From owner-freebsd-bugs@FreeBSD.ORG Tue Jun 19 09:40:16 2012 Return-Path: Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 76702106566B for ; Tue, 19 Jun 2012 09:40:16 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 4E87A8FC0C for ; Tue, 19 Jun 2012 09:40:16 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.5/8.14.5) with ESMTP id q5J9eG8N017213 for ; Tue, 19 Jun 2012 09:40:16 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.5/8.14.5/Submit) id q5J9eGLB017212; Tue, 19 Jun 2012 09:40:16 GMT (envelope-from gnats) Resent-Date: Tue, 19 Jun 2012 09:40:16 GMT Resent-Message-Id: <201206190940.q5J9eGLB017212@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Eugene Grosbein Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 70FF61065672; Tue, 19 Jun 2012 09:37:45 +0000 (UTC) (envelope-from eugen@k-45-pc-1.sd.rdtc.ru) Received: from k-45-pc-1.sd.rdtc.ru (k-45-pc-1.sd.rdtc.ru [62.231.160.109]) by mx1.freebsd.org (Postfix) with ESMTP id 1BE298FC14; Tue, 19 Jun 2012 09:37:43 +0000 (UTC) Received: from k-45-pc-1.sd.rdtc.ru (localhost [127.0.0.1]) by k-45-pc-1.sd.rdtc.ru (8.14.5/8.14.5) with ESMTP id q5J9bJfp022806; Tue, 19 Jun 2012 16:37:19 +0700 (NOVT) (envelope-from eugen@k-45-pc-1.sd.rdtc.ru) Received: (from root@localhost) by k-45-pc-1.sd.rdtc.ru (8.14.5/8.14.5/Submit) id q5J9bEHT022805; Tue, 19 Jun 2012 16:37:14 +0700 (NOVT) (envelope-from eugen) Message-Id: <201206190937.q5J9bEHT022805@k-45-pc-1.sd.rdtc.ru> Date: Tue, 19 Jun 2012 16:37:14 +0700 (NOVT) From: Eugene Grosbein To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Cc: Subject: kern/169236: [regression] [net] 8.3-STABLE panices on "ifconfig bridgeN destroy" X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 Jun 2012 09:40:16 -0000 >Number: 169236 >Category: kern >Synopsis: [regression] [net] 8.3-STABLE panices on "ifconfig bridgeN destroy" >Confidential: no >Severity: serious >Priority: high >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Tue Jun 19 09:40:15 UTC 2012 >Closed-Date: >Last-Modified: >Originator: Eugene Grosbein >Release: FreeBSD 8.3-STABLE amd64 >Organization: RDTC JSC >Environment: System: FreeBSD k-45-pc-1.sd.rdtc.ru 8.3-STABLE FreeBSD 8.3-STABLE #37: Wed Jun 13 12:25:17 NOVT 2012 root@k-45-pc-1.sd.rdtc.ru:/usr/local/obj/home/src/sys/PPPOE amd64 >Description: vlan2127 is created on lagg1 and added as member to bridge2127 (no other members). lagg1, vlan2127 and bridge2127 are UP. For 8.2-STABLE, the command "ifconfig bridge2127 destroy" works just fine. For 8.3-STABLE, it panices the kernel. >How-To-Repeat: See above. Here is kgdb output for crashdump obtained after panic: Script started on Tue Jun 19 16:25:19 2012 kgdb kernel /home/crash/k-45-pc-3/vmcore.0 GNU gdb 6.1.1 [FreeBSD] Copyright 2004 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "amd64-marcel-freebsd"... Unread portion of the kernel message buffer: Fatal trap 12: page fault while in kernel mode cpuid = 1; apic id = 02 fault virtual address = 0x30 fault code = supervisor write data, page not present instruction pointer = 0x20:0xffffffff803bb077 stack pointer = 0x28:0xffffff81254f4800 frame pointer = 0x28:0xffffff81254f4830 code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, long 1, def32 0, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 13897 (ifconfig) trap number = 12 panic: page fault cpuid = 3 KDB: stack backtrace: db_trace_self_wrapper() at 0xffffffff801adcca = db_trace_self_wrapper+0x2a kdb_backtrace() at 0xffffffff803305d7 = kdb_backtrace+0x37 panic() at 0xffffffff802fd22e = panic+0x1ce trap_fatal() at 0xffffffff804f3150 = trap_fatal+0x290 trap_pfault() at 0xffffffff804f34de = trap_pfault+0x23e trap() at 0xffffffff804f39ae = trap+0x3ce calltrap() at 0xffffffff804da774 = calltrap+0x8 --- trap 0xc, rip = 0xffffffff803bb077, rsp = 0xffffff81254f4800, rbp = 0xffffff81254f4830 --- bridge_linkstate() at 0xffffffff803bb077 = bridge_linkstate+0x27 bridge_delete_member() at 0xffffffff803bb2f1 = bridge_delete_member+0x141 bridge_clone_destroy() at 0xffffffff803bdbaa = bridge_clone_destroy+0x6a ifc_simple_destroy() at 0xffffffff803c03aa = ifc_simple_destroy+0x2a if_clone_destroyif() at 0xffffffff803c05ad = if_clone_destroyif+0xbd if_clone_destroy() at 0xffffffff803c095d = if_clone_destroy+0xcd ifioctl() at 0xffffffff803b9329 = ifioctl+0x2c9 kern_ioctl() at 0xffffffff80341722 = kern_ioctl+0x102 ioctl() at 0xffffffff80341950 = ioctl+0xf0 amd64_syscall() at 0xffffffff804f2724 = amd64_syscall+0x1f4 Xfast_syscall() at 0xffffffff804daa6c = Xfast_syscall+0xfc --- syscall (54, FreeBSD ELF64, ioctl), rip = 0x800a74c9c, rsp = 0x7fffffffe328, rbp = 0x7fffffffee34 --- Uptime: 52s Dumping 354 out of 4079 MB:..5%..14%..23%..32%..41%..55%..64%..73%..82%..91% Reading symbols from /boot/kernel/ipmi.ko...done. Loaded symbols for /boot/kernel/ipmi.ko #0 doadump () at /home/src/sys/kern/kern_shutdown.c:268 268 if (textdump_pending) (kgdb) bt #0 doadump () at /home/src/sys/kern/kern_shutdown.c:268 #1 0xffffffff802fcd2a in boot (howto=260) at /home/src/sys/kern/kern_shutdown.c:448 #2 0xffffffff802fd207 in panic (fmt=0x1
) at /home/src/sys/kern/kern_shutdown.c:639 #3 0xffffffff804f3150 in trap_fatal (frame=0xc, eva=Variable "eva" is not available. ) at /home/src/sys/amd64/amd64/trap.c:848 #4 0xffffffff804f34de in trap_pfault (frame=0xffffff81254f4750, usermode=0) at /home/src/sys/amd64/amd64/trap.c:764 #5 0xffffffff804f39ae in trap (frame=0xffffff81254f4750) at /home/src/sys/amd64/amd64/trap.c:457 #6 0xffffffff804da774 in calltrap () at /home/src/sys/amd64/amd64/exception.S:228 #7 0xffffffff803bb077 in bridge_linkstate (ifp=0xffffff000576e960) at pcpu.h:224 #8 0xffffffff803bb2f1 in bridge_delete_member (sc=0xffffff01030ea000, bif=0xffffff0103143600, gone=0) at /home/src/sys/net/if_bridge.c:996 #9 0xffffffff803bdbaa in bridge_clone_destroy (ifp=0xffffff01030a3960) at /home/src/sys/net/if_bridge.c:675 #10 0xffffffff803c03aa in ifc_simple_destroy (ifc=0xffffffff806ee140, ifp=Variable "ifp" is not available. ) at /home/src/sys/net/if_clone.c:610 #11 0xffffffff803c05ad in if_clone_destroyif (ifc=0xffffffff806ee140, ifp=0xffffff01030a3960) at /home/src/sys/net/if_clone.c:269 #12 0xffffffff803c095d in if_clone_destroy (name=Variable "name" is not available. ) at /home/src/sys/net/if_clone.c:230 #13 0xffffffff803b9329 in ifioctl (so=0xffffff0015aac000, cmd=2149607801, data=0xffffff0103150340 "bridge2127", td=0xffffff01037f4470) at /home/src/sys/net/if.c:2597 #14 0xffffffff80341722 in kern_ioctl (td=Variable "td" is not available. ) at file.h:275 #15 0xffffffff80341950 in ioctl (td=0xffffff01037f4470, uap=0xffffff81254f4bc0) at /home/src/sys/kern/sys_generic.c:679 #16 0xffffffff804f2724 in amd64_syscall (td=0xffffff01037f4470, traced=0) at subr_syscall.c:114 #17 0xffffffff804daa6c in Xfast_syscall () at /home/src/sys/amd64/amd64/exception.S:387 #18 0x0000000800a74c9c in ?? () Previous frame inner to this frame (corrupt stack?) (kgdb) frame 7 #7 0xffffffff803bb077 in bridge_linkstate (ifp=0xffffff000576e960) at pcpu.h:224 224 __asm("movq %%gs:0,%0" : "=r" (td)); (kgdb) l 219 static __inline __pure2 struct thread * 220 __curthread(void) 221 { 222 struct thread *td; 223 224 __asm("movq %%gs:0,%0" : "=r" (td)); 225 return (td); 226 } 227 #define curthread (__curthread()) 228 (kgdb) frame 8 #8 0xffffffff803bb2f1 in bridge_delete_member (sc=0xffffff01030ea000, bif=0xffffff0103143600, gone=0) at /home/src/sys/net/if_bridge.c:996 996 bridge_linkstate(ifs); (kgdb) l 991 } 992 /* reneable any interface capabilities */ 993 bridge_set_ifcap(sc, bif, bif->bif_savedcaps); 994 } 995 bstp_destroy(&bif->bif_stp); /* prepare to free */ 996 bridge_linkstate(ifs); 997 BRIDGE_LOCK(sc); 998 free(bif, M_DEVBUF); 999 } 1000 (kgdb) p *ifs $1 = {if_softc = 0xffffff0103084280, if_l2com = 0xffffff0003f5d1d0, if_vnet = 0x0, if_link = {tqe_next = 0xffffff01030a3960, tqe_prev = 0xffffff01031c7978}, if_xname = "vlan2127\000\000\000\000\000\000\000", if_dname = 0xffffffff8057613f "vlan", if_dunit = 2127, if_refcount = 1, if_addrhead = {tqh_first = 0xffffff01031fa400, tqh_last = 0xffffff01031fa4b8}, if_pcount = 0, if_carp = 0x0, if_bpf = 0xffffff0005744280, if_index = 271, if_timer = 0, if_vlantrunk = 0x0, if_flags = 34819, if_capabilities = 259, if_capenable = 259, if_linkmib = 0xffffff0103084294, if_linkmiblen = 16, if_data = {ifi_type = 135 '\207', ifi_physical = 0 '\0', ifi_addrlen = 6 '\006', ifi_hdrlen = 4 '\004', ifi_link_state = 2 '\002', ifi_spare_char1 = 0 '\0', ifi_spare_char2 = 0 '\0', ifi_datalen = 152 '\230', ifi_mtu = 1500, ifi_metric = 0, ifi_baudrate = 1000000000, ifi_ipackets = 4, ifi_ierrors = 0, ifi_opackets = 3, ifi_oerrors = 0, ifi_collisions = 0, ifi_ibytes = 1368, ifi_obytes = 726, ifi_imcasts = 0, ifi_omcasts = 3, ifi_iqdrops = 0, ifi_noproto = 0, ifi_hwassist = 102, ifi_epoch = 36, ifi_lastchange = {tv_sec = 1340097269, tv_usec = 174070}}, if_multiaddrs = {tqh_first = 0x0, tqh_last = 0xffffff000576ea98}, if_amcount = 0, if_output = 0xffffffff803c24d0 , if_input = 0xffffffff803c2150 , if_start = 0, if_ioctl = 0xffffffff803caee0 , if_watchdog = 0, if_init = 0xffffffff803c94b0 , if_resolvemulti = 0xffffffff803c1840 , if_qflush = 0xffffffff803c94c0 , if_transmit = 0xffffffff803caba0 , if_reassign = 0, if_home_vnet = 0x0, if_addr = 0xffffff01031fa400, if_llsoftc = 0x0, if_drv_flags = 64, if_snd = {ifq_head = 0x0, ifq_tail = 0x0, ifq_len = 0, ifq_maxlen = 10240, ifq_drops = 0, ifq_mtx = {lock_object = {lo_name = 0xffffff000576e988 "vlan2127", lo_flags = 16973824, lo_data = 0, lo_witness = 0x0}, mtx_lock = 4}, ifq_drv_head = 0x0, ifq_drv_tail = 0x0, ifq_drv_len = 0, ifq_drv_maxlen = 0, altq_type = 0, altq_flags = 0, altq_disc = 0x0, altq_ifp = 0xffffff000576e960, altq_enqueue = 0, altq_dequeue = 0, altq_request = 0, altq_clfier = 0x0, altq_classify = 0, altq_tbr = 0x0, altq_cdnr = 0x0}, if_broadcastaddr = 0xffffffff80575380 "ÿÿÿÿÿÿ", if_bridge = 0x0, if_label = 0x0, if_prefixhead = {tqh_first = 0x0, tqh_last = 0xffffff000576ebe0}, if_afdata = {0x0, 0x0, 0xffffff01030e7c60, 0x0 , 0xffffff01030fac40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, if_afdata_initialized = 2, if_afdata_lock = {lock_object = { lo_name = 0xffffffff805746ad "if_afdata", lo_flags = 69402624, lo_data = 0, lo_witness = 0x0}, rw_lock = 1}, if_linktask = {ta_link = {stqe_next = 0x0}, ta_pending = 0, ta_priority = 0, ta_func = 0xffffffff803b4750 , ta_context = 0xffffff000576e960}, if_addr_mtx = {lock_object = { lo_name = 0xffffffff805746a1 "if_addr_mtx", lo_flags = 16973824, lo_data = 0, lo_witness = 0x0}, mtx_lock = 4}, if_clones = {le_next = 0xffffff01033404b0, le_prev = 0xffffffff806ef780}, if_groups = {tqh_first = 0xffffff010338bc80, tqh_last = 0xffffff01030b7208}, if_pf_kif = 0x0, if_lagg = 0x0, if_alloctype = 6 '\006', if_cspare = "\000\000", if_description = 0x0, if_pspare = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, if_ispare = {0, 0, 0}, if_fib = 0} (kgdb) quit Script done on Tue Jun 19 16:25:50 2012 >Fix: Unknown. >Release-Note: >Audit-Trail: >Unformatted: