From owner-svn-src-head@FreeBSD.ORG Thu Mar 5 22:17:24 2015 Return-Path: Delivered-To: svn-src-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id E4D7D345; Thu, 5 Mar 2015 22:17:24 +0000 (UTC) Received: from mail-out.smeets.im (mail-out.smeets.im [IPv6:2a01:4f8:160:918a::25:11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 716349C; Thu, 5 Mar 2015 22:17:24 +0000 (UTC) Received: from mail.smeets.im (mail.smeets.im [IPv6:2a01:4f8:160:918a::25:3]) by mail-out.smeets.im (Postfix) with ESMTP id 14B84103C; Thu, 5 Mar 2015 23:17:21 +0100 (CET) Received: from amavis.smeets.im (amavis.smeets.im [IPv6:2a01:4f8:160:918a::aa:4]) by mail.smeets.im (Postfix) with ESMTP id 63958892BC; Thu, 5 Mar 2015 23:17:21 +0100 (CET) X-Virus-Scanned: amavisd-new at smeets.im Received: from mail.smeets.im ([IPv6:2a01:4f8:160:918a::25:3]) by amavis.smeets.im (amavis.smeets.im [IPv6:2a01:4f8:160:918a::aa:4]) (amavisd-new, port 10025) with ESMTP id 2qv2UULc5XGd; Thu, 5 Mar 2015 23:17:21 +0100 (CET) Received: from nibbler-wlan.home.lan (unknown [85.22.115.216]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.smeets.im (Postfix) with ESMTPSA id 62735892AF; Thu, 5 Mar 2015 23:17:20 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=smeets.im; s=default; t=1425593840; bh=FEaN/9izl9S/esAQy1m0UxPa0w4B0W0KgVuKZ6RCAWY=; h=Subject:To:references:From:Date:in-reply-to; b=rTounzWD8SGqZz6BMJRNb4Y0mFStd8Hokq02ZhHKqHyL4Ig9gSVMlwR08iSgkyDfh PLILZ7LYCOtnIGlcswIj7ajo2cNDSXdAx7K7quJtdwbvCAU2UgjQYfNg83VwhKQBha g5UvJBChdlcPbmw4YNemWFyz46FHrtMjuzMDLmKI= Subject: Re: svn commit: r279588 - head/sys/netinet6 To: "Andrey V. Elsukov" , src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org references: <201503041120.t24BK2SG000709@svn.freebsd.org> From: Florian Smeets message-id: <54F8D5EC.8030800@smeets.im> Date: Thu, 5 Mar 2015 23:17:16 +0100 user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:38.0) Gecko/20100101 Thunderbird/38.0a2 mime-version: 1.0 in-reply-to: <201503041120.t24BK2SG000709@svn.freebsd.org> Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="QkPH8RHrE0JG75jXw33tsMMoV2WFBfCCB" X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 05 Mar 2015 22:17:25 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --QkPH8RHrE0JG75jXw33tsMMoV2WFBfCCB Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable On 04.03.15 12:20, Andrey V. Elsukov wrote: > Author: ae > Date: Wed Mar 4 11:20:01 2015 > New Revision: 279588 > URL: https://svnweb.freebsd.org/changeset/base/279588 >=20 > Log: > Fix deadlock in IPv6 PCB code. > =20 Hi, everything I'm going to mention is running world/kernel @r279675. I have a host running a couple of IPv6 only bhyves. It looks like I can e= asily panic them when trying to ssh into them. With my limited understand= ing I'd say the stack trace points to this commit. All the tap interfaces used by the bhyves are connected to one bridge int= erface. Every bhyve has its own IPv6 address configured on vtnet0. The br= idge interface on the host has an IPv6 address which is the default gatew= ay in all the bhyves. Let me know if you need anything else. It seems to be quite easy to repro= duce. Fatal trap 12: page fault while in kernel mode cpuid =3D 6; apic id =3D 06 fault virtual address =3D 0x0 fault code =3D supervisor read data, page not present instruction pointer =3D 0x20:0xffffffff80bda224 stack pointer =3D 0x28:0xfffffe01efbfd330 frame pointer =3D 0x28:0xfffffe01efbfd3d0 code segment =3D base 0x0, limit 0xfffff, type 0x1b =3D DPL 0, pres 1, long 1, def32 0, gran 1 processor eflags =3D interrupt enabled, resume, IOPL =3D 0 current process =3D 12 (irq265: virtio_pci0) [ thread pid 12 tid 100036 ] Stopped at in6_pcbnotify+0x254: movl (%rax),%edx db> where Tracing pid 12 tid 100036 td 0xfffff800063d0000 in6_pcbnotify() at in6_pcbnotify+0x254/frame 0xfffffe01efbfd3d0 tcp6_ctlinput() at tcp6_ctlinput+0xf0/frame 0xfffffe01efbfd470 icmp6_input() at icmp6_input+0x18d4/frame 0xfffffe01efbfd660 ip6_input() at ip6_input+0x488/frame 0xfffffe01efbfd740 netisr_dispatch_src() at netisr_dispatch_src+0x61/frame 0xfffffe01efbfd7b= 0 ether_demux() at ether_demux+0x15d/frame 0xfffffe01efbfd7e0 ether_nh_input() at ether_nh_input+0x377/frame 0xfffffe01efbfd840 netisr_dispatch_src() at netisr_dispatch_src+0x61/frame 0xfffffe01efbfd8b= 0 ether_input() at ether_input+0x26/frame 0xfffffe01efbfd8d0 vtnet_rxq_eof() at vtnet_rxq_eof+0x7ab/frame 0xfffffe01efbfd9a0 vtnet_rx_vq_intr() at vtnet_rx_vq_intr+0x94/frame 0xfffffe01efbfd9e0 intr_event_execute_handlers() at intr_event_execute_handlers+0x1d8/frame = 0xfffffe01efbfda20 ithread_loop() at ithread_loop+0x9c/frame 0xfffffe01efbfda70 fork_exit() at fork_exit+0x9a/frame 0xfffffe01efbfdab0 fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe01efbfdab0 --- trap 0, rip =3D 0, rsp =3D 0xfffffe01efbfdb70, rbp =3D 0 --- (kgdb) list *0xffffffff80bda224 0xffffffff80bda224 is in in6_pcbnotify (/usr/src/sys/netinet6/in6_pcb.c:6= 49). 644 * and the application (associated with this sock= et) wanted to 645 * know the value, notify. 646 * XXX: should we avoid to notify the value to TC= P sockets? 647 */ 648 if (cmd =3D=3D PRC_MSGSIZE) 649 ip6_notify_pmtu(inp, (struct sockaddr_in6= *)dst, 650 *(u_int32_t *)cmdarg); 651 652 /* 653 * Detect if we should notify the error. If no so= urce and (kgdb) print dst $5 =3D (struct sockaddr *) 0xfffffe01efbfd590 (kgdb) print notify $6 =3D (struct inpcb *(*)(struct inpcb *, int)) 0xffffffff80bb5220 Florian --QkPH8RHrE0JG75jXw33tsMMoV2WFBfCCB Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2 iQJ8BAEBCgBmBQJU+NXvXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRBNzAxMDMyMDNCQ0FCNDRBOThGRUM4NDRF NzA1M0RGOUZGODZGMDc2AAoJEOcFPfn/hvB2sWMP/2piGQjkX0lH7L4sA8PdRugU Mh/8AEGx5/oYClQEOu6ZlVi7q8ftKc55JgEXqGLXWDfQXGlR/ZJqjcntqGym/D0L n0V6F+FbnkwTRN0Dw2bONYHdyfZnt6iDJM7MOme2AumOTZ0AQvvvqJvcTWz5Zv8j XYZVJ2YqO9x+Buh/1012nWvG8K3+bseaBodRKQVfOXSd9MkxgSZ3d5oeAMTeYhME enOuaD5s+LSbJogz1KzwOwmPu3weg8ew/KOrLBov9qZtyl8qqWidFRb98biJgOEK ekHDRnsZSjx/kSR3liPUH11ydGcBsP2ZjHhrTHzCjXhYb9AqCWFJgd3ld6jkyyS5 EUhP3K2u6bsoL6GCmeJzdZds6rUQUBzTGhN1xwpq8bEX0ibiGH3OnJxP1LKAKoBP xMC8QCuOdPJo614PVgGT3xyy/7GzDTMN4LHMjGCZR9A/MMJseiSkw3QZHQlicJBo opMpu4b4Osc7WR+PHlx/ZpDatFicjSd7LhiWLOEV35n1BE4GVSmn1mxuRnzEpwk+ QwLTyyM1v34RyWs8eb924NVbOTFfwTcYj/kSVhkYaoy+HdAXT9+XIazgYXWp7Vvx Hb6Nk7PH/uabpFrnxg0Q31mD9ibiDxLkMNPjbZfUCW0egfft0dhthho5sx0bAYOc 89wc7iXq569qA+93KEOn =jKqm -----END PGP SIGNATURE----- --QkPH8RHrE0JG75jXw33tsMMoV2WFBfCCB--