VIMAGE + PF crash in mbuf destructor
Hi,
I used a kernel config with the following lines:
include GENERIC
options VIMAGE
and compiled a CURRENT kernel from svn://svn.freebsd.org/base/head@253346 .
I also have PF enabled on my system.
Once in a while I have been getting kernel panics like these:
(kgdb) #0 doadump (textdump=1) at pcpu.h:236
#1 0x808bc617 in kern_reboot (howto=260)
at /usr/home/rodrigc/freebsd/head/sys/kern/kern_shutdown.c:447
#2 0x808bcb25 in vpanic (fmt=value optimized out,
ap=value optimized out)
at /usr/home/rodrigc/freebsd/head/sys/kern/kern_shutdown.c:754
#3 0x808bcb73 in panic (fmt=value optimized out)
at /usr/home/rodrigc/freebsd/head/sys/kern/kern_shutdown.c:683
#4 0x8033dff7 in db_panic (addr=value optimized out,
have_addr=value optimized out, count=value optimized out,
modif=value optimized out)
at /usr/home/rodrigc/freebsd/head/sys/ddb/db_command.c:482
#5 0x8033dbcd in db_command (cmd_table=value optimized out)
at /usr/home/rodrigc/freebsd/head/sys/ddb/db_command.c:449
#6 0x8033d944 in db_command_loop ()
at /usr/home/rodrigc/freebsd/head/sys/ddb/db_command.c:502
#7 0x803402f0 in db_trap (type=value optimized out, code=0)
at /usr/home/rodrigc/freebsd/head/sys/ddb/db_main.c:231
#8 0x808f3623 in kdb_trap (type=12, code=0, tf=value optimized
out)
at /usr/home/rodrigc/freebsd/head/sys/kern/subr_kdb.c:654
#9 0x80cda43a in trap_fatal (frame=0xff811dbab6b0,
eva=value optimized out)
at /usr/home/rodrigc/freebsd/head/sys/amd64/amd64/trap.c:868
#10 0x80cda6f4 in trap_pfault (frame=0x0, usermode=0)
at /usr/home/rodrigc/freebsd/head/sys/amd64/amd64/trap.c:699
#11 0x80cd9ef0 in trap (frame=0xff811dbab6b0)
at /usr/home/rodrigc/freebsd/head/sys/amd64/amd64/trap.c:463
#12 0x80cc31a2 in calltrap ()
at /usr/home/rodrigc/freebsd/head/sys/amd64/amd64/exception.S:232
#13 0x8208f7b7 in pf_mtag_free (t=0xfe00a8797870)
at
/usr/home/rodrigc/freebsd/head/sys/modules/pf/../../netpfil/pf/pf.c:830
#14 0x808a51c9 in mb_dtor_mbuf (mem=0xfe000d0bc500, size=256,
arg=0x0) at /usr/home/rodrigc/freebsd/head/sys/kern/kern_mbuf.c:499
#15 0x80b55d4d in uma_zfree_arg (zone=0xfe000b4ab900,
item=0xfe000d0bc500, udata=0x0)
at /usr/home/rodrigc/freebsd/head/sys/vm/uma_core.c:2560
#16 0x8092d1f5 in m_freem (mb=value optimized out) at uma.h:364
#17 0x8058ba72 in iwn_tx_done (sc=0xff8000974000,
desc=value optimized out, ackfailcnt=16, status=131 '\203')
at /usr/home/rodrigc/freebsd/head/sys/dev/iwn/if_iwn.c:2817
#18 0x80583e60 in iwn_notif_intr (sc=0xff8000974000)
at /usr/home/rodrigc/freebsd/head/sys/dev/iwn/if_iwn.c:3015
#19 0x80583684 in iwn_intr (arg=0xff8000974000)
at /usr/home/rodrigc/freebsd/head/sys/dev/iwn/if_iwn.c:3306
#20 0x8088daf3 in intr_event_execute_handlers (
p=value optimized out, ie=0xfe000b696600)
at /usr/home/rodrigc/freebsd/head/sys/kern/kern_intr.c:1263
#21 0x8088e4c6 in ithread_loop (arg=0xfe000b31b040)
at /usr/home/rodrigc/freebsd/head/sys/kern/kern_intr.c:1276
#22 0x8088b3f4 in fork_exit (
callout=0x8088e420 ithread_loop, arg=0xfe000b31b040,
frame=0xff811dbabac0)
at /usr/home/rodrigc/freebsd/head/sys/kern/kern_fork.c:991
#23 0x80cc36de in fork_trampoline ()
at /usr/home/rodrigc/freebsd/head/sys/amd64/amd64/exception.S:606
#24 0x in ?? ()
Current language: auto; currently minimal
(kgdb)
It turns out that in this file: src/sys/netpfil/pf/pf.c
826 static void
827 pf_mtag_free(struct m_tag *t)
828 {
829
830 uma_zfree(V_pf_mtag_z, t);
831 }
when line 830 is hit, it turns out that curthread-td_vnet is NULL.
Does anyone have an idea as to the best place
to put CURVNET_SET() to avoid this problem?
I am a little less famiiar with mbuf and pf.
Thanks.
--
Craig
___
freebsd-virtualization@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-virtualization
To unsubscribe, send any mail to
freebsd-virtualization-unsubscr...@freebsd.org
Re: VIMAGE + PF crash in mbuf destructor
hm. There's lots of mbuf free calls in the net80211 TX and RX path; do
we have to have to set the vnet context during the whole tx/rx path?
-adrian
On 21 July 2013 23:32, Craig Rodrigues rodr...@freebsd.org wrote:
Hi,
I used a kernel config with the following lines:
include GENERIC
options VIMAGE
and compiled a CURRENT kernel from svn://svn.freebsd.org/base/head@253346 .
I also have PF enabled on my system.
Once in a while I have been getting kernel panics like these:
(kgdb) #0 doadump (textdump=1) at pcpu.h:236
#1 0x808bc617 in kern_reboot (howto=260)
at /usr/home/rodrigc/freebsd/head/sys/kern/kern_shutdown.c:447
#2 0x808bcb25 in vpanic (fmt=value optimized out,
ap=value optimized out)
at /usr/home/rodrigc/freebsd/head/sys/kern/kern_shutdown.c:754
#3 0x808bcb73 in panic (fmt=value optimized out)
at /usr/home/rodrigc/freebsd/head/sys/kern/kern_shutdown.c:683
#4 0x8033dff7 in db_panic (addr=value optimized out,
have_addr=value optimized out, count=value optimized out,
modif=value optimized out)
at /usr/home/rodrigc/freebsd/head/sys/ddb/db_command.c:482
#5 0x8033dbcd in db_command (cmd_table=value optimized out)
at /usr/home/rodrigc/freebsd/head/sys/ddb/db_command.c:449
#6 0x8033d944 in db_command_loop ()
at /usr/home/rodrigc/freebsd/head/sys/ddb/db_command.c:502
#7 0x803402f0 in db_trap (type=value optimized out, code=0)
at /usr/home/rodrigc/freebsd/head/sys/ddb/db_main.c:231
#8 0x808f3623 in kdb_trap (type=12, code=0, tf=value optimized
out)
at /usr/home/rodrigc/freebsd/head/sys/kern/subr_kdb.c:654
#9 0x80cda43a in trap_fatal (frame=0xff811dbab6b0,
eva=value optimized out)
at /usr/home/rodrigc/freebsd/head/sys/amd64/amd64/trap.c:868
#10 0x80cda6f4 in trap_pfault (frame=0x0, usermode=0)
at /usr/home/rodrigc/freebsd/head/sys/amd64/amd64/trap.c:699
#11 0x80cd9ef0 in trap (frame=0xff811dbab6b0)
at /usr/home/rodrigc/freebsd/head/sys/amd64/amd64/trap.c:463
#12 0x80cc31a2 in calltrap ()
at /usr/home/rodrigc/freebsd/head/sys/amd64/amd64/exception.S:232
#13 0x8208f7b7 in pf_mtag_free (t=0xfe00a8797870)
at
/usr/home/rodrigc/freebsd/head/sys/modules/pf/../../netpfil/pf/pf.c:830
#14 0x808a51c9 in mb_dtor_mbuf (mem=0xfe000d0bc500, size=256,
arg=0x0) at /usr/home/rodrigc/freebsd/head/sys/kern/kern_mbuf.c:499
#15 0x80b55d4d in uma_zfree_arg (zone=0xfe000b4ab900,
item=0xfe000d0bc500, udata=0x0)
