From owner-freebsd-bugs@FreeBSD.ORG Sat Feb 26 12:00:36 2005 Return-Path: Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C9DF116A4CF for ; Sat, 26 Feb 2005 12:00:36 +0000 (GMT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7F34B43D54 for ; Sat, 26 Feb 2005 12:00:36 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.1/8.13.1) with ESMTP id j1QC0aPs016177 for ; Sat, 26 Feb 2005 12:00:36 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.13.1/8.13.1/Submit) id j1QC0aFa016167; Sat, 26 Feb 2005 12:00:36 GMT (envelope-from gnats) Resent-Date: Sat, 26 Feb 2005 12:00:36 GMT Resent-Message-Id: <200502261200.j1QC0aFa016167@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Gavin Atkinson Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D524D16A4CE for ; Sat, 26 Feb 2005 11:51:31 +0000 (GMT) Received: from mail-gw1.york.ac.uk (mail-gw1.york.ac.uk [144.32.128.246]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0DB7C43D58 for ; Sat, 26 Feb 2005 11:51:31 +0000 (GMT) (envelope-from ga9@buffy.york.ac.uk) Received: from buffy.york.ac.uk (buffy.york.ac.uk [144.32.226.160]) by mail-gw1.york.ac.uk (8.12.10/8.12.10) with ESMTP id j1QBpQD7019055 for ; Sat, 26 Feb 2005 11:51:26 GMT Received: from buffy.york.ac.uk (localhost [127.0.0.1]) by buffy.york.ac.uk (8.13.1/8.13.1) with ESMTP id j1QBpQUh064239 for ; Sat, 26 Feb 2005 11:51:26 GMT (envelope-from ga9@buffy.york.ac.uk) Received: (from ga9@localhost) by buffy.york.ac.uk (8.13.1/8.13.1/Submit) id j1QBpQhp064238; Sat, 26 Feb 2005 11:51:26 GMT (envelope-from ga9) Message-Id: <200502261151.j1QBpQhp064238@buffy.york.ac.uk> Date: Sat, 26 Feb 2005 11:51:26 GMT From: Gavin Atkinson To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Subject: kern/78112: vlan panic due to not initialising parent interface X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Gavin Atkinson List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 26 Feb 2005 12:00:37 -0000 >Number: 78112 >Category: kern >Synopsis: vlan panic due to not initialising parent interface >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sat Feb 26 12:00:35 GMT 2005 >Closed-Date: >Last-Modified: >Originator: Gavin Atkinson >Release: FreeBSD 5.3-STABLE i386 >Organization: >Environment: System: FreeBSD buffy.york.ac.uk 5.3-STABLE FreeBSD 5.3-STABLE #0: Sat Feb 12 20:42:16 GMT 2005 root@buffy.york.ac.uk:/usr/obj/usr/src/sys/BUFFY i386 >Description: There's an easily reproduceable panic involving configuring vlans on fxp cards. I've recreated it in single user mode on a top-of-tree -CURRENT machine as well as on a 5.3-STABLE machine. Enter full pathname of shell or RETURN for /bin/sh: # ifconfig vlan0 create # ifconfig vlan0 vlan 123 vlandev fxp0 # ifconfig vlan0 inet 1.2.3.4 lock order reversal 1st 0xc15f6268 fxp0 (network driver) @ /usr/src/sys/dev/fxp/if_fxp.c:2389 2nd 0xc14c7ad0 user map (user map) @ /usr/src/sys/vm/vm_map.c:2998 KDB: stack backtrace: kdb_backtrace(0,ffffffff,c08f7ae0,c08f8a08,c08852ac) at kdb_backtrace+0x29 witness_checkorder(c14c7ad0,9,c083d2a9,bb6) at witness_checkorder+0x54c _sx_xlock(c14c7ad0,c083d2a9,bb6) at _sx_xlock+0x50 _vm_map_lock_read(c14c7a8c,c083d2a9,bb6,2000046,c1595458) at _vm_map_lock_read+0x37 vm_map_lookup(cbdf3804,0,2,cbdf3808,cbdf37f8) at vm_map_lookup+0x28 vm_fault(c14c7a8c,0,2,8,c1594450) at vm_fault+0x66 trap_pfault(cbdf38cc,0,0) at trap_pfault+0xf2 trap(c15f0018,cbdf0010,c0630010,c15f6000,c15f6000) at trap+0x335 calltrap() at calltrap+0x5 --- trap 0xc, eip = 0xc051e966, esp = 0xcbdf390c, ebp = 0xcbdf3918 --- fxp_mc_setup(c15f6000) at fxp_mc_setup+0x62 fxp_ioctl(c15f6000,80206931,0) at fxp_ioctl+0x112 if_addmulti(c15f6000,cbdf3980,cbdf397c,c1667d48,cbdf3988) at if_addmulti+0x223 vlan_setmulti(c1667c40,cbdf39fc,c060a5d5,c088cd80,40) at vlan_setmulti+0x139 vlan_ioctl(c1733800,80206931,0) at vlan_ioctl+0x3e if_addmulti(c1733800,cbdf3a4c,cbdf3a48,cbdf3a4c,1c) at if_addmulti+0x223 in6_addmulti(cbdf3a9c,c1733800,cbdf3a94) at in6_addmulti+0x4c in6_update_ifa(c1733800,cbdf3b9c,0) at in6_update_ifa+0x4ce in6_ifattach_linklocal(c1733800,0) at in6_ifattach_linklocal+0xe5 in6_ifattach(c1733800,0,8040691a,8040691a,0) at in6_ifattach+0xa9 in6_if_up(c1733800) at in6_if_up+0x13 ifioctl(c173da60,8040691a,c1667dc0,c1594450,0) at ifioctl+0x1f8 soo_ioctl(c1724708,8040691a,c1667dc0,c14b9780,c1594450) at soo_ioctl+0x2db ioctl(c1594450,cbdf3d14,3,2,282) at ioctl+0x370 syscall(2f,2f,2f,80543a0,1) at syscall+0x213 Xint0x80_syscall() at Xint0x80_syscall+0x1f --- syscall (54, FreeBSD ELF32, ioctl), eip = 0x280c44f3, esp = 0xbfbfe5cc, ebp = 0xbfbfee18 --- Fatal trap 12: page fault while in kernel mode cpuid = 0; apic id = 00 fault virtual address = 0x0 fault code = supervisor write, page not present instruction pointer = 0x8:0xc051e966 stack pointer = 0x10:0xcbdf390c frame pointer = 0x10:0xcbdf3918 code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, def32 1, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 56 (ifconfig) [thread pid 56 tid 100043 ] Stopped at fxp_mc_setup+0x62: movw $0,0(%eax) db> db> tr Tracing pid 56 tid 100043 td 0xc1594450 fxp_mc_setup(c15f6000) at fxp_mc_setup+0x62 fxp_ioctl(c15f6000,80206931,0) at fxp_ioctl+0x112 if_addmulti(c15f6000,cbdf3980,cbdf397c,c1667d48,cbdf3988) at if_addmulti+0x223 vlan_setmulti(c1667c40,cbdf39fc,c060a5d5,c088cd80,40) at vlan_setmulti+0x139 vlan_ioctl(c1733800,80206931,0) at vlan_ioctl+0x3e if_addmulti(c1733800,cbdf3a4c,cbdf3a48,cbdf3a4c,1c) at if_addmulti+0x223 in6_addmulti(cbdf3a9c,c1733800,cbdf3a94) at in6_addmulti+0x4c in6_update_ifa(c1733800,cbdf3b9c,0) at in6_update_ifa+0x4ce in6_ifattach_linklocal(c1733800,0) at in6_ifattach_linklocal+0xe5 in6_ifattach(c1733800,0,8040691a,8040691a,0) at in6_ifattach+0xa9 in6_if_up(c1733800) at in6_if_up+0x13 ifioctl(c173da60,8040691a,c1667dc0,c1594450,0) at ifioctl+0x1f8 soo_ioctl(c1724708,8040691a,c1667dc0,c14b9780,c1594450) at soo_ioctl+0x2db ioctl(c1594450,cbdf3d14,3,2,282) at ioctl+0x370 syscall(2f,2f,2f,80543a0,1) at syscall+0x213 Xint0x80_syscall() at Xint0x80_syscall+0x1f --- syscall (54, FreeBSD ELF32, ioctl), eip = 0x280c44f3, esp = 0xbfbfe5cc, ebp = 0xbfbfee18 --- fxp_mc_setup+0x62 seems to correspond to the following code in sys/dev/fxp/if_fxp.c: (line 2554) /* * Add a NOP command with interrupt so that we are notified * when all TX commands have been processed. */ txp = sc->fxp_desc.tx_last->tx_next; txp->tx_mbuf = NULL; --> txp->tx_cb->cb_status = 0; txp->tx_cb->cb_command = htole16(FXP_CB_COMMAND_NOP | FXP_CB_COMMAND_S | FXP_CB_COMMAND_I); txp->tx_cb is NULL at this point. This seems to be because fxp_init() has never been called. (both have been validated by instrumenting the code in question) Note also that the panic does not seem to occur if you do anything with fxp0 before doing something with the vlans. For example, assigning it an address, or even just bringing it up seems to prevent the panic. In this situation, where should fxp_init be called from? Presumably it's not the responsibility of the vlan code - as when it gets called we could already be using the interface and reinitialising it wouldn't be a nice thing to do. But then, what should be initialising it? I'm also pretty sure that this is not confined only to the fxp driver. >How-To-Repeat: Reboot to single user mode and run the following commands: # ifconfig vlan0 create # ifconfig vlan0 vlan 123 vlandev fxp0 # ifconfig vlan0 inet 1.2.3.4 >Fix: Unknown. Presumably we need to call fxp_init at some point before the vlan code tries to use the interface, but where this should be called from and by who I don't know. >Release-Note: >Audit-Trail: >Unformatted: