[Bug 213015] openvswitch and vnet jails - panic when bridge is destroyed and recreated

bugzilla-noreply at freebsd.org bugzilla-noreply at freebsd.org
Tue Sep 27 04:52:04 UTC 2016 

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=213015

            Bug ID: 213015
           Summary: openvswitch and vnet jails -  panic when bridge is
                    destroyed and recreated
           Product: Base System
           Version: 11.0-STABLE
          Hardware: amd64
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: kern
          Assignee: freebsd-bugs at FreeBSD.org
          Reporter: akoshibe at gmail.com
                CC: freebsd-amd64 at FreeBSD.org
                CC: freebsd-amd64 at FreeBSD.org

Created attachment 175191
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=175191&action=edit
test case, two jails and bridge

When I create a few jails and connect them together with an openvswitch bridge,
I can fairly reliably cause a panic by tearing that bridge down and recreating
another immediately after, if the previous bridge had seen traffic.

Unread portion of the kernel message buffer:
instruction pointer     = 0x20:0xffffffff80be7b9c
stack pointer           = 0x28:0xfffffe00002a8700
frame pointer           = 0x28:0xfffffe00002a8770
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 799 (handler52)
trap number             = 12
panic: page fault
cpuid = 1
KDB: stack backtrace:
#0 0xffffffff80b26377 at kdb_backtrace+0x67
#1 0xffffffff80adae02 at vpanic+0x182
#2 0xffffffff80adac73 at panic+0x43
#3 0xffffffff80fc8d51 at trap_fatal+0x351
#4 0xffffffff80fc8f43 at trap_pfault+0x1e3
#5 0xffffffff80fc84cc at trap+0x26c
#6 0xffffffff80fab5f1 at calltrap+0x8
#7 0xffffffff80bfefff at netisr_dispatch_src+0xff
#8 0xffffffff80be7384 at ether_input+0x54
#9 0xffffffff82419f69 at tapwrite+0x139
#10 0xffffffff809873f7 at devfs_write_f+0xe7
#11 0xffffffff80b435a7 at dofilewrite+0x87
#12 0xffffffff80b43288 at kern_writev+0x68
#13 0xffffffff80b43214 at sys_write+0x84
#14 0xffffffff80fc96b8 at amd64_syscall+0x4d8
#15 0xffffffff80fab8db at Xfast_syscall+0xfb
Uptime: 2m20s
Dumping 112 out of 991 MB:..15%..29%..43%..57%..72%..86%..100%

Reading symbols from /boot/kernel/if_tap.ko...Reading symbols from
/usr/lib/debug//boot/kernel/if_tap.ko.debug...done.
done.
Loaded symbols for /boot/kernel/if_tap.ko
Reading symbols from /boot/kernel/if_epair.ko...Reading symbols from
/usr/lib/debug//boot/kernel/if_epair.ko.debug...done.
done.
Loaded symbols for /boot/kernel/if_epair.ko
#0  doadump (textdump=<value optimized out>) at pcpu.h:221
221             __asm("movq %%gs:%1,%0" : "=r" (td)
(kgdb) bt
#0  doadump (textdump=<value optimized out>) at pcpu.h:221
#1  0xffffffff80ada889 in kern_reboot (howto=260) at
/usr/src/sys/kern/kern_shutdown.c:366
#2  0xffffffff80adae3b in vpanic (fmt=<value optimized out>, ap=<value
optimized out>) at /usr/src/sys/kern/kern_shutdown.c:759
#3  0xffffffff80adac73 in panic (fmt=0x0) at
/usr/src/sys/kern/kern_shutdown.c:690
#4  0xffffffff80fc8d51 in trap_fatal (frame=0xfffffe00002a8650, eva=16) at
/usr/src/sys/amd64/amd64/trap.c:841
#5  0xffffffff80fc8f43 in trap_pfault (frame=0xfffffe00002a8650, usermode=0) at
/usr/src/sys/amd64/amd64/trap.c:691
#6  0xffffffff80fc84cc in trap (frame=0xfffffe00002a8650) at
/usr/src/sys/amd64/amd64/trap.c:442
#7  0xffffffff80fab5f1 in calltrap () at
/usr/src/sys/amd64/amd64/exception.S:236
#8  0xffffffff80be7b9c in ether_nh_input (m=<value optimized out>) at
/usr/src/sys/net/if_ethersubr.c:517
#9  0xffffffff80bfefff in netisr_dispatch_src (proto=5, source=<value optimized
out>, m=0xfffff8009943d4d8) at /usr/src/sys/net/netisr.c:1120
#10 0xffffffff80be7384 in ether_input (ifp=<value optimized out>, m=0x0) at
/usr/src/sys/net/if_ethersubr.c:759
#11 0xffffffff82419f69 in tapwrite (dev=<value optimized out>, uio=<value
optimized out>, flag=<value optimized out>)
    at /usr/src/sys/modules/if_tap/../../net/if_tap.c:975
#12 0xffffffff809873f7 in devfs_write_f (fp=<value optimized out>, uio=<value
optimized out>, cred=<value optimized out>, 
    flags=<value optimized out>, td=0xfffff8001b210000) at
/usr/src/sys/fs/devfs/devfs_vnops.c:1759
#13 0xffffffff80b435a7 in dofilewrite (td=0xfffff8001b210000, fd=27,
fp=0xfffff80003920e10, auio=0xfffffe00002a8960, 
    offset=<value optimized out>, flags=0) at file.h:311
#14 0xffffffff80b43288 in kern_writev (td=0xfffff8001b210000, fd=27,
auio=0xfffffe00002a8960) at /usr/src/sys/kern/sys_generic.c:506
#15 0xffffffff80b43214 in sys_write (td=0xfffff8001b1c1800, uap=<value
optimized out>) at /usr/src/sys/kern/sys_generic.c:419
#16 0xffffffff80fc96b8 in amd64_syscall (td=<value optimized out>, traced=0) at
subr_syscall.c:135
#17 0xffffffff80fab8db in Xfast_syscall () at
/usr/src/sys/amd64/amd64/exception.S:396
#18 0x0000000801c1371a in ?? ()
Previous frame inner to this frame (corrupt stack?)

The kernel configuration:

include GENERIC
ident VIMAGEMOD

options VIMAGE
options DUMMYNET
options HZ=1000


Attaching a script that triggers the panic for me in about three or so runs.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

More information about the freebsd-amd64 mailing list