VIMAGE + PF crash in mbuf destructor
Hi,
I used a kernel config with the following lines:
include GENERIC
options VIMAGE
and compiled a CURRENT kernel from svn://svn.freebsd.org/base/head@253346 .
I also have PF enabled on my system.
Once in a while I have been getting kernel panics like these:
(kgdb) #0 doadump (textdump=1) at pcpu.h:236
#1 0x808bc617 in kern_reboot (howto=260)
at /usr/home/rodrigc/freebsd/head/sys/kern/kern_shutdown.c:447
#2 0x808bcb25 in vpanic (fmt=value optimized out,
ap=value optimized out)
at /usr/home/rodrigc/freebsd/head/sys/kern/kern_shutdown.c:754
#3 0x808bcb73 in panic (fmt=value optimized out)
at /usr/home/rodrigc/freebsd/head/sys/kern/kern_shutdown.c:683
#4 0x8033dff7 in db_panic (addr=value optimized out,
have_addr=value optimized out, count=value optimized out,
modif=value optimized out)
at /usr/home/rodrigc/freebsd/head/sys/ddb/db_command.c:482
#5 0x8033dbcd in db_command (cmd_table=value optimized out)
at /usr/home/rodrigc/freebsd/head/sys/ddb/db_command.c:449
#6 0x8033d944 in db_command_loop ()
at /usr/home/rodrigc/freebsd/head/sys/ddb/db_command.c:502
#7 0x803402f0 in db_trap (type=value optimized out, code=0)
at /usr/home/rodrigc/freebsd/head/sys/ddb/db_main.c:231
#8 0x808f3623 in kdb_trap (type=12, code=0, tf=value optimized
out)
at /usr/home/rodrigc/freebsd/head/sys/kern/subr_kdb.c:654
#9 0x80cda43a in trap_fatal (frame=0xff811dbab6b0,
eva=value optimized out)
at /usr/home/rodrigc/freebsd/head/sys/amd64/amd64/trap.c:868
#10 0x80cda6f4 in trap_pfault (frame=0x0, usermode=0)
at /usr/home/rodrigc/freebsd/head/sys/amd64/amd64/trap.c:699
#11 0x80cd9ef0 in trap (frame=0xff811dbab6b0)
at /usr/home/rodrigc/freebsd/head/sys/amd64/amd64/trap.c:463
#12 0x80cc31a2 in calltrap ()
at /usr/home/rodrigc/freebsd/head/sys/amd64/amd64/exception.S:232
#13 0x8208f7b7 in pf_mtag_free (t=0xfe00a8797870)
at
/usr/home/rodrigc/freebsd/head/sys/modules/pf/../../netpfil/pf/pf.c:830
#14 0x808a51c9 in mb_dtor_mbuf (mem=0xfe000d0bc500, size=256,
arg=0x0) at /usr/home/rodrigc/freebsd/head/sys/kern/kern_mbuf.c:499
#15 0x80b55d4d in uma_zfree_arg (zone=0xfe000b4ab900,
item=0xfe000d0bc500, udata=0x0)
at /usr/home/rodrigc/freebsd/head/sys/vm/uma_core.c:2560
#16 0x8092d1f5 in m_freem (mb=value optimized out) at uma.h:364
#17 0x8058ba72 in iwn_tx_done (sc=0xff8000974000,
desc=value optimized out, ackfailcnt=16, status=131 '\203')
at /usr/home/rodrigc/freebsd/head/sys/dev/iwn/if_iwn.c:2817
#18 0x80583e60 in iwn_notif_intr (sc=0xff8000974000)
at /usr/home/rodrigc/freebsd/head/sys/dev/iwn/if_iwn.c:3015
#19 0x80583684 in iwn_intr (arg=0xff8000974000)
at /usr/home/rodrigc/freebsd/head/sys/dev/iwn/if_iwn.c:3306
#20 0x8088daf3 in intr_event_execute_handlers (
p=value optimized out, ie=0xfe000b696600)
at /usr/home/rodrigc/freebsd/head/sys/kern/kern_intr.c:1263
#21 0x8088e4c6 in ithread_loop (arg=0xfe000b31b040)
at /usr/home/rodrigc/freebsd/head/sys/kern/kern_intr.c:1276
#22 0x8088b3f4 in fork_exit (
callout=0x8088e420 ithread_loop, arg=0xfe000b31b040,
frame=0xff811dbabac0)
at /usr/home/rodrigc/freebsd/head/sys/kern/kern_fork.c:991
#23 0x80cc36de in fork_trampoline ()
at /usr/home/rodrigc/freebsd/head/sys/amd64/amd64/exception.S:606
#24 0x in ?? ()
Current language: auto; currently minimal
(kgdb)
It turns out that in this file: src/sys/netpfil/pf/pf.c
826 static void
827 pf_mtag_free(struct m_tag *t)
828 {
829
830 uma_zfree(V_pf_mtag_z, t);
831 }
when line 830 is hit, it turns out that curthread-td_vnet is NULL.
Does anyone have an idea as to the best place
to put CURVNET_SET() to avoid this problem?
I am a little less famiiar with mbuf and pf.
Thanks.
--
Craig
___
freebsd-virtualization@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-virtualization
To unsubscribe, send any mail to
freebsd-virtualization-unsubscr...@freebsd.org
Re: VIMAGE + PF crash in mbuf destructor
hm. There's lots of mbuf free calls in the net80211 TX and RX path; do
we have to have to set the vnet context during the whole tx/rx path?
-adrian
On 21 July 2013 23:32, Craig Rodrigues rodr...@freebsd.org wrote:
Hi,
I used a kernel config with the following lines:
include GENERIC
options VIMAGE
and compiled a CURRENT kernel from svn://svn.freebsd.org/base/head@253346 .
I also have PF enabled on my system.
Once in a while I have been getting kernel panics like these:
(kgdb) #0 doadump (textdump=1) at pcpu.h:236
#1 0x808bc617 in kern_reboot (howto=260)
at /usr/home/rodrigc/freebsd/head/sys/kern/kern_shutdown.c:447
#2 0x808bcb25 in vpanic (fmt=value optimized out,
ap=value optimized out)
at /usr/home/rodrigc/freebsd/head/sys/kern/kern_shutdown.c:754
#3 0x808bcb73 in panic (fmt=value optimized out)
at /usr/home/rodrigc/freebsd/head/sys/kern/kern_shutdown.c:683
#4 0x8033dff7 in db_panic (addr=value optimized out,
have_addr=value optimized out, count=value optimized out,
modif=value optimized out)
at /usr/home/rodrigc/freebsd/head/sys/ddb/db_command.c:482
#5 0x8033dbcd in db_command (cmd_table=value optimized out)
at /usr/home/rodrigc/freebsd/head/sys/ddb/db_command.c:449
#6 0x8033d944 in db_command_loop ()
at /usr/home/rodrigc/freebsd/head/sys/ddb/db_command.c:502
#7 0x803402f0 in db_trap (type=value optimized out, code=0)
at /usr/home/rodrigc/freebsd/head/sys/ddb/db_main.c:231
#8 0x808f3623 in kdb_trap (type=12, code=0, tf=value optimized
out)
at /usr/home/rodrigc/freebsd/head/sys/kern/subr_kdb.c:654
#9 0x80cda43a in trap_fatal (frame=0xff811dbab6b0,
eva=value optimized out)
at /usr/home/rodrigc/freebsd/head/sys/amd64/amd64/trap.c:868
#10 0x80cda6f4 in trap_pfault (frame=0x0, usermode=0)
at /usr/home/rodrigc/freebsd/head/sys/amd64/amd64/trap.c:699
#11 0x80cd9ef0 in trap (frame=0xff811dbab6b0)
at /usr/home/rodrigc/freebsd/head/sys/amd64/amd64/trap.c:463
#12 0x80cc31a2 in calltrap ()
at /usr/home/rodrigc/freebsd/head/sys/amd64/amd64/exception.S:232
#13 0x8208f7b7 in pf_mtag_free (t=0xfe00a8797870)
at
/usr/home/rodrigc/freebsd/head/sys/modules/pf/../../netpfil/pf/pf.c:830
#14 0x808a51c9 in mb_dtor_mbuf (mem=0xfe000d0bc500, size=256,
arg=0x0) at /usr/home/rodrigc/freebsd/head/sys/kern/kern_mbuf.c:499
#15 0x80b55d4d in uma_zfree_arg (zone=0xfe000b4ab900,
item=0xfe000d0bc500, udata=0x0)
