.br
Subject: Re: kern/24608: FreeBSD 4.2 Panics in Realtek rl driver
Date: Sun, 11 Feb 2001 16:11:40 +0200
Hi.
It looks like I've hit the same trouble.
I've upgraded 4.1-RELEASE router to 4.2-RELEASE yesterday. It was rebooted
several times while past 24 hours.
I erroneously decided that it was IPSEC code trouble, and started to
rebuild kernel without IPSEC.
When after reboot with new kernel, I've got crash again, I decided to
write PR or look appropriate (and found kern/24608).
Crashes are located in 4 places:
at ../../kern/uipc_mbuf2.c:270
at ../../pci/if_rl.c:1314 (this one originally reported in this PR)
at ../../kern/uipc_socket.c:558
at ../../kern/uipc_mbuf.c:621
#6 0xc0161624 in m_aux_add (m=0xc05a7100, af=2, type=50)
at ../../kern/uipc_mbuf2.c:270
#7 0xc01bf290 in ipsec_setsocket (m=0xc05a7100, so=0xc6df2a80)
--
#6 0xc01fe56c in rl_encap (sc=0xc0d29a00, m_head=0xc05a7800)
at ../../pci/if_rl.c:1314
#7 0xc01fe73b in rl_start (ifp=0xc0d29a00) at ../../pci/if_rl.c:1367
--
#6 0xc01620a8 in sosend (so=0xc6df1840, addr=0xc0da0ae0, uio=0xc7806ed0,
top=0x0, control=0x0, flags=0, p=0xc7326f60)
at ../../kern/uipc_socket.c:558
--
#6 0xc01fe56c in rl_encap (sc=0xc0d29800, m_head=0xc05a7600)
at ../../pci/if_rl.c:1314
#7 0xc01fe73b in rl_start (ifp=0xc0d29800) at ../../pci/if_rl.c:1367
--
#6 0xc0161624 in m_aux_add (m=0xc05a7400, af=2, type=50)
at ../../kern/uipc_mbuf2.c:270
#7 0xc01bf290 in ipsec_setsocket (m=0xc05a7400, so=0xc6df5000)
--
#6 0xc01fe56c in rl_encap (sc=0xc0d29a00, m_head=0xc05b1500)
at ../../pci/if_rl.c:1314
#7 0xc01fe73b in rl_start (ifp=0xc0d29a00) at ../../pci/if_rl.c:1367
--
#6 0xc016004c in m_copym (m=0xc05b1c00, off0=2920, len=872, wait=1)
at ../../kern/uipc_mbuf.c:621
#7 0xc01ab330 in tcp_output (tp=0xc6f7a2e0) at ../../netinet/tcp_output.c:590
--
#6 0xc016004c in m_copym (m=0xc05a9700, off0=1460, len=872, wait=1)
at ../../kern/uipc_mbuf.c:621
#7 0xc01ab330 in tcp_output (tp=0xc6f760c0) at ../../netinet/tcp_output.c:590
--
#6 0xc016004c in m_copym (m=0xc05b5c00, off0=7300, len=1156, wait=1)
at ../../kern/uipc_mbuf.c:621
#7 0xc01ab330 in tcp_output (tp=0xc6f7c940) at ../../netinet/tcp_output.c:590
Here is my dmesg with IPSEC compiled:
Copyright (c) 1992-2000 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
The Regents of the University of California. All rights reserved.
FreeBSD 4.2-RELEASE #0: Sat Feb 10 15:05:08 EET 2001
stask@btr.unisquad.com:/usr/src/sys/compile/btr
Timecounter "i8254" frequency 1193182 Hz
CPU: Pentium II/Pentium II Xeon/Celeron (501.14-MHz 686-class CPU)
Origin = "GenuineIntel" Id = 0x665 Stepping = 5
Features=0x183fbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR>
real memory = 67108864 (65536K bytes)
avail memory = 61898752 (60448K bytes)
Preloaded elf kernel "kernel" at 0xc033d000.
Preloaded userconfig_script "/boot/kernel.conf" at 0xc033d09c.
Pentium Pro MTRR support enabled
npx0: <math processor> on motherboard
npx0: INT 16 interface
pcib0: <Intel 82443BX (440 BX) host to PCI bridge> on motherboard
pci0: <PCI bus> on pcib0
pcib1: <Intel 82443BX (440 BX) PCI-PCI (AGP) bridge> at device 1.0 on pci0
pci1: <PCI bus> on pcib1
isab0: <Intel 82371AB PCI to ISA bridge> at device 7.0 on pci0
isa0: <ISA bus> on isab0
atapci0: <Intel PIIX4 ATA33 controller> port 0xffa0-0xffaf at device 7.1 on pci0
ata0: at 0x1f0 irq 14 on atapci0
ata1: at 0x170 irq 15 on atapci0
pci0: <Intel 82371AB/EB (PIIX4) USB controller> at 7.2 irq 10
chip1: <Intel 82371AB Power management controller> port 0x440-0x44f at device 7.3 on pci0
pci0: <ATI Mach64-VT graphics accelerator> at 15.0
rl0: <RealTek 8139 10/100BaseTX> port 0xe400-0xe4ff mem 0xfebeff00-0xfebeffff irq 9 at device 16.0 on pci0
rl0: Ethernet address: 00:50:ba:83:7a:09
miibus0: <MII bus> on rl0
rlphy0: <RealTek internal media interface> on miibus0
rlphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
rl1: <RealTek 8139 10/100BaseTX> port 0xe000-0xe0ff mem 0xfebefe00-0xfebefeff irq 7 at device 17.0 on pci0
rl1: Ethernet address: 00:50:ba:83:99:c7
miibus1: <MII bus> on rl1
rlphy1: <RealTek internal media interface> on miibus1
rlphy1: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
fdc0: <NEC 72065B or clone> at port 0x3f0-0x3f5,0x3f7 irq 6 drq 2 on isa0
fdc0: FIFO enabled, 8 bytes threshold
fd0: <1440-KB 3.5" drive> on fdc0 drive 0
atkbdc0: <Keyboard controller (i8042)> at port 0x60,0x64 on isa0
atkbd0: <AT Keyboard> flags 0x1 irq 1 on atkbdc0
kbd0 at atkbd0
psm0: <PS/2 Mouse> irq 12 on atkbdc0
psm0: model Generic PS/2 mouse, device ID 0
vga0: <Generic ISA VGA> at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0
sc0: <System console> at flags 0x100 on isa0
sc0: VGA <16 virtual consoles, flags=0x300>
sio0 at port 0x3f8-0x3ff irq 4 flags 0x10 on isa0
sio0: type 16550A
sio1 at port 0x2f8-0x2ff irq 3 on isa0
sio1: type 16550A
ppc0: parallel port not found.
IP packet filtering initialized, divert enabled, rule-based forwarding enabled, default to accept, logging limited to 100 packets/entry by default
DUMMYNET initialized (000608)
IPsec: Initialized Security Association Processing.
IP Filter: v3.4.8 initialized. Default = pass all, Logging = enabled
ad0: 6149MB <WDC WD64AA> [13328/15/63] at ata0-master UDMA33
Mounting root from ufs:/dev/ad0s1a
WARNING: / was not properly dismounted
ipfw: Accounting cleared.
uhci0: <Intel 82371AB/EB (PIIX4) USB controller> port 0xef80-0xef9f irq 10 at device 7.2 on pci0
usb0: <Intel 82371AB/EB (PIIX4) USB controller> on uhci0
usb0: USB revision 1.0
uhub0: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub0: 2 ports with 2 removable, self powered
Here is kgdb output on core of kernel without IPSEC. I've resently got
one more crash, kgdb output is almost the same. I'll post it if needed,
and I'll post as much of this staff as needed :)
Script started on Sun Feb 11 14:56:39 2001
btr# gdb -k
GNU gdb 4.18
Copyright 1998 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i386-unknown-freebsd".
(kgdb) symbol-file /sys/compile/btr/kernel.debug
Reading symbols from /sys/compile/btr/kernel.debug...done.
(kgdb) exec-file /var/crash/kernel.42
(kgdb) core-file /var/crash/vmcore.42
IdlePTD 3305472
initial pcb at 2a60e0
panicstr: page fault
panic messages:
---
Fatal trap 12: page fault while in kernel mode
fault virtual address = 0x5ac0ac00
fault code = supervisor read, page not present
instruction pointer = 0x8:0xc01e8b20
stack pointer = 0x10:0xc02850a4
frame pointer = 0x10:0xc02850b0
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, def32 1, gran 1
processor eflags = interrupt enabled, resume, IOPL = 3
current process = Idle
interrupt mask = net tty
trap number = 12
panic: page fault
syncing disks... 5 3
done
Uptime: 33m9s
dumping to dev #ad/0x20001, offset 380928
dump ata0: resetting devices .. done
64 63 62 61 60 59 58 57 56 55 54 53 52 51 50 49 48 47 46 45 44 43 42 41 40 39 38 37 36 35 34 33 32 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1
---
#0 dumpsys () at ../../kern/kern_shutdown.c:469
469 if (dumping++) {
(kgdb) bt
#0 dumpsys () at ../../kern/kern_shutdown.c:469
#1 0xc013e397 in boot (howto=256) at ../../kern/kern_shutdown.c:309
#2 0xc013e72d in panic (fmt=0xc027a0af "page fault")
at ../../kern/kern_shutdown.c:556
#3 0xc02451b2 in trap_fatal (frame=0xc0285064, eva=1522576384)
at ../../i386/i386/trap.c:951
#4 0xc0244e65 in trap_pfault (frame=0xc0285064, usermode=0, eva=1522576384)
at ../../i386/i386/trap.c:844
#5 0xc0244a07 in trap (frame={tf_fs = 16, tf_es = -1071120368,
tf_ds = -1820065776, tf_edi = 1, tf_esi = 6754970, tf_ebp = -1071099728,
tf_isp = -1071099760, tf_ebx = 1, tf_edx = 1522576384, tf_ecx = 0,
tf_eax = 6754970, tf_trapno = 12, tf_err = 0, tf_eip = -1071740128,
tf_cs = 8, tf_eflags = 78342, tf_esp = -1067788544, tf_ss = -1067788544})
at ../../i386/i386/trap.c:443
#6 0xc01e8b20 in rl_encap (sc=0xc0d29800, m_head=0xc05ad700)
at ../../pci/if_rl.c:1314
#7 0xc01e8cef in rl_start (ifp=0xc0d29800) at ../../pci/if_rl.c:1367
#8 0xc0181aac in ether_output_frame (ifp=0xc0d29800, m=0xc05ad700)
at ../../net/if_ethersubr.c:401
#9 0xc0181a1a in ether_output (ifp=0xc0d29800, m=0xc05ad700, dst=0xc0d9c130,
rt0=0xc0ec8400) at ../../net/if_ethersubr.c:354
#10 0xc019f697 in ip_output (m0=0xc05ad700, opt=0x0, ro=0xc6fb9d08, flags=0,
imo=0x0) at ../../netinet/ip_output.c:787
#11 0xc01a43da in tcp_output (tp=0xc6fb9d80) at ../../netinet/tcp_output.c:859
---Type <return> to continue, or q <return> to quit---
#12 0xc01a31ad in tcp_input (m=0xc05aa700, off0=20, proto=6)
at ../../netinet/tcp_input.c:2220
#13 0xc019df03 in ip_input (m=0xc05aa700) at ../../netinet/ip_input.c:731
#14 0xc019df77 in ipintr () at ../../netinet/ip_input.c:759
(kgdb) up 6
#6 0xc01e8b20 in rl_encap (sc=0xc0d29800, m_head=0xc05ad700)
at ../../pci/if_rl.c:1314
1314 return(1);
(kgdb) l
1309 */
1310
1311 MGETHDR(m_new, M_DONTWAIT, MT_DATA);
1312 if (m_new == NULL) {
1313 printf("rl%d: no memory for tx list", sc->rl_unit);
1314 return(1);
1315 }
1316 if (m_head->m_pkthdr.len > MHLEN) {
1317 MCLGET(m_new, M_DONTWAIT);
1318 if (!(m_new->m_flags & M_EXT)) {
(kgdb) p *sc
$1 = {arpcom = {ac_if = {if_softc = 0xc0d29800, if_name = 0xc0265d76 "rl",
if_link = {tqe_next = 0xc02a6ae0, tqe_prev = 0xc0d29a08}, if_addrhead = {
tqh_first = 0xc0d32f00, tqh_last = 0xc0d7d690}, if_pcount = 0,
if_bpf = 0xc0595760, if_index = 2, if_unit = 1, if_timer = 0,
if_flags = -30717, if_ipending = 0, if_linkmib = 0x0, if_linkmiblen = 0,
if_data = {ifi_type = 6 '\006', ifi_physical = 0 '\000',
ifi_addrlen = 6 '\006', ifi_hdrlen = 14 '\016',
ifi_recvquota = 0 '\000', ifi_xmitquota = 0 '\000', ifi_mtu = 1500,
ifi_metric = 0, ifi_baudrate = 10000000, ifi_ipackets = 9556,
ifi_ierrors = 0, ifi_opackets = 9758, ifi_oerrors = 0,
ifi_collisions = 0, ifi_ibytes = 1958413, ifi_obytes = 975722,
ifi_imcasts = 3, ifi_omcasts = 0, ifi_iqdrops = 0, ifi_noproto = 0,
ifi_hwassist = 0, ifi_unused = 0, ifi_lastchange = {tv_sec = 0,
tv_usec = 0}}, if_multiaddrs = {lh_first = 0xc0595000},
if_amcount = 0, if_output = 0xc0181708 <ether_output>,
if_start = 0xc01e8ccc <rl_start>, if_done = 0,
if_ioctl = 0xc01e9164 <rl_ioctl>,
if_watchdog = 0xc01e9250 <rl_watchdog>, if_poll_recv = 0,
if_poll_xmit = 0, if_poll_intren = 0, if_poll_slowinput = 0,
if_init = 0xc01e8e8c <rl_init>,
if_resolvemulti = 0xc0181ddc <ether_resolvemulti>, if_snd = {
ifq_head = 0x0, ifq_tail = 0x0, ifq_len = 0, ifq_maxlen = 50,
ifq_drops = 0}, if_poll_slowq = 0x0, if_prefixhead = {tqh_first = 0x0,
tqh_last = 0xc0d298d0}}, ac_enaddr = "\000Pº\203\231Ç",
---Type <return> to continue, or q <return> to quit---
ac_multicnt = 0, ac_netgraph = 0x0}, rl_bhandle = 57344, rl_btag = 0,
rl_res = 0xc0d2d780, rl_irq = 0xc0d2d700, rl_intrhand = 0xc0595860,
rl_miibus = 0xc0d30400, rl_unit = 1 '\001', rl_type = 2 '\002',
rl_stats_no_timeout = 0 '\000', rl_txthresh = 96, rl_cdata = {cur_rx = 0,
rl_rx_buf = 0xc6417008 "ataID = A33D1B4B5493F0AEF66DE545547781EF, maxResults = 4, TTL = 1, serverIP=213.73.176.103\n\216\022\f8",
rl_rx_buf_ptr = 0xc6417000 "\017·", rl_tx_chain = {0x0, 0x0, 0x0, 0x0},
last_tx = 2 '\002', cur_tx = 2 '\002'}, rl_stat_ch = {
callout = 0xc2154588}}
(kgdb) p sc->rl_unit
$2 = 1 '\001'
(kgdb) p m_new
$3 = (struct mbuf *) 0x1
(kgdb) p *m_new
cannot read proc at 0
(kgdb)
Script done on Sun Feb 11 15:38:55 2001
Thank you for your attention.
\bye
Stas
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200102111420.f1BEK1d03832>