at /usr/home/rodrigc/freebsd/head/sys/vm/uma_core.c:2560
#16 0x8092d1f5 in m_freem (mb=value optimized out) at uma.h:364
#17 0x8058ba72 in iwn_tx_done (sc=0xff8000974000,
desc=value optimized out, ackfailcnt=16, status=131 '\203')
at /usr/home/rodrigc/freebsd/head/sys/dev/iwn/if_iwn.c:2817
#18 0x80583e60 in iwn_notif_intr (sc=0xff8000974000)
at /usr/home/rodrigc/freebsd/head/sys/dev/iwn/if_iwn.c:3015
#19 0x80583684 in iwn_intr (arg=0xff8000974000)
at /usr/home/rodrigc/freebsd/head/sys/dev/iwn/if_iwn.c:3306
#20 0x8088daf3 in intr_event_execute_handlers (
p=value optimized out, ie=0xfe000b696600)
at /usr/home/rodrigc/freebsd/head/sys/kern/kern_intr.c:1263
#21 0x8088e4c6 in ithread_loop (arg=0xfe000b31b040)
at /usr/home/rodrigc/freebsd/head/sys/kern/kern_intr.c:1276
#22 0x8088b3f4 in fork_exit (
callout=0x8088e420 ithread_loop, arg=0xfe000b31b040,
frame=0xff811dbabac0)
at /usr/home/rodrigc/freebsd/head/sys/kern/kern_fork.c:991
#23 0x80cc36de in fork_trampoline ()
at /usr/home/rodrigc/freebsd/head/sys/amd64/amd64/exception.S:606
#24 0x in ?? ()
Current language: auto; currently minimal
(kgdb)
It turns out that in this file: src/sys/netpfil/pf/pf.c
826 static void
827 pf_mtag_free(struct m_tag *t)
828 {
829
830 uma_zfree(V_pf_mtag_z, t);
831 }
when line 830 is hit, it turns out that curthread-td_vnet is NULL.
Does anyone have an idea as to the best place
to put CURVNET_SET() to avoid this problem?
I am a little less famiiar with mbuf and pf.
Thanks.
--
Craig
___
freebsd-virtualization@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-virtualization
To unsubscribe, send any mail to
freebsd-virtualization-unsubscr...@freebsd.org
Re: VIMAGE + PF crash in mbuf destructor
On Sun, Jul 21, 2013 at 11:38 PM, Adrian Chadd adr...@freebsd.org wrote:
hm. There's lots of mbuf free calls in the net80211 TX and RX path; do
we have to have to set the vnet context during the whole tx/rx path?
I'm not sure about that.
In src/sys/netpfil/pf/pf.c, we have this in pf_initialize():
751 /* Mbuf tags */
752 V_pf_mtag_z = uma_zcreate(pf mtags, sizeof(struct m_tag) +
753 sizeof(struct pf_mtag), NULL, NULL, pf_mtag_init, NULL,
754 UMA_ALIGN_PTR, 0);
and further down this:
812 static int
813 pf_mtag_init(void *mem, int size, int how)
814 {
815 struct m_tag *t;
816
817 t = (struct m_tag *)mem;
818 t-m_tag_cookie = MTAG_ABI_COMPAT;
819 t-m_tag_id = PACKET_TAG_PF;
820 t-m_tag_len = sizeof(struct pf_mtag);
821 t-m_tag_free = pf_mtag_free;
822
823 return (0);
824 }
825
826 static void
827 pf_mtag_free(struct m_tag *t)
828 {
829
830 uma_zfree(V_pf_mtag_z, t);
831 }
Can we somehow modify pf_mtag_init() so that it passes the
vnet into the pf_mtag?
Then we can call CURVNET_SET/CURVNET_RESTORE in pf_mtag_free().
--
Craig
-adrian
On 21 July 2013 23:32, Craig Rodrigues rodr...@freebsd.org wrote:
Hi,
I used a kernel config with the following lines:
include GENERIC
options VIMAGE
and compiled a CURRENT kernel from svn://
svn.freebsd.org/base/head@253346 .
I also have PF enabled on my system.
Once in a while I have been getting kernel panics like these:
(kgdb) #0 doadump (textdump=1) at pcpu.h:236
#1 0x808bc617 in kern_reboot (howto=260)
at /usr/home/rodrigc/freebsd/head/sys/kern/kern_shutdown.c:447
#2 0x808bcb25 in vpanic (fmt=value optimized out,
ap=value optimized out)
at /usr/home/rodrigc/freebsd/head/sys/kern/kern_shutdown.c:754
#3 0x808bcb73 in panic (fmt=value optimized out)
at /usr/home/rodrigc/freebsd/head/sys/kern/kern_shutdown.c:683
#4 0x8033dff7 in db_panic (addr=value optimized out,
have_addr=value optimized out, count=value optimized out,
modif=value optimized out)
at /usr/home/rodrigc/freebsd/head/sys/ddb/db_command.c:482
#5 0x8033dbcd in db_command (cmd_table=value optimized out)
at /usr/home/rodrigc/freebsd/head/sys/ddb/db_command.c:449
#6 0x8033d944 in db_command_loop ()
at /usr/home/rodrigc/freebsd/head/sys/ddb/db_command.c:502
#7 0x803402f0 in db_trap (type=value optimized out, code=0)
at /usr/home/rodrigc/freebsd/head/sys/ddb/db_main.c:231
#8 0x808f3623 in kdb_trap (type=12, code=0, tf=value optimized
out)
at /usr/home/rodrigc/freebsd/head/sys/kern/subr_kdb.c:654
#9 0x80cda43a in trap_fatal (frame=0xff811dbab6b0,
eva=value optimized out)
at /usr/home/rodrigc/freebsd/head/sys/amd64/amd64/trap.c:868
#10 0x80cda6f4 in trap_pfault (frame=0x0, usermode=0)
at /usr/home/rodrigc/freebsd/head/sys/amd64/amd64/trap.c:699
#11 0x80cd9ef0 in trap (frame=0xff811dbab6b0)
at /usr/home/rodrigc/freebsd/head/sys/amd64/amd64/trap.c:463
#12 0x80cc31a2 in calltrap ()
at /usr/home/rodrigc/freebsd/head/sys/amd64/amd64/exception.S:232
#13 0x8208f7b7 in pf_mtag_free (t=0xfe00a8797870)
at
/usr/home/rodrigc/freebsd/head/sys/modules/pf/../../netpfil/pf/pf.c:830
#14 0x808a51c9 in mb_dtor_mbuf (mem=0xfe000d0bc500, size=256,
arg=0x0) at /usr/home/rodrigc/freebsd/head/sys/kern/kern_mbuf.c:499
#15 0x80b55d4d in uma_zfree_arg (zone=0xfe000b4ab900,
item=0xfe000d0bc500, udata=0x0)
at /usr/home/rodrigc/freebsd/head/sys/vm/uma_core.c:2560
#16 0x8092d1f5 in m_freem (mb=value optimized out) at uma.h:364
#17 0x8058ba72 in iwn_tx_done (sc=0xff8000974000,
desc=value optimized out, ackfailcnt=16, status=131 '\203')
at /usr/home/rodrigc/freebsd/head/sys/dev/iwn/if_iwn.c:2817
#18 0x80583e60 in iwn_notif_intr (sc=0xff8000974000)
at /usr/home/rodrigc/freebsd/head/sys/dev/iwn/if_iwn.c:3015
#19 0x80583684 in iwn_intr (arg=0xff8000974000)
at /usr/home/rodrigc/freebsd/head/sys/dev/iwn/if_iwn.c:3306
#20 0x8088daf3 in intr_event_execute_handlers (
p=value optimized out, ie=0xfe000b696600)
at /usr/home/rodrigc/freebsd/head/sys/kern/kern_intr.c:1263
#21 0x8088e4c6 in ithread_loop (arg=0xfe000b31b040)
at /usr/home/rodrigc/freebsd/head/sys/kern/kern_intr.c:1276
#22 0x8088b3f4 in fork_exit (
callout=0x8088e420 ithread_loop, arg=0xfe000b31b040,
frame=0xff811dbabac0)
at /usr/home/rodrigc/freebsd/head/sys/kern/kern_fork.c:991
#23 0x80cc36de in fork_trampoline
Re: FreeBSD PVHVM call for testing
