Date: Wed, 9 May 2018 13:48:20 +0100 From: Tom Jones <thj@freebsd.org> To: Matt Macy <mmacy@FreeBSD.org> Cc: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: Re: svn commit: r333309 - in head/sys: net netinet netinet6 Message-ID: <20180509124820.GA34572@tom-desk.erg.abdn.ac.uk> In-Reply-To: <201805062034.w46KYDUY088148@repo.freebsd.org> References: <201805062034.w46KYDUY088148@repo.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, May 06, 2018 at 08:34:13PM +0000, Matt Macy wrote: > Author: mmacy > Date: Sun May 6 20:34:13 2018 > New Revision: 333309 > URL: https://svnweb.freebsd.org/changeset/base/333309 > > Log: > r333175 introduced deferred deletion of multicast addresses in order to permit the driver ioctl > to sleep on commands to the NIC when updating multicast filters. More generally this permitted > driver's to use an sx as a softc lock. Unfortunately this change introduced a race whereby a > a multicast update would still be queued for deletion when ifconfig deleted the interface > thus calling down in to _purgemaddrs and synchronously deleting _all_ of the multicast addresses > on the interface. > > Synchronously remove all external references to a multicast address before enqueueing for delete. > Hi Matt, I am getting periodic panics on a FreeBSD CURRENT guest running bhyve on a 11.1 Host. An idle guest will panic after about 5 minutes. Reverting this commit stops the panics. Fatal trap 9: general protection fault while in kernel mode cpuid = 0; apic id = 00 instruction pointer = 0x20:0xffffffff80db01ac stack pointer = 0x28:0xfffffe00121827d0 frame pointer = 0x28:0xfffffe0012182800 code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, long 1, def32 0, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 12 (swi4: clock (0)) [ thread pid 12 tid 100023 ] Stopped at in6m_disconnect+0x13c: cmpq %r13,(%rcx) db> bt Tracing pid 12 tid 100023 td 0xfffff8000322d000 in6m_disconnect() at in6m_disconnect+0x13c/frame 0xfffffe0012182800 mld_fasttimo() at mld_fasttimo+0x62b/frame 0xfffffe00121828d0 pffasttimo() at pffasttimo+0x54/frame 0xfffffe0012182900 softclock_call_cc() at softclock_call_cc+0x150/frame 0xfffffe00121829b0 softclock() at softclock+0x7c/frame 0xfffffe00121829e0 intr_event_execute_handlers() at intr_event_execute_handlers+0x99/frame 0xfffffe0012182a20 ithread_loop() at ithread_loop+0xb7/frame 0xfffffe0012182a70 fork_exit() at fork_exit+0x84/frame 0xfffffe0012182ab0 fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe0012182ab0 --- trap 0, rip = 0, rsp = 0, rbp = 0 --- - [tj]
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20180509124820.GA34572>