On 15 March 2012 02:48, Adarsh Joshi <adarsh.jo...@qlogic.com> wrote: > Hello everyone, > > I tried to destroy a lagg interface (created using laggproto none) and I see > the system crash. > > Steps to reproduce: > Kldload if_lagg > Ifconfig lagg0 create > ifconfig lagg0 up laggproto none laggport ql0 laggport ql1 192.168.100.1 > netmask 255.255.255.0 > ifconfig lagg0 destroy > > uname -a > FreeBSD bsd-02 7.4-RELEASE FreeBSD 7.4-RELEASE #0: Wed Mar 7 18:16:06 PST > 2012 root@bsd-02:/usr/src/sys/amd64/compile/MYKERNEL amd64 > > Crash: > > Tracing command ifconfig pid 1443 tid 100182 td 0xffffff0023358740 > Uart_z8530_class() at 0 > Ifc_simple_destroy() at Ifc_simple_destroy+0x2a > If_clone_destroyif() at If_clone_destroyif+0xa5 > Ifioctl() at ifioctl+0x300 > Kern_ioctl() at kern_ioctl+0xa2 > Ioctl() at ioctl+0xf9 > Syscall() at syscall+0x252 > Xfast_syscall() at Xfast_syscall+0xab > --- syscall (54, FreeBSD ELF64, ioctl), rip = 0x8008324bc, rsp = > 0x7fffffffe348, rbp = 0x7ffffffffee27 ---
This is just a thought. This thread has probably lost the race when tried to take a valid pointer to ifnet for the given interface using ifunit() function (as done in if_clone_destroyif()) and then is de-referencing a pointer to an already freed memory. Since FreeBSD 8.1 this was changed to use ifunit_ref() to protect ifnet pointer against early destroy by reference counting the ifnet pointer. But this function doesn't exists in 7.x. If this is the case, then this should be easily reproduced when two parallel threads are trying to destroy the cloned interface. So, first I'd try to upgrade to 8.1 or above. -- wbr, pluknet _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
