From owner-freebsd-bugs Sun Feb 11 6:20:10 2001 Delivered-To: freebsd-bugs@hub.freebsd.org Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id E5B4637B401 for ; Sun, 11 Feb 2001 06:20:01 -0800 (PST) Received: (from gnats@localhost) by freefall.freebsd.org (8.11.1/8.11.1) id f1BEK1d03832; Sun, 11 Feb 2001 06:20:01 -0800 (PST) (envelope-from gnats) Date: Sun, 11 Feb 2001 06:20:01 -0800 (PST) Message-Id: <200102111420.f1BEK1d03832@freefall.freebsd.org> To: freebsd-bugs@FreeBSD.org Cc: From: Stas Kisel Subject: Re: kern/24608: FreeBSD 4.2 Panics in Realtek rl driver Reply-To: Stas Kisel Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org The following reply was made to PR kern/24608; it has been noted by GNATS. From: Stas Kisel To: freebsd-gnats-submit@FreeBSD.org Cc: myleal@spliceip.com.br Subject: Re: kern/24608: FreeBSD 4.2 Panics in Realtek rl driver Date: Sun, 11 Feb 2001 16:11:40 +0200 Hi. It looks like I've hit the same trouble. I've upgraded 4.1-RELEASE router to 4.2-RELEASE yesterday. It was rebooted several times while past 24 hours. I erroneously decided that it was IPSEC code trouble, and started to rebuild kernel without IPSEC. When after reboot with new kernel, I've got crash again, I decided to write PR or look appropriate (and found kern/24608). Crashes are located in 4 places: at ../../kern/uipc_mbuf2.c:270 at ../../pci/if_rl.c:1314 (this one originally reported in this PR) at ../../kern/uipc_socket.c:558 at ../../kern/uipc_mbuf.c:621 #6 0xc0161624 in m_aux_add (m=0xc05a7100, af=2, type=50) at ../../kern/uipc_mbuf2.c:270 #7 0xc01bf290 in ipsec_setsocket (m=0xc05a7100, so=0xc6df2a80) -- #6 0xc01fe56c in rl_encap (sc=0xc0d29a00, m_head=0xc05a7800) at ../../pci/if_rl.c:1314 #7 0xc01fe73b in rl_start (ifp=0xc0d29a00) at ../../pci/if_rl.c:1367 -- #6 0xc01620a8 in sosend (so=0xc6df1840, addr=0xc0da0ae0, uio=0xc7806ed0, top=0x0, control=0x0, flags=0, p=0xc7326f60) at ../../kern/uipc_socket.c:558 -- #6 0xc01fe56c in rl_encap (sc=0xc0d29800, m_head=0xc05a7600) at ../../pci/if_rl.c:1314 #7 0xc01fe73b in rl_start (ifp=0xc0d29800) at ../../pci/if_rl.c:1367 -- #6 0xc0161624 in m_aux_add (m=0xc05a7400, af=2, type=50) at ../../kern/uipc_mbuf2.c:270 #7 0xc01bf290 in ipsec_setsocket (m=0xc05a7400, so=0xc6df5000) -- #6 0xc01fe56c in rl_encap (sc=0xc0d29a00, m_head=0xc05b1500) at ../../pci/if_rl.c:1314 #7 0xc01fe73b in rl_start (ifp=0xc0d29a00) at ../../pci/if_rl.c:1367 -- #6 0xc016004c in m_copym (m=0xc05b1c00, off0=2920, len=872, wait=1) at ../../kern/uipc_mbuf.c:621 #7 0xc01ab330 in tcp_output (tp=0xc6f7a2e0) at ../../netinet/tcp_output.c:590 -- #6 0xc016004c in m_copym (m=0xc05a9700, off0=1460, len=872, wait=1) at ../../kern/uipc_mbuf.c:621 #7 0xc01ab330 in tcp_output (tp=0xc6f760c0) at ../../netinet/tcp_output.c:590 -- #6 0xc016004c in m_copym (m=0xc05b5c00, off0=7300, len=1156, wait=1) at ../../kern/uipc_mbuf.c:621 #7 0xc01ab330 in tcp_output (tp=0xc6f7c940) at ../../netinet/tcp_output.c:590 Here is my dmesg with IPSEC compiled: Copyright (c) 1992-2000 The FreeBSD Project. Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 The Regents of the University of California. All rights reserved. FreeBSD 4.2-RELEASE #0: Sat Feb 10 15:05:08 EET 2001 stask@btr.unisquad.com:/usr/src/sys/compile/btr Timecounter "i8254" frequency 1193182 Hz CPU: Pentium II/Pentium II Xeon/Celeron (501.14-MHz 686-class CPU) Origin = "GenuineIntel" Id = 0x665 Stepping = 5 Features=0x183fbff real memory = 67108864 (65536K bytes) avail memory = 61898752 (60448K bytes) Preloaded elf kernel "kernel" at 0xc033d000. Preloaded userconfig_script "/boot/kernel.conf" at 0xc033d09c. Pentium Pro MTRR support enabled npx0: on motherboard npx0: INT 16 interface pcib0: on motherboard pci0: on pcib0 pcib1: at device 1.0 on pci0 pci1: on pcib1 isab0: at device 7.0 on pci0 isa0: on isab0 atapci0: port 0xffa0-0xffaf at device 7.1 on pci0 ata0: at 0x1f0 irq 14 on atapci0 ata1: at 0x170 irq 15 on atapci0 pci0: at 7.2 irq 10 chip1: port 0x440-0x44f at device 7.3 on pci0 pci0: at 15.0 rl0: port 0xe400-0xe4ff mem 0xfebeff00-0xfebeffff irq 9 at device 16.0 on pci0 rl0: Ethernet address: 00:50:ba:83:7a:09 miibus0: on rl0 rlphy0: on miibus0 rlphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto rl1: port 0xe000-0xe0ff mem 0xfebefe00-0xfebefeff irq 7 at device 17.0 on pci0 rl1: Ethernet address: 00:50:ba:83:99:c7 miibus1: on rl1 rlphy1: on miibus1 rlphy1: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto fdc0: at port 0x3f0-0x3f5,0x3f7 irq 6 drq 2 on isa0 fdc0: FIFO enabled, 8 bytes threshold fd0: <1440-KB 3.5" drive> on fdc0 drive 0 atkbdc0: at port 0x60,0x64 on isa0 atkbd0: flags 0x1 irq 1 on atkbdc0 kbd0 at atkbd0 psm0: irq 12 on atkbdc0 psm0: model Generic PS/2 mouse, device ID 0 vga0: at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0 sc0: at flags 0x100 on isa0 sc0: VGA <16 virtual consoles, flags=0x300> sio0 at port 0x3f8-0x3ff irq 4 flags 0x10 on isa0 sio0: type 16550A sio1 at port 0x2f8-0x2ff irq 3 on isa0 sio1: type 16550A ppc0: parallel port not found. IP packet filtering initialized, divert enabled, rule-based forwarding enabled, default to accept, logging limited to 100 packets/entry by default DUMMYNET initialized (000608) IPsec: Initialized Security Association Processing. IP Filter: v3.4.8 initialized. Default = pass all, Logging = enabled ad0: 6149MB [13328/15/63] at ata0-master UDMA33 Mounting root from ufs:/dev/ad0s1a WARNING: / was not properly dismounted ipfw: Accounting cleared. uhci0: port 0xef80-0xef9f irq 10 at device 7.2 on pci0 usb0: on uhci0 usb0: USB revision 1.0 uhub0: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1 uhub0: 2 ports with 2 removable, self powered Here is kgdb output on core of kernel without IPSEC. I've resently got one more crash, kgdb output is almost the same. I'll post it if needed, and I'll post as much of this staff as needed :) Script started on Sun Feb 11 14:56:39 2001 btr# gdb -k GNU gdb 4.18 Copyright 1998 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "i386-unknown-freebsd". (kgdb) symbol-file /sys/compile/btr/kernel.debug Reading symbols from /sys/compile/btr/kernel.debug...done. (kgdb) exec-file /var/crash/kernel.42 (kgdb) core-file /var/crash/vmcore.42 IdlePTD 3305472 initial pcb at 2a60e0 panicstr: page fault panic messages: --- Fatal trap 12: page fault while in kernel mode fault virtual address = 0x5ac0ac00 fault code = supervisor read, page not present instruction pointer = 0x8:0xc01e8b20 stack pointer = 0x10:0xc02850a4 frame pointer = 0x10:0xc02850b0 code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, def32 1, gran 1 processor eflags = interrupt enabled, resume, IOPL = 3 current process = Idle interrupt mask = net tty trap number = 12 panic: page fault syncing disks... 5 3 done Uptime: 33m9s dumping to dev #ad/0x20001, offset 380928 dump ata0: resetting devices .. done 64 63 62 61 60 59 58 57 56 55 54 53 52 51 50 49 48 47 46 45 44 43 42 41 40 39 38 37 36 35 34 33 32 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 --- #0 dumpsys () at ../../kern/kern_shutdown.c:469 469 if (dumping++) { (kgdb) bt #0 dumpsys () at ../../kern/kern_shutdown.c:469 #1 0xc013e397 in boot (howto=256) at ../../kern/kern_shutdown.c:309 #2 0xc013e72d in panic (fmt=0xc027a0af "page fault") at ../../kern/kern_shutdown.c:556 #3 0xc02451b2 in trap_fatal (frame=0xc0285064, eva=1522576384) at ../../i386/i386/trap.c:951 #4 0xc0244e65 in trap_pfault (frame=0xc0285064, usermode=0, eva=1522576384) at ../../i386/i386/trap.c:844 #5 0xc0244a07 in trap (frame={tf_fs = 16, tf_es = -1071120368, tf_ds = -1820065776, tf_edi = 1, tf_esi = 6754970, tf_ebp = -1071099728, tf_isp = -1071099760, tf_ebx = 1, tf_edx = 1522576384, tf_ecx = 0, tf_eax = 6754970, tf_trapno = 12, tf_err = 0, tf_eip = -1071740128, tf_cs = 8, tf_eflags = 78342, tf_esp = -1067788544, tf_ss = -1067788544}) at ../../i386/i386/trap.c:443 #6 0xc01e8b20 in rl_encap (sc=0xc0d29800, m_head=0xc05ad700) at ../../pci/if_rl.c:1314 #7 0xc01e8cef in rl_start (ifp=0xc0d29800) at ../../pci/if_rl.c:1367 #8 0xc0181aac in ether_output_frame (ifp=0xc0d29800, m=0xc05ad700) at ../../net/if_ethersubr.c:401 #9 0xc0181a1a in ether_output (ifp=0xc0d29800, m=0xc05ad700, dst=0xc0d9c130, rt0=0xc0ec8400) at ../../net/if_ethersubr.c:354 #10 0xc019f697 in ip_output (m0=0xc05ad700, opt=0x0, ro=0xc6fb9d08, flags=0, imo=0x0) at ../../netinet/ip_output.c:787 #11 0xc01a43da in tcp_output (tp=0xc6fb9d80) at ../../netinet/tcp_output.c:859 ---Type to continue, or q to quit--- #12 0xc01a31ad in tcp_input (m=0xc05aa700, off0=20, proto=6) at ../../netinet/tcp_input.c:2220 #13 0xc019df03 in ip_input (m=0xc05aa700) at ../../netinet/ip_input.c:731 #14 0xc019df77 in ipintr () at ../../netinet/ip_input.c:759 (kgdb) up 6 #6 0xc01e8b20 in rl_encap (sc=0xc0d29800, m_head=0xc05ad700) at ../../pci/if_rl.c:1314 1314 return(1); (kgdb) l 1309 */ 1310 1311 MGETHDR(m_new, M_DONTWAIT, MT_DATA); 1312 if (m_new == NULL) { 1313 printf("rl%d: no memory for tx list", sc->rl_unit); 1314 return(1); 1315 } 1316 if (m_head->m_pkthdr.len > MHLEN) { 1317 MCLGET(m_new, M_DONTWAIT); 1318 if (!(m_new->m_flags & M_EXT)) { (kgdb) p *sc $1 = {arpcom = {ac_if = {if_softc = 0xc0d29800, if_name = 0xc0265d76 "rl", if_link = {tqe_next = 0xc02a6ae0, tqe_prev = 0xc0d29a08}, if_addrhead = { tqh_first = 0xc0d32f00, tqh_last = 0xc0d7d690}, if_pcount = 0, if_bpf = 0xc0595760, if_index = 2, if_unit = 1, if_timer = 0, if_flags = -30717, if_ipending = 0, if_linkmib = 0x0, if_linkmiblen = 0, if_data = {ifi_type = 6 '\006', ifi_physical = 0 '\000', ifi_addrlen = 6 '\006', ifi_hdrlen = 14 '\016', ifi_recvquota = 0 '\000', ifi_xmitquota = 0 '\000', ifi_mtu = 1500, ifi_metric = 0, ifi_baudrate = 10000000, ifi_ipackets = 9556, ifi_ierrors = 0, ifi_opackets = 9758, ifi_oerrors = 0, ifi_collisions = 0, ifi_ibytes = 1958413, ifi_obytes = 975722, ifi_imcasts = 3, ifi_omcasts = 0, ifi_iqdrops = 0, ifi_noproto = 0, ifi_hwassist = 0, ifi_unused = 0, ifi_lastchange = {tv_sec = 0, tv_usec = 0}}, if_multiaddrs = {lh_first = 0xc0595000}, if_amcount = 0, if_output = 0xc0181708 , if_start = 0xc01e8ccc , if_done = 0, if_ioctl = 0xc01e9164 , if_watchdog = 0xc01e9250 , if_poll_recv = 0, if_poll_xmit = 0, if_poll_intren = 0, if_poll_slowinput = 0, if_init = 0xc01e8e8c , if_resolvemulti = 0xc0181ddc , if_snd = { ifq_head = 0x0, ifq_tail = 0x0, ifq_len = 0, ifq_maxlen = 50, ifq_drops = 0}, if_poll_slowq = 0x0, if_prefixhead = {tqh_first = 0x0, tqh_last = 0xc0d298d0}}, ac_enaddr = "\000Pº\203\231Ç", ---Type to continue, or q to quit--- ac_multicnt = 0, ac_netgraph = 0x0}, rl_bhandle = 57344, rl_btag = 0, rl_res = 0xc0d2d780, rl_irq = 0xc0d2d700, rl_intrhand = 0xc0595860, rl_miibus = 0xc0d30400, rl_unit = 1 '\001', rl_type = 2 '\002', rl_stats_no_timeout = 0 '\000', rl_txthresh = 96, rl_cdata = {cur_rx = 0, rl_rx_buf = 0xc6417008 "ataID = A33D1B4B5493F0AEF66DE545547781EF, maxResults = 4, TTL = 1, serverIP=213.73.176.103\n\216\022\f8", rl_rx_buf_ptr = 0xc6417000 "\017·", rl_tx_chain = {0x0, 0x0, 0x0, 0x0}, last_tx = 2 '\002', cur_tx = 2 '\002'}, rl_stat_ch = { callout = 0xc2154588}} (kgdb) p sc->rl_unit $2 = 1 '\001' (kgdb) p m_new $3 = (struct mbuf *) 0x1 (kgdb) p *m_new cannot read proc at 0 (kgdb) Script done on Sun Feb 11 15:38:55 2001 Thank you for your attention. \bye Stas To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message