Date: Tue, 17 Aug 2010 15:56:51 +0000 From: Nima Misaghian <nima_misa@hotmail.com> To: <freebsd-net@freebsd.org> Subject: Kernel panic from interface address list manipulation Message-ID: <COL117-W4767407C73774C4E24D1638D9C0@phx.gbl>
next in thread | raw e-mail | index | archive | help
I’ve been able to trivially trigger a kernel panic while testing ifaddr list manipulation on –CURRENT (r 211427). The hardware is a four-core i386 machine with em interfaces. This is the test script I’ve used to trigger the problem: #!/bin/sh addr_loop() { while true do ifconfig em1 1.0.0.1/24 ifconfig em1 -alias 1.0.0.1 done } addr_loop & addr_loop & With WITNESS and INVARIANTS the panic happens immediately upon starting the script, with the following backtrace: panic: Bad link elm 0xd17aec00 prev->next != elm #0 doadump () at pcpu.h:231 231 pcpu.h: No such file or directory. in pcpu.h (kgdb) #0 doadump () at pcpu.h:231 #1 0xc088a4ef in boot (howto=260) at /d2/head/sys/kern/kern_shutdown.c:416 #2 0xc088a7bb in panic (fmt=Variable "fmt" is not available. ) at /d2/head/sys/kern/kern_shutdown.c:590 #3 0xc098caf8 in in_control (so=0xd30af4d4, cmd=2151704858, data=0xd1923b80 "em1", ifp=0xd1554800, td=0xd31262c0) at /d2/head/sys/netinet/in.c:602 #4 0xc0938869 in ifioctl (so=0xd30af4d4, cmd=2151704858, data=0xd1923b80 "em1", td=0xd31262c0) at /d2/head/sys/net/if.c:2469 #5 0xc08d7e6b in soo_ioctl (fp=0xd2540ce8, cmd=2151704858, data=0xd1923b80, active_cred=0xd2594900, td=0xd31262c0) at /d2/head/sys/kern/sys_socket.c:212 #6 0xc08d2075 in kern_ioctl (td=0xd31262c0, fd=3, com=2151704858, data=0xd1923b80 "em1") at file.h:254 #7 0xc08d21e2 in ioctl (td=0xd31262c0, uap=0xf3a2ecec) at /d2/head/sys/kern/sys_generic.c:678 #8 0xc08c77d8 in syscallenter (td=0xd31262c0, sa=0xf3a2ece4) at /d2/head/sys/kern/subr_trap.c:319 #9 0xc0bb18f3 in syscall (frame=0xf3a2ed28) at /d2/head/sys/i386/i386/trap.c:1060 #10 0xc0b9a231 in Xint0x80_syscall () at /d2/head/sys/i386/i386/exception.s:264 #11 0x00000033 in ?? () Previous frame inner to this frame (corrupt stack?) (kgdb) I’ve also reproduced it without WITNESS and INVARIANTS, but it seems to need additional copies of the script running simultaneously and still takes longer to panic. I’ve produced several different backtraces from the non-debugging kernel.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?COL117-W4767407C73774C4E24D1638D9C0>