[Bug 210391] [panic] [jail] [vnet] [vlan] destroying vnet jail with vlan and loaded ipfw_nat causes kernel panic

bugzilla-noreply at freebsd.org bugzilla-noreply at freebsd.org
Sun Jun 19 18:07:39 UTC 2016


            Bug ID: 210391
           Summary: [panic] [jail] [vnet] [vlan] destroying vnet jail with
                    vlan and loaded ipfw_nat causes kernel panic
           Product: Base System
           Version: 11.0-CURRENT
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: kern
          Assignee: freebsd-bugs at FreeBSD.org
          Reporter: a.skurihin at gmail.com

Destroying a jail with vnet networking and vlan interface causes kernel panic
ipfw_nat module is loaded.
Tested on 10.3, 11-CURRENT.

## Steps to Reproduce:

* Compile kernel with "options VIMAGE"
* kldload ipfw_nat
* jail -i -c name=test vnet persist
* ifconfig epair create
* ifconfig epair0b vnet test
* jexec test ifconfig vlan create
* jexec test ifconfig vlan0 vlandev epair0b vlan 10
* jail -r test

## Panic:

Fatal trap 12: page fault while in kernel mode
cpuid = 0; apic id = 00
fault virtual address = 0x378
fault code            = supervisor read data, page not present
instruction pointer   = 0X20:0xffffffff8069012d
stack pointer         = 0x28:0x0fffffe003d5b0520
frame pointer         = 0x28:0x0fffffe003d5b05b0
code segment          = base 0x0, limit 0xfffff, type 0x1b
                      = DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags      = interrupt enabled, resume, IOPL = 0
current process       = 983 (jail)
trap number           = 12
panic: page fault

## Stack trace:

#8  0xffffffff80947c4d in __rw_wlock_hard (c=0xfffffe0001306218,
tid=18446735277677514752, file=0x6 <Address 0x6 out of bounds>, line=0) at
#9  0xffffffff80947a7a in _rw_wlock_cookie (c=<value optimized out>, file=0x0,
line=6) at /usr/src/sys/kern/kern_rwlock.c:267
#10 0xffffffff81a17210 in ifaddr_change (arg=<value optimized out>,
ifp=0xfffff80003d30000) at
#11 0xffffffff80a6faf6 in in_control (so=<value optimized out>,
cmd=969435729749183252, data=<value optimized out>, ifp=0xfffff80003d30000,
td=<value optimized out>) at /usr/src/sys/netinet/in.c:544
#12 0xffffffff80a09851 in if_purgeaddrs (ifp=0xfffff80003d30000) at
#13 0xffffffff80a09bc3 in if_detach_internal (ifp=0xfffff80003d30000, vmove=0,
ifcp=<value optimized out>) at /usr/src/sys/net/if.c:947
#14 0xffffffff80a0999b in if_detach (ifp=0xfffffe0001306200) at
#15 0xffffffff80a183b3 in vlan_clone_destroy (ifc=0xfffff8000345a680,
ifp=0xfffff80003d30000) at /usr/src/sys/net/if_vlan.c:1004
#16 0xffffffff80a10562 in if_clone_destroyif (ifc=0xfffff8000345a680,
ifp=0xfffff80003d30000) at /usr/src/sys/net/if_clone.c:333
#17 0xffffffff80a10d08 in if_clone_detach (ifc=<value optimized out>) at
#18 0xffffffff80a247e7 in vnet_sysuninit () at /usr/src/sys/net/vnet.c:594
#19 0xffffffff80a246f3 in vnet_destroy (vnet=0xfffff80003443180) at
#20 0xffffffff8091ad80 in prison_deref (pr=0xffffffff8149bd80, flags=<value
optimized out>) at /usr/src/sys/kern/kern_jail.c:2649
#21 0xffffffff8091c9ae in sys_jail_remove (td=<value optimized out>, uap=<value
optimized out>) at /usr/src/sys/kern/kern_jail.c:2315
#22 0xffffffff80d5d8b7 in amd64_syscall (td=0xfffff80003a29000, traced=0) at
#23 0xffffffff80d42f9b in Xfast_syscall () at

You are receiving this mail because:
You are the assignee for the bug.

More information about the freebsd-bugs mailing list