Kernel panic from interface address list manipulation
Bjoern A. Zeeb
bzeeb-lists at lists.zabbadoz.net
Thu Aug 19 22:24:01 UTC 2010
On Tue, 17 Aug 2010, Nima Misaghian wrote:
> I?ve been able to trivially
> trigger a kernel panic while testing ifaddr list manipulation on ?CURRENT (r
> 211427). The hardware is a four-core i386
> machine with em interfaces.
>
>
>
> This is the test script I?ve
> used to trigger the problem:
[...]
I can reproduce this on any interface and am looking into it.
/bz
panic: Bad link elm 0xffffff000549ce00 prev->next != elm
cpuid = 3
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x2a
kdb_backtrace() at kdb_backtrace+0x32
panic() at panic+0x1b4
in_control() at in_control+0xff3
ifioctl() at ifioctl+0x2647
soo_ioctl() at soo_ioctl+0x3fb
kern_ioctl() at kern_ioctl+0x1f7
ioctl() at ioctl+0x169
syscallenter() at syscallenter+0x266
syscall() at syscall+0x42
Xfast_syscall() at Xfast_syscall+0xe2
--- syscall (54, FreeBSD ELF64, ioctl), rip = 0x800c94eec, rsp =
0x7fffffffe288,
rbp = 0x7fffffffedc0 ---
KDB: enter: panic
[ thread pid 1460 tid 100065 ]
Stopped at kdb_enter+0x3d: movq $0,0x60d820(%rip)
db> show ifaddr 0xffffff000549ce00
ifa = 0xffffff000549ce00
ifa_addr = 0xffffff000549cf50
ifa_dstaddr = 0xffffff000549cf60
ifa_netmask = 0xffffff000549cf70
if_data = 0xffffff000549ce18
ifa_ifp = 0xffffff0001ea5800
ifa_link = 0xffffff000549ceb8
ifa_link.tqe_next = 0
ifa_link.tqe_prev = 0xffffff0001f3c2b8
ifa_rtrequest = 0xffffffff804bccd0
ifa_flags = 0x0000
ifa_refcnt = 1
ifa_metric = 0
ifa_claim_addr = 0
ifa_mtx = 0xffffff000549cee8
db> show ifaddr 0xffffff0001f3c2b8
ifa = 0xffffff0001f3c2b8
ifa_addr = 0
ifa_dstaddr = 0xffffff0001f3c6b8
ifa_netmask = 0
if_data = 0xffffff0001f3c2d0
ifa_ifp = 0xffffffff
ifa_link = 0xffffff0001f3c370
ifa_link.tqe_next = 0
ifa_link.tqe_prev = 0
ifa_rtrequest = 0
ifa_flags = 0xc780
ifa_refcnt = 4294967040
ifa_metric = 0
ifa_claim_addr = 0
ifa_mtx = 0xffffff0001f3c3a0
db> show ifnet lo0
lo0:
if_softc = 0
if_l2com = 0
if_vnet = 0xffffff0001646b00
if_link.tqe_next = 0
if_link.tqe_prev = 0xffffff0001ea6818
if_xname = lo0
if_dname = lo
if_dunit = 0
if_refcount = 3
if_addrhead = 0xffffff0001ea5848
if_addrhead.tqh_first = 0xffffff000191ee00
if_addrhead.tqh_last = 0xffffff0001f3c2b8
ifa = 0xffffff000191ee00
ifa_addr = 0xffffff000191ef08
ifa_dstaddr = 0
ifa_netmask = 0xffffff000191ef40
if_data = 0xffffff000191ee18
ifa_ifp = 0xffffff0001ea5800
ifa_link = 0xffffff000191eeb8
ifa_link.tqe_next = 0xffffff0001f3c600
ifa_link.tqe_prev = 0xffffff0001ea5848
ifa_rtrequest = 0xffffffff804b3470
ifa_flags = 0x0000
ifa_refcnt = 3
ifa_metric = 0
ifa_claim_addr = 0
ifa_mtx = 0xffffff000191eee8
ifa = 0xffffff0001f3c600
ifa_addr = 0xffffff0001f3c708
ifa_dstaddr = 0xffffff0001f3c740
ifa_netmask = 0xffffff0001f3c75c
if_data = 0xffffff0001f3c618
ifa_ifp = 0xffffff0001ea5800
ifa_link = 0xffffff0001f3c6b8
ifa_link.tqe_next = 0xffffff0001f3c200
ifa_link.tqe_prev = 0xffffff000191eeb8
ifa_rtrequest = 0
ifa_flags = 0x0001
ifa_refcnt = 15
ifa_metric = 0
ifa_claim_addr = 0
ifa_mtx = 0xffffff0001f3c6e8
ifa = 0xffffff0001f3c200
ifa_addr = 0xffffff0001f3c308
ifa_dstaddr = 0xffffff0001f3c340
ifa_netmask = 0xffffff0001f3c35c
if_data = 0xffffff0001f3c218
ifa_ifp = 0xffffff0001ea5800
ifa_link = 0xffffff0001f3c2b8
ifa_link.tqe_next = 0
ifa_link.tqe_prev = 0xffffff0001f3c6b8
ifa_rtrequest = 0
ifa_flags = 0x0004
ifa_refcnt = 4
ifa_metric = 0
ifa_claim_addr = 0
ifa_mtx = 0xffffff0001f3c2e8
if_pcount = 0
if_carp = 0
...
--
Bjoern A. Zeeb This signature is about you not me.
More information about the freebsd-net
mailing list