From az@sunner.elcomnet.ru  Tue May 23 06:53:40 2006
Return-Path: <az@sunner.elcomnet.ru>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 136FA16A420
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 23 May 2006 06:53:40 +0000 (UTC)
	(envelope-from az@sunner.elcomnet.ru)
Received: from sunner.elcomnet.ru (sunner.elcomnet.ru [86.110.161.253])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 88CA543D4C
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 23 May 2006 06:53:39 +0000 (GMT)
	(envelope-from az@sunner.elcomnet.ru)
Received: from az by sunner.elcomnet.ru with local (Exim 4.62 (FreeBSD))
	(envelope-from <az@sunner.elcomnet.ru>)
	id 1FiQls-0005GO-5S
	for FreeBSD-gnats-submit@freebsd.org; Tue, 23 May 2006 10:53:36 +0400
Message-Id: <E1FiQls-0005GO-5S@sunner.elcomnet.ru>
Date: Tue, 23 May 2006 10:53:36 +0400
From: Andrej Zverev <az@freebsd.org>
Sender: Andrej Zverev <az@sunner.elcomnet.ru>
Reply-To: Andrej Zverev <az@freebsd.org>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: panic in ifconfig
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         97679
>Category:       kern
>Synopsis:       panic in ifconfig
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    glebius
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue May 23 07:00:35 GMT 2006
>Closed-Date:    Thu Aug 10 10:28:14 GMT 2006
>Last-Modified:  Thu Aug 10 10:28:14 GMT 2006
>Originator:     Andrej Zverev
>Release:        FreeBSD 6.1-RELEASE i386
>Organization:
>Environment:
System: FreeBSD sunner.elcomnet.ru 6.1-RELEASE FreeBSD 6.1-RELEASE #1: Sat May 13 23:45:05 MSD 2006 root@sunner.elcomnet.ru:/usr/obj/usr/src/sys/SUNNER i386


	
>Description:
	Trying run ifconfig at the moment then other ifconfig trying to create,
	assign ip to interface produce kernel panic
	
>How-To-Repeat:
	try write scipt, like this
	#!/usr/bin/perl
	for ($i=1; $i<4000; $i++)
	{
		system ("ifconfig create vlan$i");
		system ("ifconfig vlan$i vlan $i vlandev $parent");
		system ("ifconfig vlan$i 10.10.10.10/32");
	}

	run it, and on another terminal try run ifconfig and in one moment
	you will see panic. I don't have fix, but in Fix section avalible 
	panic trace.
	If you need any extra information, just ask.

	
>Fix:

	

--- vlans_panic.txt begins here ---
az# kgdb kernel.debug /var/crash/vmcore.1 
[GDB will not be able to debug user-mode threads: /usr/lib/libthread_db.so: Undefined symbol "ps_pglobal_lookup"]
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-marcel-freebsd".

Unread portion of the kernel message buffer:


Fatal trap 12: page fault while in kernel mode
fault virtual address   = 0x0
fault code              = supervisor read, page not present
instruction pointer     = 0x20:0xc070e4e2
stack pointer           = 0x28:0xd6423b34
frame pointer           = 0x28:0xd6423b78
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, def32 1, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 19341 (ifconfig)
trap number             = 12
panic: page fault
Uptime: 4m35s
Dumping 502 MB (2 chunks)
  chunk 0: 1MB (159 pages) ... ok
  chunk 1: 502MB (128480 pages) 486 470 454 438 422 406 390 374 358 342 326 310 294 278 262 246 230 214 198 182 166 150 134 118 102 86 70 54 38 22 6

