From owner-freebsd-bugs@FreeBSD.ORG Wed Feb 1 22:50:07 2012 Return-Path: Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 88EC81065674 for ; Wed, 1 Feb 2012 22:50:07 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 65C598FC15 for ; Wed, 1 Feb 2012 22:50:07 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.5/8.14.5) with ESMTP id q11Mo7he080532 for ; Wed, 1 Feb 2012 22:50:07 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.5/8.14.5/Submit) id q11Mo7gU080531; Wed, 1 Feb 2012 22:50:07 GMT (envelope-from gnats) Resent-Date: Wed, 1 Feb 2012 22:50:07 GMT Resent-Message-Id: <201202012250.q11Mo7gU080531@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Nikos Vassiliadis Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id ABA3E10656D0 for ; Wed, 1 Feb 2012 22:40:35 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from red.freebsd.org (red.freebsd.org [IPv6:2001:4f8:fff6::22]) by mx1.freebsd.org (Postfix) with ESMTP id 9AC2A8FC13 for ; Wed, 1 Feb 2012 22:40:35 +0000 (UTC) Received: from red.freebsd.org (localhost [127.0.0.1]) by red.freebsd.org (8.14.4/8.14.4) with ESMTP id q11MeZFR053614 for ; Wed, 1 Feb 2012 22:40:35 GMT (envelope-from nobody@red.freebsd.org) Received: (from nobody@localhost) by red.freebsd.org (8.14.4/8.14.4/Submit) id q11MeZXL053613; Wed, 1 Feb 2012 22:40:35 GMT (envelope-from nobody) Message-Id: <201202012240.q11MeZXL053613@red.freebsd.org> Date: Wed, 1 Feb 2012 22:40:35 GMT From: Nikos Vassiliadis To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-3.1 Cc: Subject: kern/164696: VIMAGE + carp panics the kernel X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 Feb 2012 22:50:07 -0000 >Number: 164696 >Category: kern >Synopsis: VIMAGE + carp panics the kernel >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Wed Feb 01 22:50:07 UTC 2012 >Closed-Date: >Last-Modified: >Originator: Nikos Vassiliadis >Release: FreeBSD 10.0-CURRENT >Organization: >Environment: FreeBSD lab.local 10.0-CURRENT FreeBSD 10.0-CURRENT #112 r230875: Wed Feb 1 21:40:59 EET 2012 root@lab.local:/usr/obj/usr/src/sys/LAB i386 >Description: Trying to use a carp interface in a VIMAGE enabled kernel, panics the kernel. #4 0xc051ce3d in db_trap (type=12, code=0) at /usr/src/sys/ddb/db_main.c:229 #5 0xc0a99226 in kdb_trap (type=12, code=0, tf=0xc49a3b18) at /usr/src/sys/kern/subr_kdb.c:629 #6 0xc0e1a30f in trap_fatal (frame=0xc49a3b18, eva=24) at /usr/src/sys/i386/i386/trap.c:966 #7 0xc0e1ada3 in trap (frame=0xc49a3b18) at /usr/src/sys/i386/i386/trap.c:352 #8 0xc0e03b0c in calltrap () at /usr/src/sys/i386/i386/exception.s:168 #9 0xc7abefd0 in carp_send_ad_locked (sc=0xc500a600) at /usr/src/sys/modules/carp/../../netinet/ip_carp.c:777 #10 0xc7abf984 in carp_master_down_locked (sc=0xc500a600) at /usr/src/sys/modules/carp/../../netinet/ip_carp.c:1119 #11 0xc7abfc4f in carp_master_down (v=0xc500a600) at /usr/src/sys/modules/carp/../../netinet/ip_carp.c:1104 #12 0xc0a78aa2 in softclock (arg=0xc119e5c0) at /usr/src/sys/kern/kern_timeout.c:571 #13 0xc0a382f5 in intr_event_execute_handlers (p=0xc4deb588, ie=0xc4e2d280) at /usr/src/sys/kern/kern_intr.c:1257 >How-To-Repeat: Build a VIMAGE kernel. Create and 'up' a carp address. >Fix: The attached patch fixes the panic. It doesn't virtualize carp(4), that is, only carp instances in vnet0 work. Patch attached with submission follows: Index: sys/netinet/ip_carp.c =================================================================== --- sys/netinet/ip_carp.c (revision 230875) +++ sys/netinet/ip_carp.c (working copy) @@ -734,6 +734,8 @@ struct mbuf *m; int len, advskew; + CURVNET_SET(sc->sc_carpdev->if_vnet); + CARP_LOCK_ASSERT(sc); advskew = DEMOTE_ADVSKEW(sc); @@ -761,6 +763,7 @@ /* XXX maybe less ? */ callout_reset(&sc->sc_ad_tmo, tvtohz(&tv), carp_send_ad, sc); + CURVNET_RESTORE(); return; } len = sizeof(*ip) + sizeof(ch); @@ -793,8 +796,10 @@ ch_ptr = (struct carp_header *)(&ip[1]); bcopy(&ch, ch_ptr, sizeof(ch)); - if (carp_prepare_ad(m, sc, ch_ptr)) + if (carp_prepare_ad(m, sc, ch_ptr)) { + CURVNET_RESTORE(); return; + } m->m_data += sizeof(*ip); ch_ptr->carp_cksum = carp_cksum(m, len - sizeof(*ip)); @@ -832,6 +837,7 @@ /* XXX maybe less ? */ callout_reset(&sc->sc_ad_tmo, tvtohz(&tv), carp_send_ad, sc); + CURVNET_RESTORE(); return; } len = sizeof(*ip6) + sizeof(ch); @@ -864,13 +870,16 @@ if (in6_setscope(&ip6->ip6_dst, sc->sc_carpdev, NULL) != 0) { m_freem(m); CARP_DEBUG("%s: in6_setscope failed\n", __func__); + CURVNET_RESTORE(); return; } ch_ptr = (struct carp_header *)(&ip6[1]); bcopy(&ch, ch_ptr, sizeof(ch)); - if (carp_prepare_ad(m, sc, ch_ptr)) + if (carp_prepare_ad(m, sc, ch_ptr)) { + CURVNET_RESTORE(); return; + } m->m_data += sizeof(*ip6); ch_ptr->carp_cksum = carp_cksum(m, len - sizeof(*ip6)); >Release-Note: >Audit-Trail: >Unformatted: