NetBSD-Bugs archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
kern/45914: destroying a network interface crashes dom0 kernel
>Number: 45914
>Category: kern
>Synopsis: destroying a network interface crashes dom0 kernel
>Confidential: no
>Severity: critical
>Priority: high
>Responsible: kern-bug-people
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Thu Feb 02 19:05:00 +0000 2012
>Originator: Jeff Rizzo
>Release: NetBSD 5.99.63, also late 5.99.60
>Organization:
>Environment:
System: NetBSD xenserver1.boogers.sf.ca.us 5.99.60 NetBSD 5.99.60 (XS1) #56:
Wed Feb 1 21:37:45 PST 2012
riz%hack.lan@localhost:/Users/riz/Documents/code/netbsd/obj.amd64/sys/arch/amd64/compile/XS1
amd64
Architecture: x86_64
Machine: amd64
>Description:
As of this commit:
http://mail-index.netbsd.org/source-changes/2012/01/27/msg031054.html
...destroying a network interface on my Xen DOM0 box crashes the kernel:
****************
xenserver1# ifconfig vlan0 create
xenserver1# ifconfig vlan0 destroy
fatal protection fault in supervisor mode
trap type 4 code 0 rip ffffffff804dfaf5 cs e030 rflags 10206 cr2 7f7ff780d93f
cpl 6 rsp ffffa00000d7d660
kernel: protection fault trap, code=0
Stopped in pid 436.1 (ifconfig) at netbsd:nd6_purge+0xb5: movl 14(%r12)
,%eax
nd6_purge() at netbsd:nd6_purge+0xb5
in6_ifdetach() at netbsd:in6_ifdetach+0x21
udp6_usrreq() at netbsd:udp6_usrreq+0x208
if_detach() at netbsd:if_detach+0x112
vlan_clone_destroy() at netbsd:vlan_clone_destroy+0x63
ifioctl() at netbsd:ifioctl+0x3c3
sys_ioctl() at netbsd:sys_ioctl+0x13c
syscall() at netbsd:syscall+0xc4
ds a5c0
es a788
fs 0
gs 0
rdi ffffa000011bdd80
rsi 0
rbp ffffa00000d7d680
rbx ffffa00000eaf008
rdx ffffffff803c8617 in6_purgeaddr
rcx ffffa00000eaa5c0
rax 4
r8 ffffa00000eaf008
r9 ffffa00000eaa5c0
r10 ffffa000018d62c4
r11 2
r12 2687e94bad0e70d2
r13 0
r14 0
r15 0
rip ffffffff804dfaf5 nd6_purge+0xb5
cs e030
rflags 10206
rsp ffffa00000d7d660
ss e02b
netbsd:nd6_purge+0xb5: movl 14(%r12),%eax
db>
****************
My assumption is that the kmem changes in that commit have exposed a
longer-standing bug. Please note PR#45764, which is against 5.1, and looks
very similar to this.
>How-To-Repeat:
xenserver1# ifconfig vlan0 create
xenserver1# ifconfig vlan0 destroy
fatal protection fault in supervisor mode
trap type 4 code 0 rip ffffffff804dfaf5 cs e030 rflags 10206 cr2 7f7ff780d93f c
pl 6 rsp ffffa00000d7d660
kernel: protection fault trap, code=0
Stopped in pid 436.1 (ifconfig) at netbsd:nd6_purge+0xb5: movl 14(%r12)
,%eax
nd6_purge() at netbsd:nd6_purge+0xb5
in6_ifdetach() at netbsd:in6_ifdetach+0x21
udp6_usrreq() at netbsd:udp6_usrreq+0x208
if_detach() at netbsd:if_detach+0x112
vlan_clone_destroy() at netbsd:vlan_clone_destroy+0x63
ifioctl() at netbsd:ifioctl+0x3c3
sys_ioctl() at netbsd:sys_ioctl+0x13c
syscall() at netbsd:syscall+0xc4
ds a5c0
es a788
fs 0
gs 0
rdi ffffa000011bdd80
rsi 0
rbp ffffa00000d7d680
rbx ffffa00000eaf008
rdx ffffffff803c8617 in6_purgeaddr
rcx ffffa00000eaa5c0
rax 4
r8 ffffa00000eaf008
r9 ffffa00000eaa5c0
r10 ffffa000018d62c4
r11 2
r12 2687e94bad0e70d2
r13 0
r14 0
r15 0
rip ffffffff804dfaf5 nd6_purge+0xb5
cs e030
rflags 10206
rsp ffffa00000d7d660
ss e02b
netbsd:nd6_purge+0xb5: movl 14(%r12),%eax
db>
>Fix:
None given.
>Unformatted:
Home |
Main Index |
Thread Index |
Old Index