NetBSD Problem Report #44033
From www@NetBSD.org Wed Nov 3 16:32:08 2010
Return-Path: <www@NetBSD.org>
Received: from mail.netbsd.org (mail.netbsd.org [204.152.190.11])
by www.NetBSD.org (Postfix) with ESMTP id 0A87F63BA54
for <gnats-bugs@gnats.NetBSD.org>; Wed, 3 Nov 2010 16:32:08 +0000 (UTC)
Message-Id: <20101103163207.9A94D63BA50@www.NetBSD.org>
Date: Wed, 3 Nov 2010 16:32:07 +0000 (UTC)
From: Christoph_Egger@gmx.de
Reply-To: Christoph_Egger@gmx.de
To: gnats-bugs@NetBSD.org
Subject: kernel panic when destroying tap(4)
X-Send-Pr-Version: www-1.0
>Number: 44033
>Category: kern
>Synopsis: kernel panic when destroying tap(4)
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: kern-bug-people
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Wed Nov 03 16:35:00 +0000 2010
>Closed-Date:
>Last-Modified: Mon Feb 18 23:37:07 +0000 2013
>Originator: Christoph Egger
>Release: NetBSD/amd64 -current
>Organization:
>Environment:
>Description:
The kernel has LOCKDEBUG + DEBUG + DIAGNOSTIC + MBUFTRACE.
panic: kernel diagnostic assertion "off < percpu_nextoff" failed: file "sys/kern/subr_percpu.c", line 78
fatal breakpoint trap in supervisor mode
trap type 1 code 0 rip ffffffff80202145 cs e030 rflags 246 cr2 ffffa00025ce188c cpl 6 rsp ffffa00026f2aeb0
Stopped in pid 862.3 (qemu-dm) at netbsd:breakpoint+0x5: leave
breakpoint() at netbsd:breakpoint+0x5
panic() at netbsd:panic+0x28f
kern_assert() at netbsd:kern_assert+0x2d
percpu_offset() at netbsd:percpu_offset+0x41
percpu_getptr_remote() at netbsd:percpu_getptr_remote+0x1e
m_claim() at netbsd:m_claim+0x44
m_claimm() at netbsd:m_claimm+0x1d
ether_output() at netbsd:ether_output+0x43
ip6_output() at netbsd:ip6_output+0x100d
mld_sendpkt() at netbsd:mld_sendpkt+0x233
in6_delmulti() at netbsd:in6_delmulti+0x208
in6_leavegroup() at netbsd:in6_leavegroup+0x19
in6_purgeaddr() at netbsd:in6_purgeaddr+0x59
if_purgeaddrs() at netbsd:if_purgeaddrs+0x39
in6_purgeif() at netbsd:in6_purgeif+0x1d
udp6_usrreq() at netbsd:udp6_usrreq+0xde
if_detach() at netbsd:if_detach+0x2bd
tap_detach() at netbsd:tap_detach+0xa8
config_detach() at netbsd:config_detach+0xe5
tap_clone_destroyer() at netbsd:tap_clone_destroyer+0x22
closef() at netbsd:closef+0x6d
fd_free() at netbsd:fd_free+0x1b2
exit1() at netbsd:exit1+0x121
sigexit() at netbsd:sigexit+0x1aa
postsig() at netbsd:postsig+0x120
lwp_userret() at netbsd:lwp_userret+0x145
syscall() at netbsd:syscall+0x14d
ds 0xae80
es 0x203
fs 0xe030
gs 0x271e
rdi 0
rsi 0xffffffff805cbcb9 printf+0xbc
rbp 0xffffa00026f2aeb0
rbx 0xffffa00026f2aec0
rdx 0
rcx 0
rax 0x1
r8 0xffffa00026f2add0
r9 0
r10 0xffffa00026f2add0
r11 0x1
r12 0x104
r13 0xffffffff80a5aa50
r14 0x6
r15 0xffffa0000138d560
rip 0xffffffff80202145 breakpoint+0x5
cs 0xe030
rflags 0x246
rsp 0xffffa00026f2aeb0
ss 0xe02b
netbsd:breakpoint+0x5: leave
db>
>How-To-Repeat:
Start qemu, use tap(4) for networking and exit qemu.
>Fix:
>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->feedback
State-Changed-By: dholland@NetBSD.org
State-Changed-When: Mon, 18 Feb 2013 23:32:11 +0000
State-Changed-Why:
Is this the same as 47576? (aka just fixed)
State-Changed-From-To: feedback->open
State-Changed-By: dholland@NetBSD.org
State-Changed-When: Mon, 18 Feb 2013 23:37:07 +0000
State-Changed-Why:
probably not.
might be worth seeing if this still happens anyway, though.
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.
Home