Hi, After some more testing I thought it would be good to put this into production for my personal server. I've used pvhvm_v19 and built it without debugging options and installed it on a FreeBSD 9.1 system. I've run into some hiccups with 9.1 user land and a 10-CURRENT kernel, but that's all solvable[0]. My VPS has some very limited memory (256M), but I've compensated with swap space (1G) Now anytime I'm putting the system under stress, by building ports or by running a git clone on the kernel repository here, I'm seeing a lot of messages about swap_pager: swap_pager: indefinite wait buffer: bufobj: 0, blkno: 132545, size: 4096 The system also becomes very sluggish and sometimes unresponsive. The weird thing was that one of these messages happened right after a reboot when I rebuilt an outdated port and on the main console was checking the swap memory: jeroen:~/ $ swapinfo [8:13:29] Device 1K-blocks UsedAvail Capacity /dev/ada0p2524288 2484 521804 0% /dev/md0 1048576 2364 1046212 0% Total 1572864 4848 1568016 0% swap_pager: indefinite wait buffer: bufobj: 0, blkno: 131424, size: 4096 Is anyone else seeing something similar? I certainly did not experience something like this on 9.0 with a XENHVM kernel. If necessary I can rebuild a kernel with debugging support and do some more recording of what is actually going on. Jeroen. [0]: I have edited bsd.port.mk to always apply the FBSD10_FIX, and for version checking I am running pkg version with UNAME_r=9.1-RELEASE. ___ freebsd-virtualization@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-virtualization To unsubscribe, send any mail to freebsd-virtualization-unsubscr...@freebsd.org
Re: FreeBSD PVHVM call for testing
On 22/07/13 09:18, Jeroen van der Ham wrote: Hi, After some more testing I thought it would be good to put this into production for my personal server. I've used pvhvm_v19 and built it without debugging options and installed it on a FreeBSD 9.1 system. I've run into some hiccups with 9.1 user land and a 10-CURRENT kernel, but that's all solvable[0]. My VPS has some very limited memory (256M), but I've compensated with swap space (1G) Is your guest running a 32bit or a 64bit kernel? Could you also provide the config file used to launch your guest and the Xen and Dom0 kernel versions? Now anytime I'm putting the system under stress, by building ports or by running a git clone on the kernel repository here, I'm seeing a lot of messages about swap_pager: swap_pager: indefinite wait buffer: bufobj: 0, blkno: 132545, size: 4096 The system also becomes very sluggish and sometimes unresponsive. The weird thing was that one of these messages happened right after a reboot when I rebuilt an outdated port and on the main console was checking the swap memory: jeroen:~/ $ swapinfo [8:13:29] Device 1K-blocks UsedAvail Capacity /dev/ada0p2524288 2484 521804 0% /dev/md0 1048576 2364 1046212 0% Total 1572864 4848 1568016 0% swap_pager: indefinite wait buffer: bufobj: 0, blkno: 131424, size: 4096 Is anyone else seeing something similar? Could you also try a HEAD XENHVM kernel (without my patches), to see if the issue is related to my changes or to some bug already present in HEAD? I certainly did not experience something like this on 9.0 with a XENHVM kernel. If necessary I can rebuild a kernel with debugging support and do some more recording of what is actually going on. Jeroen. [0]: I have edited bsd.port.mk to always apply the FBSD10_FIX, and for version checking I am running pkg version with UNAME_r=9.1-RELEASE. ___ freebsd-virtualization@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-virtualization To unsubscribe, send any mail to freebsd-virtualization-unsubscr...@freebsd.org
Re: VIMAGE + PF crash in mbuf destructor
On Monday 22 July 2013 08:57:43 Craig Rodrigues wrote:
On Sun, Jul 21, 2013 at 11:38 PM, Adrian Chadd adr...@freebsd.org wrote:
hm. There's lots of mbuf free calls in the net80211 TX and RX path; do
we have to have to set the vnet context during the whole tx/rx path?
I'm not sure about that.
In src/sys/netpfil/pf/pf.c, we have this in pf_initialize():
751 /* Mbuf tags */
752 V_pf_mtag_z = uma_zcreate(pf mtags, sizeof(struct
m_tag) + 753 sizeof(struct pf_mtag), NULL, NULL,
pf_mtag_init, NULL, 754 UMA_ALIGN_PTR, 0);
and further down this:
812 static int
813 pf_mtag_init(void *mem, int size, int how)
814 {
815 struct m_tag *t;
816
817 t = (struct m_tag *)mem;
818 t-m_tag_cookie = MTAG_ABI_COMPAT;
819 t-m_tag_id = PACKET_TAG_PF;
820 t-m_tag_len = sizeof(struct pf_mtag);
821 t-m_tag_free = pf_mtag_free;
822
823 return (0);
824 }
825
826 static void
827 pf_mtag_free(struct m_tag *t)
828 {
829
830 uma_zfree(V_pf_mtag_z, t);
831 }
Can we somehow modify pf_mtag_init() so that it passes the
vnet into the pf_mtag?
Then we can call CURVNET_SET/CURVNET_RESTORE in pf_mtag_free().
I'd say just de-virtualize V_pf_mtag_z, and you're done.
Marko
--
Craig
-adrian
On 21 July 2013 23:32, Craig Rodrigues rodr...@freebsd.org wrote:
Hi,
I used a kernel config with the following lines:
include GENERIC
options VIMAGE
and compiled a CURRENT kernel from svn://
svn.freebsd.org/base/head@253346 .
I also have PF enabled on my system.
Once in a while I have been getting kernel panics like these:
(kgdb) #0 doadump (textdump=1) at pcpu.h:236
#1 0x808bc617 in kern_reboot (howto=260)
at /usr/home/rodrigc/freebsd/head/sys/kern/kern_shutdown.c:447
#2 0x808bcb25 in vpanic (fmt=value optimized out,
ap=value optimized out)
at /usr/home/rodrigc/freebsd/head/sys/kern/kern_shutdown.c:754
#3 0x808bcb73 in panic (fmt=value optimized out)
at /usr/home/rodrigc/freebsd/head/sys/kern/kern_shutdown.c:683
#4 0x8033dff7 in db_panic (addr=value optimized out,
have_addr=value optimized out, count=value optimized out,
modif=value optimized out)
at /usr/home/rodrigc/freebsd/head/sys/ddb/db_command.c:482
#5 0x8033dbcd in db_command (cmd_table=value optimized
out) at /usr/home/rodrigc/freebsd/head/sys/ddb/db_command.c:449 #6
0x8033d944 in db_command_loop ()
at /usr/home/rodrigc/freebsd/head/sys/ddb/db_command.c:502
#7 0x803402f0 in db_trap (type=value optimized out,
code=0) at /usr/home/rodrigc/freebsd/head/sys/ddb/db_main.c:231
#8 0x808f3623 in kdb_trap (type=12, code=0, tf=value
optimized out)
at /usr/home/rodrigc/freebsd/head/sys/kern/subr_kdb.c:654
#9 0x80cda43a in trap_fatal (frame=0xff811dbab6b0,
eva=value optimized out)
at /usr/home/rodrigc/freebsd/head/sys/amd64/amd64/trap.c:868
#10 0x80cda6f4 in trap_pfault (frame=0x0, usermode=0)
at /usr/home/rodrigc/freebsd/head/sys/amd64/amd64/trap.c:699
#11 0x80cd9ef0 in trap (frame=0xff811dbab6b0)
at /usr/home/rodrigc/freebsd/head/sys/amd64/amd64/trap.c:463
#12 0x80cc31a2 in calltrap ()
at /usr/home/rodrigc/freebsd/head/sys/amd64/amd64/exception.S:232
