From owner-freebsd-current@FreeBSD.ORG Thu Mar 20 23:08:23 2008 Return-Path: Delivered-To: current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 55E3A1065671 for ; Thu, 20 Mar 2008 23:08:23 +0000 (UTC) (envelope-from mav@FreeBSD.org) Received: from cmail.optima.ua (cmail.optima.ua [195.248.191.121]) by mx1.freebsd.org (Postfix) with ESMTP id C5C108FC1F for ; Thu, 20 Mar 2008 23:08:22 +0000 (UTC) (envelope-from mav@FreeBSD.org) X-Spam-Flag: SKIP X-Spam-Yversion: Spamooborona-2.1.0 Received: from [212.86.226.226] (account mav@alkar.net HELO [192.168.3.2]) by cmail.optima.ua (CommuniGate Pro SMTP 5.1.14) with ESMTPA id 95091471 for current@freebsd.org; Fri, 21 Mar 2008 00:08:20 +0200 Message-ID: <47E2E050.4010705@FreeBSD.org> Date: Fri, 21 Mar 2008 00:08:16 +0200 From: Alexander Motin User-Agent: Thunderbird 2.0.0.12 (Windows/20080213) MIME-Version: 1.0 To: current@freebsd.org Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Cc: Subject: HEAD crashed at ioctl() / in_control() X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Mar 2008 23:08:23 -0000 Hi. While doing active user connect/disconnect mpd stress testing my system with HEAD of first days of march crashed with such symptoms: #11 0xc0a4421b in calltrap () at /usr/src/sys/i386/i386/exception.s:146 #12 0xc083b36d in in_control (so=0xc33bca9c, cmd=2149607705, data=0xc45a7aa0 "ng408", ifp=0xc458e000, td=dwarf2_read_address: Corrupted DWARF expression. ) at /usr/src/sys/netinet/in.c:494 #13 0xc07ffe83 in ifioctl (so=0xc33bca9c, cmd=2149607705, data=0xc45a7aa0 "ng408", td=0xc33ba220) at /usr/src/sys/net/if.c:1888 #14 0xc07a9e24 in soo_ioctl (fp=0xc2fab444, cmd=2149607705, data=0xc45a7aa0, active_cred=0xc2cf5500, td=0xc33ba220) at /usr/src/sys/kern/sys_socket.c:200 #15 0xc07a40a8 in kern_ioctl (td=0xc33ba220, fd=3, com=2149607705, data=0xc45a7aa0 "ng408") at file.h:254 #16 0xc07a4214 in ioctl (td=0xc33ba220, uap=0xd62cdcfc) at /usr/src/sys/kern/sys_generic.c:677 #17 0xc0a5dfb3 in syscall (frame=0xd62cdd38) at /usr/src/sys/i386/i386/trap.c:1034 #18 0xc0a44280 in Xint0x80_syscall () at /usr/src/sys/i386/i386/exception.s:203 #19 0x00000033 in ?? () (kgdb) frame 12 #12 0xc083b36d in in_control (so=0xc33bca9c, cmd=2149607705, data=0xc45a7aa0 "ng408", ifp=0xc458e000, td=dwarf2_read_address: Corrupted DWARF expression. ) at /usr/src/sys/netinet/in.c:494 494 TAILQ_REMOVE(&ifp->if_addrhead, &ia->ia_ifa, ifa_link); (kgdb) l 489 /* 490 * Protect from ipintr() traversing address list while we're modifying 491 * it. 492 */ 493 s = splnet(); 494 TAILQ_REMOVE(&ifp->if_addrhead, &ia->ia_ifa, ifa_link); 495 TAILQ_REMOVE(&in_ifaddrhead, ia, ia_link); 496 if (ia->ia_addr.sin_family == AF_INET) { 497 LIST_REMOVE(ia, ia_hash); 498 /* (kgdb) p ifp->if_addrhead $1 = {tqh_first = 0xdeadc0de, tqh_last = 0xdeadc0de} (kgdb) p ifp $2 = (struct ifnet *) 0xc458e000 This test assumes active, possibly concurrent interface creation/destruction and address adding/deleting. -- Alexander Motin