#0  doadump () at pcpu.h:165
165             __asm __volatile("movl %%fs:0,%0" : "=r" (td));
(kgdb) bt
#0  doadump () at pcpu.h:165
#1  0xc06900f5 in boot (howto=260) at ../../../kern/kern_shutdown.c:402
#2  0xc069038c in panic (fmt=0xc08dbb5c "%s") at ../../../kern/kern_shutdown.c:558
#3  0xc0886f64 in trap_fatal (frame=0xd6423af4, eva=0) at ../../../i386/i386/trap.c:836
#4  0xc0886ccb in trap_pfault (frame=0xd6423af4, usermode=0, eva=0) at ../../../i386/i386/trap.c:744
#5  0xc0886909 in trap (frame=
      {tf_fs = -1066401784, tf_es = 40, tf_ds = 40, tf_edi = -989071360, tf_esi = 0, tf_ebp = -700302472, tf_isp = -700302560, tf_ebx = 76, tf_edx = -984264704, tf_ecx = 0, tf_eax = 2514, tf_trapno = 12, tf_err = 0, tf_eip = -1066343198, tf_cs = 32, tf_eflags = 66118, tf_esp = -996640256, tf_ss = 0}) at ../../../i386/i386/trap.c:434
#6  0xc0875e6a in calltrap () at ../../../i386/i386/exception.s:139
#7  0xc070e4e2 in sysctl_iflist (af=0, w=0xd6423b94) at ../../../net/rtsock.c:1085
#8  0xc070ea59 in sysctl_rtsock (oidp=0xc09747c0, arg1=0xd6423c7c, arg2=4, req=0x0) at ../../../net/rtsock.c:1228
#9  0xc0697def in sysctl_root (oidp=0x0, arg1=0xd6423c7c, arg2=4, req=0xd6423c04) at ../../../kern/kern_sysctl.c:1285
#10 0xc0697fec in userland_sysctl (td=0x9d2, name=0xd6423c74, namelen=6, old=0xd6423c04, oldlenp=0xbfbfdadc, inkernel=0, new=0x0, newlen=2514, retval=0xd6423c70, flags=2514)
    at ../../../kern/kern_sysctl.c:1384
#11 0xc0697e8f in __sysctl (td=0xc3863480, uap=0xd6423d04) at ../../../kern/kern_sysctl.c:1319
#12 0xc088727b in syscall (frame=
      {tf_fs = 59, tf_es = 135397435, tf_ds = -1078001605, tf_edi = 6, tf_esi = -1077945636, tf_ebp = -1077945768, tf_isp = -700301980, tf_ebx = 672425224, tf_edx = 134889472, tf_ecx = -1077945632, tf_eax = 202, tf_trapno = 12, tf_err = 2, tf_eip = 672277867, tf_cs = 51, tf_eflags = 658, tf_esp = -1077945828, tf_ss = 59}) at ../../../i386/i386/trap.c:981
#13 0xc0875ebf in Xint0x80_syscall () at ../../../i386/i386/exception.s:200
#14 0x00000033 in ?? ()
Previous frame inner to this frame (corrupt stack?)


(kgdb) f 1
#1  0xc06900f5 in boot (howto=260) at ../../../kern/kern_shutdown.c:402
402                     doadump();
(kgdb) f 2
#2  0xc069038c in panic (fmt=0xc08dbb5c "%s") at ../../../kern/kern_shutdown.c:558
558             boot(bootopt);
(kgdb) f 3
#3  0xc0886f64 in trap_fatal (frame=0xd6423af4, eva=0) at ../../../i386/i386/trap.c:836
836                     panic("%s", trap_msg[type]);
(kgdb) f 4
#4  0xc0886ccb in trap_pfault (frame=0xd6423af4, usermode=0, eva=0) at ../../../i386/i386/trap.c:744
744                     trap_fatal(frame, eva);
(kgdb) f 5
#5  0xc0886909 in trap (frame=
      {tf_fs = -1066401784, tf_es = 40, tf_ds = 40, tf_edi = -989071360, tf_esi = 0, tf_ebp = -700302472, tf_isp = -700302560, tf_ebx = 76, tf_edx = -984264704, tf_ecx = 0, tf_eax = 2514, tf_trapno = 12, tf_err = 0, tf_eip = -1066343198, tf_cs = 32, tf_eflags = 66118, tf_esp = -996640256, tf_ss = 0}) at ../../../i386/i386/trap.c:434
434                             (void) trap_pfault(&frame, FALSE, eva);
(kgdb) f 6
#6  0xc0875e6a in calltrap () at ../../../i386/i386/exception.s:139
139             call    trap
Current language:  auto; currently asm
(kgdb) f 7
#7  0xc070e4e2 in sysctl_iflist (af=0, w=0xd6423b94) at ../../../net/rtsock.c:1085
1085                    ifa = ifaddr_byindex(ifp->if_index);
Current language:  auto; currently c
(kgdb) f 8
#8  0xc070ea59 in sysctl_rtsock (oidp=0xc09747c0, arg1=0xd6423c7c, arg2=4, req=0x0) at ../../../net/rtsock.c:1228
1228                    error = sysctl_iflist(af, &w);
(kgdb) f 9
#9  0xc0697def in sysctl_root (oidp=0x0, arg1=0xd6423c7c, arg2=4, req=0xd6423c04) at ../../../kern/kern_sysctl.c:1285
1285            error = oid->oid_handler(oid, arg1, arg2, req);
(kgdb) f 10
#10 0xc0697fec in userland_sysctl (td=0x9d2, name=0xd6423c74, namelen=6, old=0xd6423c04, oldlenp=0xbfbfdadc, inkernel=0, new=0x0, newlen=2514, retval=0xd6423c70, flags=2514)
    at ../../../kern/kern_sysctl.c:1384
1384                    error = sysctl_root(0, name, namelen, &req);
(kgdb) f 11
#11 0xc0697e8f in __sysctl (td=0xc3863480, uap=0xd6423d04) at ../../../kern/kern_sysctl.c:1319
1319            error = userland_sysctl(td, name, uap->namelen,
(kgdb) f 12
#12 0xc088727b in syscall (frame=
      {tf_fs = 59, tf_es = 135397435, tf_ds = -1078001605, tf_edi = 6, tf_esi = -1077945636, tf_ebp = -1077945768, tf_isp = -700301980, tf_ebx = 672425224, tf_edx = 134889472, tf_ecx = -1077945632, tf_eax = 202, tf_trapno = 12, tf_err = 2, tf_eip = 672277867, tf_cs = 51, tf_eflags = 658, tf_esp = -1077945828, tf_ss = 59}) at ../../../i386/i386/trap.c:981
981                     error = (*callp->sy_call)(td, args);
--- vlans_panic.txt ends here ---


>Release-Note:
>Audit-Trail:

From: Andrej Zverev <az@freebsd.org>
To: bug-followup@FreeBSD.org,  az@freebsd.org
Cc:  
Subject: Re: i386/97679: panic in ifconfig
Date: Tue, 23 May 2006 16:10:33 +0400

 BTW, same situation on current
 
 dump log here
 
 http://sunner.elcomnet.ru/~az/vlan1_panic.txt
 

From: Ed Maste <emaste@phaedrus.sandvine.ca>
To: Andrej Zverev <az@FreeBSD.org>
Cc: FreeBSD-gnats-submit@FreeBSD.org
Subject: Re: i386/97679: panic in ifconfig
Date: Tue, 23 May 2006 13:30:56 -0400

 On Tue, May 23, 2006 at 10:53:36AM +0400, Andrej Zverev wrote:
 
 > 	try write scipt, like this
 > 	#!/usr/bin/perl
 > 	for ($i=1; $i<4000; $i++)
 > 	{
 > 		system ("ifconfig create vlan$i");
 > 		system ("ifconfig vlan$i vlan $i vlandev $parent");
 > 		system ("ifconfig vlan$i 10.10.10.10/32");
 > 	}
 
 Do you still experience a panic if you run this script, destroy the
 vlans it created, and then try your test again?
 
 I've briefly looked into a race condition with if_grow() and I wonder
 if this is the case you're encountering.  It will only occur when you
 go from e.g. 8->16 or 16->32 ifnets, as the array expands by a factor
 of two each time.
 
 -ed
State-Changed-From-To: open->patched 
State-Changed-By: glebius 
State-Changed-When: Wed Jun 21 06:01:31 UTC 2006 
State-Changed-Why:  
Patch submitted by Alex Lyashkov <shadow itt.net.ru> 


Responsible-Changed-From-To: freebsd-i386->glebius 
Responsible-Changed-By: glebius 
Responsible-Changed-When: Wed Jun 21 06:01:31 UTC 2006 
Responsible-Changed-Why:  
Handling this one. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=97679 

From: Andrej Zverev <az@freebsd.org>
To: bug-followup@FreeBSD.org,  az@freebsd.org
Cc:  
Subject: Re: kern/97679: panic in ifconfig
Date: Sun, 06 Aug 2006 12:47:36 +0400

 Problem solved ? If yes - can you close PR
 
 WBR,
 Andrej Zverev
 
State-Changed-From-To: patched->closed 
State-Changed-By: glebius 
State-Changed-When: Thu Aug 10 10:27:59 UTC 2006 
State-Changed-Why:  
Merged to RELENG_6. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=97679 
>Unformatted:
