Date: Sun, 07 Aug 2016 19:01:33 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-bugs@FreeBSD.org Subject: [Bug 211644] ifconfig concurrency bug (kernel panic) Message-ID: <bug-211644-8@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D211644 Bug ID: 211644 Summary: ifconfig concurrency bug (kernel panic) Product: Base System Version: 10.3-RELEASE Hardware: amd64 OS: Any Status: New Severity: Affects Some People Priority: --- Component: kern Assignee: freebsd-bugs@FreeBSD.org Reporter: jeka@2x4.ru CC: freebsd-amd64@FreeBSD.org CC: freebsd-amd64@FreeBSD.org - can not add or remove ip from interface. - system crash. How to reproduce: in first ssh console: #!/bin/sh ifconfig tap50 create while [ 1 ] ; do ifconfig tap50 alias 1.2.3.4/31 ifconfig tap50 -alias 1.2.3.4 done in second ssh console: #!/bin/sh while [ 1 ] ; do ifconfig tap50 alias 1.2.3.4/31 done After few seconds system output: "can not assign requested address". After this i can not add/remove this ip to interface. If i wait about 1 minute with active scripts, kernel panic occurs. Fatal trap 12: page fault while in kernel mode cpuid =3D 1; apic id =3D 02 fault virtual address<->=3D 0x6000a1276 fault code<----><------>=3D supervisor read data, page not present instruction pointer<--->=3D 0x20:0xffffffff80a0be89 stack pointer<-> =3D 0x28:0xfffffe0233db7270 frame pointer<-> =3D 0x28:0xfffffe0233db72e0 code segment<--><------>=3D base 0x0, limit 0xfffff, type 0x1b <------><------><------>=3D DPL 0, pres 1, long 1, def32 0, gran 1 processor eflags<------>=3D interrupt enabled, resume, IOPL =3D 0 current process><------>=3D 9118 (ifconfig) trap number<---><------>=3D 12 panic: page fault cpuid =3D 1 KDB: stack backtrace: #0 0xffffffff808e7e90 at kdb_backtrace+0x60 #1 0xffffffff808af975 at panic+0x155 #2 0xffffffff80c8e832 at trap_fatal+0x3a2 #3 0xffffffff80c8eb09 at trap_pfault+0x2c9 #4 0xffffffff80c8e296 at trap+0x5e6 #5 0xffffffff80c75532 at calltrap+0x8 #6 0xffffffff809e1687 at sctp_addr_change+0x127 #7 0xffffffff8097aa34 at rt_newaddrmsg_fib+0x44 #8 0xffffffff80a56ca5 at in6_ifaddloop+0x1c5 #9 0xffffffff80a592b9 at in6_update_ifa+0xb99 #10 0xffffffff80a5d54d at in6_ifattach+0x2ed #11 0xffffffff809682ef at ifioctl+0x7df #12 0xffffffff808fdfae at kern_ioctl+0x22e #13 0xffffffff808fdd2f at sys_ioctl+0x11f #14 0xffffffff80c8f127 at amd64_syscall+0x357 #15 0xffffffff80c7581b at Xfast_syscall+0xfb Uptime: 1h38m15s (kgdb) #0 doadump (textdump=3D<value optimized out>) at pcpu.h:219 #1 0xffffffff808af5f0 in kern_reboot (howto=3D260) at /usr/src/sys/kern/kern_shutdown.c:447 #2 0xffffffff808af9b4 in panic (fmt=3D<value optimized out>) at /usr/src/sys/kern/kern_shutdown.c:754 #3 0xffffffff80c8e832 in trap_fatal (frame=3D<value optimized out>,. eva=3D<value optimized out>) at /usr/src/sys/amd64/amd64/trap.c:882 #4 0xffffffff80c8eb09 in trap_pfault (frame=3D0xfffffe0233db71c0, usermode= =3D0) at /usr/src/sys/amd64/amd64/trap.c:699 #5 0xffffffff80c8e296 in trap (frame=3D0xfffffe0233db71c0) at /usr/src/sys/amd64/amd64/trap.c:463 #6 0xffffffff80c75532 in calltrap () at /usr/src/sys/amd64/amd64/exception.S:232 #7 0xffffffff80a0be89 in sctp_add_addr_to_vrf (vrf_id=3D0,. ifn=3D0xfffff8017d899800, ifn_index=3D10, ifn_type=3D6,. if_name=3D0xfffff8017d899828 "tap8", ifa=3D0xfffff8017db6dc00,. addr=3D<value optimized out>) at /usr/src/sys/netinet/sctp_pcb.c:204 #8 0xffffffff809e1687 in sctp_addr_change (ifa=3D<value optimized out>,. cmd=3D<value optimized out>) at /usr/src/sys/netinet/sctp_bsd_addr.c:339 #9 0xffffffff8097aa34 in rt_newaddrmsg_fib (cmd=3D1, ifa=3D0xfffff8017db6d= c00,. error=3D0, rt=3D0xfffffe0233db7400, fibnum=3D-1) at /usr/src/sys/net/rtsock.c:1368 #10 0xffffffff80a56ca5 in in6_ifaddloop (ifa=3D0xfffff8017db6dc00) at /usr/src/sys/netinet6/in6.c:187 #11 0xffffffff80a592b9 in in6_update_ifa (ifp=3D0xfffff8017d899800,. ifra=3D0xfffffe0233db7800, ia=3D<value optimized out>, flags=3D1) at /usr/src/sys/netinet6/in6.c:1946 #12 0xffffffff80a5d54d in in6_ifattach (ifp=3D0xfffff8017d899800,. altifp=3D<value optimized out>) at /usr/src/sys/netinet6/in6_ifattach.c= :500 #13 0xffffffff809682ef in ifioctl (so=3D0xfffff8017db38828,. cmd=3D<value optimized out>, data=3D0xfffff80008cb3640 "tap8",. td=3D0xfffff8017d9c8000) at /usr/src/sys/net/if.c:2172 #14 0xffffffff808fdfae in kern_ioctl (td=3D0xfffff8017d9c8000,. fd=3D<value optimized out>, com=3D18446735284017666048) at file.h:319 #15 0xffffffff808fdd2f in sys_ioctl (td=3D0xfffff8017d9c8000,. uap=3D0xfffffe0233db7b40) at /usr/src/sys/kern/sys_generic.c:702 #16 0xffffffff80c8f127 in amd64_syscall (td=3D0xfffff8017d9c8000, traced=3D= 0) at subr_syscall.c:134 #17 0xffffffff80c7581b in Xfast_syscall () at /usr/src/sys/amd64/amd64/exception.S:391 #18 0x00000008011a308a in ?? () Previous frame inner to this frame (corrupt stack?) Current language: auto; currently minimal --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-211644-8>