kern/91574: bge member in if_bridge causing system crash
Erik Osterholm
erik+freebsd at cepheid.org
Mon Jan 9 15:40:10 PST 2006
>Number: 91574
>Category: kern
>Synopsis: bge member in if_bridge causing system crash
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Mon Jan 09 23:40:07 GMT 2006
>Closed-Date:
>Last-Modified:
>Originator: Erik Osterholm
>Release: FreeBSD 6.0-RELEASE i386
>Organization:
Texas A&M University
>Environment:
FreeBSD erik-test.net.tamu.edu 6.0-RELEASE FreeBSD 6.0-RELEASE #0: Fri J an 6 15:53:52 UTC 2006 root at erik-test.net.tamu.edu:/usr/obj/usr/src/sys/GENERIC.poll.notxp i386
>Description:
When using the bge0 driver as a member interface to bridge0 (if_bridge), the machine crashes very shortly upon coming up. Bringing down the bge0 interface prevents the crash, as does leaving it up but removing it from the bridge. We have tried two identical 3Com nics, and the problem is exhibited with both.
NIC is 3Com 3C9960-SX. Chip: BCM5701KHB Other NICs are integrated Intel using the em driver.
Debug output and dmesg follow:
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i386-marcel-freebsd".
Unread portion of the kernel message buffer:
Fatal trap 12: page fault while in kernel mode
fault virtual address = 0xbfd0d20c
fault code = supervisor read, page not present
instruction pointer = 0x20:0xc07f5919
stack pointer = 0x28:0xd408ec00
frame pointer = 0x28:0xd408ec50
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, def32 1, gran 1
processor eflags = interrupt enabled, resume, IOPL = 0
current process = 21 (irq10: em0)
trap number = 12
panic: page fault
Uptime: 9m1s
Dumping 503 MB (2 chunks)
chunk 0: 1MB (160 pages) ... ok
chunk 1: 503MB (128752 pages) 487 471 455 439 423 407 391 375 359 343 327 311 295 279 263 247 231 215 199 183 167 151 135 119 103 87 71 55 39 23 7
#0 doadump () at pcpu.h:165
165 __asm __volatile("movl %%fs:0,%0" : "=r" (td));
(kgdb) where
#0 doadump () at pcpu.h:165
#1 0xc063796a in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:399
#2 0xc0637c00 in panic (fmt=0xc084f68c "%s")
at /usr/src/sys/kern/kern_shutdown.c:555
#3 0xc0808d70 in trap_fatal (frame=0xd408ebc0, eva=3218133516)
at /usr/src/sys/i386/i386/trap.c:831
#4 0xc0808adb in trap_pfault (frame=0xd408ebc0, usermode=0, eva=3218133516)
at /usr/src/sys/i386/i386/trap.c:742
#5 0xc0808719 in trap (frame=
{tf_fs = -1046872056, tf_es = 40, tf_ds = -1047134168, tf_edi = -1045740800, tf_esi = -1044477568, tf_ebp = -737612720, tf_isp = -737612820, tf_ebx = -1041618176, tf_edx = 0, tf_ecx = 1128804354, tf_eax = 275587, tf_trapno = 12, tf_err = 0, tf_eip = -1065395943, tf_cs = 32, tf_eflags = 590338, tf_esp = -737612784, tf_ss = -1047072384}) at /usr/src/sys/i386/i386/trap.c:432
#6 0xc07f7f0a in calltrap () at /usr/src/sys/i386/i386/exception.s:139
#7 0xc07f5919 in bus_dmamap_load (dmat=0xc1b87a80, map=0x43483,
buf=0x43483002, buflen=2046, callback=0xc0503ba4 <em_dmamap_cb>,
callback_arg=0xd408ec74, flags=0) at pmap.h:200
#8 0xc050448e in em_get_buf (i=48, adapter=0xc1a50000, nmp=0x0)
at /usr/src/sys/dev/em/if_em.c:2474
#9 0xc0504c5f in em_process_receive_interrupts (adapter=0xc1a50000, count=-2)
at /usr/src/sys/dev/em/if_em.c:2797
#10 0xc0501eb5 in em_intr (arg=0xc1a50000) at /usr/src/sys/dev/em/if_em.c:992
#11 0xc06226b9 in ithread_loop (arg=0xc1966780)
at /usr/src/sys/kern/kern_intr.c:547
#12 0xc0621940 in fork_exit (callout=0xc0622560 <ithread_loop>,
arg=0xc1966780, frame=0xd408ed38) at /usr/src/sys/kern/kern_fork.c:789
#13 0xc07f7f6c in fork_trampoline () at /usr/src/sys/i386/i386/exception.s:208
(kgdb) up 7
#7 0xc07f5919 in bus_dmamap_load (dmat=0xc1b87a80, map=0x43483,
buf=0x43483002, buflen=2046, callback=0xc0503ba4 <em_dmamap_cb>,
callback_arg=0xd408ec74, flags=0) at pmap.h:200
200 pa = *vtopte(va);
(kgdb) p pa
(kgdb) p va
(kgdb) list *0xc07f5919
0xc07f5919 is in bus_dmamap_load (pmap.h:201).
196
197 if ((pa = PTD[va >> PDRSHIFT]) & PG_PS) {
198 pa = (pa & ~(NBPDR - 1)) | (va & (NBPDR - 1));
199 } else {
200 pa = *vtopte(va);
201 pa = (pa & PG_FRAME) | (va & PAGE_MASK);
202 }
203 return pa;
204 }
205
(kgdb)
dmesg:
Copyright (c) 1992-2005 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
The Regents of the University of California. All rights reserved.
FreeBSD 6.0-RELEASE #0: Fri Jan 6 15:53:52 UTC 2006
root at erik-test.net.tamu.edu:/usr/obj/usr/src/sys/GENERIC.poll.notxp
mptable_probe: MP Config Table has bad signature: \^F\^H
Timecounter "i8254" frequency 1193182 Hz quality 0
CPU: Intel(R) Celeron(R) CPU 2.00GHz (2000.35-MHz 686-class CPU)
Origin = "GenuineIntel" Id = 0xf29 Stepping = 9
Features=0xbfebfbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CLFLUSH,DTS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE>
Features2=0x4400<CNTX-ID,<b14>>
real memory = 528416768 (503 MB)
avail memory = 507748352 (484 MB)
npx0: [FAST]
npx0: <math processor> on motherboard
npx0: INT 16 interface
acpi0: <IntelR AWRDACPI> on motherboard
acpi0: Power Button (fixed)
pci_link0: <ACPI PCI Link LNKA> irq 5 on acpi0
pci_link1: <ACPI PCI Link LNKB> irq 12 on acpi0
pci_link2: <ACPI PCI Link LNKC> irq 9 on acpi0
pci_link3: <ACPI PCI Link LNKD> irq 11 on acpi0
pci_link4: <ACPI PCI Link LNKE> irq 0 on acpi0
pci_link5: <ACPI PCI Link LNKF> irq 0 on acpi0
pci_link6: <ACPI PCI Link LNK0> irq 10 on acpi0
pci_link7: <ACPI PCI Link LNK1> irq 11 on acpi0
Timecounter "ACPI-fast" frequency 3579545 Hz quality 1000
acpi_timer0: <24-bit timer at 3.579545MHz> port 0x408-0x40b on acpi0
cpu0: <ACPI CPU> on acpi0
acpi_button0: <Power Button> on acpi0
pcib0: <ACPI Host-PCI bridge> port 0xcf8-0xcff on acpi0
pci0: <ACPI PCI bus> on pcib0
agp0: <Intel 82845G (845G GMCH) SVGA controller> mem 0xe0000000-0xe7ffffff,0xec100000-0xec17ffff irq 5 at device 2.0 on pci0
agp0: detected 8060k stolen memory
agp0: aperture size is 128M
uhci0: <Intel 82801DB (ICH4) USB controller USB-A> port 0xb800-0xb81f irq 5 at device 29.0 on pci0
uhci0: [GIANT-LOCKED]
usb0: <Intel 82801DB (ICH4) USB controller USB-A> on uhci0
usb0: USB revision 1.0
uhub0: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub0: 2 ports with 2 removable, self powered
uhci1: <Intel 82801DB (ICH4) USB controller USB-B> port 0xb000-0xb01f irq 11 at device 29.1 on pci0
uhci1: [GIANT-LOCKED]
usb1: <Intel 82801DB (ICH4) USB controller USB-B> on uhci1
usb1: USB revision 1.0
uhub1: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub1: 2 ports with 2 removable, self powered
uhci2: <Intel 82801DB (ICH4) USB controller USB-C> port 0xb400-0xb41f irq 9 at device 29.2 on pci0
uhci2: [GIANT-LOCKED]
usb2: <Intel 82801DB (ICH4) USB controller USB-C> on uhci2
usb2: USB revision 1.0
uhub2: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub2: 2 ports with 2 removable, self powered
ehci0: <Intel 82801DB/DBL/DBM (ICH4) USB 2.0 controller> mem 0xec180000-0xec1803ff irq 11 at device 29.7 on pci0
ehci0: [GIANT-LOCKED]
usb3: EHCI version 1.0
usb3: companion controllers, 2 ports each: usb0 usb1 usb2
usb3: <Intel 82801DB/DBL/DBM (ICH4) USB 2.0 controller> on ehci0
usb3: USB revision 2.0
uhub3: Intel EHCI root hub, class 9/0, rev 2.00/1.00, addr 1
uhub3: 6 ports with 6 removable, self powered
pcib1: <ACPI PCI-PCI bridge> at device 30.0 on pci0
pci_link3: BIOS IRQ 5 does not match initial IRQ 11
pci1: <ACPI PCI bus> on pcib1
bge0: <Broadcom BCM5701 Gigabit Ethernet, ASIC rev. 0x105> mem 0xec040000-0xec04ffff irq 12 at device 0.0 on pci1
bge0: Ethernet address: 00:0a:5e:55:bc:d1
em0: <Intel(R) PRO/1000 Network Connection, Version - 2.1.7> port 0xa000-0xa03f mem 0xec000000-0xec01ffff irq 10 at device 5.0 on pci1
em0: Ethernet address: 00:30:48:43:7e:bc
em0: Speed:N/A Duplex:N/A
em1: <Intel(R) PRO/1000 Network Connection, Version - 2.1.7> port 0xa400-0xa43f mem 0xec020000-0xec03ffff irq 11 at device 6.0 on pci1
em1: Ethernet address: 00:30:48:43:7e:bd
em1: Speed:N/A Duplex:N/A
isab0: <PCI-ISA bridge> at device 31.0 on pci0
isa0: <ISA bus> on isab0
atapci0: <Intel ICH4 UDMA100 controller> port 0x1f0-0x1f7,0x3f6,0x170-0x177,0x376,0xcc00-0xcc0f mem 0xec181000-0xec1813ff at device 31.1 on pci0
ata0: <ATA channel 0> on atapci0
ata1: <ATA channel 1> on atapci0
pci0: <serial bus, SMBus> at device 31.3 (no driver attached)
acpi_tz0: <Thermal Zone> on acpi0
fdc0: <floppy drive controller> port 0x3f0-0x3f5,0x3f7 irq 6 drq 2 on acpi0
fdc0: [FAST]
sio0: <16550A-compatible COM port> port 0x3f8-0x3ff irq 4 flags 0x10 on acpi0
sio0: type 16550A, console
sio1: <16550A-compatible COM port> port 0x2f8-0x2ff irq 3 on acpi0
sio1: type 16550A
ppc0: <Standard parallel printer port> port 0x378-0x37f,0x778-0x77b irq 7 on acpi0
ppc0: Generic chipset (NIBBLE-only) in COMPATIBLE mode
ppbus0: <Parallel port bus> on ppc0
plip0: <PLIP network interface> on ppbus0
lpt0: <Printer> on ppbus0
lpt0: Interrupt-driven port
ppi0: <Parallel I/O> on ppbus0
atkbdc0: <Keyboard controller (i8042)> port 0x60,0x64 irq 1 on acpi0
atkbd0: <AT Keyboard> irq 1 on atkbdc0
kbd0 at atkbd0
atkbd0: [GIANT-LOCKED]
pmtimer0 on isa0
sc0: <System console> at flags 0x100 on isa0
sc0: VGA <16 virtual consoles, flags=0x300>
vga0: <Generic ISA VGA> at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0
Timecounter "TSC" frequency 2000345876 Hz quality 800
Timecounters tick every 1.000 msec
ad0: DMA limited to UDMA33, controller found non-ATA66 cable
ad0: 38166MB <WDC WD400JB-00JJC0 05.01C05> at ata0-master UDMA33
acd0: CDROM <CD-224E/1.9A> at ata1-master UDMA33
Trying to mount root from ufs:/dev/ad0s1a
WARNING: / was not properly dismounted
bridge0: Ethernet address: ac:de:48:5c:4d:07
bridge0: promiscuous mode enabled
em0: link state changed to UP
em0: link state changed to DOWN
>How-To-Repeat:
Create an if_bridge interface with member bge0, and send traffic through the bridge.
>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list