Bug 222842 - adding interface to bridge panics kernel
Summary: adding interface to bridge panics kernel
Status: New
Alias: None
Product: Base System
Classification: Unclassified
Component: kern (show other bugs)
Version: CURRENT
Hardware: arm64 Any
: --- Affects Some People
Assignee: freebsd-net mailing list
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-10-07 08:31 UTC by Heinz N. Gies
Modified: 2017-10-09 21:15 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Heinz N. Gies 2017-10-07 08:31:09 UTC
adding an interface to a bridge panics the kernel (using 12-current):

root@mystery-box:~ # uname -a
FreeBSD mystery-box 12.0-CURRENT FreeBSD 12.0-CURRENT #0 r324306: Fri Oct  6 01:50:52 UTC 2017     root@releng3.nyi.freebsd.org:/usr/obj/arm64.aarch64/usr/src/sys/GENERIC  arm64
root@mystery-box:~ # ifconfig
em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=85259b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4,LRO,WOL_MAGIC,VLAN_HWFILTER,VLAN_HWTSO>
        ether 68:05:ca:61:85:04
        inet6 fe80::6a05:caff:fe61:8504%em0 prefixlen 64 scopeid 0x1
        inet 192.168.1.23 netmask 0xffffff00 broadcast 192.168.1.255
        media: Ethernet autoselect (1000baseT <full-duplex>)
        status: active
        nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2
        inet 127.0.0.1 netmask 0xff000000
        groups: lo
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
bridge0: flags=8802<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 1500
        ether 02:24:38:47:e9:00
        id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
        maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
        root id 00:00:00:00:00:00 priority 0 ifcost 0 port 0
        groups: bridge
        nd6 options=9<PERFORMNUD,IFDISABLED>
root@mystery-box:~ # ifconfig bridge0 addm em0
link state changed to down
Kernel page fault with the following non-sleepable locks held:
exclusive sleep mutex em0 (iflib ctx lock) r = 0 (0xfffffd00041c6d40) locked @ /usr/src/sys/net/iflib.c:3890
stack backtrace:
#0 0xffff00000036f91c at witness_debugger+0x64
#1 0xffff000000370c2c at witness_warn+0x3fc
#2 0xffff000000601d30 at data_abort+0xe0
#3 0xffff000000601b4c at do_el1h_sync+0xf8
#4 0xffff0000005ea074 at handle_el1h_sync+0x74
#5 0xffff000000411274 at _iflib_fl_refill+0x370
#6 0xffff000000411274 at _iflib_fl_refill+0x370
#7 0xffff00000040cf88 at iflib_init_locked+0x3a4
#8 0xffff000000411d24 at iflib_if_ioctl+0x698
#9 0xffff00005272dd1c at bridge_mutecaps+0x12c
#10 0xffff00005272a40c at bridge_ioctl_add+0x40c
#11 0xffff00005272bc9c at bridge_ioctl+0x174
#12 0xffff0000003f8640 at ifioctl+0x840
#13 0xffff000000375388 at kern_ioctl+0x358
#14 0xffff000000374fe0 at sys_ioctl+0x158
#15 0xffff000000602734 at do_el0_sync+0x890
#16 0xffff0000005ea1f4 at handle_el0_sync+0x74
  x0: fffffd000486dd00
  x1: fffffd00058a6000
  x2:                1
  x3:                0
  x4:                0
  x5:                0
  x6:                0
  x7: ffff00062413044c
  x8:               10
  x9: ffff0000005e7084
 x10:        100000000
 x11: ffff000000aa4bd8
 x12:                1
 x13: fffffd00041c6d40
 x14: ffff000040689e80
 x15: ffff0000008685c0
 x16:         efd392c2
 x17:          a8e596c
 x18: ffff000624130410
 x19: deadc0dedeadc0de
 x20: fffffd00058a6000
 x21: fffffd000486dd00
 x22:                0
 x23:                1
 x24:                0
 x25: fffffd003e3e0800
 x26:                0
 x27: ffff0000419ec000
 x28:                0
 x29: ffff000624130480
  sp: ffff000624130410
  lr: ffff000000411278
 elr: ffff0000005e70e4
spsr:         80000345
 far: deadc0dedeadc10e
 esr:         96000004
timeout stopping cpus
panic: data abort in critical section or under mutex
cpuid = 47
time = 1507265417
KDB: stack backtrace:
db_trace_self() at db_trace_self_wrapper+0x28
	 pc = 0xffff0000005e8618  lr = 0xffff000000086afc
	 sp = 0xffff00062412fe30  fp = 0xffff000624130040

