panic in tunstart_l2()

From: Mark Johnston <markj_at_freebsd.org>
Date: Tue, 14 May 2019 11:10:02 -0400
Hi,

I hit the following panic last night on a non-INVARIANTS kernel at
r347549.  The workload involves running a number of bhyve VMs with
frequent restarts, during which a tap interface is destroyed and
recreated.  I'm a bit short on time to debug this today, so while I
retry with INVARIANTS on I thought I'd also report the issue in case
anyone else is seeing it.

The panic occurred because the ifnet's softc field is NULL.

<6>tap18: promiscuous mode enabled
<6>tap18: link state changed to UP
<6>tap8: link state changed to DOWN

Fatal trap 12: page fault while in kernel mode
cpuid = 0; apic id = 00
fault virtual address   = 0xa0
fault code              = supervisor write data  , page not present
instruction pointer     = 0x20:0xffffffff808f51c9
stack pointer           = 0x28:0xffffffff8193c480
frame pointer           = 0x28:0xffffffff8193c4b0
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 12 (swi4: clock (0))
trap number             = 12
panic: page fault
cpuid = 0
time = 1557803798
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xffffffff8193c130
vpanic() at vpanic+0x19d/frame 0xffffffff8193c180
panic() at panic+0x43/frame 0xffffffff8193c1e0
trap_fatal() at trap_fatal+0x394/frame 0xffffffff8193c240
trap_pfault() at trap_pfault+0x49/frame 0xffffffff8193c2a0
trap() at trap+0x29f/frame 0xffffffff8193c3b0
calltrap() at calltrap+0x8/frame 0xffffffff8193c3b0
--- trap 0xc, rip = 0xffffffff808f51c9, rsp = 0xffffffff8193c480, rbp = 0xffffffff8193c4b0 ---
tunstart_l2() at tunstart_l2+0x49/frame 0xffffffff8193c4b0
if_transmit() at if_transmit+0x170/frame 0xffffffff8193c4f0
bridge_enqueue() at bridge_enqueue+0x9a/frame 0xffffffff8193c530
ether_output_frame() at ether_output_frame+0xa2/frame 0xffffffff8193c560
ether_output() at ether_output+0x69b/frame 0xffffffff8193c5f0
ip_output() at ip_output+0x1445/frame 0xffffffff8193c740
tcp_output() at tcp_output+0x1bb7/frame 0xffffffff8193c8e0
tcp_timer_rexmt() at tcp_timer_rexmt+0x509/frame 0xffffffff8193c940
softclock_call_cc() at softclock_call_cc+0x143/frame 0xffffffff8193c9f0
softclock() at softclock+0x79/frame 0xffffffff8193ca10
ithread_loop() at ithread_loop+0x1d4/frame 0xffffffff8193ca70
fork_exit() at fork_exit+0x83/frame 0xffffffff8193cab0
fork_trampoline() at fork_trampoline+0xe/frame 0xffffffff8193cab0
Received on Tue May 14 2019 - 13:10:09 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:41:20 UTC