From nobody Mon Dec 25 17:18:12 2023
X-Original-To: net@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4SzPkF0znSz552bC
	for <net@mlmmj.nyi.freebsd.org>; Mon, 25 Dec 2023 17:18:13 +0000 (UTC)
	(envelope-from bugzilla-noreply@freebsd.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4SzPkD74s7z4VCC
	for <net@FreeBSD.org>; Mon, 25 Dec 2023 17:18:12 +0000 (UTC)
	(envelope-from bugzilla-noreply@freebsd.org)
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1703524693; a=rsa-sha256; cv=none;
	b=McrYCP+Yz6/XdfZke1h903pDVUp+d6tBP269QcTtCfwu+X7prTaxZSpqb5WXaOMCG9O0xU
	uNAFYIkGQhAvyK1TglxDstl/gT87cyBl+iLL0B5YTa70uVbeAlSpLNk0F9I+l0whvN+JYo
	+Z+xYSrAeXZekHaNkZerJFUG3PDDNLAu2FYa1mL+xYz4dZmnVAmvrTMpsYCJ5EPXGKIFpM
	KDJUxu4TkrZejXRsdi1EHTo+ECsppQGTeZRx6NZ4SH5YXex8lcXSQRqQ/ahO+vXkLwEIQs
	qsNZ0Wof7JosTVMr5bK+FZGzEzpgdD7E71VMpj8/MTuAW4i3wUNHQLwESE5tTA==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1703524693;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=03sJBqc1nUzOAPasf1fqZa+kvmpxecATTv/vJTmwxJg=;
	b=hBuvuj+he4lDFBwLLp+fnrBfAhEI4zudVk6DOpobyvhPSDIzjw1K++QQWjxiclms5VHkbB
	3DeHU+C/CmWT9Zrdm41SRVeSO/As7LtbnLY8+DhI34RBfJ/UyPk7Cb3NiKUq0HL5kNA1Xd
	sba17F5SFCQnm5qDjlrtn5go2WSCw1gDPzUcutLoorxtyVg/rEhGI90ExRWxSgVzeb9Nnp
	N0p0nut9FXDCIkY5MZNWWkakzTes92hTmwqUo4qAZrO2vsp+4ho9LUTbhh9161vxQeS6Xg
	qbe2nNJMfyqLvd6ey0r9qifZOtcf84psuNC7niKg5vRZPUh/5WCn+vOmx4rBjQ==
Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4SzPkD644Gz4sc
	for <net@FreeBSD.org>; Mon, 25 Dec 2023 17:18:12 +0000 (UTC)
	(envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org ([127.0.1.5])
	by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 3BPHICr1053181
	for <net@FreeBSD.org>; Mon, 25 Dec 2023 17:18:12 GMT
	(envelope-from bugzilla-noreply@freebsd.org)
Received: (from www@localhost)
	by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 3BPHICoh053180
	for net@FreeBSD.org; Mon, 25 Dec 2023 17:18:12 GMT
	(envelope-from bugzilla-noreply@freebsd.org)
X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f
From: bugzilla-noreply@freebsd.org
To: net@FreeBSD.org
Subject: [Bug 275920] Kernel crash in sys/netlink/route/iface.c:124
Date: Mon, 25 Dec 2023 17:18:12 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 14.0-RELEASE
X-Bugzilla-Keywords: crash
X-Bugzilla-Severity: Affects Some People
X-Bugzilla-Who: kp@freebsd.org
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: net@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: 
Message-ID: <bug-275920-7501-sjUPXz6Aj8@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-275920-7501@https.bugs.freebsd.org/bugzilla/>
References: <bug-275920-7501@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-net
List-Help: <mailto:freebsd-net+help@freebsd.org>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Subscribe: <mailto:freebsd-net+subscribe@freebsd.org>
List-Unsubscribe: <mailto:freebsd-net+unsubscribe@freebsd.org>
Sender: owner-freebsd-net@freebsd.org
MIME-Version: 1.0

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D275920

--- Comment #4 from Kristof Provost <kp@freebsd.org> ---
That code lives in sys/dev/etherswitch/e6000sw/e6000sw.c

It creates a struct ifnet for each port in e6000sw_attach() /
e6000sw_init_interface(). It never actually attached that ifnet though. I
believe it's only created so e6000sw can call into the mii code, which is a=
lso
how I think we eventually end up in the panicing stack. There's a link state
event, which calls do_link_state_change() -> rtnl_handle_ifevent() ->
dump_iface() -> get_operstate() -> get_operstate_ether(). That wants to kno=
w if
the link is up or down, so it tries to ioctl(SIOCGIFMEDIA). Which doesn't go
well if if_ioctl is NULL.

Here's the relevant bit of backtrace:=20

#7  0x0000000000000000 in ?? ()
#8  0xffff0000006f87f4 in get_operstate_ether (ifp=3D0xffffa00002f7d000,=20
    pstate=3D<optimized out>) at /usr/src/sys/netlink/route/iface.c:124
#9  get_operstate (ifp=3D0xffffa00002f7d000, pstate=3D<optimized out>)
    at /usr/src/sys/netlink/route/iface.c:181
#10 dump_iface (nw=3Dnw@entry=3D0xffff0000877e0780,=20
    ifp=3Difp@entry=3D0xffffa00002f7d000, hdr=3Dhdr@entry=3D0xffff0000877e0=
7c0,=20
    if_flags_mask=3Dif_flags_mask@entry=3D0)
    at /usr/src/sys/netlink/route/iface.c:310
#11 0xffff0000006f80cc in rtnl_handle_ifevent (ifp=3D0xffffa00002f7d000,=20
    nlmsg_type=3D<optimized out>, if_flags_mask=3D0)
    at /usr/src/sys/netlink/route/iface.c:1411
#12 0xffff0000005f9cb8 in do_link_state_change (arg=3D0xffffa00002f7d000,=20
    pending=3D1) at /usr/src/sys/net/if.c:2181
#13 0xffff000000525bf0 in taskqueue_run_locked (
    queue=3Dqueue@entry=3D0xffffa0000136d300)
    at /usr/src/sys/kern/subr_taskqueue.c:512
#14 0xffff00000052594c in taskqueue_run (queue=3D0xffffa0000136d300)
    at /usr/src/sys/kern/subr_taskqueue.c:527

--=20
You are receiving this mail because:
You are the assignee for the bug.=