Date: Sat, 22 Feb 2003 14:49:02 +0100 (CET) From: Tilman Linneweh <tilman@arved.de> To: FreeBSD-gnats-submit@FreeBSD.org Cc: arved@FreeBSD.org Subject: kern/48560: Panic in if_vlan.c on CURRENT Message-ID: <200302221349.h1MDn2x6072801@sauna.arved.de>
next in thread | raw e-mail | index | archive | help
>Number: 48560
>Category: kern
>Synopsis: Panic in if_vlan.c on CURRENT
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Sat Feb 22 05:50:09 PST 2003
>Closed-Date:
>Last-Modified:
>Originator: Tilman Linneweh
>Release: FreeBSD 5.0-CURRENT i386
>Organization:
BSD Usergroup Austria
>Environment:
System: FreeBSD sauna.arved.de 5.0-CURRENT FreeBSD 5.0-CURRENT #1: Mon Feb 17 17:47:52 CET 2003 root@sauna.arved.de:/usr/obj/usr/src/sys/SAUNA i386
>Description:
I can reproducable panic my CURRENT systems with vlan devices.
/usr/src/sys/vm/uma_core.c:1330: could sleep with "inp" locked from
/usr/src/sys/netinet/udp_usrreq.c:982/usr/src/sys/vm/uma_core.c:1330:
could sleep with "udp" locked from /usr/src/sys/netinet/udp_usrreq.c:976
#7 0xc0336cd8 in calltrap () at {standard input}:96
#8 0xc0248939 in witness_sleep (check_only=1, lock=0x0,
file=0xc039d924 "/usr/src/sys/vm/uma_core.c", line=1330)
at /usr/src/sys/kern/subr_witness.c:962
#9 0xc031815e in uma_zalloc_arg (zone=0xc083aa20, udata=0x0, flags=0)
at /usr/src/sys/vm/uma_core.c:1330
#10 0xc0222f27 in malloc (size=0, type=0xc03e2ec0, flags=0)
at /usr/src/sys/kern/kern_malloc.c:185
---Type <return> to continue, or q <return> to quit---
#11 0xc028dd37 in vlan_setmulti (ifp=0xc1970000)
at /usr/src/sys/net/if_vlan.c:171
#12 0xc028e8fb in vlan_ioctl (ifp=0xc1970000, cmd=0, data=0x0)
at /usr/src/sys/net/if_vlan.c:771
#13 0xc0284401 in if_delmulti (ifp=0xc1970000, sa=0xc1c95080)
at /usr/src/sys/net/if.c:1916
#14 0xc0295cc8 in in_delmulti (inm=0xc18879a0) at
#/usr/src/sys/netinet/in.c:888
(kgdb) fr 13
#13 0xc0284401 in if_delmulti (ifp=0xc1970000, sa=0xc1c95080)
at /usr/src/sys/net/if.c:1916
1916 ifp->if_ioctl(ifp, SIOCDELMULTI, 0);
(kgdb) list 1916
1911 return 0;
1912 }
1913
1914 s = splimp();
1915 TAILQ_REMOVE(&ifp->if_multiaddrs, ifma, ifma_link);
1916 ifp->if_ioctl(ifp, SIOCDELMULTI, 0);
1917 splx(s);
1918 free(ifma->ifma_addr, M_IFMADDR);
1919 free(sa, M_IFMADDR);
1920 free(ifma, M_IFMADDR);
(kgdb) fr 12
#12 0xc028e8fb in vlan_ioctl (ifp=0xc1970000, cmd=0, data=0x0)
at /usr/src/sys/net/if_vlan.c:771
771 error = vlan_setmulti(ifp);
(kgdb) list 771
766 error = vlan_set_promisc(ifp);
767 break;
768
769 case SIOCADDMULTI:
770 case SIOCDELMULTI:
771 error = vlan_setmulti(ifp);
772 break;
773 default:
774 error = EINVAL;
775 }
(kgdb) fr 11
#11 0xc028dd37 in vlan_setmulti (ifp=0xc1970000)
at /usr/src/sys/net/if_vlan.c:171
171 mc = malloc(sizeof(struct vlan_mc_entry),
M_VLAN, 0);(kgdb) list 171
166
167 /* Now program new ones. */
168 TAILQ_FOREACH(ifma, &ifp->if_multiaddrs, ifma_link) {
169 if (ifma->ifma_addr->sa_family != AF_LINK)
170 continue;
