Date: Tue, 27 Sep 2016 04:52:04 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-amd64@FreeBSD.org Subject: [Bug 213015] openvswitch and vnet jails - panic when bridge is destroyed and recreated Message-ID: <bug-213015-6@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D213015 Bug ID: 213015 Summary: openvswitch and vnet jails - panic when bridge is destroyed and recreated Product: Base System Version: 11.0-STABLE Hardware: amd64 OS: Any Status: New Severity: Affects Only Me Priority: --- Component: kern Assignee: freebsd-bugs@FreeBSD.org Reporter: akoshibe@gmail.com CC: freebsd-amd64@FreeBSD.org CC: freebsd-amd64@FreeBSD.org Created attachment 175191 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D175191&action= =3Dedit test case, two jails and bridge When I create a few jails and connect them together with an openvswitch bri= dge, I can fairly reliably cause a panic by tearing that bridge down and recreat= ing another immediately after, if the previous bridge had seen traffic. Unread portion of the kernel message buffer: instruction pointer =3D 0x20:0xffffffff80be7b9c stack pointer =3D 0x28:0xfffffe00002a8700 frame pointer =3D 0x28:0xfffffe00002a8770 code segment =3D base 0x0, limit 0xfffff, type 0x1b =3D DPL 0, pres 1, long 1, def32 0, gran 1 processor eflags =3D interrupt enabled, resume, IOPL =3D 0 current process =3D 799 (handler52) trap number =3D 12 panic: page fault cpuid =3D 1 KDB: stack backtrace: #0 0xffffffff80b26377 at kdb_backtrace+0x67 #1 0xffffffff80adae02 at vpanic+0x182 #2 0xffffffff80adac73 at panic+0x43 #3 0xffffffff80fc8d51 at trap_fatal+0x351 #4 0xffffffff80fc8f43 at trap_pfault+0x1e3 #5 0xffffffff80fc84cc at trap+0x26c #6 0xffffffff80fab5f1 at calltrap+0x8 #7 0xffffffff80bfefff at netisr_dispatch_src+0xff #8 0xffffffff80be7384 at ether_input+0x54 #9 0xffffffff82419f69 at tapwrite+0x139 #10 0xffffffff809873f7 at devfs_write_f+0xe7 #11 0xffffffff80b435a7 at dofilewrite+0x87 #12 0xffffffff80b43288 at kern_writev+0x68 #13 0xffffffff80b43214 at sys_write+0x84 #14 0xffffffff80fc96b8 at amd64_syscall+0x4d8 #15 0xffffffff80fab8db at Xfast_syscall+0xfb Uptime: 2m20s Dumping 112 out of 991 MB:..15%..29%..43%..57%..72%..86%..100% Reading symbols from /boot/kernel/if_tap.ko...Reading symbols from /usr/lib/debug//boot/kernel/if_tap.ko.debug...done. done. Loaded symbols for /boot/kernel/if_tap.ko Reading symbols from /boot/kernel/if_epair.ko...Reading symbols from /usr/lib/debug//boot/kernel/if_epair.ko.debug...done. done. Loaded symbols for /boot/kernel/if_epair.ko #0 doadump (textdump=3D<value optimized out>) at pcpu.h:221 221 __asm("movq %%gs:%1,%0" : "=3Dr" (td) (kgdb) bt #0 doadump (textdump=3D<value optimized out>) at pcpu.h:221 #1 0xffffffff80ada889 in kern_reboot (howto=3D260) at /usr/src/sys/kern/kern_shutdown.c:366 #2 0xffffffff80adae3b in vpanic (fmt=3D<value optimized out>, ap=3D<value optimized out>) at /usr/src/sys/kern/kern_shutdown.c:759 #3 0xffffffff80adac73 in panic (fmt=3D0x0) at /usr/src/sys/kern/kern_shutdown.c:690 #4 0xffffffff80fc8d51 in trap_fatal (frame=3D0xfffffe00002a8650, eva=3D16)= at /usr/src/sys/amd64/amd64/trap.c:841 #5 0xffffffff80fc8f43 in trap_pfault (frame=3D0xfffffe00002a8650, usermode= =3D0) at /usr/src/sys/amd64/amd64/trap.c:691 #6 0xffffffff80fc84cc in trap (frame=3D0xfffffe00002a8650) at /usr/src/sys/amd64/amd64/trap.c:442 #7 0xffffffff80fab5f1 in calltrap () at /usr/src/sys/amd64/amd64/exception.S:236 #8 0xffffffff80be7b9c in ether_nh_input (m=3D<value optimized out>) at /usr/src/sys/net/if_ethersubr.c:517 #9 0xffffffff80bfefff in netisr_dispatch_src (proto=3D5, source=3D<value o= ptimized out>, m=3D0xfffff8009943d4d8) at /usr/src/sys/net/netisr.c:1120 #10 0xffffffff80be7384 in ether_input (ifp=3D<value optimized out>, m=3D0x0= ) at /usr/src/sys/net/if_ethersubr.c:759 #11 0xffffffff82419f69 in tapwrite (dev=3D<value optimized out>, uio=3D<val= ue optimized out>, flag=3D<value optimized out>) at /usr/src/sys/modules/if_tap/../../net/if_tap.c:975 #12 0xffffffff809873f7 in devfs_write_f (fp=3D<value optimized out>, uio=3D= <value optimized out>, cred=3D<value optimized out>,=20 flags=3D<value optimized out>, td=3D0xfffff8001b210000) at /usr/src/sys/fs/devfs/devfs_vnops.c:1759 #13 0xffffffff80b435a7 in dofilewrite (td=3D0xfffff8001b210000, fd=3D27, fp=3D0xfffff80003920e10, auio=3D0xfffffe00002a8960,=20 offset=3D<value optimized out>, flags=3D0) at file.h:311 #14 0xffffffff80b43288 in kern_writev (td=3D0xfffff8001b210000, fd=3D27, auio=3D0xfffffe00002a8960) at /usr/src/sys/kern/sys_generic.c:506 #15 0xffffffff80b43214 in sys_write (td=3D0xfffff8001b1c1800, uap=3D<value optimized out>) at /usr/src/sys/kern/sys_generic.c:419 #16 0xffffffff80fc96b8 in amd64_syscall (td=3D<value optimized out>, traced= =3D0) at subr_syscall.c:135 #17 0xffffffff80fab8db in Xfast_syscall () at /usr/src/sys/amd64/amd64/exception.S:396 #18 0x0000000801c1371a in ?? () Previous frame inner to this frame (corrupt stack?) The kernel configuration: include GENERIC ident VIMAGEMOD options VIMAGE options DUMMYNET options HZ=3D1000 Attaching a script that triggers the panic for me in about three or so runs. --=20 You are receiving this mail because: You are on the CC list for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-213015-6>