[Bug 206614] net/dhcpcd crashes the kernel when a VNET jail starts.
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Mon Jan 25 15:41:50 UTC 2016
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=206614
g_amanakis at yahoo.com changed:
What |Removed |Added
----------------------------------------------------------------------------
Hardware|Any |amd64
--- Comment #1 from g_amanakis at yahoo.com ---
See:
http://roy.marples.name/projects/dhcpcd/tktview/3a1e57157dd01af0fb7ce497850645eb7d49889d
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=206613
dhcpcd 6.10.1 and more specifically [6b2a5402c4] causes a kernel panic on
FreeBSD 10.2 when starting a VNET iocage jail. The system runs a GENERIC kernel
with VIMAGE and IPSEC enabled. Reverting this resolves the problem.
/var/log/messsages:
3 Jan 24 19:30:42 x3200 kernel: vnet0:1: link state changed to DOWN
4 Jan 24 19:30:42 x3200 kernel: vnet0: link state changed to DOWN
5 Jan 24 19:30:42 x3200 kernel: bridge1: link state changed to DOWN
6 Jan 24 19:30:42 x3200 kernel: ifa_del_loopback_route: deletion failed: 48
7 Jan 24 19:30:42 x3200 kernel: Freed UMA keg (udp_inpcb) was not empty (60
items). Lost 6 pages of memory.
8 Jan 24 19:30:42 x3200 kernel: Freed UMA keg (udpcb) was not empty (668
items). Lost 4 pages of memory.
9 Jan 24 19:30:42 x3200 kernel: Freed UMA keg (tcp_inpcb) was not empty (60
items). Lost 6 pages of memory.
10 Jan 24 19:30:42 x3200 kernel: Freed UMA keg (tcpcb) was not empty (18
items). Lost 6 pages of memory.
11 Jan 24 19:30:42 x3200 kernel: Freed UMA keg (ripcb) was not empty (60
items). Lost 6 pages of memory.
12 Jan 24 19:30:42 x3200 kernel: hhook_vnet_uninit: hhook_head type=1, id=1
cleanup required
13 Jan 24 19:30:42 x3200 kernel: hhook_vnet_uninit: hhook_head type=1, id=0
cleanup required
14 Jan 24 19:31:05 x3200 devd: Executing '/etc/pccard_ether epair0a start'
15 Jan 24 19:31:05 x3200 kernel: epair0a:
16 Jan 24 19:31:05 x3200 kernel:
17 Jan 24 19:31:05 x3200 kernel: Fatal trap 12: page fault while in kernel
mode
18 Jan 24 19:31:05 x3200 kernel: cpuid = 1; apic id = 02
19 Jan 24 19:31:05 x3200 kernel: Ethernet address: 02:ff:20:00:09:0a
20 Jan 24 19:31:05 x3200 kernel: fault virtual address = 0x0
21 Jan 24 19:31:05 x3200 kernel: fault code = supervisor read
instruction, page not present
22 Jan 24 19:31:05 x3200 kernel: instruction pointer = 0x20:0x0
23 Jan 24 19:31:05 x3200 kernel: stack pointer =
0x28:0xfffffe04691ca720
24 Jan 24 19:31:05 x3200 kernel: frame pointer =
0x28:0xfffffe04691ca770
25 Jan 24 19:31:05 x3200 kernel: epair0b: code segment = base rx0,
limit 0xfffff, type 0x1b
26 Jan 24 19:31:05 x3200 kernel: = DPL 0, pres 1, long 1, def32 0, gran 1
27 Jan 24 19:31:05 x3200 kernel: Ethernet address: 02:ff:70:00:0a:0b
28 Jan 24 19:31:05 x3200 kernel: processor eflags = interrupt enabled,
29 Jan 24 19:31:05 x3200 kernel: epair0a: link state changed to UP
30 Jan 24 19:33:13 x3200 syslogd: kernel boot file is /boot/kernel/kernel
31 Jan 24 19:33:13 x3200 kernel: epair0b: link state changed to UP
32 Jan 24 19:33:13 x3200 kernel: resume, IOPL = 0
33 Jan 24 19:33:13 x3200 kernel: current process = 10817 (dhcpcd)
34 Jan 24 19:33:13 x3200 kernel: trap number = 12
35 Jan 24 19:33:13 x3200 kernel: panic: page fault
36 Jan 24 19:33:13 x3200 kernel: cpuid = 1
37 Jan 24 19:33:13 x3200 kernel: KDB: stack backtrace:
38 Jan 24 19:33:13 x3200 kernel: #0 0xffffffff809442a0 at kdb_backtrace+0x60
39 Jan 24 19:33:13 x3200 kernel: #1 0xffffffff80907a06 at vpanic+0x126
40 Jan 24 19:33:13 x3200 kernel: #2 0xffffffff809078d3 at panic+0x43
