Subject: kern/27873: reconfiguring v6 on VLAN interfaces --> uvm_fault (on 2.99.10)
To: None <gnats-bugs@gnats.NetBSD.org>
From: None <johani@autonomica.se>
List: netbsd-bugs
Date: 11/04/2004 13:25:45
>Number: 27873
>Category: kern
>Synopsis: reconf vlanN v6-wise ->uvm_fault in in6ifa_ifpforlinklocal()
>Confidential: no
>Severity: critical
>Priority: high
>Responsible: kern-bug-people
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Thu Nov 04 12:26:00 UTC 2004
>Closed-Date:
>Last-Modified:
>Originator: Johan Ihren
>Release: NetBSD 2.99.10, source from october 30, 2004
>Organization:
Autonomica AB, Stockholm, Sweden
>Environment:
System: NetBSD server.dnslab 2.99.10 NetBSD 2.99.10 (GENERIC) #10: Sat Oct 30 10:44:18 CEST 2004 johani@idefix.johani.org:/usr/store/source/netbsd/current/kernels.i386/GENERIC i386
Architecture: i386
Machine: i386
>Description:
Here are stack traces from dumps in several (similar situations). Note
that the fault is always the same and the immediately preceding
call is always in6ifa_ifpforlinklocal().
I noticed this problem a few days ago in 2.0G, upgraded to 2.99.10 in
hope of it being fixed, but that seems not to be the case.
#1: This is a /etc/rc.d/network restart with vlan1, vlan15 and vlan16
configured:
uvm_fault(0xc707fee0, 0x5f666000, 0, 1) -> 0xe
kernel: page fault trap, code=0
Stopped in pid 175.1 (ifconfig) at netbsd:in6ifa_ifpforlinklocal+0x1a: c
mpl $0,0(%eax)
db> trace
in6ifa_ifpforlinklocal(c10b2400,7,40,c01982e8,c10e9214) at netbsd:in6ifa_ifpforlinklocal+0x1a
nd6_prefix_onlink(c108d180,7,80,c10eae00,c0ed381c) at netbsd:nd6_prefix_onlink+0xe9
pfxlist_onlink_check(9434,1227,7,0,8000093) at netbsd:pfxlist_onlink_check+0x255prelist_remove(c10eae00,282,c7b5ab1c,c044ec6d,181c) at netbsd:prelist_remove+0x11e
nd6_purge(c10b2000,c0952480,c7b5ab6c,c017ea9f,7) at netbsd:nd6_purge+0xbc
in6_ifdetach(c10b2000,0,0,c10fc2f0,0) at netbsd:in6_ifdetach+0x20
in6_purgeif(c10b2000,c10b2000,c7b5abfc,c04e2e72,10) at netbsd:in6_purgeif+0x50
udp6_usrreq(c7b5ac44,16,0,0,c10b2000) at netbsd:udp6_usrreq+0x63
if_detach(c10b2000,c10b2000,0,0,0) at netbsd:if_detach+0x13f
vlan_clone_destroy(c10b2000,0,20,0,5) at netbsd:vlan_clone_destroy+0x7d
if_clone_destroy(c7b5ae74,c7941fe6,0,3,c0206976) at netbsd:if_clone_destroy+0x68ifioctl(c119079c,80206979,c7b5ae74,c7941e60,800cefb) at netbsd:ifioctl+0xde
soo_ioctl(c70d2b98,80206979,c7b5ae74,c7941e60,0) at netbsd:soo_ioctl+0x20b
sys_ioctl(c7082ef4,c7b5af64,c7b5af5c,c7b5af60,4) at netbsd:sys_ioctl+0x30a
syscall_plain() at netbsd:syscall_plain+0x119
--- syscall (number 54) ---
0x4810a10f:
db>
#2: This is /etc/rc.d.network restart after *first* doing
"ifconfig vlanN destroy" (for all the created vlanN interfaces):
/etc/rc.d/network stop
Stopping network.
Deleting aliases.
Downing network interfaces: fxp0 bce0.
+ /etc/rc.d/network start
Starting network.
Hostname: server.zeta.dnslab
IPv6 mode: router
Configuring network interfaces: fxp0 bce0 vlan1uvm_fault(0xc707f700, 0x5f666000, 0, 1) -> 0xe
kernel: page fault trap, code=0
Stopped in pid 230.1 (ifconfig) at netbsd:in6ifa_ifpforlinklocal+0x1a: c
mpl $0,0(%eax)
db> trace
in6ifa_ifpforlinklocal(c10b2000,7,40,0,1c) at netbsd:in6ifa_ifpforlinklocal+0x1and6_prefix_onlink(c10eac80,4,c1191b00,3,c7aefea0) at netbsd:nd6_prefix_onlink+0xe9
pfxlist_onlink_check(0,2fe000,1,8078691a,8078691a) at netbsd:pfxlist_onlink_check+0x255
in6_control(c10d15e8,8078691a,c7aefe74,c1092000,c79411a0) at netbsd:in6_control+0xbd3
udp6_usrreq(c10d15e8,b,8078691a,c7aefe74,c1092000) at netbsd:udp6_usrreq+0x34
ifioctl(c10d15e8,8078691a,c7aefe74,c79411a0,0) at netbsd:ifioctl+0x9cf
soo_ioctl(c70d2380,8078691a,c7aefe74,c79411a0,0) at netbsd:soo_ioctl+0x20b
sys_ioctl(c7082ad4,c7aeff64,c7aeff5c,c7aeff60,c053bad7) at netbsd:sys_ioctl+0x30a
syscall_plain() at netbsd:syscall_plain+0x119
--- syscall (number 54) ---
0x4810a10f:
db>
#3: This is a plain "ifconfig vlan16 destroy" that didn't work out:
server:/etc#ifconfig vlan16
vlan16: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
capabilities=6<TCP4CSUM,UDP4CSUM>
enabled=0
vlan: 16 parent: fxp0
address: 00:02:b3:89:ee:28
inet6 fe80::202:b3ff:fe89:ee28%vlan16 prefixlen 64 scopeid 0xc
server:/etc#ifconfig vlan16 destroy
uvm_fault(0xc707fd20, 0x5f666000, 0, 1) -> 0xe
kernel: page fault trap, code=0
Stopped in pid 143.1 (ifconfig) at netbsd:in6ifa_ifpforlinklocal+0x1a:
c
mpl $0,0(%eax)
db> trace
in6ifa_ifpforlinklocal(c10b2400,7,40,c01982e8,c10e952c) at netbsd:in6ifa_ifpfor
inklocal+0x1a
nd6_prefix_onlink(c108d180,7,80,c10ea800,c0ed381c) at netbsd:nd6_prefix_onlink+
xe9
pfxlist_onlink_check(97ab,f184,7,0,181c) at netbsd:pfxlist_onlink_check+0x255
prelist_remove(c10ea800,282,c7b44b1c,c044ec6d,181c) at netbsd:prelist_remove+0x
1e
nd6_purge(c1092000,c0952480,c7b44b6c,c017ea9f,7) at netbsd:nd6_purge+0xbc
in6_ifdetach(c1092000,0,0,0,0) at netbsd:in6_ifdetach+0x20
in6_purgeif(c1092000,c1092000,c7b44bfc,c04e2e72,10) at netbsd:in6_purgeif+0x50
udp6_usrreq(c7b44c44,16,0,0,c1092000) at netbsd:udp6_usrreq+0x63
if_detach(c1092000,c1092000,0,0,0) at netbsd:if_detach+0x13f
vlan_clone_destroy(c1092000,0,20,0,5) at netbsd:vlan_clone_destroy+0x7d
if_clone_destroy(c7b44e74,c7941e4e,0,3,c0206976) at netbsd:if_clone_destroy+0x6
ifioctl(c10d11b0,80206979,c7b44e74,c7941cc8,800cefb) at netbsd:ifioctl+0xde
soo_ioctl(c70d2038,80206979,c7b44e74,c7941cc8,0) at netbsd:soo_ioctl+0x20b
sys_ioctl(c7082e70,c7b44f64,c7b44f5c,c053e5fe,292) at netbsd:sys_ioctl+0x30a
syscall_plain() at netbsd:syscall_plain+0x119
--- syscall (number 54) ---
0x4810a10f:
db>
etc. I can provide more examples. It is not difficult to trigger this.
>How-To-Repeat:
Create multiple vlan interfaces and give them v6 addresses. I have
vlan1, vlan15 and vlan16 but the crash occurs also if I number them
vlan1, vlan2, vlan3.
I configure them via /etc/ifconfig.vlanN-files.
Initial configuratio usually works fine. But subsequent reconfiguration
doesn't (sometimes even an "ifconfig vlanN destroy" triggers the
panic). The easiest way of triggering the crash seems to be with a
/etc/rc.d/network restart.
>Fix:
Not known.
>Release-Note:
>Audit-Trail:
>Unformatted: