Date: Fri, 08 Mar 2019 15:02:57 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 236394] system crashes when deleting gre(4) interfaces Message-ID: <bug-236394-227@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D236394 Bug ID: 236394 Summary: system crashes when deleting gre(4) interfaces Product: Base System Version: 12.0-RELEASE Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: kern Assignee: bugs@FreeBSD.org Reporter: emz@norma.perm.ru After upgrade to 12.0-RELEASE I got repeatable, reproducible panics when deleting gre interfaces. Paniv happens with about 66% probability: I got 2 immediate panics from 3 deletes. System: FreeBSD moscow-alpha 12.0-RELEASE-p3 FreeBSD 12.0-RELEASE-p3 r344740 MOSCOW amd64 Backtrace: =3D=3D=3DCut=3D=3D=3D [root@moscow-alpha:/var/crash]# cat core.txt.1 | more moscow-alpha dumped core - see /var/crash/vmcore.1 Fri Mar 8 17:43:14 MSK 2019 FreeBSD moscow-alpha 12.0-RELEASE-p3 FreeBSD 12.0-RELEASE-p3 r344740 MOSCOW= =20 amd64 panic: page fault GNU gdb 6.1.1 [FreeBSD] Copyright 2004 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain condition= s. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "amd64-marcel-freebsd"... Unread portion of the kernel message buffer: Fatal trap 12: page fault while in kernel mode cpuid =3D 1; apic id =3D 01 fault virtual address =3D 0x218 fault code =3D supervisor read data, page not present instruction pointer =3D 0x20:0xffffffff80d3b437 stack pointer =3D 0x0:0xfffffe0040399a00 frame pointer =3D 0x0:0xfffffe0040399a30 code segment =3D base 0x0, limit 0xfffff, type 0x1b =3D DPL 0, pres 1, long 1, def32 0, gran 1 processor eflags =3D interrupt enabled, resume, IOPL =3D 0 current process =3D 0 (softirq_1) trap number =3D 12 panic: page fault cpuid =3D 1 time =3D 1552055867 KDB: stack backtrace: db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe0040399= 6b0 vpanic() at vpanic+0x1a3/frame 0xfffffe0040399710 panic() at panic+0x43/frame 0xfffffe0040399770 trap_fatal() at trap_fatal+0x35f/frame 0xfffffe00403997c0 trap_pfault() at trap_pfault+0x49/frame 0xfffffe0040399820 trap() at trap+0x29e/frame 0xfffffe0040399930 calltrap() at calltrap+0x8/frame 0xfffffe0040399930 --- trap 0xc, rip =3D 0xffffffff80d3b437, rsp =3D 0xfffffe0040399a00, rbp = =3D 0xfffffe0040399a30 --- igmp_change_state() at igmp_change_state+0x47/frame 0xfffffe0040399a30 in_leavegroup_locked() at in_leavegroup_locked+0x96/frame 0xfffffe0040399a80 inp_freemoptions() at inp_freemoptions+0x1be/frame 0xfffffe0040399ad0 epoch_call_task() at epoch_call_task+0x1ea/frame 0xfffffe0040399b20 gtaskqueue_run_locked() at gtaskqueue_run_locked+0x144/frame 0xfffffe004039= 9b80 gtaskqueue_thread_loop() at gtaskqueue_thread_loop+0x98/frame 0xfffffe0040399bb0 fork_exit() at fork_exit+0x83/frame 0xfffffe0040399bf0 fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe0040399bf0 --- trap 0, rip =3D 0, rsp =3D 0, rbp =3D 0 --- Uptime: 2d21h38m33s Dumping 2169 out of 8147 MB:..1%..11%..21%..31%..41%..51%..61%..71%..81%..9= 1% Reading symbols from /boot/kernel/ng_ether.ko...Reading symbols from /usr/lib/debug//boot/kernel/ng_ether.ko.debug...done. done. Loaded symbols for /boot/kernel/ng_ether.ko Reading symbols from /boot/kernel/netgraph.ko...Reading symbols from /usr/lib/debug//boot/kernel/netgraph.ko.debug...done. done. Loaded symbols for /boot/kernel/netgraph.ko Reading symbols from /boot/kernel/zfs.ko...Reading symbols from /usr/lib/debug//boot/kernel/zfs.ko.debug...done. done. Loaded symbols for /boot/kernel/zfs.ko Reading symbols from /boot/kernel/opensolaris.ko...Reading symbols from /usr/lib/debug//boot/kernel/opensolaris.ko.debug...done. done. Loaded symbols for /boot/kernel/opensolaris.ko Reading symbols from /boot/kernel/ng_iface.ko...Reading symbols from /usr/lib/debug//boot/kernel/ng_iface.ko.debug...done. done. Loaded symbols for /boot/kernel/ng_iface.ko Reading symbols from /boot/kernel/ichwd.ko...Reading symbols from /usr/lib/debug//boot/kernel/ichwd.ko.debug...done. done. Loaded symbols for /boot/kernel/ichwd.ko Reading symbols from /boot/kernel/geom_mirror.ko...Reading symbols from /usr/lib/debug//boot/kernel/geom_mirror.ko.debug...done. done. Loaded symbols for /boot/kernel/geom_mirror.ko Reading symbols from /boot/kernel/if_gre.ko...Reading symbols from /usr/lib/debug//boot/kernel/if_gre.ko.debug...done. done. Loaded symbols for /boot/kernel/if_gre.ko Reading symbols from /boot/kernel/uhid.ko...Reading symbols from /usr/lib/debug//boot/kernel/uhid.ko.debug...done. done. Loaded symbols for /boot/kernel/uhid.ko Reading symbols from /boot/kernel/ng_socket.ko...Reading symbols from /usr/lib/debug//boot/kernel/ng_socket.ko.debug...done. done. Loaded symbols for /boot/kernel/ng_socket.ko Reading symbols from /boot/kernel/ng_netflow.ko...Reading symbols from /usr/lib/debug//boot/kernel/ng_netflow.ko.debug...done. done. Loaded symbols for /boot/kernel/ng_netflow.ko Reading symbols from /boot/kernel/ng_ksocket.ko...Reading symbols from /usr/lib/debug//boot/kernel/ng_ksocket.ko.debug...done. done. Loaded symbols for /boot/kernel/ng_ksocket.ko Reading symbols from /boot/kernel/ng_mppc.ko...Reading symbols from /usr/lib/debug//boot/kernel/ng_mppc.ko.debug...done. done. Loaded symbols for /boot/kernel/ng_mppc.ko Reading symbols from /boot/kernel/rc4.ko...Reading symbols from /usr/lib/debug//boot/kernel/rc4.ko.debug...done. done. Loaded symbols for /boot/kernel/rc4.ko Reading symbols from /boot/kernel/ng_tee.ko...Reading symbols from /usr/lib/debug//boot/kernel/ng_tee.ko.debug...done. done. Loaded symbols for /boot/kernel/ng_tee.ko Reading symbols from /boot/kernel/ng_pptpgre.ko...Reading symbols from /usr/lib/debug//boot/kernel/ng_pptpgre.ko.debug...done. done. Loaded symbols for /boot/kernel/ng_pptpgre.ko Reading symbols from /boot/kernel/ng_ppp.ko...Reading symbols from /usr/lib/debug//boot/kernel/ng_ppp.ko.debug...done. done. Loaded symbols for /boot/kernel/ng_ppp.ko Reading symbols from /boot/kernel/ng_tcpmss.ko...Reading symbols from /usr/lib/debug//boot/kernel/ng_tcpmss.ko.debug...done. done. Loaded symbols for /boot/kernel/ng_tcpmss.ko Reading symbols from /boot/kernel/ng_l2tp.ko...Reading symbols from /usr/lib/debug//boot/kernel/ng_l2tp.ko.debug...done. done. Loaded symbols for /boot/kernel/ng_l2tp.ko #0 doadump (textdump=3D1) at pcpu.h:230 230 pcpu.h: No such file or directory. in pcpu.h (kgdb) #0 doadump (textdump=3D1) at pcpu.h:230 #1 0xffffffff80bafa30 in kern_reboot (howto=3D260) at /usr/src/sys/kern/kern_shutdown.c:446 #2 0xffffffff80bafec3 in vpanic (fmt=3D<value optimized out>, ap=3D<value optimized out>) at /usr/src/sys/kern/kern_shutdown.c:872 #3 0xffffffff80bafcb3 in panic (fmt=3D<value optimized out>) at /usr/src/sys/kern/kern_shutdown.c:799 #4 0xffffffff810dff4f in trap_fatal (frame=3D0xfffffe0040399940, eva=3D536) at /usr/src/sys/amd64/amd64/trap.c:929 #5 0xffffffff810dffa9 in trap_pfault (frame=3D0xfffffe0040399940, usermode= =3D0) at pcpu.h:230 #6 0xffffffff810df5ce in trap (frame=3D0xfffffe0040399940) at /usr/src/sys/amd64/amd64/trap.c:441 #7 0xffffffff810ba775 in calltrap () at /usr/src/sys/amd64/amd64/exception.S:232 #8 0xffffffff80d3b437 in igmp_change_state (inm=3D0xfffff800cb8a2800) at /usr/src/sys/netinet/igmp.c:2277 #9 0xffffffff80d492b6 in in_leavegroup_locked (inm=3D0xfffff800cb8a2800, imf=3D0xfffff8000352f800) at /usr/src/sys/netinet/in_mcast.c:1392 #10 0xffffffff80d4968e in inp_freemoptions (imo=3D<value optimized out>) at /usr/src/sys/netinet/in_mcast.c:1334 #11 0xffffffff80bf717a in epoch_call_task (arg=3D<value optimized out>) at /usr/src/sys/kern/subr_epoch.c:507 #12 0xffffffff80bfb0f4 in gtaskqueue_run_locked (queue=3D0xfffff8000306b300) at /usr/src/sys/kern/subr_gtaskqueue.c:376 #13 0xffffffff80bfad58 in gtaskqueue_thread_loop (arg=3D<value optimized ou= t>) at /usr/src/sys/kern/subr_gtaskqueue.c:557 #14 0xffffffff80b6f313 in fork_exit ( callout=3D0xffffffff80bfacc0 <gtaskqueue_thread_loop>, arg=3D0xfffffe00025fa020, frame=3D0xfffffe0040399c00) at /usr/src/sys/kern/kern_fork.c:1057 #15 0xffffffff810bb76e in fork_trampoline () at /usr/src/sys/amd64/amd64/exception.S:995 #16 0x0000000000000000 in ?? () Current language: auto; currently minimal (kgdb) =3D=3D=3DCut=3D=3D=3D I'm attaching both core.txt here. I can also provide the access to full coredumps. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-236394-227>