171 mc = malloc(sizeof(struct vlan_mc_entry), M_VLAN, 0);
172 bcopy(LLADDR((struct sockaddr_dl *)ifma->ifma_addr),
173 (char *)&mc->mc_addr, ETHER_ADDR_LEN);
174 SLIST_INSERT_HEAD(&sc->vlan_mc_listhead, mc, mc_entries);
175 bcopy(LLADDR((struct sockaddr_dl *)ifma->ifma_addr),
(kgdb) fr 10
#10 0xc0222f27 in malloc (size=0, type=0xc03e2ec0, flags=0)
at /usr/src/sys/kern/kern_malloc.c:185
185 va = uma_zalloc(zone, flags);
(kgdb) list 185
180 indx = kmemsize[size >> KMEM_ZSHIFT];
181 zone = kmemzones[indx].kz_zone;
182 #ifdef MALLOC_PROFILE
183 krequests[size >> KMEM_ZSHIFT]++;
184 #endif
185 va = uma_zalloc(zone, flags);
186 mtx_lock(&ksp->ks_mtx);
187 if (va == NULL)
188 goto out;
189
(kgdb) fr 9
#9 0xc031815e in uma_zalloc_arg (zone=0xc083aa20, udata=0x0, flags=0)
at /usr/src/sys/vm/uma_core.c:1330
1330 WITNESS_SLEEP(1, NULL);
(kgdb) list 1330
1325 #endif
1326
1327 if (!(flags & M_NOWAIT)) {
1328 KASSERT(curthread->td_intr_nesting_level == 0,
1329 ("malloc without M_NOWAIT in interrupt
context")); 1330 WITNESS_SLEEP(1, NULL);
1331 }
1332
1333 zalloc_restart:
1334 cpu = PCPU_GET(cpuid);
>How-To-Repeat:
Create some vlan Devices on a CURRENT system.
Type:
# routed; killall routed
>Fix:
Jeffrey Hsu suggested changing M_WAITOK in line 171 to M_NOWAIT.
This results in the following backtrace:
Fatal trap 12: page fault while in kernel mode
fault virtual address = 0xdeadc0de
#9 0xc0336d18 in calltrap () at {standard input}:96
#10 0xc028dcf7 in vlan_setmulti (ifp=0xc1970000)
at /usr/src/sys/net/if_vlan.c:160
---Type <return> to continue, or q <return> to quit---
#11 0xc028e93b in vlan_ioctl (ifp=0xc1970000, cmd=0, data=0x0)
at /usr/src/sys/net/if_vlan.c:777
#12 0xc0284401 in if_delmulti (ifp=0xc1970000, sa=0xc1c97140)
at /usr/src/sys/net/if.c:1916
#13 0xc0295d08 in in_delmulti (inm=0xc18874c0) at
#/usr/src/sys/netinet/in.c:888 14 0xc029ca41 in ip_freemoptions
#(imo=0xc1c85c80)
at /usr/src/sys/netinet/ip_output.c:2126
(kgdb) fr 12
#12 0xc0284401 in if_delmulti (ifp=0xc1970000, sa=0xc1c97140)
at /usr/src/sys/net/if.c:1916
1916 ifp->if_ioctl(ifp, SIOCDELMULTI, 0);
(kgdb) fr 11
#11 0xc028e93b in vlan_ioctl (ifp=0xc1970000, cmd=0, data=0x0)
at /usr/src/sys/net/if_vlan.c:777
777 error = vlan_setmulti(ifp);
(kgdb) fr 10
#10 0xc028dcf7 in vlan_setmulti (ifp=0xc1970000)
at /usr/src/sys/net/if_vlan.c:160
160 error = if_delmulti(ifp_p, (struct sockaddr
*)&sdl);(kgdb) list 160
155
156 /* First, remove any existing filter entries. */
157 while(SLIST_FIRST(&sc->vlan_mc_listhead) != NULL) {
158 mc = SLIST_FIRST(&sc->vlan_mc_listhead);
159 bcopy((char *)&mc->mc_addr, LLADDR(&sdl),
ETHER_ADDR_LEN); 160 error = if_delmulti(ifp_p,
(struct sockaddr *)&sdl); 161 if (error)
162 return(error);
163 SLIST_REMOVE_HEAD(&sc->vlan_mc_listhead,
mc_entries); 164 free(mc, M_VLAN);
This may be because of a race condition.
>Release-Note:
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200302221349.h1MDn2x6072801>