[Bug 275920] Kernel crash in sys/netlink/route/iface.c:124
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Mon, 25 Dec 2023 17:18:12 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=275920
--- Comment #4 from Kristof Provost <kp@freebsd.org> ---
That code lives in sys/dev/etherswitch/e6000sw/e6000sw.c
It creates a struct ifnet for each port in e6000sw_attach() /
e6000sw_init_interface(). It never actually attached that ifnet though. I
believe it's only created so e6000sw can call into the mii code, which is also
how I think we eventually end up in the panicing stack. There's a link state
event, which calls do_link_state_change() -> rtnl_handle_ifevent() ->
dump_iface() -> get_operstate() -> get_operstate_ether(). That wants to know if
the link is up or down, so it tries to ioctl(SIOCGIFMEDIA). Which doesn't go
well if if_ioctl is NULL.
Here's the relevant bit of backtrace:
#7 0x0000000000000000 in ?? ()
#8 0xffff0000006f87f4 in get_operstate_ether (ifp=0xffffa00002f7d000,
pstate=<optimized out>) at /usr/src/sys/netlink/route/iface.c:124
#9 get_operstate (ifp=0xffffa00002f7d000, pstate=<optimized out>)
at /usr/src/sys/netlink/route/iface.c:181
#10 dump_iface (nw=nw@entry=0xffff0000877e0780,
ifp=ifp@entry=0xffffa00002f7d000, hdr=hdr@entry=0xffff0000877e07c0,
if_flags_mask=if_flags_mask@entry=0)
at /usr/src/sys/netlink/route/iface.c:310
#11 0xffff0000006f80cc in rtnl_handle_ifevent (ifp=0xffffa00002f7d000,
nlmsg_type=<optimized out>, if_flags_mask=0)
at /usr/src/sys/netlink/route/iface.c:1411
#12 0xffff0000005f9cb8 in do_link_state_change (arg=0xffffa00002f7d000,
pending=1) at /usr/src/sys/net/if.c:2181
#13 0xffff000000525bf0 in taskqueue_run_locked (
queue=queue@entry=0xffffa0000136d300)
at /usr/src/sys/kern/subr_taskqueue.c:512
#14 0xffff00000052594c in taskqueue_run (queue=0xffffa0000136d300)
at /usr/src/sys/kern/subr_taskqueue.c:527
--
You are receiving this mail because:
You are the assignee for the bug.