Date: Thu, 19 Aug 2010 22:23:47 +0000 (UTC) From: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net> To: Nima Misaghian <nima_misa@hotmail.com> Cc: freebsd-net@freebsd.org Subject: Re: Kernel panic from interface address list manipulation Message-ID: <20100819222108.W48418@maildrop.int.zabbadoz.net> In-Reply-To: <COL117-W4767407C73774C4E24D1638D9C0@phx.gbl> References: <COL117-W4767407C73774C4E24D1638D9C0@phx.gbl>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 17 Aug 2010, Nima Misaghian wrote: > I?ve been able to trivially > trigger a kernel panic while testing ifaddr list manipulation on ?CURRENT (r > 211427). The hardware is a four-core i386 > machine with em interfaces. > > > > This is the test script I?ve > used to trigger the problem: [...] I can reproduce this on any interface and am looking into it. /bz panic: Bad link elm 0xffffff000549ce00 prev->next != elm cpuid = 3 KDB: stack backtrace: db_trace_self_wrapper() at db_trace_self_wrapper+0x2a kdb_backtrace() at kdb_backtrace+0x32 panic() at panic+0x1b4 in_control() at in_control+0xff3 ifioctl() at ifioctl+0x2647 soo_ioctl() at soo_ioctl+0x3fb kern_ioctl() at kern_ioctl+0x1f7 ioctl() at ioctl+0x169 syscallenter() at syscallenter+0x266 syscall() at syscall+0x42 Xfast_syscall() at Xfast_syscall+0xe2 --- syscall (54, FreeBSD ELF64, ioctl), rip = 0x800c94eec, rsp = 0x7fffffffe288, rbp = 0x7fffffffedc0 --- KDB: enter: panic [ thread pid 1460 tid 100065 ] Stopped at kdb_enter+0x3d: movq $0,0x60d820(%rip) db> show ifaddr 0xffffff000549ce00 ifa = 0xffffff000549ce00 ifa_addr = 0xffffff000549cf50 ifa_dstaddr = 0xffffff000549cf60 ifa_netmask = 0xffffff000549cf70 if_data = 0xffffff000549ce18 ifa_ifp = 0xffffff0001ea5800 ifa_link = 0xffffff000549ceb8 ifa_link.tqe_next = 0 ifa_link.tqe_prev = 0xffffff0001f3c2b8 ifa_rtrequest = 0xffffffff804bccd0 ifa_flags = 0x0000 ifa_refcnt = 1 ifa_metric = 0 ifa_claim_addr = 0 ifa_mtx = 0xffffff000549cee8 db> show ifaddr 0xffffff0001f3c2b8 ifa = 0xffffff0001f3c2b8 ifa_addr = 0 ifa_dstaddr = 0xffffff0001f3c6b8 ifa_netmask = 0 if_data = 0xffffff0001f3c2d0 ifa_ifp = 0xffffffff ifa_link = 0xffffff0001f3c370 ifa_link.tqe_next = 0 ifa_link.tqe_prev = 0 ifa_rtrequest = 0 ifa_flags = 0xc780 ifa_refcnt = 4294967040 ifa_metric = 0 ifa_claim_addr = 0 ifa_mtx = 0xffffff0001f3c3a0 db> show ifnet lo0 lo0: if_softc = 0 if_l2com = 0 if_vnet = 0xffffff0001646b00 if_link.tqe_next = 0 if_link.tqe_prev = 0xffffff0001ea6818 if_xname = lo0 if_dname = lo if_dunit = 0 if_refcount = 3 if_addrhead = 0xffffff0001ea5848 if_addrhead.tqh_first = 0xffffff000191ee00 if_addrhead.tqh_last = 0xffffff0001f3c2b8 ifa = 0xffffff000191ee00 ifa_addr = 0xffffff000191ef08 ifa_dstaddr = 0 ifa_netmask = 0xffffff000191ef40 if_data = 0xffffff000191ee18 ifa_ifp = 0xffffff0001ea5800 ifa_link = 0xffffff000191eeb8 ifa_link.tqe_next = 0xffffff0001f3c600 ifa_link.tqe_prev = 0xffffff0001ea5848 ifa_rtrequest = 0xffffffff804b3470 ifa_flags = 0x0000 ifa_refcnt = 3 ifa_metric = 0 ifa_claim_addr = 0 ifa_mtx = 0xffffff000191eee8 ifa = 0xffffff0001f3c600 ifa_addr = 0xffffff0001f3c708 ifa_dstaddr = 0xffffff0001f3c740 ifa_netmask = 0xffffff0001f3c75c if_data = 0xffffff0001f3c618 ifa_ifp = 0xffffff0001ea5800 ifa_link = 0xffffff0001f3c6b8 ifa_link.tqe_next = 0xffffff0001f3c200 ifa_link.tqe_prev = 0xffffff000191eeb8 ifa_rtrequest = 0 ifa_flags = 0x0001 ifa_refcnt = 15 ifa_metric = 0 ifa_claim_addr = 0 ifa_mtx = 0xffffff0001f3c6e8 ifa = 0xffffff0001f3c200 ifa_addr = 0xffffff0001f3c308 ifa_dstaddr = 0xffffff0001f3c340 ifa_netmask = 0xffffff0001f3c35c if_data = 0xffffff0001f3c218 ifa_ifp = 0xffffff0001ea5800 ifa_link = 0xffffff0001f3c2b8 ifa_link.tqe_next = 0 ifa_link.tqe_prev = 0xffffff0001f3c6b8 ifa_rtrequest = 0 ifa_flags = 0x0004 ifa_refcnt = 4 ifa_metric = 0 ifa_claim_addr = 0 ifa_mtx = 0xffffff0001f3c2e8 if_pcount = 0 if_carp = 0 ... -- Bjoern A. Zeeb This signature is about you not me.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20100819222108.W48418>