Current-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: new if_bge/mii panic

(2013/06/13 8:44), Roy Marples wrote:
On 12/06/2013 21:53, wrote:
Indeed, reverting this commit makes my kernel work fine (I'm also using

Well, for reference it works in my i386 Thinkpad using a bge(4) interface.

The attached patch shouldn't help you as you're already at splnet()
from mii_physubr.c but it's probably better.

Unfortunately, your attached patch didn't improve the situation.


I would venture to guess that netinet6/mld6.c:872 fails to check that malloc 
fails, but your panic happens deeper in so in this case a check would not help.
At this point I guess I'll have to ask for help as I don't fully understand how 
the locking works nor how malloc here would cause a panic, especially as I 
cannot replicate it on a my bge(4) interface.


See the stack trace.

#3  0xc04c95f1 in panic (fmt=0xc06e42dd "%s: %s caller=%p")
at ../../../../kern/subr_prf.c:200
#4  0xc033846c in assert_sleepable
() at ../../../../kern/kern_lock.c:92
#5  0xc04c7c1b in
pool_cache_get_paddr (pc=0xc1a5ae00, flags=1, pap=0x0)
at ../../../../kern/subr_pool.c:2212
#6  0xc04bed1c in kmem_intr_alloc
(requested_size=20, kmflags=1) at ../../../../kern/subr_kmem.c:265
#7 0xc033bb21 in kern_malloc (size=16, flags=2)
at ../../../../kern/kern_malloc.c:118
#8  0xc0388b6c in
in6_createmkludge (ifp=0xc1aeb004) at ../../../../netinet6/mld6.c:872
#9  0xc02bf19c in in6_ifattach (ifp=0xc1aeb004, altifp=0x0)
at ../../../../netinet6/in6_ifattach.c:778
#10 0xc02bd5b5 in in6_if_up
(ifp=0xc1aeb004) at ../../../../netinet6/in6.c:2212
#11 0xc0387122 in
mii_phy_statusmsg (sc=<optimized out>)
at ../../../../dev/mii/mii_physubr.c:444
#12 mii_phy_update
(sc=0xc1de15d0, cmd=3) at ../../../../dev/mii/mii_physubr.c:427
#13 0xc016b83a in brgphy_service (sc=0xc1de15d0, mii=0xc1aeb2b4, cmd=3)
at ../../../../dev/mii/brgphy.c:452
#14 0xc038633b in phy_service
(cmd=3, mii=0xc1aeb2b4, sc=0xc1de15d0) at ../../../../dev/mii/mii.c:198
#15 mii_pollstat (mii=0xc1aeb2b4) at ../../../../dev/mii/mii.c:251
#16 0xc0274be6 in bge_link_upd (sc=0xc1aeb000)
at ../../../../dev/pci/if_bge.c:5782
#17 bge_intr (xsc=0xc1aeb000)
at ../../../../dev/pci/if_bge.c:4534
#18 0xc02cdd70 in
intr_biglock_wrapper (vp=0xc1d8b548)
at ../../../../arch/x86/x86/intr.c:605
#19 0xc0107825 in Xintr_ioapic_level3 ()

in6_createmkludge() does:

        mk = malloc(sizeof(*mk), M_IPMADDR, M_ZERO|M_WAITOK);

in6_createmkludge() must not be called under interrupt context.

 * Allocate space for the kludge at interface initialization time.
 * Formerly, we dynamically allocated the space in in6_savemkludge() with
 * malloc(M_WAITOK).  However, it was wrong since the function could be called
 * under an interrupt context (software timer on address lifetime expiration).
 * Also, we cannot just give up allocating the strucutre, since the group
 * membership structure is very complex and we need to keep it anyway.
 * Of course, this function MUST NOT be called under an interrupt context.
 * Specifically, it is expected to be called only from in6_ifattach(), though
 * it is a global function.
in6_createmkludge(struct ifnet *ifp)

                SAITOH Masanobu (

Home | Main Index | Thread Index | Old Index