Date: Mon, 01 Feb 2021 07:59:17 +0000 From: bugzilla-noreply@freebsd.org To: jail@FreeBSD.org Subject: [Bug 238326] Kernel crash on jail stop (VIMAGE/VNET) Message-ID: <bug-238326-29815-6Jd9TLcxbz@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-238326-29815@https.bugs.freebsd.org/bugzilla/> References: <bug-238326-29815@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D238326 --- Comment #22 from Zhenlei Huang <zlei.huang@gmail.com> --- (In reply to Kyle Evans from comment #20) Steps to reproduce the kernel panic: Host environment: FreeBSD 12.2 Guest fresh install with kernel debug symbols, VMware Fusion 12.1.0, hardware configured with 4 Processor cores and 1G memory, system updated to 12.2-RELEASE-p3. Host and jail's /etc/rc.conf: ------------- rc.conf ------------------ # The jails share this rc.conf, let's disable the syslog service syslogd_enable=3D"NO" #syslogd_flags=3D"-ss" sendmail_enable=3D"NONE" hostname=3D"" ifconfig_em0=3D"DHCP" dumpdev=3D"AUTO" zfs_enable=3D"YES" ---------------------------------------- Host's /etc/jail.conf: ------------ jail.conf ----------------- # template for all test jails # it is convenient to share host's filesystem path =3D "/"; exec.clean; vnet =3D new; vnet.interface =3D "epair${ifnum}b"; exec.prepare =3D "/sbin/ifconfig epair${ifnum} create"; exec.prepare +=3D "/sbin/ifconfig epair${ifnum}a inet 192.168.${ifnum}.1/24= up"; exec.start =3D "/bin/sh /etc/rc"; # I've no ideas why opening and binding a socket would trigger the kernel p= anic more likely :( exec.start +=3D "/usr/sbin/daemon /usr/bin/nc -l 0.0.0.0 9999"; exec.start +=3D "/sbin/ifconfig epair${ifnum}b inet 192.168.${ifnum}.2/24"; exec.start +=3D "/sbin/route add default 192.168.${ifnum}.1"; exec.stop =3D "/bin/sh /etc/rc.shutdown"; exec.poststop +=3D "/sbin/ifconfig epair${ifnum}a destroy"; test1 { $ifnum =3D 10; } # with more jails it seems crash the host more likely test2 { $ifnum =3D 20; } ---------------------------------------- Then repeat stopping and starting jail service, the host crashes about once= in 2 or 3 times. # service jail onestart && service jail onestop ... The kernel panic message: Fatal trap 12: page fault while in kernel mode cpuid =3D 2; apic id =3D 04 fault virtual address =3D 0x410 fault code =3D supervisor read data, page not present instruction pointer =3D 0x20:0xffffffff80b9f237 stack pointer =3D 0x28:0xfffffe0015b55370 frame pointer =3D 0x28:0xfffffe0015b553f0 code segment =3D base 0x0, limit 0xfffff, type 0x1b =3D DPL 0, pres 1, long 1, def32 0, gran 1 processor eflags =3D interrupt enabled, resume, IOPL =3D 0 current process =3D 93087 (ifconfig) trap number =3D 12 panic: page fault cpuid =3D 2 time =3D 1612193992 KDB: stack backtrace: #0 0xffffffff80c0aa85 at kdb_backtrace+0x65 #1 0xffffffff80bbed3b at vpanic+0x17b #2 0xffffffff80bbebb3 at panic+0x43 #3 0xffffffff8108e911 at trap_fatal+0x391 #4 0xffffffff8108e96f at trap_pfault+0x4f #5 0xffffffff8108dfb6 at trap+0x286 #6 0xffffffff81066938 at calltrap+0x8 #7 0xffffffff80bb9591 at _rm_rlock_hard+0x3c1 #8 0xffffffff80ce5ce6 at rtinit+0x2a6 #9 0xffffffff80d3873e at in_scrubprefix+0x29e #10 0xffffffff80d5001d at rip_ctlinput+0x8d #11 0xffffffff80c4922c at pfctlinput+0x5c #12 0xffffffff80cbb4fa at if_down+0x12a #13 0xffffffff80cb90d0 at if_detach_internal+0x150 #14 0xffffffff80cb8df0 at if_detach+0x50 #15 0xffffffff82b1ebb1 at epair_clone_destroy+0x81 #16 0xffffffff80cc0c4d at if_clone_destroyif+0xdd #17 0xffffffff80cc0b12 at if_clone_destroy+0x1a2 Uptime: 1m22s Dumping 160 out of 982 MB:..10%..20%..30%..40%..50%..60%..70%..80%..90%..10= 0% To be clear, after update to 12.2-RELEASE-p3, it's difficult to crash the h= ost without the below line in jail.conf: exec.start +=3D "/usr/sbin/daemon /usr/bin/nc -l 0.0.0.0 9999"; I'll attach full core text dump later. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-238326-29815-6Jd9TLcxbz>