From owner-freebsd-bugs@freebsd.org Wed Jun 13 12:44:02 2018 Return-Path: Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 1E078100725C for ; Wed, 13 Jun 2018 12:44:02 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id 9CDC880AA1 for ; Wed, 13 Jun 2018 12:44:01 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.ysv.freebsd.org (Postfix) id 60B851007258; Wed, 13 Jun 2018 12:44:01 +0000 (UTC) Delivered-To: bugs@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 20CD71007253 for ; Wed, 13 Jun 2018 12:44:01 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.ysv.freebsd.org (mxrelay.ysv.freebsd.org [IPv6:2001:1900:2254:206a::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.ysv.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id A411180AA0 for ; Wed, 13 Jun 2018 12:44:00 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.ysv.freebsd.org (Postfix) with ESMTPS id E632A22A36 for ; Wed, 13 Jun 2018 12:43:59 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id w5DChxPO025982 for ; Wed, 13 Jun 2018 12:43:59 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id w5DChxL5025976 for bugs@FreeBSD.org; Wed, 13 Jun 2018 12:43:59 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 228982] [panic] page fault in mld_v2_cancel_link_timers() on boot Date: Wed, 13 Jun 2018 12:43:59 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: CURRENT X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: ae@FreeBSD.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: bugs@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform op_sys bug_status bug_severity priority component assigned_to reporter Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 13 Jun 2018 12:44:02 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D228982 Bug ID: 228982 Summary: [panic] page fault in mld_v2_cancel_link_timers() on boot Product: Base System Version: CURRENT Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: kern Assignee: bugs@FreeBSD.org Reporter: ae@FreeBSD.org It seems there are some cases that were not properly covered when IF_ADDR_L= OCK was converted to epoch+mutex. I seen such panic several times. It is not 100% reproducible, but it seems = it is related to lagg(4) and assigning of link-local addresses.=20 When lagg is created, it removes IPv6 LLAs from parent interfaces. And sometimes this panic happens during this. <118>Created clone interfaces: lagg0. <6>lo0: link state changed to UP <6>re0: link state changed to DOWN <6>lagg0: IPv6 addresses on em0 have been removed before adding it as a mem= ber to prevent IPv6 address scope violation. <6>lagg0: link state changed to DOWN <6>lagg0: IPv6 addresses on re0 have been removed before adding it as a mem= ber to prevent IPv6 address scope violation. <6>re0: link state changed to UP <6>lagg0: link state changed to UP Kernel page fault with the following non-sleepable locks held: exclusive sleep mutex if_addr_lock (if_addr_lock) r =3D 0 (0xfffff800122f21= 88) locked @ /home/devel/freebsd/base/head/sys/netinet6/mld6.c:1679 exclusive sleep mutex mld_mtx (mld_mtx) r =3D 0 (0xffffffff81fa9938) locked= @ /home/devel/freebsd/base/head/sys/netinet6/mld6.c:684 exclusive sleep mutex in6_multi_list_mtx (in6_multi_list_mtx) r =3D 0 (0xffffffff8201f390) locked @ /home/devel/freebsd/base/head/sys/netinet6/mld6.c:683 stack backtrace: #0 0xffffffff80bef103 at witness_debugger+0x73 #1 0xffffffff80bf04e1 at witness_warn+0x461 #2 0xffffffff8105e763 at trap_pfault+0x53 #3 0xffffffff8105dd7a at trap+0x2ba #4 0xffffffff81038c6c at calltrap+0x8 #5 0xffffffff80de6b9f at mld_input+0x2ff #6 0xffffffff80dc516d at icmp6_input+0x43d #7 0xffffffff80ddfac8 at ip6_input+0xdd8 #8 0xffffffff80cae552 at netisr_dispatch_src+0xa2 #9 0xffffffff80c9181e at ether_demux+0x16e #10 0xffffffff80c92cb2 at ether_nh_input+0x402 #11 0xffffffff80cae552 at netisr_dispatch_src+0xa2 #12 0xffffffff80c91cdf at ether_input+0x8f #13 0xffffffff808b282b at re_rxeof+0x60b #14 0xffffffff808afb60 at re_int_task+0x80 #15 0xffffffff80be192c at taskqueue_run_locked+0x14c #16 0xffffffff80be179a at taskqueue_run+0x4a #17 0xffffffff80b46699 at intr_event_execute_handlers+0x99 Fatal trap 12: page fault while in kernel mode cpuid =3D 2; apic id =3D 04 fault virtual address =3D 0x24 fault code =3D supervisor read data, page not present instruction pointer =3D 0x20:0xffffffff80de90d6 stack pointer =3D 0x28:0xfffffe0077b873a0 frame pointer =3D 0x28:0xfffffe0077b873e0 code segment =3D base 0x0, limit 0xfffff, type 0x1b =3D DPL 0, pres 1, long 1, def32 0, gran 1 processor eflags =3D interrupt enabled, resume, IOPL =3D 0 current process =3D 12 (swi5: fast taskq) __curthread () at ./machine/pcpu.h:231 231 __asm("movq %%gs:%1,%0" : "=3Dr" (td) (kgdb) l *0xffffffff80de90d6 0xffffffff80de90d6 is in mld_set_version (/home/devel/freebsd/base/head/sys/netinet6/mld6.c:1685). 1680 restart: 1681 CK_STAILQ_FOREACH_SAFE(ifma, &ifp->if_multiaddrs, ifma_link, next) { 1682 if (ifma->ifma_addr->sa_family !=3D AF_INET6) 1683 continue; 1684 inm =3D (struct in6_multi *)ifma->ifma_protospec; 1685 switch (inm->in6m_state) { 1686 case MLD_NOT_MEMBER: 1687 case MLD_SILENT_MEMBER: 1688 case MLD_IDLE_MEMBER: 1689 case MLD_LAZY_MEMBER: --=20 You are receiving this mail because: You are the assignee for the bug.=