Bug 246819
| Summary: | Kernel panic with ifconfig destroy | ||
|---|---|---|---|
| Product: | Base System | Reporter: | Ashish Gupta <lrx337> |
| Component: | kern | Assignee: | freebsd-net (Nobody) <net> |
| Status: | Open --- | ||
| Severity: | Affects Only Me | CC: | ae, markj, zlei |
| Priority: | --- | Keywords: | crash |
| Version: | CURRENT | ||
| Hardware: | Any | ||
| OS: | Any | ||
Can you show the full panic message from the report? It starts with "Fatal trap 12: page fault while in kernel mode". (In reply to Andrey V. Elsukov from comment #1) Fatal trap 12: page fault while in kernel mode cpuid = 0; apic id = 00 fault virtual address = 0x0 fault code = supervisor read data, page not present instruction pointer = 0x20:0xffffffff80ce307d stack pointer = 0x28:0xfffffe001d7424c0 frame pointer = 0x28:0xfffffe001d742710 code segment = base rx0, limit 0xfffff, type 0x1b = DPL 0, pres 1, long 1, def32 0, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 12 (swi4: clock (0)) trap number = 12 -- Is this all the info you needed? (In reply to Ashish Gupta from comment #2) Looks like we are panicking because the counters in the in6_ifstat block are freed. In particular, the panic happens while executing: 790 in6_ifstat_inc(ifp, ifs6_out_request); which expands to 545 #define in6_ifstat_inc(ifp, tag) \ 546 do { \ 547 if (ifp) \ 548 counter_u64_add(((struct in6_ifextra *) \ 549 ((ifp)->if_afdata[AF_INET6]))->in6_ifstat[ \ 550 offsetof(struct in6_ifstat, tag) / sizeof(uint64_t)], 1);\ 551 } while (/*CONSTCOND*/ 0) and the fault address is 0, so it shouldn't be from the if_afdata dereference or the in6_ifstat dereference (since ifs6_out_request is not the first counter in the block). So the interface is already destroyed, but we are sending TCP keepalives through it. Does it still happen on stable/13 or current/14 ? |
$ uname -a FreeBSD somebox 13.0-CURRENT FreeBSD 13.0-CURRENT #0 r361562M: Wed May 27 19:54:22 EDT 2020 user@somebox:/usr/obj/usr/src2/amd64.amd64/sys/MYKERN amd64 Steps to reproduce: # Create a wlan interface with ifconfig: ifconfig wlan7 create wlandev run0 ifconfig wlan7 inet6 ifdisabled ifconfig wlan7 mode 11ng channel 9 -ampdutx -ampdurx ifconfig wlan7 inet6 -ifdisabled ifconfig wlan7 inet6 accept_rtadv ifconfig wlan7 inet6 accept_rtadv up # Do some activity on the network (open a website?) # destroy the wlan interface ifconfig wlan7 destroy # kernal panics! Unread portion of the kernel message buffer from crash report: __curthread () at /usr/src2/sys/amd64/include/pcpu_aux.h:55 55 /usr/src2/sys/amd64/include/pcpu_aux.h: No such file or directory. (kgdb) #0 __curthread () at /usr/src2/sys/amd64/include/pcpu_aux.h:55 #1 doadump (textdump=1) at /usr/src2/sys/kern/kern_shutdown.c:394 #2 0xffffffff80ac1670 in kern_reboot (howto=260) at /usr/src2/sys/kern/kern_shutdown.c:481 #3 0xffffffff80ac1aca in vpanic (fmt=<optimized out>, ap=<optimized out>) at /usr/src2/sys/kern/kern_shutdown.c:913 #4 0xffffffff80ac1823 in panic (fmt=<unavailable>) at /usr/src2/sys/kern/kern_shutdown.c:839 #5 0xffffffff80f29a67 in trap_fatal (frame=0xfffffe001d742400, eva=0) at /usr/src2/sys/amd64/amd64/trap.c:919 #6 0xffffffff80f29b09 in trap_pfault (frame=0xfffffe001d742400, usermode=<optimized out>, signo=<optimized out>, ucode=<optimized out>) at /usr/src2/sys/amd64/amd64/trap.c:736 #7 0xffffffff80f29105 in trap (frame=0xfffffe001d742400) at /usr/src2/sys/amd64/amd64/trap.c:400 #8 <signal handler called> #9 0xffffffff80ce307d in ip6_output (m0=<optimized out>, opt=<optimized out>, ro=<optimized out>, flags=0, im6o=0x0, ifpp=0x0, inp=0xfffff801ea6b8b70) at /usr/src2/sys/netinet6/ip6_output.c:790 #10 0xffffffff80ca829c in tcp_output (tp=0xfffffe00b1dd2850) at /usr/src2/sys/netinet/tcp_output.c:1420 #11 0xffffffff80cae5f1 in tcp_drop (tp=0xfffffe00b1dd2850, errno=60) at /usr/src2/sys/netinet/tcp_subr.c:1882 #12 0xffffffff80cb6bf6 in tcp_timer_keep (xtp=0xfffffe00b1dd2850) at /usr/src2/sys/netinet/tcp_timer.c:506 #13 0xffffffff80add28f in softclock_call_cc (c=0xfffffe00b1dd2b48, cc=0xffffffff81a97a40 <cc_cpu>, direct=0) at /usr/src2/sys/kern/kern_timeout.c:703 #14 0xffffffff80add64b in softclock (arg=0xffffffff81a97a40 <cc_cpu>) at /usr/src2/sys/kern/kern_timeout.c:823 #15 0xffffffff80a81ff9 in intr_event_execute_handlers (p=<optimized out>, ie=0xfffff800037a4e00) at /usr/src2/sys/kern/kern_intr.c:1153 #16 ithread_execute_handlers (p=<optimized out>, ie=0xfffff800037a4e00) at /usr/src2/sys/kern/kern_intr.c:1166 #17 ithread_loop (arg=<optimized out>) at /usr/src2/sys/kern/kern_intr.c:1254 #18 0xffffffff80a7eb40 in fork_exit ( callout=0xffffffff80a81d80 <ithread_loop>, arg=0xfffff80003775280, frame=0xfffffe001d742b00) at /usr/src2/sys/kern/kern_fork.c:1053 #19 <signal handler called> (kgdb)