Date: Wed, 23 Oct 2019 10:11:44 +0000 From: "Fedorov, Aleksandr" <aleksandr.fedorov@vstack.com> To: "freebsd-current@freebsd.org" <freebsd-current@freebsd.org> Cc: "cem@FreeBSD.org" <cem@FreeBSD.org> Subject: Re: > r353680: multiuser crash due to: m_getzone: Inavlid cluster size 0 Message-ID: <279a3b54b5454b3e935389ad55d68298@vstack.com>
next in thread | raw e-mail | index | archive | help
I discovered a similar kernel panic.
To reproduce, just run CURRENT in bhyve with e1000 network backend.
I think the problem is that the debugnet_any_ifnet_update () function calls=
iflib_debugnet_init () when the private driver data is not yet fully initi=
alized.
sys/net/iflib.c:
6724iflib_debugnet_init(if_t ifp, int *nrxr, int *ncl, int *clsize)
6725{
6726 if_ctx_t ctx;
6727
6728 ctx =3D if_getsoftc(ifp);
6729 CTX_LOCK(ctx);
6730 *nrxr =3D NRXQSETS(ctx);
6731 *ncl =3D ctx->ifc_rxqs[0].ifr_fl->ifl_size;
6732 *clsize =3D ctx->ifc_rxqs[0].ifr_fl->ifl_buf_size; <<<<<<<<------ i=
fl_buf_size is equal zero!!!
6733 CTX_UNLOCK(ctx);
6734}
So, it seems that ifnet_link_event EVENTHANDLER is too early to initialize =
debugnet.
Because ifl_buf_size is initialized with ctx-> ifc_rx_mbuf_sz, which is ini=
tialized with iflib_calc_rx_mbuf_sz (), I use the following patch, as a wor=
karound:
diff --git a/sys/net/iflib.c b/sys/net/iflib.c
index 73606981a492..1caf3505932a 100644
--- a/sys/net/iflib.c
+++ b/sys/net/iflib.c
@@ -6729,7 +6729,8 @@ iflib_debugnet_init(if_t ifp, int *nrxr, int *ncl, in=
t *clsize)
CTX_LOCK(ctx);
*nrxr =3D NRXQSETS(ctx);
*ncl =3D ctx->ifc_rxqs[0].ifr_fl->ifl_size;
- *clsize =3D ctx->ifc_rxqs[0].ifr_fl->ifl_buf_size;
+ iflib_calc_rx_mbuf_sz(ctx);
+ *clsize =3D iflib_get_rx_mbuf_sz(ctx);
CTX_UNLOCK(ctx);
}
em0: <Intel(R) PRO/1000 Network Connection> port 0x2000-0x2007 mem 0xc00000=
00-0xc001ffff,0xc0020000-0xc002ffff irq 16 at device 2.0 on pci0
em0: Using 1024 TX descriptors and 1024 RX descriptors
em0: Ethernet address: 00:a0:98:b9:5c:99
em0: netmap queues/slots: TX 1/1024, RX 1/1024
virtio_pci0: <VirtIO PCI Block adapter> port 0x2040-0x207f mem 0xc0030000-0=
xc0031fff irq 17 at device 3.0 on pci0
vtblk0: <VirtIO Block Adapter> on virtio_pci0
vtblk0: 16384MB (33554432 512 byte sectors)
atkbdc0: <Keyboard controller (i8042)> port 0x60,0x64 irq 1 on acpi0
atkbd0: <AT Keyboard> irq 1 on atkbdc0
kbd0 at atkbd0
atkbd0: [GIANT-LOCKED]
driver bug: Unable to set devclass (class: atkbdc devname: (unknown))
Unhandled ps2 mouse command 0xe1
psm0: <PS/2 Mouse> irq 12 on atkbdc0
psm0: [GIANT-LOCKED]
psm0: model Generic PS/2 mouse, device ID 0
uart0: <16550 or compatible> port 0x3f8-0x3ff irq 4 flags 0x10 on acpi0
uart0: console (9600,n,8,1)
uart1: <16550 or compatible> port 0x2f8-0x2ff irq 3 on acpi0
vga0: <Generic ISA VGA> at port 0x3b0-0x3bb iomem 0xb0000-0xb7fff pnpid PNP=
0900 on isa0
Timecounters tick every 10.000 msec
usb_needs_explore_all: no devclass
em0: link state changed to UP
panic: m_getzone: invalid cluster size 0
cpuid =3D 0
time =3D 1
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe0011b8d=
7f0
vpanic() at vpanic+0x17e/frame 0xfffffe0011b8d850
panic() at panic+0x43/frame 0xfffffe0011b8d8b0
debugnet_mbuf_reinit() at debugnet_mbuf_reinit+0x21b/frame 0xfffffe0011b8d8=
f0
debugnet_any_ifnet_update() at debugnet_any_ifnet_update+0x107/frame 0xffff=
fe0011b8d940
do_link_state_change() at do_link_state_change+0x1b3/frame 0xfffffe0011b8d9=
90
taskqueue_run_locked() at taskqueue_run_locked+0x10c/frame 0xfffffe0011b8d9=
f0
taskqueue_run() at taskqueue_run+0x4a/frame 0xfffffe0011b8da10
ithread_loop() at ithread_loop+0x1c6/frame 0xfffffe0011b8da70
fork_exit() at fork_exit+0x80/frame 0xfffffe0011b8dab0
fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe0011b8dab0
--- trap 0, rip =3D 0, rsp =3D 0, rbp =3D 0 ---
KDB: enter: panic
[ thread pid 12 tid 100010 ]
Stopped at kdb_enter+0x37: movq $0,0x1098a86(%rip)
db>=20
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?279a3b54b5454b3e935389ad55d68298>