41 Jan 24 19:33:13 x3200 kernel: #3 0xffffffff80cd178b at trap_fatal+0x36b
42 Jan 24 19:33:13 x3200 kernel: #4 0xffffffff80cd1a8d at trap_pfault+0x2ed
43 Jan 24 19:33:13 x3200 kernel: #5 0xffffffff80cd112a at trap+0x47a
44 Jan 24 19:33:13 x3200 kernel: #6 0xffffffff80cb74a2 at calltrap+0x8
45 Jan 24 19:33:13 x3200 kernel: #7 0xffffffff809ca1cb at ifioctl+0x11eb
46 Jan 24 19:33:13 x3200 kernel: #8 0xffffffff8095c195 at kern_ioctl+0x255
47 Jan 24 19:33:13 x3200 kernel: #9 0xffffffff8095be90 at sys_ioctl+0x140
48 Jan 24 19:33:13 x3200 kernel: #10 0xffffffff80cd20a7 at amd64_syscall+0x357
49 Jan 24 19:33:13 x3200 kernel: #11 0xffffffff80cb778b at Xfast_syscall+0xfb
50 Jan 24 19:33:13 x3200 kernel: Uptime: 30m59s
See http://roy.marples.name/projects/dhcpcd/tktview?name=3a1e57157d.
Expected behaviour: A userland app should not crash the kernel.
iocage creates a vnet0:1 and connects it to bridge1. When dhcpcd is stopped I
can start the VNET Jail. The ifconfig shows:
em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=4209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC,VLAN_HWTSO>
ether 00:xx:xx:xx:xx:xx
inet6 fe80::xxx:xxxx:xxxx:xxxx%em0 prefixlen 64 scopeid 0x1
inet6 2001:xxx:xxxx:xxx:xxxx:xxxx:xxxx:xxxx prefixlen 128
inet 69.xxx.xxx.xxx netmask 0xfffffe00 broadcast 255.255.255.255
nd6 options=1<PERFORMNUD>
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
em1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu
1500
options=42098<VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC,VLAN_HWTSO>
ether 00:xx:xx:xx:xx:58
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
enc0: flags=0<> metric 0 mtu 1536
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4
inet 127.0.0.1 netmask 0xff000000
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
bridge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
ether 02:xx:xx:xx:xx:00
inet6 fe80::yy:yyyy:yyyy:3e00%bridge0 prefixlen 64 scopeid 0x5
inet zzz.zzz.zz.z netmask 0xffffff00 broadcast 156.168.10.255
inet6 2601:xxx:xxxxx:xxxx::1 prefixlen 64
nd6 options=41<PERFORMNUD,NO_RADR>
id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
member: tap0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
ifmaxaddr 0 port 7 priority 128 path cost 2000000
member: em1 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
ifmaxaddr 0 port 2 priority 128 path cost 55
bridge1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
ether 02:xx:xx:xx:xx:01
inet 172.10.0.1 netmask 0xffffff00 broadcast 172.10.0.255
nd6 options=49<PERFORMNUD,IFDISABLED,NO_RADR>
id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
member: vnet0:1 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
ifmaxaddr 0 port 9 priority 128 path cost 2000
tap0: flags=8902<BROADCAST,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=80000<LINKSTATE>
ether xx:xx:xx:xx:xx:00
nd6 options=69<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL,NO_RADR>
media: Ethernet autoselect
status: no carrier
tap1: flags=8802<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=80000<LINKSTATE>
ether xx:xx:xx:xx:xx:01
nd6 options=69<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL,NO_RADR>
media: Ethernet autoselect
status: no carrier
vnet0:1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0
mtu 1500
description: associated with jail: "jailid goes here"
options=8<VLAN_MTU>
ether xx:xx:xx:xx:xx:e1
inet6 fe80::ff:xxxx:xxxx:xxe1%vnet0:1 prefixlen 64 scopeid 0x9
nd6 options=61<PERFORMNUD,AUTO_LINKLOCAL,NO_RADR>
media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
status: active
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-ports-bugs
mailing list