db_trace_self_wrapper() at vpanic+0x184
	 pc = 0xffff000000086afc  lr = 0xffff000000311cd8
	 sp = 0xffff000624130050  fp = 0xffff0006241300d0

vpanic() at panic+0x44
	 pc = 0xffff000000311cd8  lr = 0xffff000000311d60
	 sp = 0xffff0006241300e0  fp = 0xffff000624130160

panic() at data_abort+0x250
	 pc = 0xffff000000311d60  lr = 0xffff000000601ea0
	 sp = 0xffff000624130170  fp = 0xffff000624130220

data_abort() at do_el1h_sync+0xf8
	 pc = 0xffff000000601ea0  lr = 0xffff000000601b4c
	 sp = 0xffff000624130230  fp = 0xffff000624130260

do_el1h_sync() at handle_el1h_sync+0x74
	 pc = 0xffff000000601b4c  lr = 0xffff0000005ea074
	 sp = 0xffff000624130270  fp = 0xffff000624130380

handle_el1h_sync() at _iflib_fl_refill+0x370
	 pc = 0xffff0000005ea074  lr = 0xffff000000411274
	 sp = 0xffff000624130390  fp = 0xffff000624130480

_iflib_fl_refill() at _iflib_fl_refill+0x370
	 pc = 0xffff000000411274  lr = 0xffff000000411274
	 sp = 0xffff000624130490  fp = 0xffff000624130550

_iflib_fl_refill() at iflib_init_locked+0x3a4
	 pc = 0xffff000000411274  lr = 0xffff00000040cf88
	 sp = 0xffff000624130560  fp = 0xffff0006241305c0

iflib_init_locked() at iflib_if_ioctl+0x698
	 pc = 0xffff00000040cf88  lr = 0xffff000000411d24
	 sp = 0xffff0006241305d0  fp = 0xffff000624130620

iflib_if_ioctl() at bridge_mutecaps+0x12c
	 pc = 0xffff000000411d24  lr = 0xffff00005272dd1c
	 sp = 0xffff000624130630  fp = 0xffff0006241306b0

bridge_mutecaps() at bridge_ioctl_add+0x40c
	 pc = 0xffff00005272dd1c  lr = 0xffff00005272a40c
	 sp = 0xffff0006241306c0  fp = 0xffff000624130700

bridge_ioctl_640
	 sp = 0xffff0006241307c0  fp = 0xffff000624130860

ifioctl() at kern_ioctl+0x358
	 pc = 0xffff0000003f8640  lr = 0xffff000000375388
	 sp = 0xffff000624130870  fp = 0xffff0006241308c0

kern_ioctl() at sys_ioctl+0x158
	 pc = 0xffff000000375388  lr = 0xffff000000374fe0
	 sp = 0xffff0006241308d0  fp = 0xffff0006241309a0

sys_ioctl() at do_el0_sync+0x890
	 pc = 0xffff000000374fe0  lr = 0xffff000000602734
	 sp = 0xffff0006241309b0  fp = 0xffff000624130a70

do_el0_sync() at handle_el0_sync+0x74
	 pc = 0xffff000000602734  lr = 0xffff0000005ea1f4
	 sp = 0xffff000624130a80  fp = 0xffff000624130b90

handle_el0_sync() at 0x38e60
	 pc = 0xffff0000005ea1f4  lr = 0x0000000000038e60
	 sp = 0xffff000624130ba0  fp = 0x0000ffffffffe2f0

KDB: enter: panic
[ thread pid 918 tid 101316 ]
Stopped at      bounce_bus_dmamap_sync+0x60:    ldr     x19, [x19, #48]
db> timeout stopping cpus
Comment 1 Heinz N. Gies 2017-10-07 08:32:28 UTC
This happens only if em0 is up. 

ifconfig em0 down
ifcondig bridge0 addm em0

works and then panics when doing:

ifconfig em0 up