Bug 197351 - [ip6] panic when lagg(4) removes IPv6 addresses from member interface
Summary: [ip6] panic when lagg(4) removes IPv6 addresses from member interface
Status: New
Alias: None
Product: Base System
Classification: Unclassified
Component: kern (show other bugs)
Version: CURRENT
Hardware: Any Any
: --- Affects Some People
Assignee: Marcelo Araujo
Depends on:
Reported: 2015-02-05 15:53 UTC by Andrey V. Elsukov
Modified: 2016-03-04 03:43 UTC (History)
1 user (show)

See Also:

core.txt (114.65 KB, text/plain)
2015-02-05 15:53 UTC, Andrey V. Elsukov
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Andrey V. Elsukov freebsd_committer 2015-02-05 15:53:17 UTC
Created attachment 152588 [details]

When lagg(4) removes IPv6 addresses from member interface system panics if IPv6 address had `autoconf` flag.

How to reproduce:
# ifconfig em0 inet6 fc00::1/64 autconf
# ifconfig lagg0 create laggproto loadbalance laggport em0 laggport re0 up

Fatal trap 9: general protection fault while in kernel mode
cpuid = 3; apic id = 06
instruction pointer	= 0x20:0xffffffff80b651a0
stack pointer	        = 0x28:0xfffffe06606c9540
frame pointer	        = 0x28:0xfffffe06606c9580
code segment		= base rx0, limit 0xfffff, type 0x1b
			= DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags	= interrupt enabled, resume, IOPL = 0
current process		= 895 (ifconfig)

(kgdb) bt
#0  doadump (textdump=Unhandled dwarf expression opcode 0x93
) at pcpu.h:219
#1  0xffffffff80358216 in db_fncall (dummy1=<value optimized out>, dummy2=<value optimized out>, dummy3=<value optimized out>, dummy4=<value optimized out>)
    at /home/devel/freebsd/base/head/sys/ddb/db_command.c:568
#2  0xffffffff80357efc in db_command (cmd_table=0x0) at /home/devel/freebsd/base/head/sys/ddb/db_command.c:440
#3  0xffffffff80357c64 in db_command_loop () at /home/devel/freebsd/base/head/sys/ddb/db_command.c:493
#4  0xffffffff8035a7a0 in db_trap (type=<value optimized out>, code=Unhandled dwarf expression opcode 0x93
) at /home/devel/freebsd/base/head/sys/ddb/db_main.c:251
#5  0xffffffff80993efe in kdb_trap (type=Unhandled dwarf expression opcode 0x93
) at /home/devel/freebsd/base/head/sys/kern/subr_kdb.c:654
#6  0xffffffff80db4ef9 in trap_fatal (frame=0xfffffe06606c9490, eva=<value optimized out>) at /home/devel/freebsd/base/head/sys/amd64/amd64/trap.c:856
#7  0xffffffff80db4bae in trap (frame=<value optimized out>) at /home/devel/freebsd/base/head/sys/amd64/amd64/trap.c:201
#8  0xffffffff80d93eb2 in calltrap () at /home/devel/freebsd/base/head/sys/amd64/amd64/exception.S:235
#9  0xffffffff80b651a0 in find_pfxlist_reachable_router (pr=<value optimized out>) at /home/devel/freebsd/base/head/sys/netinet6/nd6_rtr.c:1301
#10 0xffffffff80b639b6 in pfxlist_onlink_check () at /home/devel/freebsd/base/head/sys/netinet6/nd6_rtr.c:1479
#11 0xffffffff80b64ceb in prelist_remove (pr=<value optimized out>) at /home/devel/freebsd/base/head/sys/netinet6/nd6_rtr.c:947
#12 0xffffffff80b5bfe5 in nd6_purge (ifp=0xfffff800069b7000) at /home/devel/freebsd/base/head/sys/netinet6/nd6.c:822
#13 0xffffffff80b44b93 in in6_ifdetach (ifp=0xfffff800069b7000) at /home/devel/freebsd/base/head/sys/netinet6/in6_ifattach.c:784
#14 0xffffffff8221cd1f in lagg_ioctl (ifp=<value optimized out>, cmd=<value optimized out>, data=<value optimized out>)
    at /home/devel/freebsd/base/head/sys/modules/if_lagg/../../net/if_lagg.c:1406
#15 0xffffffff80a2c957 in ifioctl (so=0xfffff80006d2cf00, cmd=2152229261, data=0xfffffe06606c98f0 "lagg0", td=0xfffff80025c104a0)
    at /home/devel/freebsd/base/head/sys/net/if.c:2739
#16 0xffffffff809b5d00 in kern_ioctl (td=0xfffff80025c104a0, fd=<value optimized out>, com=120, data=<value optimized out>) at file.h:318
#17 0xffffffff809b5993 in sys_ioctl (td=0xfffff80025c104a0, uap=0xfffffe06606c9a40) at /home/devel/freebsd/base/head/sys/kern/sys_generic.c:718
#18 0xffffffff80db575f in amd64_syscall (td=0xfffff80025c104a0, traced=0) at subr_syscall.c:133
#19 0xffffffff80d9419b in Xfast_syscall () at /home/devel/freebsd/base/head/sys/amd64/amd64/exception.S:395
#20 0x00000008011e1c6a in ?? ()
Comment 1 Hiren Panchasara freebsd_committer 2016-03-03 22:49:47 UTC
Is this still a problem?
Comment 2 Marcelo Araujo freebsd_committer 2016-03-04 03:43:25 UTC
Let take a look on this!
I had a very similar problem when I use vtnet(4), not sure yet if there is any relation specific with this PR.

Thanks to Cc me!