FreeBSD Mail Archives

Date:      Sun, 5 Aug 2018 19:35:57 +0400
From:      Roman Bogorodskiy <novel@freebsd.org>
To:        freebsd-current@freebsd.org
Subject:   panic after ifioctl/if_clone_destroy
Message-ID:  <20180805153556.GA1957@kloomba>

next in thread | raw e-mail | index | archive | help


--FL5UXtIhxfXey3p5
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Running -CURRENT r336863 on amd64. Get the following panic right after
(or during) boot:

Fatal trap 12: page fault while in kernel mode
cpuid =3D 2; apic id =3D 04
fault virtual address   =3D 0xdeadc2ff
fault code              =3D supervisor read data, page not present
instruction pointer     =3D 0x20:0xffffffff80bd7858
stack pointer           =3D 0x28:0xfffffe008b445580
frame pointer           =3D 0x28:0xfffffe008b4455c0
code segment            =3D base 0x0, limit 0xfffff, type 0x1b
                        =3D DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags        =3D interrupt enabled, resume, IOPL =3D 0
current process         =3D 903 (libvirtd)

Traceback is:

(kgdb) #0  doadump (textdump=3D0) at pcpu.h:230
#1  0xffffffff8043dc7b in db_dump (dummy=3D<value optimized out>,
    dummy2=3D<value optimized out>, dummy3=3D<value optimized out>,
    dummy4=3D<value optimized out>) at /usr/src/sys/ddb/db_command.c:574
#2  0xffffffff8043da49 in db_command (cmd_table=3D<value optimized out>)
    at /usr/src/sys/ddb/db_command.c:481
#3  0xffffffff8043d7c4 in db_command_loop ()
    at /usr/src/sys/ddb/db_command.c:534
#4  0xffffffff804409ef in db_trap (type=3D<value optimized out>,
    code=3D<value optimized out>) at /usr/src/sys/ddb/db_main.c:252
#5  0xffffffff80bdd513 in kdb_trap (type=3D12, code=3D0, tf=3D<value optimi=
zed out>)
    at /usr/src/sys/kern/subr_kdb.c:693
#6  0xffffffff810769f1 in trap_fatal (frame=3D0xfffffe008b4454c0, eva=3D373=
5929599)
    at /usr/src/sys/amd64/amd64/trap.c:884
#7  0xffffffff81076b12 in trap_pfault (frame=3D0xfffffe008b4454c0,
    usermode=3D<value optimized out>) at pcpu.h:230
#8  0xffffffff8107611a in trap (frame=3D0xfffffe008b4454c0)
    at /usr/src/sys/amd64/amd64/trap.c:427
#9  0xffffffff810518ac in calltrap ()
    at /usr/src/sys/amd64/amd64/exception.S:230
#10 0xffffffff80bd7858 in epoch_block_handler_preempt (
    global=3D<value optimized out>, cr=3D0xfffffe00760c3a00,
    arg=3D<value optimized out>) at /usr/src/sys/kern/subr_epoch.c:256
#11 0xffffffff803994fd in ck_epoch_synchronize_wait (
    global=3D0xfffff800030c5680,
    cb=3D0xffffffff80bd77a0 <epoch_block_handler_preempt>, ct=3D0x0)
    at /usr/src/sys/contrib/ck/src/ck_epoch.c:407
#12 0xffffffff80bd7630 in epoch_wait_preempt (epoch=3D0xfffff800030c5680)
    at /usr/src/sys/kern/subr_epoch.c:389
#13 0xffffffff80c983bf in if_delgroup (ifp=3D0xfffff80003aab800,
    groupname=3D0xfffff80005ff5e00 "bridge") at /usr/src/sys/net/if.c:1514
#14 0xffffffff80c9f2b2 in if_clone_destroyif (ifc=3D0xfffff80005ff5e00,
    ifp=3D0xfffff80003aab800) at /usr/src/sys/net/if_clone.c:325
#15 0xffffffff80c9f0d5 in if_clone_destroy (name=3D0xfffffe008b4458d0 "virb=
r0")
    at /usr/src/sys/net/if_clone.c:288
#16 0xffffffff80c9a2c3 in ifioctl (so=3D0xfffff80007edca38, cmd=3D214960780=
1,
    data=3D<value optimized out>, td=3D<value optimized out>)
    at /usr/src/sys/net/if.c:3053
#17 0xffffffff80c04259 in kern_ioctl (td=3D0xfffff80007c1a580,
    fd=3D<value optimized out>, com=3D<value optimized out>,
    data=3D<value optimized out>) at file.h:330
#18 0xffffffff80c03f2e in sys_ioctl (td=3D0xfffff80007c1a580,
    uap=3D0xfffff80007c1a940) at /usr/src/sys/kern/sys_generic.c:712
#19 0xffffffff81077401 in amd64_syscall (td=3D0xfffff80007c1a580, traced=3D=
0)
    at subr_syscall.c:135
#20 0xffffffff8105218d in fast_syscall_common ()
    at /usr/src/sys/amd64/amd64/exception.S:500
#21 0x00000008028f4c0a in ?? ()                                            =
                                                                           =
                                                            =20
Previous frame inner to this frame (corrupt stack?)                        =
                                                                           =
                                                            =20
Current language:  auto; currently minimal                                 =
                                                                           =
                                                            =20
(kgdb)

It looks like panic happens during network interfaces related
operations. Couple of dmesg lines before panic:

Aug  5 19:02:42 romashka rtsold[585]: <rtsock_input_ifannounce> interface b=
ridge0 removed
Aug  5 19:02:42 romashka kernel: bridge0: Ethernet address: 02:af:41:48:c7:=
00
Aug  5 19:02:42 romashka kernel: bridge0: changing name to 'virbr-ab'
Aug  5 19:02:42 romashka kernel: tap0: Ethernet address: 00:bd:8d:11:f7:00
Aug  5 19:02:42 romashka kernel: tap0: link state changed to UP
Aug  5 19:02:42 romashka kernel: tap0: changing name to 'virbr-ab-nic'
Aug  5 19:02:42 romashka kernel: virbr-ab-nic: promiscuous mode enabled
Aug  5 19:02:42 romashka kernel: virbr-ab: link state changed to UP
Aug  5 19:02:42 romashka rtsold[585]: <rtsock_input_ifannounce> interface t=
ap0 removed
Aug  5 19:02:43 romashka dnsmasq[1047]: setting --bind-interfaces option be=
cause of OS limitations
Aug  5 19:02:43 romashka dnsmasq[1047]: warning: no upstream servers config=
ured
Aug  5 19:02:43 romashka kernel: virbr-ab-nic: link state changed to DOWN
Aug  5 19:02:43 romashka kernel: virbr-ab: link state changed to DOWN
Aug  5 19:02:43 romashka kernel: bridge1: Ethernet address: 02:af:41:48:c7:=
01
Aug  5 19:02:43 romashka kernel: bridge1: changing name to 'virbr0'
Aug  5 19:02:43 romashka rtsold[585]: <rtsock_input_ifannounce> interface b=
ridge1 removed
Aug  5 19:02:43 romashka kernel: tap1: Ethernet address: 00:bd:53:14:f7:01
Aug  5 19:02:43 romashka kernel: tap1: link state changed to UP
Aug  5 19:02:43 romashka kernel: tap1: changing name to 'virbr0-nic'
Aug  5 19:02:43 romashka kernel: virbr0: link state changed to UP
Aug  5 19:02:43 romashka kernel: virbr0-nic: promiscuous mode enabled
Aug  5 19:02:43 romashka rtsold[585]: <rtsock_input_ifannounce> interface t=
ap1 removed
Aug  5 19:05:03 romashka syslogd: kernel boot file is /boot/kernel/kernel
Aug  5 19:05:03 romashka kernel:
Aug  5 19:05:03 romashka syslogd: last message repeated 1 times
Aug  5 19:05:03 romashka kernel: Fatal trap 12: page fault while in kernel =
mode

If I disable libvirt service, system completes booting fine. What it
tries to do on start, it creates a couple of bridge(4) and tap(4)
devices, adds tap devices to bridges it created, and possibly destroy
these interfaces in case of errors. It also starts dnsmasq on some of
these interfaces.

This problem started to appear about 2-4 weeks ago.

Roman Bogorodskiy

--FL5UXtIhxfXey3p5
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQEcBAEBAgAGBQJbZxlcAAoJEMltX/4IwiJqz14H/iUeN+2tp1x1c41ONRs9DwIU
ahv5/cpAVLUGouo3KJru1SxLzBa8jXauMEC/zo0xDOBOcDsGAXCZWFwIXvErjmUw
+4pHQtKVlWF+H5jkAc7t1XCcYMP1Mj0+BM1UFKX8/9//oZ35ti+f4c/GEkRQlXwU
hLLTU+dIW4XExKkXR5DgolbRhbknN7LeZvceQ4RF1XB6HTLdMKIcIU/m+plb0SMX
Um7dxCKuxkZAj6sCUo/9hiFvzr4vDBEajdlwGLiRagAaHXKa0euZ7C96B8skYHAh
ABTkKZUTcnbL6XH6AWX5CdUsiNN1K4uxJ486Xhsq8BvIjfk+syiw8l2yOOqttcA=
=J8Du
-----END PGP SIGNATURE-----

--FL5UXtIhxfXey3p5--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20180805153556.GA1957>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation