From owner-freebsd-amd64@freebsd.org  Tue Sep 27 04:52:04 2016
Return-Path: <owner-freebsd-amd64@freebsd.org>
Delivered-To: freebsd-amd64@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 53575BE8E88
 for <freebsd-amd64@mailman.ysv.freebsd.org>;
 Tue, 27 Sep 2016 04:52:04 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 3809E61C
 for <freebsd-amd64@FreeBSD.org>; Tue, 27 Sep 2016 04:52:04 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u8R4q3G1020016
 for <freebsd-amd64@FreeBSD.org>; Tue, 27 Sep 2016 04:52:04 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-amd64@FreeBSD.org
Subject: [Bug 213015] openvswitch and vnet jails -  panic when bridge is
 destroyed and recreated
Date: Tue, 27 Sep 2016 04:52:04 +0000
X-Bugzilla-Reason: CC
X-Bugzilla-Type: new
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 11.0-STABLE
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: akoshibe@gmail.com
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform
 op_sys bug_status bug_severity priority component assigned_to reporter cc
 attachments.created
Message-ID: <bug-213015-6@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-amd64@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: Porting FreeBSD to the AMD64 platform <freebsd-amd64.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-amd64>,
 <mailto:freebsd-amd64-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-amd64/>
List-Post: <mailto:freebsd-amd64@freebsd.org>
List-Help: <mailto:freebsd-amd64-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-amd64>,
 <mailto:freebsd-amd64-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Sep 2016 04:52:04 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D213015

            Bug ID: 213015
           Summary: openvswitch and vnet jails -  panic when bridge is
                    destroyed and recreated
           Product: Base System
           Version: 11.0-STABLE
          Hardware: amd64
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: kern
          Assignee: freebsd-bugs@FreeBSD.org
          Reporter: akoshibe@gmail.com
                CC: freebsd-amd64@FreeBSD.org
                CC: freebsd-amd64@FreeBSD.org

Created attachment 175191
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D175191&action=
=3Dedit
test case, two jails and bridge

When I create a few jails and connect them together with an openvswitch bri=
dge,
I can fairly reliably cause a panic by tearing that bridge down and recreat=
ing
another immediately after, if the previous bridge had seen traffic.

Unread portion of the kernel message buffer:
instruction pointer     =3D 0x20:0xffffffff80be7b9c
stack pointer           =3D 0x28:0xfffffe00002a8700
frame pointer           =3D 0x28:0xfffffe00002a8770
code segment            =3D base 0x0, limit 0xfffff, type 0x1b
                        =3D DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags        =3D interrupt enabled, resume, IOPL =3D 0
current process         =3D 799 (handler52)
trap number             =3D 12
panic: page fault
cpuid =3D 1
KDB: stack backtrace:
#0 0xffffffff80b26377 at kdb_backtrace+0x67
#1 0xffffffff80adae02 at vpanic+0x182
#2 0xffffffff80adac73 at panic+0x43
#3 0xffffffff80fc8d51 at trap_fatal+0x351
#4 0xffffffff80fc8f43 at trap_pfault+0x1e3
#5 0xffffffff80fc84cc at trap+0x26c
#6 0xffffffff80fab5f1 at calltrap+0x8
#7 0xffffffff80bfefff at netisr_dispatch_src+0xff
#8 0xffffffff80be7384 at ether_input+0x54
#9 0xffffffff82419f69 at tapwrite+0x139
#10 0xffffffff809873f7 at devfs_write_f+0xe7
#11 0xffffffff80b435a7 at dofilewrite+0x87
#12 0xffffffff80b43288 at kern_writev+0x68
#13 0xffffffff80b43214 at sys_write+0x84
#14 0xffffffff80fc96b8 at amd64_syscall+0x4d8
#15 0xffffffff80fab8db at Xfast_syscall+0xfb
Uptime: 2m20s
Dumping 112 out of 991 MB:..15%..29%..43%..57%..72%..86%..100%

Reading symbols from /boot/kernel/if_tap.ko...Reading symbols from
/usr/lib/debug//boot/kernel/if_tap.ko.debug...done.
done.
Loaded symbols for /boot/kernel/if_tap.ko
Reading symbols from /boot/kernel/if_epair.ko...Reading symbols from
/usr/lib/debug//boot/kernel/if_epair.ko.debug...done.
done.
Loaded symbols for /boot/kernel/if_epair.ko
#0  doadump (textdump=3D<value optimized out>) at pcpu.h:221
221             __asm("movq %%gs:%1,%0" : "=3Dr" (td)
(kgdb) bt
#0  doadump (textdump=3D<value optimized out>) at pcpu.h:221
#1  0xffffffff80ada889 in kern_reboot (howto=3D260) at
/usr/src/sys/kern/kern_shutdown.c:366
#2  0xffffffff80adae3b in vpanic (fmt=3D<value optimized out>, ap=3D<value
optimized out>) at /usr/src/sys/kern/kern_shutdown.c:759
#3  0xffffffff80adac73 in panic (fmt=3D0x0) at
/usr/src/sys/kern/kern_shutdown.c:690
#4  0xffffffff80fc8d51 in trap_fatal (frame=3D0xfffffe00002a8650, eva=3D16)=
 at
/usr/src/sys/amd64/amd64/trap.c:841
#5  0xffffffff80fc8f43 in trap_pfault (frame=3D0xfffffe00002a8650, usermode=
=3D0) at
/usr/src/sys/amd64/amd64/trap.c:691
#6  0xffffffff80fc84cc in trap (frame=3D0xfffffe00002a8650) at
/usr/src/sys/amd64/amd64/trap.c:442
#7  0xffffffff80fab5f1 in calltrap () at
/usr/src/sys/amd64/amd64/exception.S:236
#8  0xffffffff80be7b9c in ether_nh_input (m=3D<value optimized out>) at
/usr/src/sys/net/if_ethersubr.c:517
#9  0xffffffff80bfefff in netisr_dispatch_src (proto=3D5, source=3D<value o=
ptimized
out>, m=3D0xfffff8009943d4d8) at /usr/src/sys/net/netisr.c:1120
#10 0xffffffff80be7384 in ether_input (ifp=3D<value optimized out>, m=3D0x0=
) at
/usr/src/sys/net/if_ethersubr.c:759
#11 0xffffffff82419f69 in tapwrite (dev=3D<value optimized out>, uio=3D<val=
ue
optimized out>, flag=3D<value optimized out>)
    at /usr/src/sys/modules/if_tap/../../net/if_tap.c:975
#12 0xffffffff809873f7 in devfs_write_f (fp=3D<value optimized out>, uio=3D=
<value
optimized out>, cred=3D<value optimized out>,=20
    flags=3D<value optimized out>, td=3D0xfffff8001b210000) at
/usr/src/sys/fs/devfs/devfs_vnops.c:1759
#13 0xffffffff80b435a7 in dofilewrite (td=3D0xfffff8001b210000, fd=3D27,
fp=3D0xfffff80003920e10, auio=3D0xfffffe00002a8960,=20
    offset=3D<value optimized out>, flags=3D0) at file.h:311
#14 0xffffffff80b43288 in kern_writev (td=3D0xfffff8001b210000, fd=3D27,
auio=3D0xfffffe00002a8960) at /usr/src/sys/kern/sys_generic.c:506
#15 0xffffffff80b43214 in sys_write (td=3D0xfffff8001b1c1800, uap=3D<value
optimized out>) at /usr/src/sys/kern/sys_generic.c:419
#16 0xffffffff80fc96b8 in amd64_syscall (td=3D<value optimized out>, traced=
=3D0) at
subr_syscall.c:135
#17 0xffffffff80fab8db in Xfast_syscall () at
/usr/src/sys/amd64/amd64/exception.S:396
#18 0x0000000801c1371a in ?? ()
Previous frame inner to this frame (corrupt stack?)

The kernel configuration:

include GENERIC
ident VIMAGEMOD

options VIMAGE
options DUMMYNET
options HZ=3D1000


Attaching a script that triggers the panic for me in about three or so runs.

--=20
You are receiving this mail because:
You are on the CC list for the bug.=