#13 0x8208f7b7 in pf_mtag_free (t=0xfe00a8797870)
at
/usr/home/rodrigc/freebsd/head/sys/modules/pf/../../netpfil/pf/pf.c:8
30 #14 0x808a51c9 in mb_dtor_mbuf (mem=0xfe000d0bc500,
size=256, arg=0x0) at
/usr/home/rodrigc/freebsd/head/sys/kern/kern_mbuf.c:499 #15
0x80b55d4d in uma_zfree_arg (zone=0xfe000b4ab900,
item=0xfe000d0bc500, udata=0x0)
at /usr/home/rodrigc/freebsd/head/sys/vm/uma_core.c:2560
#16 0x8092d1f5 in m_freem (mb=value optimized out) at
uma.h:364 #17 0x8058ba72 in iwn_tx_done
(sc=0xff8000974000, desc=value optimized out, ackfailcnt=16,
status=131 '\203') at
/usr/home/rodrigc/freebsd/head/sys/dev/iwn/if_iwn.c:2817 #18
0x80583e60 in iwn_notif_intr (sc=0xff8000974000) at
/usr/home/rodrigc/freebsd/head/sys/dev/iwn/if_iwn.c:3015 #19
0x80583684 in iwn_intr (arg=0xff8000974000)
at /usr/home/rodrigc/freebsd/head/sys/dev/iwn/if_iwn.c:3306
#20 0x8088daf3 in intr_event_execute_handlers (
p=value optimized out, ie=0xfe000b696600)
at /usr/home/rodrigc/freebsd/head/sys/kern/kern_intr.c:1263
#21 0x8088e4c6 in ithread_loop (arg=0xfe000b31b040)
at /usr/home/rodrigc/freebsd/head/sys/kern/kern_intr.c:1276
#22 0x8088b3f4 in fork_exit (
Re: VIMAGE + PF crash in mbuf destructor
On 07/22/13 09:32, Craig Rodrigues wrote:
Hi,
I used a kernel config with the following lines:
include GENERIC
options VIMAGE
and compiled a CURRENT kernel from svn://svn.freebsd.org/base/head@253346 .
I also have PF enabled on my system.
Once in a while I have been getting kernel panics like these:
(kgdb) #0 doadump (textdump=1) at pcpu.h:236
#1 0x808bc617 in kern_reboot (howto=260)
at /usr/home/rodrigc/freebsd/head/sys/kern/kern_shutdown.c:447
#2 0x808bcb25 in vpanic (fmt=value optimized out,
ap=value optimized out)
at /usr/home/rodrigc/freebsd/head/sys/kern/kern_shutdown.c:754
#3 0x808bcb73 in panic (fmt=value optimized out)
at /usr/home/rodrigc/freebsd/head/sys/kern/kern_shutdown.c:683
#4 0x8033dff7 in db_panic (addr=value optimized out,
have_addr=value optimized out, count=value optimized out,
modif=value optimized out)
at /usr/home/rodrigc/freebsd/head/sys/ddb/db_command.c:482
#5 0x8033dbcd in db_command (cmd_table=value optimized out)
at /usr/home/rodrigc/freebsd/head/sys/ddb/db_command.c:449
#6 0x8033d944 in db_command_loop ()
at /usr/home/rodrigc/freebsd/head/sys/ddb/db_command.c:502
#7 0x803402f0 in db_trap (type=value optimized out, code=0)
at /usr/home/rodrigc/freebsd/head/sys/ddb/db_main.c:231
#8 0x808f3623 in kdb_trap (type=12, code=0, tf=value optimized
out)
at /usr/home/rodrigc/freebsd/head/sys/kern/subr_kdb.c:654
#9 0x80cda43a in trap_fatal (frame=0xff811dbab6b0,
eva=value optimized out)
at /usr/home/rodrigc/freebsd/head/sys/amd64/amd64/trap.c:868
#10 0x80cda6f4 in trap_pfault (frame=0x0, usermode=0)
at /usr/home/rodrigc/freebsd/head/sys/amd64/amd64/trap.c:699
#11 0x80cd9ef0 in trap (frame=0xff811dbab6b0)
at /usr/home/rodrigc/freebsd/head/sys/amd64/amd64/trap.c:463
#12 0x80cc31a2 in calltrap ()
at /usr/home/rodrigc/freebsd/head/sys/amd64/amd64/exception.S:232
#13 0x8208f7b7 in pf_mtag_free (t=0xfe00a8797870)
at
/usr/home/rodrigc/freebsd/head/sys/modules/pf/../../netpfil/pf/pf.c:830
#14 0x808a51c9 in mb_dtor_mbuf (mem=0xfe000d0bc500, size=256,
arg=0x0) at /usr/home/rodrigc/freebsd/head/sys/kern/kern_mbuf.c:499
#15 0x80b55d4d in uma_zfree_arg (zone=0xfe000b4ab900,
item=0xfe000d0bc500, udata=0x0)
at /usr/home/rodrigc/freebsd/head/sys/vm/uma_core.c:2560
#16 0x8092d1f5 in m_freem (mb=value optimized out) at uma.h:364
#17 0x8058ba72 in iwn_tx_done (sc=0xff8000974000,
desc=value optimized out, ackfailcnt=16, status=131 '\203')
at /usr/home/rodrigc/freebsd/head/sys/dev/iwn/if_iwn.c:2817
#18 0x80583e60 in iwn_notif_intr (sc=0xff8000974000)
at /usr/home/rodrigc/freebsd/head/sys/dev/iwn/if_iwn.c:3015
#19 0x80583684 in iwn_intr (arg=0xff8000974000)
at /usr/home/rodrigc/freebsd/head/sys/dev/iwn/if_iwn.c:3306
#20 0x8088daf3 in intr_event_execute_handlers (
p=value optimized out, ie=0xfe000b696600)
at /usr/home/rodrigc/freebsd/head/sys/kern/kern_intr.c:1263
#21 0x8088e4c6 in ithread_loop (arg=0xfe000b31b040)
at /usr/home/rodrigc/freebsd/head/sys/kern/kern_intr.c:1276
#22 0x8088b3f4 in fork_exit (
callout=0x8088e420 ithread_loop, arg=0xfe000b31b040,
frame=0xff811dbabac0)
at /usr/home/rodrigc/freebsd/head/sys/kern/kern_fork.c:991
#23 0x80cc36de in fork_trampoline ()
at /usr/home/rodrigc/freebsd/head/sys/amd64/amd64/exception.S:606
#24 0x in ?? ()
Current language: auto; currently minimal
(kgdb)
It turns out that in this file: src/sys/netpfil/pf/pf.c
826 static void
827 pf_mtag_free(struct m_tag *t)
828 {
829
830 uma_zfree(V_pf_mtag_z, t);
831 }
when line 830 is hit, it turns out that curthread-td_vnet is NULL.
Does anyone have an idea as to the best place
to put CURVNET_SET() to avoid this problem?
I am a little less famiiar with mbuf and pf.
Hi,
I think this comes from the eventhandlers pf installs to handle
ifnet events. It seems like a wifi event causes this code to run
and the context is not set. Does the panic happen only when you
use vnet jails?
Could you try putting all evenhandlers in an
'if (IS_DEFAULT_VNET(curvnet))' block?
It's here:
http://fxr.watson.org/fxr/source/netpfil/pf/pf_if.c#L127
the pfi_*_cookie = ... lines.
I am not sure if this would be enough though since it might
panic in other places.
HTH, Nikos
___
freebsd-virtualization@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-virtualization
To unsubscribe, send any mail to
freebsd-virtualization-unsubscr...@freebsd.org
