Date: Wed, 13 Jun 2018 12:43:59 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 228982] [panic] page fault in mld_v2_cancel_link_timers() on boot Message-ID: <bug-228982-227@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D228982 Bug ID: 228982 Summary: [panic] page fault in mld_v2_cancel_link_timers() on boot Product: Base System Version: CURRENT Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: kern Assignee: bugs@FreeBSD.org Reporter: ae@FreeBSD.org It seems there are some cases that were not properly covered when IF_ADDR_L= OCK was converted to epoch+mutex. I seen such panic several times. It is not 100% reproducible, but it seems = it is related to lagg(4) and assigning of link-local addresses.=20 When lagg is created, it removes IPv6 LLAs from parent interfaces. And sometimes this panic happens during this. <118>Created clone interfaces: lagg0. <6>lo0: link state changed to UP <6>re0: link state changed to DOWN <6>lagg0: IPv6 addresses on em0 have been removed before adding it as a mem= ber to prevent IPv6 address scope violation. <6>lagg0: link state changed to DOWN <6>lagg0: IPv6 addresses on re0 have been removed before adding it as a mem= ber to prevent IPv6 address scope violation. <6>re0: link state changed to UP <6>lagg0: link state changed to UP Kernel page fault with the following non-sleepable locks held: exclusive sleep mutex if_addr_lock (if_addr_lock) r =3D 0 (0xfffff800122f21= 88) locked @ /home/devel/freebsd/base/head/sys/netinet6/mld6.c:1679 exclusive sleep mutex mld_mtx (mld_mtx) r =3D 0 (0xffffffff81fa9938) locked= @ /home/devel/freebsd/base/head/sys/netinet6/mld6.c:684 exclusive sleep mutex in6_multi_list_mtx (in6_multi_list_mtx) r =3D 0 (0xffffffff8201f390) locked @ /home/devel/freebsd/base/head/sys/netinet6/mld6.c:683 stack backtrace: #0 0xffffffff80bef103 at witness_debugger+0x73 #1 0xffffffff80bf04e1 at witness_warn+0x461 #2 0xffffffff8105e763 at trap_pfault+0x53 #3 0xffffffff8105dd7a at trap+0x2ba #4 0xffffffff81038c6c at calltrap+0x8 #5 0xffffffff80de6b9f at mld_input+0x2ff #6 0xffffffff80dc516d at icmp6_input+0x43d #7 0xffffffff80ddfac8 at ip6_input+0xdd8 #8 0xffffffff80cae552 at netisr_dispatch_src+0xa2 #9 0xffffffff80c9181e at ether_demux+0x16e #10 0xffffffff80c92cb2 at ether_nh_input+0x402 #11 0xffffffff80cae552 at netisr_dispatch_src+0xa2 #12 0xffffffff80c91cdf at ether_input+0x8f #13 0xffffffff808b282b at re_rxeof+0x60b #14 0xffffffff808afb60 at re_int_task+0x80 #15 0xffffffff80be192c at taskqueue_run_locked+0x14c #16 0xffffffff80be179a at taskqueue_run+0x4a #17 0xffffffff80b46699 at intr_event_execute_handlers+0x99 Fatal trap 12: page fault while in kernel mode cpuid =3D 2; apic id =3D 04 fault virtual address =3D 0x24 fault code =3D supervisor read data, page not present instruction pointer =3D 0x20:0xffffffff80de90d6 stack pointer =3D 0x28:0xfffffe0077b873a0 frame pointer =3D 0x28:0xfffffe0077b873e0 code segment =3D base 0x0, limit 0xfffff, type 0x1b =3D DPL 0, pres 1, long 1, def32 0, gran 1 processor eflags =3D interrupt enabled, resume, IOPL =3D 0 current process =3D 12 (swi5: fast taskq) __curthread () at ./machine/pcpu.h:231 231 __asm("movq %%gs:%1,%0" : "=3Dr" (td) (kgdb) l *0xffffffff80de90d6 0xffffffff80de90d6 is in mld_set_version (/home/devel/freebsd/base/head/sys/netinet6/mld6.c:1685). 1680 restart: 1681 CK_STAILQ_FOREACH_SAFE(ifma, &ifp->if_multiaddrs, ifma_link, next) { 1682 if (ifma->ifma_addr->sa_family !=3D AF_INET6) 1683 continue; 1684 inm =3D (struct in6_multi *)ifma->ifma_protospec; 1685 switch (inm->in6m_state) { 1686 case MLD_NOT_MEMBER: 1687 case MLD_SILENT_MEMBER: 1688 case MLD_IDLE_MEMBER: 1689 case MLD_LAZY_MEMBER: --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-228982-227>