IPV6 + CARP - page fault while in kernel mode on 8.3-PRERELEASE
amd64 (17/02/12)
Damien Fleuriot
ml at my.gd
Tue Mar 6 11:46:52 UTC 2012
Hello -net,
I was experimenting with ipv6 and CARP on a backup firewall running the
following:
8.3-PRERELEASE #0: Fri Feb 17 11:20:28 CET 2012
I tried (and succeeded) to reproduce the bug from kern/153848 where a
CARP BACKUP host connects to itself instead of the MASTER for ipv6.
Shortly afterwards, the box crashed with a "page fault while in kernel
mode".
Aside from some info below, I've got the following files available in
/var/crash and can submit them as well if requested:
bounds core.txt.0 info.0 minfree vmcore.0
The kernel itself is very lightweight and configured with:
makeoptions DEBUG=-g
options KDTRACE_FRAME
options KDTRACE_HOOKS
options KDB
options KDB_TRACE
options SMP
Networking is as follows:
VLANs (over failover LAGG) + CARP + PF
Relevant snippets from rc.conf:
ifconfig_bce0="up"
ifconfig_bce1="up"
ifconfig_lagg0="laggproto failover laggport bce0 laggport bce1"
ipv6_enable="YES"
ipv6_gateway_enable="YES"
ipv6_network_interfaces="vlan17 carp66"
# IPv6 test CARP
ipv4_addrs_carp66="192.168.98.166/32"
ifconfig_carp66="vhid 166 pass ipv6pass advskew 40"
ipv6_ifconfig_carp66="2a02:24a8:0020:0600::5 prefixlen 64"
I manually assigned 2a02:24a8:0020:0600::4/64 to vlan17
pciconf:
bce0 at pci0:2:0:0: class=0x020000 card=0x02a31028 chip=0x163b14e4 rev=0x20
hdr=0x00
vendor = 'Broadcom Corporation'
class = network
subclass = ethernet
bar [10] = type Memory, range 64, base 0xda000000, size 33554432,
enabled
cap 01[48] = powerspec 3 supports D0 D3 current D0
cap 03[50] = VPD
cap 05[58] = MSI supports 16 messages, 64 bit enabled with 1 message
cap 11[a0] = MSI-X supports 9 messages in map 0x10
cap 10[ac] = PCI-Express 2 endpoint max data 128(512) link x4(x4)
ecap 0003[100] = Serial 1 782bcbfffe00ed56
ecap 0001[110] = AER 1 0 fatal 0 non-fatal 1 corrected
ecap 0004[150] = unknown 1
ecap 0002[160] = VC 1 max VC0
bce1 at pci0:2:0:1: class=0x020000 card=0x02a31028 chip=0x163b14e4 rev=0x20
hdr=0x00
vendor = 'Broadcom Corporation'
class = network
subclass = ethernet
bar [10] = type Memory, range 64, base 0xdc000000, size 33554432,
enabled
cap 01[48] = powerspec 3 supports D0 D3 current D0
cap 03[50] = VPD
cap 05[58] = MSI supports 16 messages, 64 bit enabled with 1 message
cap 11[a0] = MSI-X supports 9 messages in map 0x10
cap 10[ac] = PCI-Express 2 endpoint max data 128(512) link x4(x4)
ecap 0003[100] = Serial 1 782bcbfffe00ed57
ecap 0001[110] = AER 1 0 fatal 0 non-fatal 1 corrected
ecap 0004[150] = unknown 1
ecap 0002[160] = VC 1 max VC0
Also posting the excerpt from kgdb in core.txt.0 :
Fatal trap 9: general protection fault while in kernel mode
cpuid = 0; apic id = 00
instruction pointer = 0x20:0xffffffff8047aac2
stack pointer = 0x28:0xffffff81208338a0
frame pointer = 0x28:0xffffff8120833920
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags = interrupt enabled, resume, IOPL = 0
current process = 12 (irq257: bce0)
trap number = 9
panic: general protection fault
cpuid = 0
KDB: stack backtrace:
#0 0xffffffff803dde1e at kdb_backtrace+0x5e
#1 0xffffffff803a9a97 at panic+0x187
#2 0xffffffff805cde90 at trap_fatal+0x290
#3 0xffffffff805ce4b0 at trap+0x180
#4 0xffffffff805b5718 at calltrap+0x8
#5 0xffffffff80488fdc at ip_input+0xac
#6 0xffffffff8046678e at netisr_dispatch_src+0x7e
#7 0xffffffff8045d8ad at ether_demux+0x14d
#8 0xffffffff8045dcb7 at ether_input+0x197
#9 0xffffffff8045d7cf at ether_demux+0x6f
#10 0xffffffff8045dcb7 at ether_input+0x197
#11 0xffffffff8025097a at bce_intr+0x43a
#12 0xffffffff8037f5c4 at intr_event_execute_handlers+0x104
#13 0xffffffff80380c55 at ithread_loop+0x95
#14 0xffffffff8037c1ff at fork_exit+0x11f
#15 0xffffffff805b5c5e at fork_trampoline+0xe
Uptime: 17d22h36m12s
Dumping 492 out of 4075 MB:
..4%..13%..23%..33%..43%..52%..62%..72%..82%..91%
[snip irrelevant symbols (geom, linux...)]
Reading symbols from /boot/kernel/if_lagg.ko...Reading symbols from
/boot/kernel/if_lagg.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/if_lagg.ko
#0 doadump () at pcpu.h:224
224 pcpu.h: No such file or directory.
in pcpu.h
(kgdb) #0 doadump () at pcpu.h:224
#1 0xffffffff803a95e0 in boot (howto=260)
at /usr/src/sys/kern/kern_shutdown.c:441
#2 0xffffffff803a9a81 in panic (fmt=Variable "fmt" is not available.
)
at /usr/src/sys/kern/kern_shutdown.c:614
#3 0xffffffff805cde90 in trap_fatal (frame=0x9, eva=Variable "eva" is
not available.
)
at /usr/src/sys/amd64/amd64/trap.c:825
#4 0xffffffff805ce4b0 in trap (frame=0xffffff81208337f0)
at /usr/src/sys/amd64/amd64/trap.c:621
#5 0xffffffff805b5718 in calltrap ()
at /usr/src/sys/amd64/amd64/exception.S:228
#6 0xffffffff8047aac2 in carp_input_c (m=0xffffff0003c4e800,
ch=0xffffff0003c4e86c, af=2 '\002') at
/usr/src/sys/netinet/ip_carp.c:710
#7 0xffffffff80488fdc in ip_input (m=0xffffff0003c50e00)
at /usr/src/sys/netinet/ip_input.c:787
#8 0xffffffff8046678e in netisr_dispatch_src (proto=1, source=Variable
"source" is not available.
)
at /usr/src/sys/net/netisr.c:859
#9 0xffffffff8045d8ad in ether_demux (ifp=0xffffff0003503800,
m=0xffffff0003c50e00) at /usr/src/sys/net/if_ethersubr.c:896
#10 0xffffffff8045dcb7 in ether_input (ifp=0xffffff0003503800,
m=0xffffff0003c50e00) at /usr/src/sys/net/if_ethersubr.c:755
#11 0xffffffff8045d7cf in ether_demux (ifp=0xffffff00032a3800,
m=0xffffff0003c50e00) at /usr/src/sys/net/if_ethersubr.c:805
#12 0xffffffff8045dcb7 in ether_input (ifp=0xffffff00032a3800,
m=0xffffff0003c50e00) at /usr/src/sys/net/if_ethersubr.c:755
#13 0xffffffff8025097a in bce_intr (xsc=Variable "xsc" is not available.
)
at /usr/src/sys/dev/bce/if_bce.c:6586
#14 0xffffffff8037f5c4 in intr_event_execute_handlers (p=Variable "p" is
not available.
)
at /usr/src/sys/kern/kern_intr.c:1216
#15 0xffffffff80380c55 in ithread_loop (arg=0xffffff0001b58840)
at /usr/src/sys/kern/kern_intr.c:1229
#16 0xffffffff8037c1ff in fork_exit (
callout=0xffffffff80380bc0 <ithread_loop>, arg=0xffffff0001b58840,
frame=0xffffff8120833c50) at /usr/src/sys/kern/kern_fork.c:876
#17 0xffffffff805b5c5e in fork_trampoline ()
at /usr/src/sys/amd64/amd64/exception.S:602
#18 0x0000000000000000 in ?? ()
#19 0x0000000000000000 in ?? ()
#20 0x0000000000000001 in ?? ()
#21 0x0000000000000000 in ?? ()
#22 0x0000000000000000 in ?? ()
#23 0x0000000000000000 in ?? ()
#24 0x0000000000000000 in ?? ()
#25 0x0000000000000000 in ?? ()
#26 0x0000000000000000 in ?? ()
#27 0x0000000000000000 in ?? ()
#28 0x0000000000000000 in ?? ()
#29 0x0000000000000000 in ?? ()
#30 0x0000000000000000 in ?? ()
#31 0x0000000000000000 in ?? ()
#32 0x0000000000000000 in ?? ()
#33 0x0000000000000000 in ?? ()
#34 0x0000000000000000 in ?? ()
#35 0x0000000000000000 in ?? ()
#36 0x0000000000000000 in ?? ()
#37 0x0000000000000000 in ?? ()
#38 0x0000000000000000 in ?? ()
#39 0x0000000000000000 in ?? ()
#40 0x0000000000000000 in ?? ()
#41 0x0000000000000000 in ?? ()
#42 0xffffffff8089fc00 in affinity ()
#43 0x0000000000000000 in ?? ()
#44 0x0000000000000000 in ?? ()
#45 0xffffff0001c008c0 in ?? ()
#46 0xffffff81208330e0 in ?? ()
#47 0xffffff8120833088 in ?? ()
#48 0xffffff000367b8c0 in ?? ()
#49 0xffffffff803d0f30 in sched_switch (td=0xffffffff80380bc0,
newtd=0xffffff0001b58840, flags=Variable "flags" is not available.
) at /usr/src/sys/kern/sched_ule.c:1861
Previous frame inner to this frame (corrupt stack?)
(kgdb)
I notice steps 8 (netisr) 13 and 14 (bce) where the kernel complains
about variables not being available.
Let me know how I can be of further assistance to track the problem down.
This is a backup host, I can do whatever it takes on it.
More information about the freebsd-net
mailing list