Project

General

Profile

Actions

Bug #1919

closed

panic on detroying tap device

Added by lentferj over 13 years ago. Updated over 5 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:

Description

When playing with vkernel and networking a encountered a panic when doing

ifconfig tap4 down
ifconfig tap4 destroy

The backtrace is below. Kernel dump is available (for own reference .12
files).

Jan

df386devel# kgdb kern.12 vmcore.12
GNU gdb (GDB) 7.0
Copyright (C) 2009 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later
<http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "i386-dragonfly".
For bug reporting instructions, please see:
<http://bugs.dragonflybsd.org/&gt;...
Reading symbols from /var/crash/kern.12...done.

Unread portion of the kernel message buffer:
panic: if_clone_destroy: bit is already cleared
Trace beginning at frame 0xd74bbb14
panic(ffffffff) at panic+0xe8
panic(c05c08c0,c0582e91,4,d74bbc1c,cc650b68) at panic+0xe8
if_clone_destroy(d74bbc1c,c06f3420,cea12198,0,24) at if_clone_destroy+0x72
ifioctl(d4399500,80206979,d74bbc1c,cc650b68) at ifioctl+0x29c
soo_ioctl(cc6902c8,80206979,d74bbc1c,cc650b68,d74bbcf0) at soo_ioctl+0x126
mapped_ioctl(3,80206979,8102ee0,0,d74bbcf0) at mapped_ioctl+0x408
sys_ioctl(d74bbcf0,1cee,0,ce9dc4e0,282) at sys_ioctl+0x17
syscall2(d74bbd40) at syscall2+0x20e
Xint0x80_syscall() at Xint0x80_syscall+0x36
Uptime: 3d7h37m21s
Physical memory: 1015 MB
Dumping 350 MB: 335 319 303 287 271 255 239 223 207 191 175 159 143 127
111 95 79 63 (CTRL-C to abort) (CTRL-C to abort) 47 31 15

Reading symbols from /boot/kernel/acpi.ko...done.
Loaded symbols for /boot/kernel/acpi.ko
Reading symbols from /boot/kernel/ahci.ko...done.
Loaded symbols for /boot/kernel/ahci.ko
Reading symbols from /boot/kernel/ehci.ko...done.
Loaded symbols for /boot/kernel/ehci.ko
Reading symbols from /boot/kernel/vn.ko...done.
Loaded symbols for /boot/kernel/vn.ko
Reading symbols from /boot/kernel/pf.ko...done.
Loaded symbols for /boot/kernel/pf.ko
Reading symbols from /boot/kernel/if_bridge.ko...done.
Loaded symbols for /boot/kernel/if_bridge.ko
Reading symbols from /boot/kernel/if_tap.ko...done.
Loaded symbols for /boot/kernel/if_tap.ko
get_mycpu (di=0xc06d63e0) at ./machine/thread.h:83
83 __asm ("movl %%fs:globaldata,%0" : "=r" (gd) :
"m"(
_mycpu__dummy));
(kgdb) backtrace
#0 _get_mycpu (di=0xc06d63e0) at ./machine/thread.h:83
#1 md_dumpsys (di=0xc06d63e0)
at /home/lentferj/repo/src/sys/platform/pc32/i386/dump_machdep.c:263
#2 0xc03105c1 in dumpsys ()
at /home/lentferj/repo/src/sys/kern/kern_shutdown.c:881
#3 0xc0310b30 in boot (howto=260)
at /home/lentferj/repo/src/sys/kern/kern_shutdown.c:388
#4 0xc0310cb0 in panic (fmt=0xc05c08c0 "%s: bit is already cleared")
at /home/lentferj/repo/src/sys/kern/kern_shutdown.c:787
#5 0xc038a6f5 in if_clone_destroy (name=0xd74bbc1c "tap4")
at /home/lentferj/repo/src/sys/net/if_clone.c:158
#6 0xc038954b in ifioctl (so=0xd4399500, cmd=2149607801,
data=0xd74bbc1c "tap4", cred=0xcc650b68)
at /home/lentferj/repo/src/sys/net/if.c:1476
#7 0xc0338b92 in soo_ioctl (fp=0xcc6902c8, cmd=0, data=0xd74bbc1c "tap4",
cred=0xcc650b68, msg=0xd74bbcf0)
at /home/lentferj/repo/src/sys/kern/sys_socket.c:179
#8 0xc033461b in fo_ioctl (fd=3, com=2149607801,
uspc_data=0x8102ee0 <Address 0x8102ee0 out of bounds>, map=0x0,
msg=0xd74bbcf0) at /home/lentferj/repo/src/sys/sys/file2.h:88
#9 mapped_ioctl (fd=3, com=2149607801,
uspc_data=0x8102ee0 <Address 0x8102ee0 out of bounds>, map=0x0,
msg=0xd74bbcf0) at /home/lentferj/repo/src/sys/kern/sys_generic.c:737
---Type <return> to continue, or q <return> to quit---
---Type <return> to continue, or q <return> to quit---#10 0xc03346b8 in
sys_ioctl (uap=0xd74bbcf0)
at /home/lentferj/repo/src/sys/kern/sys_generic.c:556
#11 0xc0558448 in syscall2 (frame=0xd74bbd40)
at /home/lentferj/repo/src/sys/platform/pc32/i386/trap.c:1336
#12 0xc0547366 in Xint0x80_syscall ()
at /home/lentferj/repo/src/sys/platform/pc32/i386/exception.s:876
#13 0x0000001f in ?? ()
Backtrace stopped: previous frame inner to this frame (corrupt stack?)
(kgdb)

Actions #1

Updated by sepherosa over 13 years ago

On Mon, Nov 22, 2010 at 12:56 AM, Jan Lentfer <> wrote:

When playing with vkernel and networking a encountered a panic when doing

ifconfig tap4 down
ifconfig tap4 destroy

If the tap(4) is open(2)ed by vkernel, it should bypasses all cloning operation.

Your probably should add one more if_clone method besides
if_clone_creat/if_clone_destroy, like if_clone_iscloned, to fix all
pseudo devices, which support open(2) and if_clone. Then change code
in net/if_clone.c like following:

int
if_clone_destroy() {
....

ifp = ifunit(name);
if (ifp NULL)
return (ENXIO);
if (!ifc->ifc_iscloned(ifp))
return EOPNOTSUPP;
if (ifc->ifc_destroy  NULL)
return (EOPNOTSUPP);
....
}

BTW, after all these the TAP_CLONE test in tap_clone_destroy()
probably should be changed to assertion.

Best Regards,
sephe

Actions #2

Updated by liweitianux over 5 years ago

  • Description updated (diff)
  • Status changed from New to Resolved

We no longer have this problem, so close this bug.

See commits a7e9152e0b2bf76f6f9eb691c96714b4e965f3f4 and 3b1300daa841e3b20ed7417394ab6039c5f2506b.

Cheers,
Aaron

Actions

Also available in: Atom PDF