at /usr/home/rodrigc/freebsd/head/sys/vm/uma_core.c:2560
#16 0x8092d1f5 in m_freem (mb=value optimized out) at uma.h:364
#17 0x8058ba72 in iwn_tx_done (sc=0xff8000974000,
desc=value optimized out, ackfailcnt=16, status=131 '\203')
at /usr/home/rodrigc/freebsd/head/sys/dev/iwn/if_iwn.c:2817
#18 0x80583e60 in iwn_notif_intr (sc=0xff8000974000)
at /usr/home/rodrigc/freebsd/head/sys/dev/iwn/if_iwn.c:3015
#19 0x80583684 in iwn_intr (arg=0xff8000974000)
at /usr/home/rodrigc/freebsd/head/sys/dev/iwn/if_iwn.c:3306
#20 0x8088daf3 in intr_event_execute_handlers (
p=value optimized out, ie=0xfe000b696600)
at /usr/home/rodrigc/freebsd/head/sys/kern/kern_intr.c:1263
#21 0x8088e4c6 in ithread_loop (arg=0xfe000b31b040)
at /usr/home/rodrigc/freebsd/head/sys/kern/kern_intr.c:1276
#22 0x8088b3f4 in fork_exit (
callout=0x8088e420 ithread_loop, arg=0xfe000b31b040,
frame=0xff811dbabac0)
at /usr/home/rodrigc/freebsd/head/sys/kern/kern_fork.c:991
#23 0x80cc36de in fork_trampoline ()
at /usr/home/rodrigc/freebsd/head/sys/amd64/amd64/exception.S:606
#24 0x in ?? ()
Current language: auto; currently minimal
(kgdb)
It turns out that in this file: src/sys/netpfil/pf/pf.c
826 static void
827 pf_mtag_free(struct m_tag *t)
828 {
829
830 uma_zfree(V_pf_mtag_z, t);
831 }
when line 830 is hit, it turns out that curthread-td_vnet is NULL.
Does anyone have an idea as to the best place
to put CURVNET_SET() to avoid this problem?
I am a little less famiiar with mbuf and pf.
Thanks.
--
Craig
___
freebsd-virtualization@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-virtualization
To unsubscribe, send any mail to
freebsd-virtualization-unsubscr...@freebsd.org
Re: VIMAGE + PF crash in mbuf destructor
On Sun, Jul 21, 2013 at 11:38 PM, Adrian Chadd adr...@freebsd.org wrote:
hm. There's lots of mbuf free calls in the net80211 TX and RX path; do
we have to have to set the vnet context during the whole tx/rx path?
I'm not sure about that.
In src/sys/netpfil/pf/pf.c, we have this in pf_initialize():
751 /* Mbuf tags */
752 V_pf_mtag_z = uma_zcreate(pf mtags, sizeof(struct m_tag) +
753 sizeof(struct pf_mtag), NULL, NULL, pf_mtag_init, NULL,
754 UMA_ALIGN_PTR, 0);
and further down this:
812 static int
813 pf_mtag_init(void *mem, int size, int how)
814 {
815 struct m_tag *t;
816
817 t = (struct m_tag *)mem;
818 t-m_tag_cookie = MTAG_ABI_COMPAT;
819 t-m_tag_id = PACKET_TAG_PF;
820 t-m_tag_len = sizeof(struct pf_mtag);
821 t-m_tag_free = pf_mtag_free;
822
823 return (0);
824 }
825
826 static void
827 pf_mtag_free(struct m_tag *t)
828 {
829
830 uma_zfree(V_pf_mtag_z, t);
831 }
Can we somehow modify pf_mtag_init() so that it passes the
vnet into the pf_mtag?
Then we can call CURVNET_SET/CURVNET_RESTORE in pf_mtag_free().
--
Craig
-adrian
On 21 July 2013 23:32, Craig Rodrigues rodr...@freebsd.org wrote:
Hi,
I used a kernel config with the following lines:
include GENERIC
options VIMAGE
and compiled a CURRENT kernel from svn://
svn.freebsd.org/base/head@253346 .
I also have PF enabled on my system.
Once in a while I have been getting kernel panics like these:
(kgdb) #0 doadump (textdump=1) at pcpu.h:236
#1 0x808bc617 in kern_reboot (howto=260)
at /usr/home/rodrigc/freebsd/head/sys/kern/kern_shutdown.c:447
#2 0x808bcb25 in vpanic (fmt=value optimized out,
ap=value optimized out)
at /usr/home/rodrigc/freebsd/head/sys/kern/kern_shutdown.c:754
#3 0x808bcb73 in panic (fmt=value optimized out)
at /usr/home/rodrigc/freebsd/head/sys/kern/kern_shutdown.c:683
#4 0x8033dff7 in db_panic (addr=value optimized out,
have_addr=value optimized out, count=value optimized out,
modif=value optimized out)
at /usr/home/rodrigc/freebsd/head/sys/ddb/db_command.c:482
#5 0x8033dbcd in db_command (cmd_table=value optimized out)
at /usr/home/rodrigc/freebsd/head/sys/ddb/db_command.c:449
#6 0x8033d944 in db_command_loop ()
at /usr/home/rodrigc/freebsd/head/sys/ddb/db_command.c:502
#7 0x803402f0 in db_trap (type=value optimized out, code=0)
at /usr/home/rodrigc/freebsd/head/sys/ddb/db_main.c:231
#8 0x808f3623 in kdb_trap (type=12, code=0, tf=value optimized
out)
at /usr/home/rodrigc/freebsd/head/sys/kern/subr_kdb.c:654
#9 0x80cda43a in trap_fatal (frame=0xff811dbab6b0,
eva=value optimized out)
at /usr/home/rodrigc/freebsd/head/sys/amd64/amd64/trap.c:868
#10 0x80cda6f4 in trap_pfault (frame=0x0, usermode=0)
at /usr/home/rodrigc/freebsd/head/sys/amd64/amd64/trap.c:699
#11 0x80cd9ef0 in trap (frame=0xff811dbab6b0)
at /usr/home/rodrigc/freebsd/head/sys/amd64/amd64/trap.c:463
#12 0x80cc31a2 in calltrap ()
at /usr/home/rodrigc/freebsd/head/sys/amd64/amd64/exception.S:232
#13 0x8208f7b7 in pf_mtag_free (t=0xfe00a8797870)
at
/usr/home/rodrigc/freebsd/head/sys/modules/pf/../../netpfil/pf/pf.c:830
#14 0x808a51c9 in mb_dtor_mbuf (mem=0xfe000d0bc500, size=256,
arg=0x0) at /usr/home/rodrigc/freebsd/head/sys/kern/kern_mbuf.c:499
#15 0x80b55d4d in uma_zfree_arg (zone=0xfe000b4ab900,
item=0xfe000d0bc500, udata=0x0)
at /usr/home/rodrigc/freebsd/head/sys/vm/uma_core.c:2560
#16 0x8092d1f5 in m_freem (mb=value optimized out) at uma.h:364
#17 0x8058ba72 in iwn_tx_done (sc=0xff8000974000,
desc=value optimized out, ackfailcnt=16, status=131 '\203')
at /usr/home/rodrigc/freebsd/head/sys/dev/iwn/if_iwn.c:2817
#18 0x80583e60 in iwn_notif_intr (sc=0xff8000974000)
at /usr/home/rodrigc/freebsd/head/sys/dev/iwn/if_iwn.c:3015
#19 0x80583684 in iwn_intr (arg=0xff8000974000)
at /usr/home/rodrigc/freebsd/head/sys/dev/iwn/if_iwn.c:3306
#20 0x8088daf3 in intr_event_execute_handlers (
p=value optimized out, ie=0xfe000b696600)
at /usr/home/rodrigc/freebsd/head/sys/kern/kern_intr.c:1263
#21 0x8088e4c6 in ithread_loop (arg=0xfe000b31b040)
at /usr/home/rodrigc/freebsd/head/sys/kern/kern_intr.c:1276
#22 0x8088b3f4 in fork_exit (
callout=0x8088e420 ithread_loop, arg=0xfe000b31b040,
frame=0xff811dbabac0)
at /usr/home/rodrigc/freebsd/head/sys/kern/kern_fork.c:991
#23 0x80cc36de in fork_trampoline
Re: VIMAGE + PF crash in mbuf destructor
On Monday 22 July 2013 08:57:43 Craig Rodrigues wrote:
On Sun, Jul 21, 2013 at 11:38 PM, Adrian Chadd adr...@freebsd.org wrote:
hm. There's lots of mbuf free calls in the net80211 TX and RX path; do
we have to have to set the vnet context during the whole tx/rx path?
I'm not sure about that.
In src/sys/netpfil/pf/pf.c, we have this in pf_initialize():
751 /* Mbuf tags */
752 V_pf_mtag_z = uma_zcreate(pf mtags, sizeof(struct
m_tag) + 753 sizeof(struct pf_mtag), NULL, NULL,
pf_mtag_init, NULL, 754 UMA_ALIGN_PTR, 0);
and further down this:
812 static int
813 pf_mtag_init(void *mem, int size, int how)
814 {
815 struct m_tag *t;
816
817 t = (struct m_tag *)mem;
818 t-m_tag_cookie = MTAG_ABI_COMPAT;
819 t-m_tag_id = PACKET_TAG_PF;
820 t-m_tag_len = sizeof(struct pf_mtag);
821 t-m_tag_free = pf_mtag_free;
822
823 return (0);
824 }
825
826 static void
827 pf_mtag_free(struct m_tag *t)
828 {
829
830 uma_zfree(V_pf_mtag_z, t);
831 }
Can we somehow modify pf_mtag_init() so that it passes the
vnet into the pf_mtag?
Then we can call CURVNET_SET/CURVNET_RESTORE in pf_mtag_free().
I'd say just de-virtualize V_pf_mtag_z, and you're done.
Marko
--
Craig
-adrian
On 21 July 2013 23:32, Craig Rodrigues rodr...@freebsd.org wrote:
Hi,
I used a kernel config with the following lines:
include GENERIC
options VIMAGE
and compiled a CURRENT kernel from svn://
svn.freebsd.org/base/head@253346 .
I also have PF enabled on my system.
Once in a while I have been getting kernel panics like these:
(kgdb) #0 doadump (textdump=1) at pcpu.h:236
#1 0x808bc617 in kern_reboot (howto=260)
at /usr/home/rodrigc/freebsd/head/sys/kern/kern_shutdown.c:447
#2 0x808bcb25 in vpanic (fmt=value optimized out,
ap=value optimized out)
at /usr/home/rodrigc/freebsd/head/sys/kern/kern_shutdown.c:754
#3 0x808bcb73 in panic (fmt=value optimized out)
at /usr/home/rodrigc/freebsd/head/sys/kern/kern_shutdown.c:683
#4 0x8033dff7 in db_panic (addr=value optimized out,
have_addr=value optimized out, count=value optimized out,
modif=value optimized out)
at /usr/home/rodrigc/freebsd/head/sys/ddb/db_command.c:482
#5 0x8033dbcd in db_command (cmd_table=value optimized
out) at /usr/home/rodrigc/freebsd/head/sys/ddb/db_command.c:449 #6
0x8033d944 in db_command_loop ()
at /usr/home/rodrigc/freebsd/head/sys/ddb/db_command.c:502
#7 0x803402f0 in db_trap (type=value optimized out,
code=0) at /usr/home/rodrigc/freebsd/head/sys/ddb/db_main.c:231
#8 0x808f3623 in kdb_trap (type=12, code=0, tf=value
optimized out)
at /usr/home/rodrigc/freebsd/head/sys/kern/subr_kdb.c:654
#9 0x80cda43a in trap_fatal (frame=0xff811dbab6b0,
eva=value optimized out)
at /usr/home/rodrigc/freebsd/head/sys/amd64/amd64/trap.c:868
#10 0x80cda6f4 in trap_pfault (frame=0x0, usermode=0)
at /usr/home/rodrigc/freebsd/head/sys/amd64/amd64/trap.c:699
#11 0x80cd9ef0 in trap (frame=0xff811dbab6b0)
at /usr/home/rodrigc/freebsd/head/sys/amd64/amd64/trap.c:463
#12 0x80cc31a2 in calltrap ()
at /usr/home/rodrigc/freebsd/head/sys/amd64/amd64/exception.S:232
#13 0x8208f7b7 in pf_mtag_free (t=0xfe00a8797870)
at
/usr/home/rodrigc/freebsd/head/sys/modules/pf/../../netpfil/pf/pf.c:8
30 #14 0x808a51c9 in mb_dtor_mbuf (mem=0xfe000d0bc500,
size=256, arg=0x0) at
/usr/home/rodrigc/freebsd/head/sys/kern/kern_mbuf.c:499 #15
0x80b55d4d in uma_zfree_arg (zone=0xfe000b4ab900,
item=0xfe000d0bc500, udata=0x0)
at /usr/home/rodrigc/freebsd/head/sys/vm/uma_core.c:2560
#16 0x8092d1f5 in m_freem (mb=value optimized out) at
uma.h:364 #17 0x8058ba72 in iwn_tx_done
(sc=0xff8000974000, desc=value optimized out, ackfailcnt=16,
status=131 '\203') at
/usr/home/rodrigc/freebsd/head/sys/dev/iwn/if_iwn.c:2817 #18
0x80583e60 in iwn_notif_intr (sc=0xff8000974000) at
/usr/home/rodrigc/freebsd/head/sys/dev/iwn/if_iwn.c:3015 #19
0x80583684 in iwn_intr (arg=0xff8000974000)
at /usr/home/rodrigc/freebsd/head/sys/dev/iwn/if_iwn.c:3306
#20 0x8088daf3 in intr_event_execute_handlers (
p=value optimized out, ie=0xfe000b696600)
at /usr/home/rodrigc/freebsd/head/sys/kern/kern_intr.c:1263
#21 0x8088e4c6 in ithread_loop (arg=0xfe000b31b040)
at /usr/home/rodrigc/freebsd/head/sys/kern/kern_intr.c:1276
#22 0x8088b3f4 in fork_exit (
Re: VIMAGE + PF crash in mbuf destructor
On 07/22/13 09:32, Craig Rodrigues wrote:
Hi,
I used a kernel config with the following lines:
include GENERIC
options VIMAGE
and compiled a CURRENT kernel from svn://svn.freebsd.org/base/head@253346 .
I also have PF enabled on my system.
Once in a while I have been getting kernel panics like these:
(kgdb) #0 doadump (textdump=1) at pcpu.h:236
#1 0x808bc617 in kern_reboot (howto=260)
at /usr/home/rodrigc/freebsd/head/sys/kern/kern_shutdown.c:447
#2 0x808bcb25 in vpanic (fmt=value optimized out,
ap=value optimized out)
at /usr/home/rodrigc/freebsd/head/sys/kern/kern_shutdown.c:754
#3 0x808bcb73 in panic (fmt=value optimized out)
at /usr/home/rodrigc/freebsd/head/sys/kern/kern_shutdown.c:683
#4 0x8033dff7 in db_panic (addr=value optimized out,
have_addr=value optimized out, count=value optimized out,
modif=value optimized out)
at /usr/home/rodrigc/freebsd/head/sys/ddb/db_command.c:482
#5 0x8033dbcd in db_command (cmd_table=value optimized out)
at /usr/home/rodrigc/freebsd/head/sys/ddb/db_command.c:449
#6 0x8033d944 in db_command_loop ()
at /usr/home/rodrigc/freebsd/head/sys/ddb/db_command.c:502
#7 0x803402f0 in db_trap (type=value optimized out, code=0)
at /usr/home/rodrigc/freebsd/head/sys/ddb/db_main.c:231
#8 0x808f3623 in kdb_trap (type=12, code=0, tf=value optimized
out)
at /usr/home/rodrigc/freebsd/head/sys/kern/subr_kdb.c:654
#9 0x80cda43a in trap_fatal (frame=0xff811dbab6b0,
eva=value optimized out)
at /usr/home/rodrigc/freebsd/head/sys/amd64/amd64/trap.c:868
#10 0x80cda6f4 in trap_pfault (frame=0x0, usermode=0)
