Kernel panic from interface address list manipulation









I’ve been able to trivially
trigger a kernel panic while testing ifaddr list manipulation on –CURRENT (r
211427). The hardware is a four-core i386
machine with em interfaces.



This is the test script I’ve
used to trigger the problem:



#!/bin/sh



addr_loop()

{

while true

do

ifconfig em1 1.0.0.1/24

ifconfig em1 -alias 1.0.0.1

done

}



addr_loop &

addr_loop &




With WITNESS and INVARIANTS the
panic happens immediately upon starting the script, with the following
backtrace:



panic: Bad link elm 0xd17aec00
prev->next != elm



#0 doadump () at pcpu.h:231

231 pcpu.h: No such file or directory.

in pcpu.h

(kgdb) #0 doadump () at pcpu.h:231

#1 0xc088a4ef in boot (howto=260) at
/d2/head/sys/kern/kern_shutdown.c:416

#2 0xc088a7bb in panic (fmt=Variable
"fmt" is not available.

) at /d2/head/sys/kern/kern_shutdown.c:590

#3 0xc098caf8 in in_control (so=0xd30af4d4,
cmd=2151704858,

data=0xd1923b80 "em1",
ifp=0xd1554800, td=0xd31262c0)

at /d2/head/sys/netinet/in.c:602

#4 0xc0938869 in ifioctl (so=0xd30af4d4,
cmd=2151704858,

data=0xd1923b80 "em1",
td=0xd31262c0) at /d2/head/sys/net/if.c:2469

#5 0xc08d7e6b in soo_ioctl (fp=0xd2540ce8,
cmd=2151704858, data=0xd1923b80,

active_cred=0xd2594900, td=0xd31262c0)

at /d2/head/sys/kern/sys_socket.c:212

#6 0xc08d2075 in kern_ioctl (td=0xd31262c0,
fd=3, com=2151704858,

data=0xd1923b80 "em1") at
file.h:254

#7 0xc08d21e2 in ioctl (td=0xd31262c0,
uap=0xf3a2ecec)

at /d2/head/sys/kern/sys_generic.c:678

#8 0xc08c77d8 in syscallenter (td=0xd31262c0,
sa=0xf3a2ece4)

at /d2/head/sys/kern/subr_trap.c:319

#9 0xc0bb18f3 in syscall (frame=0xf3a2ed28)

at /d2/head/sys/i386/i386/trap.c:1060

#10 0xc0b9a231 in
Xint0x80_syscall ()

at /d2/head/sys/i386/i386/exception.s:264

#11 0x00000033 in ?? ()

Previous frame inner to this
frame (corrupt stack?)

(kgdb)



I’ve also reproduced it without
WITNESS and INVARIANTS, but it seems to need additional copies of the script
running simultaneously and still takes longer to panic. I’ve produced
several different backtraces from the non-debugging kernel.







_______________________________________________
freebsd-net@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@xxxxxxxxxxx"



Relevant Pages

  • Re: Flexibility of Eventriggers in Win2003 - query on source + wil
    ... I created a very broad event trigger that looks only at entries of /EID ... The event trigger runs a batch file that then calls a vbs script that uses ... Namely to tweak it so that it will check to see if it has sent the admin ...
    (microsoft.public.windows.server.general)
  • Script endlessly looping
    ... The following script has a loop that executes ftp to look for a trigger ... trigger file and renames the data file on the remote server. ...
    (comp.unix.shell)
  • Re: How do I to make a Script avoid being blocked by popup blocker
    ... Using RegisterStartupScript means it is not triggered ... You may have had the user click to trigger a postback, ... had a startup script, however, that means the user triggered a postback, not ... often what triggers the popup blocker to block it. ...
    (microsoft.public.vsnet.general)
  • Re: [2.6.27] filesystem (ext3) corruption (access beyond end)
    ... Ok I ran several disk-intensive jobs (git clone, kernel build, apt-get dist-upgrade) ... but none of those could trigger any bugs. ... BUT, running my http://vanheusden.com/pyk/ script, I definately can trigger the ...
    (Linux-Kernel)
  • Re: getting data in triggers
    ... > script from the trigger. ... > our clients would get a "page cannot be displayed" error when the try to ... > dim UserExist, strAbbrev, strName, strPwd, strType ...
    (microsoft.public.sqlserver.programming)