Bug 206613

Summary:

dhcpcd 6.10.1 crashes the 10.2-RELEASE kernel.

Product:

Base System

Reporter:

g_amanakis

Component:

kern

Assignee:

freebsd-bugs (Nobody) <bugs>

Status:

Closed FIXED

Severity:

Affects Some People

CC:

amd64, koobs

Priority:

Normal

Keywords:

crash, needs-patch, needs-qa

Version:

10.2-RELEASE

Flags:

koobs: mfc-stable10?
koobs: mfc-stable9?

Hardware:

amd64

OS:

Any

URL:

http://roy.marples.name/projects/dhcpcd/info/6b2a5402c4

Bug Depends on:

Bug Blocks:

206614

Attachments:

Description	Flags
dhcpcd.conf	none

Description g_amanakis 2016-01-25 15:31:32 UTC

dhcpcd 6.10.1 and more specifically [6b2a5402c4] causes a kernel panic on FreeBSD 10.2 when starting a VNET iocage jail. The system runs a GENERIC kernel with VIMAGE and IPSEC enabled. Reverting this resolves the problem. 

/var/log/messsages:
  3 Jan 24 19:30:42 x3200 kernel: vnet0:1: link state changed to DOWN
  4 Jan 24 19:30:42 x3200 kernel: vnet0: link state changed to DOWN
  5 Jan 24 19:30:42 x3200 kernel: bridge1: link state changed to DOWN
  6 Jan 24 19:30:42 x3200 kernel: ifa_del_loopback_route: deletion failed: 48
  7 Jan 24 19:30:42 x3200 kernel: Freed UMA keg (udp_inpcb) was not empty (60 items).  Lost 6 pages of memory.
  8 Jan 24 19:30:42 x3200 kernel: Freed UMA keg (udpcb) was not empty (668 items).  Lost 4 pages of memory.
  9 Jan 24 19:30:42 x3200 kernel: Freed UMA keg (tcp_inpcb) was not empty (60 items).  Lost 6 pages of memory.
 10 Jan 24 19:30:42 x3200 kernel: Freed UMA keg (tcpcb) was not empty (18 items).  Lost 6 pages of memory.
 11 Jan 24 19:30:42 x3200 kernel: Freed UMA keg (ripcb) was not empty (60 items).  Lost 6 pages of memory.
 12 Jan 24 19:30:42 x3200 kernel: hhook_vnet_uninit: hhook_head type=1, id=1 cleanup required
 13 Jan 24 19:30:42 x3200 kernel: hhook_vnet_uninit: hhook_head type=1, id=0 cleanup required
 14 Jan 24 19:31:05 x3200 devd: Executing '/etc/pccard_ether epair0a start'
 15 Jan 24 19:31:05 x3200 kernel: epair0a:
 16 Jan 24 19:31:05 x3200 kernel:
 17 Jan 24 19:31:05 x3200 kernel: Fatal trap 12: page fault while in kernel mode
 18 Jan 24 19:31:05 x3200 kernel: cpuid = 1; apic id = 02
 19 Jan 24 19:31:05 x3200 kernel: Ethernet address: 02:ff:20:00:09:0a
 20 Jan 24 19:31:05 x3200 kernel: fault virtual address     = 0x0
 21 Jan 24 19:31:05 x3200 kernel: fault code                = supervisor read instruction, page not present
 22 Jan 24 19:31:05 x3200 kernel: instruction pointer       = 0x20:0x0
 23 Jan 24 19:31:05 x3200 kernel: stack pointer             = 0x28:0xfffffe04691ca720
 24 Jan 24 19:31:05 x3200 kernel: frame pointer             = 0x28:0xfffffe04691ca770
 25 Jan 24 19:31:05 x3200 kernel: epair0b: code segment             = base rx0, limit 0xfffff, type 0x1b
 26 Jan 24 19:31:05 x3200 kernel: = DPL 0, pres 1, long 1, def32 0, gran 1
 27 Jan 24 19:31:05 x3200 kernel: Ethernet address: 02:ff:70:00:0a:0b
 28 Jan 24 19:31:05 x3200 kernel: processor eflags  = interrupt enabled,
 29 Jan 24 19:31:05 x3200 kernel: epair0a: link state changed to UP
 30 Jan 24 19:33:13 x3200 syslogd: kernel boot file is /boot/kernel/kernel
 31 Jan 24 19:33:13 x3200 kernel: epair0b: link state changed to UP
 32 Jan 24 19:33:13 x3200 kernel: resume, IOPL = 0
 33 Jan 24 19:33:13 x3200 kernel: current process           = 10817 (dhcpcd)
 34 Jan 24 19:33:13 x3200 kernel: trap number               = 12
 35 Jan 24 19:33:13 x3200 kernel: panic: page fault
 36 Jan 24 19:33:13 x3200 kernel: cpuid = 1
 37 Jan 24 19:33:13 x3200 kernel: KDB: stack backtrace:
 38 Jan 24 19:33:13 x3200 kernel: #0 0xffffffff809442a0 at kdb_backtrace+0x60
 39 Jan 24 19:33:13 x3200 kernel: #1 0xffffffff80907a06 at vpanic+0x126
 40 Jan 24 19:33:13 x3200 kernel: #2 0xffffffff809078d3 at panic+0x43
 41 Jan 24 19:33:13 x3200 kernel: #3 0xffffffff80cd178b at trap_fatal+0x36b
 42 Jan 24 19:33:13 x3200 kernel: #4 0xffffffff80cd1a8d at trap_pfault+0x2ed
 43 Jan 24 19:33:13 x3200 kernel: #5 0xffffffff80cd112a at trap+0x47a
 44 Jan 24 19:33:13 x3200 kernel: #6 0xffffffff80cb74a2 at calltrap+0x8
 45 Jan 24 19:33:13 x3200 kernel: #7 0xffffffff809ca1cb at ifioctl+0x11eb
 46 Jan 24 19:33:13 x3200 kernel: #8 0xffffffff8095c195 at kern_ioctl+0x255
 47 Jan 24 19:33:13 x3200 kernel: #9 0xffffffff8095be90 at sys_ioctl+0x140
 48 Jan 24 19:33:13 x3200 kernel: #10 0xffffffff80cd20a7 at amd64_syscall+0x357
 49 Jan 24 19:33:13 x3200 kernel: #11 0xffffffff80cb778b at Xfast_syscall+0xfb
 50 Jan 24 19:33:13 x3200 kernel: Uptime: 30m59s

See http://roy.marples.name/projects/dhcpcd/tktview?name=3a1e57157d.
Expected behaviour: A userland app should not crash the kernel.

Comment 1 Kubilay Kocak freebsd_committer

2016-01-25 15:49:37 UTC

Add link to dhcpd commit that causes panic.

Comment 2 g_amanakis 2016-01-25 21:40:59 UTC

It suffices to run on the host:
ifconfig epair create
and the kernel panics in presence of dhcpcd. The error produced is exactly the same. This is also run by iocage when VNET jails are started.

Comment 3 g_amanakis 2016-01-26 01:18:25 UTC

I can reproduce this on a GENERIC 10.2-RELEASE kernel by running only "ifconfig epair create".

Comment 4 g_amanakis 2016-01-26 23:30:24 UTC

I tried my dhcpcd.conf configuration on a vanilla usb install of "FreeBSD-10.2-RELEASE-amd64-uefi-memstick.img" and I can reproduce the issue. This was on bare metal hardware.

Comment 5 g_amanakis 2016-01-26 23:31:14 UTC

Created attachment 166164 [details]
dhcpcd.conf

Comment 6 g_amanakis 2016-01-31 20:19:19 UTC

The issue seems resolved in the 10-STABLE kernel (as of r295091).