Date: Sun, 17 May 2009 09:56:55 -0700 From: "Li, Qing" <qing.li@bluecoat.com> To: "Norikatsu Shigemura" <nork@freebsd.org>, <freebsd-current@freebsd.org> Subject: RE: panic after dhclient in sys/net/if.c mtx_lock Message-ID: <B583FBF374231F4A89607B4D08578A431443C2@bcs-mail03.internal.cacheflow.com> References: <20090517200019.275f6c71.nork@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi,
This is a known issue and is being actively investigated.
There are 2 known crash instances related to this issue.
As a workaround, include "VIMAGE_GLOBALS" in your kernel
config file will resolve this issue (assuming you are
not using VIMAGE).
The problem is the V_loif interface pointer is reinitialized
to another ifnet that is different from what V_loif is
set to in "lo_clone_create()".
-- Qing
-----Original Message-----
From: owner-freebsd-current@freebsd.org on behalf of Norikatsu Shigemura
Sent: Sun 5/17/2009 4:00 AM
To: freebsd-current@freebsd.org
Cc: Norikatsu Shigemura
Subject: panic after dhclient in sys/net/if.c mtx_lock
=20
Hi.
I got a panic after dhclient like following:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - =
- - - - -
<118>re0: no link ...
<118>.
<118> got link
<118>DHCPREQUEST on re0 to 255.255.255.255 port 67
<118>
<118>DHCPREQUEST on re0 to 255.255.255.255 port 67
<118>
<118>DHCPREQUEST on re0 to 255.255.255.255 port 67
<118>
<118>DHCPACK from 192.168.36.1
<118>
Fatal trap 12: page fault while in kernel mode
cpuid =3D 1; apic id =3D 01
fault virtual address =3D 0x288
fault code =3D supervisor read data, page not present
instruction pointer =3D 0x20:0xffffffff802bb31e
stack pointer =3D 0x28:0xffffff80ec9167e0
frame pointer =3D 0x28:0xffffff80ec916800
code segment =3D base 0x0, limit 0xfffff, type 0x1b
=3D DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags =3D interrupt enabled, resume, IOPL =3D 0
current process =3D 542 (ifconfig)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - =
- - - - -
According to backtrace, I got following list:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - =
- - - - -
(kgdb) bt
#0 doadump () at pcpu.h:223
#1 0xffffffff8019306c in db_fncall (dummy1=3DVariable "dummy1" is not =
available.
) at /usr/src/sys/ddb/db_command.c:548
#2 0xffffffff801933a1 in db_command (last_cmdp=3D0xffffffff8070c9a0, =
cmd_table=3DVariable "cmd_table" is not available.
)
at /usr/src/sys/ddb/db_command.c:445
#3 0xffffffff801935f0 in db_command_loop () at =
/usr/src/sys/ddb/db_command.c:498
#4 0xffffffff80195599 in db_trap (type=3DVariable "type" is not =
available.
) at /usr/src/sys/ddb/db_main.c:229
#5 0xffffffff802f9000 in kdb_trap (type=3D12, code=3D0, =
tf=3D0xffffff80ec916730)
at /usr/src/sys/kern/subr_kdb.c:534
#6 0xffffffff8049e29d in trap_fatal (frame=3D0xffffff80ec916730, =
eva=3DVariable "eva" is not available.
)
at /usr/src/sys/amd64/amd64/trap.c:847
#7 0xffffffff8049e674 in trap_pfault (frame=3D0xffffff80ec916730, =
usermode=3D0)
at /usr/src/sys/amd64/amd64/trap.c:768
#8 0xffffffff8049f0bf in trap (frame=3D0xffffff80ec916730)
at /usr/src/sys/amd64/amd64/trap.c:494
#9 0xffffffff80478d33 in calltrap () at =
/usr/src/sys/amd64/amd64/exception.S:223
#10 0xffffffff802bb31e in _mtx_lock_sleep (m=3D0xffffff00050cae20,=20
tid=3D18446742974297508528, opts=3DVariable "opts" is not available.
) at /usr/src/sys/kern/kern_mutex.c:340
#11 0xffffffff8036f4ad in ifaof_ifpforaddr (addr=3D0xffffffff806e4800,=20
ifp=3D0xffffff00050caa00) at /usr/src/sys/net/if.c:1541
#12 0xffffffff8037b4d8 in rt_getifa_fib (info=3D0xffffff80ec9168d0, =
fibnum=3D0)
at /usr/src/sys/net/route.c:745
#13 0xffffffff8037bc8d in rtrequest1_fib (req=3DVariable "req" is not =
available.
) at /usr/src/sys/net/route.c:1025
#14 0xffffffff8038650d in in_ifinit (ifp=3DVariable "ifp" is not =
available.
) at /usr/src/sys/netinet/in.c:921
#15 0xffffffff80387aeb in in_control (so=3DVariable "so" is not =
available.
) at /usr/src/sys/netinet/in.c:547
#16 0xffffffff80372d91 in ifioctl (so=3D0xffffff0005fa5510, =
cmd=3D2151704858,=20
data=3D0xffffff000576bcc0 "re0", td=3D0xffffff0005ef8ab0) at =
/usr/src/sys/net/if.c:2226
#17 0xffffffff80307c1f in kern_ioctl (td=3D0xffffff0005ef8ab0, =
fd=3DVariable "fd" is not available.
) at file.h:262
#18 0xffffffff80307e51 in ioctl (td=3D0xffffff0005ef8ab0, =
uap=3D0xffffff80ec916c00)
at /usr/src/sys/kern/sys_generic.c:677
#19 0xffffffff8049e8e7 in syscall (frame=3D0xffffff80ec916c90)
at /usr/src/sys/amd64/amd64/trap.c:984
#20 0xffffffff80478fc0 in Xfast_syscall () at =
/usr/src/sys/amd64/amd64/exception.S:364
#21 0x0000000800a6d19c in ?? ()
Previous frame inner to this frame (corrupt stack?)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - =
- - - - -
So, I up 10 and print 'v' value:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - =
- - - - -
(kgdb) up 10
#10 0xffffffff802bb31e in _mtx_lock_sleep (m=3D0xffffff00050cae20,=20
tid=3D18446742974297508528, opts=3DVariable "opts" is not available.
) at /usr/src/sys/kern/kern_mutex.c:340
340 owner =3D (struct thread *)(v & =
~MTX_FLAGMASK);
(kgdb) p v
$1 =3D 0
(kgdb) p m
$2 =3D (struct mtx *) 0xffffff00050cae20
(kgdb) p *m
$3 =3D {lock_object =3D {lo_name =3D 0x0, lo_flags =3D 0, lo_data =3D 0, =
lo_witness =3D 0x0},=20
mtx_lock =3D 0}
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - =
- - - - -
In this time, mtx_lock =3D=3D NULL.
So more up:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - =
- - - - -
(kgdb) up
#11 0xffffffff8036f4ad in ifaof_ifpforaddr (addr=3D0xffffffff806e4800,=20
ifp=3D0xffffff00050caa00) at /usr/src/sys/net/if.c:1541
1541 IF_ADDR_LOCK(ifp);
(kgdb) p *ifp
$4 =3D {if_softc =3D 0xffffff00050caa90, if_l2com =3D 0x0, if_vnet =3D =
0xffffffff80393b30,=20
if_link =3D {tqe_next =3D 0x0, tqe_prev =3D 0xffffffff80379700},=20
if_xname =3D "\000\000\000\000\000\000\000\000:9\200",=20
if_dname =3D 0xffffffff80379f20 "UH\211H\211H\203 =
H\205H\211]L\211mH\211L\211eI\211u\025H\213]L\213eH\211L\213m?\001", =
if_dunit =3D 0,=20
if_refcount =3D 0, if_addrhead =3D {tqh_first =3D 0xffffffff803790a0,=20
tqh_last =3D 0xffffffff80378f50}, if_klist =3D {kl_list =3D {
slh_first =3D 0xffffffff80393700}, kl_lock =3D 0, kl_unlock =3D =
0xffffff0005f49b20,=20
kl_locked =3D 0x600ffdf, kl_lockarg =3D 0xffffff000516b180}, =
if_pcount =3D 0,=20
if_carp =3D 0x0, if_bpf =3D 0x0, if_index =3D 43664, if_timer =3D =
1292,=20
if_vlantrunk =3D 0x6800020, if_flags =3D 4, if_capabilities =3D 0, =
if_capenable =3D 99916576,=20
if_linkmib =3D 0xffffff000b1c8350, if_linkmiblen =3D 0, if_data =3D =
{ifi_type =3D 80 'P',=20
ifi_physical =3D 131 '\203', ifi_addrlen =3D 28 '\034', ifi_hdrlen =
=3D 11 '\v',=20
ifi_link_state =3D 0 '\0', ifi_spare_char1 =3D 255 '', =
ifi_spare_char2 =3D 255 '',=20
ifi_datalen =3D 255 '', ifi_mtu =3D 100728799, ifi_metric =3D =
18446742974283297180,=20
ifi_baudrate =3D 0, ifi_ipackets =3D 0, ifi_ierrors =3D 1,=20
ifi_opackets =3D 18446744071567800714, ifi_oerrors =3D 69926912, =
ifi_collisions =3D 0,=20
ifi_ibytes =3D 1, ifi_obytes =3D 0, ifi_imcasts =3D 0, ifi_omcasts =
=3D 0, ifi_iqdrops =3D 0,=20
ifi_noproto =3D 0, ifi_hwassist =3D 0, ifi_epoch =3D 0, =
ifi_lastchange =3D {tv_sec =3D 0,=20
tv_usec =3D 0}}, if_multiaddrs =3D {tqh_first =3D 0x0, tqh_last =
=3D 0x0}, if_amcount =3D 0,=20
if_output =3D 0, if_input =3D 0, if_start =3D 0, if_ioctl =3D 0, =
if_watchdog =3D 0, if_init =3D 0,=20
if_resolvemulti =3D 0, if_qflush =3D 0, if_transmit =3D 0, if_addr =3D =
0x0, if_llsoftc =3D 0x0,=20
if_drv_flags =3D 0, if_snd =3D {ifq_head =3D 0x0, ifq_tail =3D 0x0, =
ifq_len =3D 0,=20
ifq_maxlen =3D 0, ifq_drops =3D 0, ifq_mtx =3D {lock_object =3D =
{lo_name =3D 0x0,=20
lo_flags =3D 84716688, lo_data =3D 4294967040, lo_witness =3D =
0x0},=20
mtx_lock =3D 18446744071565818672}, ifq_drv_head =3D 0x0,=20
ifq_drv_tail =3D 0xffffffff80379700, ifq_drv_len =3D 0, =
ifq_drv_maxlen =3D 0,=20
altq_type =3D -2143733008, altq_flags =3D -1, altq_disc =3D =
0xffffffff80379f20,=20
altq_ifp =3D 0x0, altq_enqueue =3D 0xffffffff803790a0 <rn_walktree>, =
altq_dequeue =3D 0xffffffff80378f50 <rn_walktree_from>,=20
altq_request =3D 0xffffffff80393700 <in_clsroute>, altq_clfier =3D =
0x0,=20
altq_classify =3D 0xffffff0005f49be8, altq_tbr =3D 0x600ffdf,=20
altq_cdnr =3D 0xffffff000516b180}, if_broadcastaddr =3D 0x0, =
if_bridge =3D 0x0,=20
if_label =3D 0x0, if_prefixhead =3D {tqh_first =3D 0xffffff00050cac90, =
tqh_last =3D 0x6800020}, if_afdata =3D {0x4, 0xffffff0005f49be8, =
0xffffff000b1c8418,=20
0x0, 0xffffff000b1c8418, 0x600ffdf, 0xffffff000516b19c, 0x0, 0x0, =
0x1,=20
0xffffffff8057798a, 0x42b0000, 0x0, 0xffffff0005ef8ab0, 0x0 <repeats =
24 times>},=20
if_afdata_initialized =3D 0, if_afdata_lock =3D {lock_object =3D =
{lo_name =3D 0x0,=20
lo_flags =3D 0, lo_data =3D 0, lo_witness =3D 0x0}, rw_lock =3D =
0}, if_linktask =3D {
ta_link =3D {stqe_next =3D 0x0}, ta_pending =3D 0, ta_priority =3D =
0, ta_func =3D 0,=20
ta_context =3D 0x0}, if_addr_mtx =3D {lock_object =3D {lo_name =3D =
0x0, lo_flags =3D 0,=20
lo_data =3D 0, lo_witness =3D 0x0}, mtx_lock =3D 0}, if_clones =3D =
{le_next =3D 0x0,=20
le_prev =3D 0x0}, if_groups =3D {tqh_first =3D 0x0, tqh_last =3D =
0x0}, if_pf_kif =3D 0x0,=20
if_lagg =3D 0x0, if_alloctype =3D 0 '\0', if_cspare =3D "\000\000", =
if_pspare =3D {0x0, 0x0,=20
---Type <return> to continue, or q <return> to quit---
0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, if_ispare =3D {0, 0, 0, 0}}
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - =
- - - - -
Sorry, I don't have any idea. Is above report OK?
_______________________________________________
freebsd-current@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to =
"freebsd-current-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?B583FBF374231F4A89607B4D08578A431443C2>