[Bug 216304] Adding xn0 to bridge0 causes kernel panic

bugzilla-noreply at freebsd.org bugzilla-noreply at freebsd.org
Thu Jan 19 23:09:21 UTC 2017 

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=216304

            Bug ID: 216304
           Summary: Adding xn0 to bridge0 causes kernel panic
           Product: Base System
           Version: 11.0-RELEASE
          Hardware: amd64
                OS: Any
            Status: New
          Severity: Affects Some People
          Priority: ---
         Component: kern
          Assignee: freebsd-bugs at FreeBSD.org
          Reporter: mark at rootbsd.net
                CC: freebsd-amd64 at FreeBSD.org
                CC: freebsd-amd64 at FreeBSD.org

We've encountered kernel panic in FreeBSD 11-RELEASE when attempting to add xn0
as a member of bridge0. The kernel panic happens immediately after the command
to add xn0 to bridge0 is issued. Oddly, the kernel panic doesn't occur after
upgrading in-place to 11.0-RELEASE from 10.3-RELEASE and proceeding to add xn0
to bridge0. This seems to only be an issue with fresh 11.0-RELEASE installs. 

All installs we've seen this issue on are virtual machines running on Xen 3.4.4
hypervisors. The virtual machine we upgraded from 10.3 to 11.0 (where adding
xn0 to bridge0 works fine) is also on a Xen 3.4.4 hypervisor.

Output of "uname -r" on 11.0-RELEASE vm with kernel panic issue:
11.0-RELEASE-p2

Output of "uname -r" on 11.0-RELEASE vm upgraded from 10.3-RELEASE without
kernel panic issue:
11.0-RELEASE-p2

Commands used on both servers to add bridge0 and then add xn0 to bridge0:
ifconfig bridge create
ifconfig bridge0 addm xn0

Output of "kgdb kernel.debug /var/crash/vmcore.0":

GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "amd64-marcel-freebsd"...

Unread portion of the kernel message buffer:
Sleeping thread (tid 100076, pid 831) owns a non-sleepable lock
KDB: stack backtrace of thread 100076:
#0 0xffffffff80ae46e2 at mi_switch+0xd2
#1 0xffffffff80b3279a at sleepq_timedwait+0x3a
#2 0xffffffff80ae4091 at _sleep+0x281
#3 0xffffffff8096e9c8 at xn_ioctl+0x5d8
#4 0xffffffff822194b3 at bridge_ioctl_add+0x4b3
#5 0xffffffff8221af8f at bridge_ioctl+0x29f
#6 0xffffffff80bdcbec at ifioctl+0xfbc
#7 0xffffffff80b41ab4 at kern_ioctl+0x2d4
#8 0xffffffff80b41771 at sys_ioctl+0x171
#9 0xffffffff80fa168e at amd64_syscall+0x4ce
#10 0xffffffff80f8442b at Xfast_syscall+0xfb
panic: sleeping thread
cpuid = 0
KDB: stack backtrace:
#0 0xffffffff80b24077 at kdb_backtrace+0x67
#1 0xffffffff80ad93e2 at vpanic+0x182
#2 0xffffffff80ad9253 at panic+0x43
#3 0xffffffff80b39a99 at propagate_priority+0x299
#4 0xffffffff80b3a59f at turnstile_wait+0x3ef
#5 0xffffffff80ab493d at __mtx_lock_sleep+0x13d
#6 0xffffffff8221d4c5 at bridge_output+0x75
#7 0xffffffff80be286e at ether_output+0x68e
#8 0xffffffff80c62fe7 at ip_output+0x16c7
#9 0xffffffff80cf593e at tcp_output+0x191e
#10 0xffffffff80d01396 at tcp_timer_rexmt+0x526
#11 0xffffffff80af325a at softclock_call_cc+0x18a
#12 0xffffffff80af37d4 at softclock+0x94
#13 0xffffffff80a9340f at intr_event_execute_handlers+0x20f
#14 0xffffffff80a93676 at ithread_loop+0xc6
#15 0xffffffff80a90055 at fork_exit+0x85
#16 0xffffffff80f8467e at fork_trampoline+0xe
Uptime: 2m27s
Dumping 85 out of 479 MB:..19%..38%..57%..76%..94%

Reading symbols from /boot/kernel/if_bridge.ko...done.
Loaded symbols for /boot/kernel/if_bridge.ko
Reading symbols from /boot/kernel/bridgestp.ko...done.
Loaded symbols for /boot/kernel/bridgestp.ko
#0  doadump (textdump=<value optimized out>) at pcpu.h:221
221             __asm("movq %%gs:%1,%0" : "=r" (td)
(kgdb) backtrace
#0  doadump (textdump=<value optimized out>) at pcpu.h:221
#1  0xffffffff80ad8e69 in kern_reboot (howto=260) at
/usr/src/sys/kern/kern_shutdown.c:366
#2  0xffffffff80ad941b in vpanic (fmt=<value optimized out>, ap=<value
optimized out>) at /usr/src/sys/kern/kern_shutdown.c:759
#3  0xffffffff80ad9253 in panic (fmt=0x0) at
/usr/src/sys/kern/kern_shutdown.c:690
#4  0xffffffff80b39a99 in propagate_priority (td=<value optimized out>) at
/usr/src/sys/kern/subr_turnstile.c:226
#5  0xffffffff80b3a59f in turnstile_wait (ts=<value optimized out>,
owner=<value optimized out>, queue=<value optimized out>)
    at /usr/src/sys/kern/subr_turnstile.c:742
#6  0xffffffff80ab493d in __mtx_lock_sleep (c=<value optimized out>,
tid=18446735277668753408, opts=<value optimized out>, 
    file=<value optimized out>, line=<value optimized out>) at
/usr/src/sys/kern/kern_mutex.c:583
#7  0xffffffff8221d4c5 in bridge_output () from /boot/kernel/if_bridge.ko
#8  0xffffffff80be286e in ether_output (ifp=<value optimized out>, m=<value
optimized out>, dst=0xfffff800033bd9b0, ro=<value optimized out>)
    at /usr/src/sys/net/if_ethersubr.c:407
#9  0xffffffff80c62fe7 in ip_output (m=0x0, opt=<value optimized out>,
ro=<value optimized out>, flags=<value optimized out>, 
    imo=<value optimized out>, inp=<value optimized out>) at
/usr/src/sys/netinet/ip_output.c:661
#10 0xffffffff80cf593e in tcp_output (tp=<value optimized out>) at
/usr/src/sys/netinet/tcp_output.c:1422
#11 0xffffffff80d01396 in tcp_timer_rexmt (xtp=<value optimized out>) at
/usr/src/sys/netinet/tcp_timer.c:812
#12 0xffffffff80af325a in softclock_call_cc (c=<value optimized out>, cc=<value
optimized out>, direct=<value optimized out>)
    at /usr/src/sys/kern/kern_timeout.c:729
#13 0xffffffff80af37d4 in softclock (arg=<value optimized out>) at
/usr/src/sys/kern/kern_timeout.c:867
#14 0xffffffff80a9340f in intr_event_execute_handlers (p=<value optimized out>,
ie=<value optimized out>)
    at /usr/src/sys/kern/kern_intr.c:1262
#15 0xffffffff80a93676 in ithread_loop (arg=<value optimized out>) at
/usr/src/sys/kern/kern_intr.c:1275
#16 0xffffffff80a90055 in fork_exit (callout=0xffffffff80a935b0 <ithread_loop>,
arg=0xfffff800031c8be0, frame=0xfffffe002b696c00)
    at /usr/src/sys/kern/kern_fork.c:1038
#17 0xffffffff80f8467e in fork_trampoline () at
/usr/src/sys/amd64/amd64/exception.S:611
#18 0x0000000000000000 in ?? ()
Current language:  auto; currently minimal

-- 
You are receiving this mail because:
You are on the CC list for the bug.

More information about the freebsd-amd64 mailing list