at /usr/home/rodrigc/freebsd/head/sys/amd64/amd64/trap.c:699
#11 0x80cd9ef0 in trap (frame=0xff811dbab6b0)
at /usr/home/rodrigc/freebsd/head/sys/amd64/amd64/trap.c:463
#12 0x80cc31a2 in calltrap ()
at /usr/home/rodrigc/freebsd/head/sys/amd64/amd64/exception.S:232
#13 0x8208f7b7 in pf_mtag_free (t=0xfe00a8797870)
at
/usr/home/rodrigc/freebsd/head/sys/modules/pf/../../netpfil/pf/pf.c:830
#14 0x808a51c9 in mb_dtor_mbuf (mem=0xfe000d0bc500, size=256,
arg=0x0) at /usr/home/rodrigc/freebsd/head/sys/kern/kern_mbuf.c:499
#15 0x80b55d4d in uma_zfree_arg (zone=0xfe000b4ab900,
item=0xfe000d0bc500, udata=0x0)
at /usr/home/rodrigc/freebsd/head/sys/vm/uma_core.c:2560
#16 0x8092d1f5 in m_freem (mb=value optimized out) at uma.h:364
#17 0x8058ba72 in iwn_tx_done (sc=0xff8000974000,
desc=value optimized out, ackfailcnt=16, status=131 '\203')
at /usr/home/rodrigc/freebsd/head/sys/dev/iwn/if_iwn.c:2817
#18 0x80583e60 in iwn_notif_intr (sc=0xff8000974000)
at /usr/home/rodrigc/freebsd/head/sys/dev/iwn/if_iwn.c:3015
#19 0x80583684 in iwn_intr (arg=0xff8000974000)
at /usr/home/rodrigc/freebsd/head/sys/dev/iwn/if_iwn.c:3306
#20 0x8088daf3 in intr_event_execute_handlers (
p=value optimized out, ie=0xfe000b696600)
at /usr/home/rodrigc/freebsd/head/sys/kern/kern_intr.c:1263
#21 0x8088e4c6 in ithread_loop (arg=0xfe000b31b040)
at /usr/home/rodrigc/freebsd/head/sys/kern/kern_intr.c:1276
#22 0x8088b3f4 in fork_exit (
callout=0x8088e420 ithread_loop, arg=0xfe000b31b040,
frame=0xff811dbabac0)
at /usr/home/rodrigc/freebsd/head/sys/kern/kern_fork.c:991
#23 0x80cc36de in fork_trampoline ()
at /usr/home/rodrigc/freebsd/head/sys/amd64/amd64/exception.S:606
#24 0x in ?? ()
Current language: auto; currently minimal
(kgdb)
It turns out that in this file: src/sys/netpfil/pf/pf.c
826 static void
827 pf_mtag_free(struct m_tag *t)
828 {
829
830 uma_zfree(V_pf_mtag_z, t);
831 }
when line 830 is hit, it turns out that curthread-td_vnet is NULL.
Does anyone have an idea as to the best place
to put CURVNET_SET() to avoid this problem?
I am a little less famiiar with mbuf and pf.
Hi,
I think this comes from the eventhandlers pf installs to handle
ifnet events. It seems like a wifi event causes this code to run
and the context is not set. Does the panic happen only when you
use vnet jails?
Could you try putting all evenhandlers in an
'if (IS_DEFAULT_VNET(curvnet))' block?
It's here:
http://fxr.watson.org/fxr/source/netpfil/pf/pf_if.c#L127
the pfi_*_cookie = ... lines.
I am not sure if this would be enough though since it might
panic in other places.
HTH, Nikos
___
freebsd-virtualization@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-virtualization
To unsubscribe, send any mail to
freebsd-virtualization-unsubscr...@freebsd.org
