Date: Thu, 5 Mar 2015 23:17:16 +0100 From: Florian Smeets <flo@smeets.im> To: "Andrey V. Elsukov" <ae@FreeBSD.org>, src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: Re: svn commit: r279588 - head/sys/netinet6 Message-ID: <54F8D5EC.8030800@smeets.im> In-Reply-To: <201503041120.t24BK2SG000709@svn.freebsd.org> References: <201503041120.t24BK2SG000709@svn.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] On 04.03.15 12:20, Andrey V. Elsukov wrote: > Author: ae > Date: Wed Mar 4 11:20:01 2015 > New Revision: 279588 > URL: https://svnweb.freebsd.org/changeset/base/279588 > > Log: > Fix deadlock in IPv6 PCB code. > Hi, everything I'm going to mention is running world/kernel @r279675. I have a host running a couple of IPv6 only bhyves. It looks like I can easily panic them when trying to ssh into them. With my limited understanding I'd say the stack trace points to this commit. All the tap interfaces used by the bhyves are connected to one bridge interface. Every bhyve has its own IPv6 address configured on vtnet0. The bridge interface on the host has an IPv6 address which is the default gateway in all the bhyves. Let me know if you need anything else. It seems to be quite easy to reproduce. Fatal trap 12: page fault while in kernel mode cpuid = 6; apic id = 06 fault virtual address = 0x0 fault code = supervisor read data, page not present instruction pointer = 0x20:0xffffffff80bda224 stack pointer = 0x28:0xfffffe01efbfd330 frame pointer = 0x28:0xfffffe01efbfd3d0 code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, long 1, def32 0, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 12 (irq265: virtio_pci0) [ thread pid 12 tid 100036 ] Stopped at in6_pcbnotify+0x254: movl (%rax),%edx db> where Tracing pid 12 tid 100036 td 0xfffff800063d0000 in6_pcbnotify() at in6_pcbnotify+0x254/frame 0xfffffe01efbfd3d0 tcp6_ctlinput() at tcp6_ctlinput+0xf0/frame 0xfffffe01efbfd470 icmp6_input() at icmp6_input+0x18d4/frame 0xfffffe01efbfd660 ip6_input() at ip6_input+0x488/frame 0xfffffe01efbfd740 netisr_dispatch_src() at netisr_dispatch_src+0x61/frame 0xfffffe01efbfd7b0 ether_demux() at ether_demux+0x15d/frame 0xfffffe01efbfd7e0 ether_nh_input() at ether_nh_input+0x377/frame 0xfffffe01efbfd840 netisr_dispatch_src() at netisr_dispatch_src+0x61/frame 0xfffffe01efbfd8b0 ether_input() at ether_input+0x26/frame 0xfffffe01efbfd8d0 vtnet_rxq_eof() at vtnet_rxq_eof+0x7ab/frame 0xfffffe01efbfd9a0 vtnet_rx_vq_intr() at vtnet_rx_vq_intr+0x94/frame 0xfffffe01efbfd9e0 intr_event_execute_handlers() at intr_event_execute_handlers+0x1d8/frame 0xfffffe01efbfda20 ithread_loop() at ithread_loop+0x9c/frame 0xfffffe01efbfda70 fork_exit() at fork_exit+0x9a/frame 0xfffffe01efbfdab0 fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe01efbfdab0 --- trap 0, rip = 0, rsp = 0xfffffe01efbfdb70, rbp = 0 --- (kgdb) list *0xffffffff80bda224 0xffffffff80bda224 is in in6_pcbnotify (/usr/src/sys/netinet6/in6_pcb.c:649). 644 * and the application (associated with this socket) wanted to 645 * know the value, notify. 646 * XXX: should we avoid to notify the value to TCP sockets? 647 */ 648 if (cmd == PRC_MSGSIZE) 649 ip6_notify_pmtu(inp, (struct sockaddr_in6 *)dst, 650 *(u_int32_t *)cmdarg); 651 652 /* 653 * Detect if we should notify the error. If no source and (kgdb) print dst $5 = (struct sockaddr *) 0xfffffe01efbfd590 (kgdb) print notify $6 = (struct inpcb *(*)(struct inpcb *, int)) 0xffffffff80bb5220 <tcp_mtudisc_notify> Florian [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2 iQJ8BAEBCgBmBQJU+NXvXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRBNzAxMDMyMDNCQ0FCNDRBOThGRUM4NDRF NzA1M0RGOUZGODZGMDc2AAoJEOcFPfn/hvB2sWMP/2piGQjkX0lH7L4sA8PdRugU Mh/8AEGx5/oYClQEOu6ZlVi7q8ftKc55JgEXqGLXWDfQXGlR/ZJqjcntqGym/D0L n0V6F+FbnkwTRN0Dw2bONYHdyfZnt6iDJM7MOme2AumOTZ0AQvvvqJvcTWz5Zv8j XYZVJ2YqO9x+Buh/1012nWvG8K3+bseaBodRKQVfOXSd9MkxgSZ3d5oeAMTeYhME enOuaD5s+LSbJogz1KzwOwmPu3weg8ew/KOrLBov9qZtyl8qqWidFRb98biJgOEK ekHDRnsZSjx/kSR3liPUH11ydGcBsP2ZjHhrTHzCjXhYb9AqCWFJgd3ld6jkyyS5 EUhP3K2u6bsoL6GCmeJzdZds6rUQUBzTGhN1xwpq8bEX0ibiGH3OnJxP1LKAKoBP xMC8QCuOdPJo614PVgGT3xyy/7GzDTMN4LHMjGCZR9A/MMJseiSkw3QZHQlicJBo opMpu4b4Osc7WR+PHlx/ZpDatFicjSd7LhiWLOEV35n1BE4GVSmn1mxuRnzEpwk+ QwLTyyM1v34RyWs8eb924NVbOTFfwTcYj/kSVhkYaoy+HdAXT9+XIazgYXWp7Vvx Hb6Nk7PH/uabpFrnxg0Q31mD9ibiDxLkMNPjbZfUCW0egfft0dhthho5sx0bAYOc 89wc7iXq569qA+93KEOn =jKqm -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?54F8D5EC.8030800>