From owner-freebsd-bugs@freebsd.org Fri Nov 10 20:32:18 2017 Return-Path: Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 5B9D2E4FBA9 for ; Fri, 10 Nov 2017 20:32:18 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4A2622B93 for ; Fri, 10 Nov 2017 20:32:18 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id vAAKWIge031313 for ; Fri, 10 Nov 2017 20:32:18 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-bugs@FreeBSD.org Subject: [Bug 223600] vnic: kernel panic when running tcpdump Date: Fri, 10 Nov 2017 20:32:18 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: CURRENT X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: emaste@freebsd.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform op_sys bug_status bug_severity priority component assigned_to reporter Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 10 Nov 2017 20:32:18 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D223600 Bug ID: 223600 Summary: vnic: kernel panic when running tcpdump Product: Base System Version: CURRENT Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: kern Assignee: freebsd-bugs@FreeBSD.org Reporter: emaste@freebsd.org With IPv6 traffic, if it matters. root@freebsd12-test:~ # tcpdump -ni vnic0 ip6 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on vnic0, link-type EN10MB (Ethernet), capture size 262144 bytes Kernel page fault with the following non-sleepable locks held: shared rw bpf interface lock (bpf interface lock) r =3D 0 (0xfffffd002e32d4= a8) locked @ /root/freebsd/sys/net/bpf.c:2207 exclusive sleep mutex vnic0: SQ(6) lock (vnic0: SQ(6) lock) r =3D 0 (0xffff00004b9a15d0) locked @ /root/freebsd/sys/dev/vnic/nicvf_main.c:696 exclusive rw tcpinp (tcpinp) r =3D 0 (0xfffffd009212bd60) locked @ /root/freebsd/sys/netinet/tcp_usrreq.c:902 stack backtrace: #0 0xffff0000003741a0 at witness_debugger+0x64 #1 0xffff0000003754b0 at witness_warn+0x3fc #2 0xffff000000626488 at data_abort+0xe0 #3 0xffff0000006262a4 at do_el1h_sync+0xf8 #4 0xffff00000060e874 at handle_el1h_sync+0x74 #5 0xffff0000003f5158 at bpf_mtap+0xc4 #6 0xffff0000003f5158 at bpf_mtap+0xc4 #7 0xffff000000646a84 at nicvf_xmit_locked+0x4a0 #8 0xffff000000645720 at nicvf_if_transmit+0x214 #9 0xffff000000405498 at ether_output+0x6b4 #10 0xffff000000445840 at ip_output+0x1120 #11 0xffff0000004bb1e8 at tcp_output+0x19ec #12 0xffff0000004cb2fc at tcp_usr_send+0x2dc #13 0xffff0000003a2d6c at sosend_generic+0x3d0 #14 0xffff0000003a2fb4 at sosend+0x5c #15 0xffff000000380b5c at soo_write+0x40 #16 0xffff000000379448 at dofilewrite+0xb4 #17 0xffff00000037908c at kern_writev+0x6c x0: 66 x1: fffffd009244c600 x2: 66 x3: 0 x4: 68 x5: 0 x6: ffff000ba48da310 x7: 80 x8: deadc0dedeadc0ea x9: fffffd009244c600 x10: deadc0dedeadc0de x11: ffffffffdeadc0d2 x12: ffff000000a75678 x13: fffffd00922445b0 x14: 1 x15: 1 x16: 0 x17: 4071e768 x18: ffff000ba48da1c0 x19: 0 x20: 66 x21: fffffd009244c600 x22: fffffd00bdff7940 x23: ffff00000072ecc0 x24: 0 x25: 0 x26: 2 x27: 7b x28: 66 x29: ffff000ba48da240 sp: ffff000ba48da1c0 lr: ffff0000003f515c elr: ffff0000003f9270 spsr: a0000345 far: deadc0dedeadc0ea esr: 96000004 panic: data abort in critical section or under mutex cpuid =3D 88 time =3D 1508412796 KDB: stack backtrace: db_trace_self() at db_trace_self_wrapper+0x28 pc =3D 0xffff00000060c848 lr =3D 0xffff000000086b8c sp =3D 0xffff000ba48d9be0 fp =3D 0xffff000ba48d9df0 db_trace_self_wrapper() at vpanic+0x184 pc =3D 0xffff000000086b8c lr =3D 0xffff000000315818 sp =3D 0xffff000ba48d9e00 fp =3D 0xffff000ba48d9e80 vpanic() at panic+0x44 pc =3D 0xffff000000315818 lr =3D 0xffff0000003158a0 sp =3D 0xffff000ba48d9e90 fp =3D 0xffff000ba48d9f10 panic() at data_abort+0x250 pc =3D 0xffff0000003158a0 lr =3D 0xffff0000006265f8 sp =3D 0xffff000ba48d9f20 fp =3D 0xffff000ba48d9fd0 data_abort() at do_el1h_sync+0xf8 pc =3D 0xffff0000006265f8 lr =3D 0xffff0000006262a4 sp =3D 0xffff000ba48d9fe0 fp =3D 0xffff000ba48da010 do_el1h_sync() at handle_el1h_sync+0x74 pc =3D 0xffff0000006262a4 lr =3D 0xffff00000060e874 sp =3D 0xffff000ba48da020 fp =3D 0xffff000ba48da130 handle_el1h_sync() at bpf_mtap+0xc4 pc =3D 0xffff00000060e874 lr =3D 0xffff0000003f5158 sp =3D 0xffff000ba48da140 fp =3D 0xffff000ba48da240 bpf_mtap() at bpf_mtap+0xc4 pc =3D 0xffff0000003f5158 lr =3D 0xffff0000003f5158 sp =3D 0xffff000ba48da250 fp =3D 0xffff000ba48da2c0 bpf_mtap() at nicvf_xmit_locked+0x4a0 pc =3D 0xffff0000003f5158 lr =3D 0xffff000000646a84 sp =3D 0xffff000ba48da2d0 fp =3D 0xffff000ba48db360 nicvf_xmit_locked() at nicvf_if_transmit+0x214 pc =3D 0xffff000000646a84 lr =3D 0xffff000000645720 sp =3D 0xffff000ba48db370 fp =3D 0xffff000ba48db3b0 nicvf_if_transmit() at ether_output+0x6b4 pc =3D 0xffff000000645720 lr =3D 0xffff000000405498 sp =3D 0xffff000ba48db3c0 fp =3D 0xffff000ba48db450 ether_output() at ip_output+0x1120 pc =3D 0xffff000000405498 lr =3D 0xffff000000445840 sp =3D 0xffff000ba48db460 fp =3D 0xffff000ba48db580 ip_output() at tcp_output+0x19ec pc =3D 0xffff000000445840 lr =3D 0xffff0000004bb1e8 sp =3D 0xffff000ba48db590 fp =3D 0xffff000ba48db740 tcp_output() at tcp_usr_send+0x2dc pc =3D 0xffff0000004bb1e8 lr =3D 0xffff0000004cb2fc sp =3D 0xffff000ba48db750 fp =3D 0xffff000ba48db7b0 tcp_usr_send() at sosend_generic+0x3d0 pc =3D 0xffff0000004cb2fc lr =3D 0xffff0000003a2d6c sp =3D 0xffff000ba48db7c0 fp =3D 0xffff000ba48db860 sosend_generic() at sosend+0x5c pc =3D 0xffff0000003a2d6c lr =3D 0xffff0000003a2fb4 sp =3D 0xffff000ba48db870 fp =3D 0xffff000ba48db890 sosend() at soo_write+0x40 pc =3D 0xffff0000003a2fb4 lr =3D 0xffff000000380b5c sp =3D 0xffff000ba48db8a0 fp =3D 0xffff000ba48db8b0 soo_write() at dofilewrite+0xb4 pc =3D 0xffff000000380b5c lr =3D 0xffff000000379448 sp =3D 0xffff000ba48db8c0 fp =3D 0xffff000ba48db900 dofilewrite() at kern_writev+0x6c pc =3D 0xffff000000379448 lr =3D 0xffff00000037908c sp =3D 0xffff000ba48db910 fp =3D 0xffff000ba48db950 kern_writev() at sys_write+0x84 pc =3D 0xffff00000037908c lr =3D 0xffff000000379010 sp =3D 0xffff000ba48db960 fp =3D 0xffff000ba48db9a0 sys_write() at do_el0_sync+0x890 pc =3D 0xffff000000379010 lr =3D 0xffff000000626e8c sp =3D 0xffff000ba48db9b0 fp =3D 0xffff000ba48dba70 do_el0_sync() at handle_el0_sync+0x74 pc =3D 0xffff000000626e8c lr =3D 0xffff00000060e9f4 sp =3D 0xffff000ba48dba80 fp =3D 0xffff000ba48dbb90 handle_el0_sync() at 0x40a91fd0 pc =3D 0xffff00000060e9f4 lr =3D 0x0000000040a91fd0 sp =3D 0xffff000ba48dbba0 fp =3D 0x0000ffffffffa5a0 KDB: enter: panic [ thread pid 911 tid 100655 ] Stopped at bpf_filter+0x98: ldrb w9, [x8] db> ~ --=20 You are receiving this mail because: You are the assignee for the bug.=