Date: Sun, 19 Jun 2016 18:07:39 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-bugs@FreeBSD.org Subject: [Bug 210391] [panic] [jail] [vnet] [vlan] destroying vnet jail with vlan and loaded ipfw_nat causes kernel panic Message-ID: <bug-210391-8@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D210391 Bug ID: 210391 Summary: [panic] [jail] [vnet] [vlan] destroying vnet jail with vlan and loaded ipfw_nat causes kernel panic Product: Base System Version: 11.0-CURRENT Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: kern Assignee: freebsd-bugs@FreeBSD.org Reporter: a.skurihin@gmail.com Destroying a jail with vnet networking and vlan interface causes kernel pan= ic if=20 ipfw_nat module is loaded. Tested on 10.3, 11-CURRENT. ## Steps to Reproduce: * Compile kernel with "options VIMAGE" * kldload ipfw_nat * jail -i -c name=3Dtest vnet persist * ifconfig epair create * ifconfig epair0b vnet test * jexec test ifconfig vlan create * jexec test ifconfig vlan0 192.168.100.2/24 vlandev epair0b vlan 10 * jail -r test ## Panic: Fatal trap 12: page fault while in kernel mode cpuid =3D 0; apic id =3D 00 fault virtual address =3D 0x378 fault code =3D supervisor read data, page not present instruction pointer =3D 0X20:0xffffffff8069012d stack pointer =3D 0x28:0x0fffffe003d5b0520 frame pointer =3D 0x28:0x0fffffe003d5b05b0 code segment =3D base 0x0, limit 0xfffff, type 0x1b =3D DPL 0, pres 1, long 1, def32 0, gran 1 processor eflags =3D interrupt enabled, resume, IOPL =3D 0 current process =3D 983 (jail) trap number =3D 12 panic: page fault ## Stack trace: #8 0xffffffff80947c4d in __rw_wlock_hard (c=3D0xfffffe0001306218, tid=3D18446735277677514752, file=3D0x6 <Address 0x6 out of bounds>, line=3D= 0) at /usr/src/sys/kern/kern_rwlock.c:787 #9 0xffffffff80947a7a in _rw_wlock_cookie (c=3D<value optimized out>, file= =3D0x0, line=3D6) at /usr/src/sys/kern/kern_rwlock.c:267 #10 0xffffffff81a17210 in ifaddr_change (arg=3D<value optimized out>, ifp=3D0xfffff80003d30000) at /usr/src/sys/modules/ipfw_nat/../../netpfil/ipfw/ip_fw_nat.c:68 #11 0xffffffff80a6faf6 in in_control (so=3D<value optimized out>, cmd=3D969435729749183252, data=3D<value optimized out>, ifp=3D0xfffff80003d= 30000, td=3D<value optimized out>) at /usr/src/sys/netinet/in.c:544 #12 0xffffffff80a09851 in if_purgeaddrs (ifp=3D0xfffff80003d30000) at /usr/src/sys/net/if.c:846 #13 0xffffffff80a09bc3 in if_detach_internal (ifp=3D0xfffff80003d30000, vmo= ve=3D0, ifcp=3D<value optimized out>) at /usr/src/sys/net/if.c:947 #14 0xffffffff80a0999b in if_detach (ifp=3D0xfffffe0001306200) at /usr/src/sys/net/if.c:893 #15 0xffffffff80a183b3 in vlan_clone_destroy (ifc=3D0xfffff8000345a680, ifp=3D0xfffff80003d30000) at /usr/src/sys/net/if_vlan.c:1004 #16 0xffffffff80a10562 in if_clone_destroyif (ifc=3D0xfffff8000345a680, ifp=3D0xfffff80003d30000) at /usr/src/sys/net/if_clone.c:333 #17 0xffffffff80a10d08 in if_clone_detach (ifc=3D<value optimized out>) at /usr/src/sys/net/if_clone.c:457 #18 0xffffffff80a247e7 in vnet_sysuninit () at /usr/src/sys/net/vnet.c:594 #19 0xffffffff80a246f3 in vnet_destroy (vnet=3D0xfffff80003443180) at /usr/src/sys/net/vnet.c:291 #20 0xffffffff8091ad80 in prison_deref (pr=3D0xffffffff8149bd80, flags=3D<v= alue optimized out>) at /usr/src/sys/kern/kern_jail.c:2649 #21 0xffffffff8091c9ae in sys_jail_remove (td=3D<value optimized out>, uap= =3D<value optimized out>) at /usr/src/sys/kern/kern_jail.c:2315 #22 0xffffffff80d5d8b7 in amd64_syscall (td=3D0xfffff80003a29000, traced=3D= 0) at subr_syscall.c:134 #23 0xffffffff80d42f9b in Xfast_syscall () at /usr/src/sys/amd64/amd64/exception.S:396 --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-210391-8>