NetBSD Problem Report #55489
From www@netbsd.org Tue Jul 14 10:54:06 2020
Return-Path: <www@netbsd.org>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
by mollari.NetBSD.org (Postfix) with ESMTPS id 979AD1A9213
for <gnats-bugs@gnats.NetBSD.org>; Tue, 14 Jul 2020 10:54:06 +0000 (UTC)
Message-Id: <20200714105405.82AFE1A921E@mollari.NetBSD.org>
Date: Tue, 14 Jul 2020 10:54:05 +0000 (UTC)
From: prlw1@cam.ac.uk
Reply-To: prlw1@cam.ac.uk
To: gnats-bugs@NetBSD.org
Subject: Infinite loop in "rump.ifconfig bridge0 create"
X-Send-Pr-Version: www-1.0
>Number: 55489
>Category: kern
>Synopsis: Infinite loop in "rump.ifconfig bridge0 create"
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: kern-bug-people
>State: closed
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Tue Jul 14 10:55:00 +0000 2020
>Closed-Date: Sat Jul 25 21:56:59 +0000 2020
>Last-Modified: Sun Jul 26 05:25:00 +0000 2020
>Originator: Patrick Welche
>Release: NetBSD-9.99.69/amd64
>Organization:
>Environment:
>Description:
As per
http://mail-index.netbsd.org/current-users/2020/07/14/msg039137.html
but checked on 9.99.69, in one xterm:
$ rump_allserver -sv unix:///tmp/sock
in another xterm:
$ export RUMP_SERVER=unix:///tmp/sock
$ rump.ifconfig -a
lo0: flags=0x8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 33624
inet 127.0.0.1/8 flags 0
inet6 ::1/128 flags 0x20<NODAD>
inet6 fe80::1%lo0/64 flags 0 scopeid 0x1
$ rump.ifconfig bridge0 create
and watch rump_allserver's cpu use hit 100% (!)
We seem to be stuck in
https://nxr.netbsd.org/xref/src/sys/net/if.c#1684
(gdb) n
1684 if (strcmp(ifname + 3, ifc->ifc_name) == 0)
(gdb) print *ifc
$11 = {ifc_list = {le_next = 0x7ecb26c0b3c0 <rumpns_ipsec_cloner>,
le_prev = 0x7ecb24003260 <rumpns_virt_cloner>},
ifc_name = 0x7ecb25203d20 "shmif", ifc_namelen = 5,
ifc_create = 0x7ecb25202acb <shmif_clone>,
ifc_destroy = 0x7ecb252026f7 <shmif_unclone>}
(gdb) n
1684 if (strcmp(ifname + 3, ifc->ifc_name) == 0)
...
(gdb) n
1684 if (strcmp(ifname + 3, ifc->ifc_name) == 0)
(gdb) print *ifc
$24 = {ifc_list = {le_next = 0x7ecb26c0b3c0 <rumpns_ipsec_cloner>,
le_prev = 0x7ecb24003260 <rumpns_virt_cloner>},
ifc_name = 0x7ecb25203d20 "shmif", ifc_namelen = 5,
ifc_create = 0x7ecb25202acb <shmif_clone>,
ifc_destroy = 0x7ecb252026f7 <shmif_unclone>}
shmif again?! And "bridge" doesn't appear in the list, so we don't break out of the apparently infinite list.
# ifconfig bridge0 create
outside of rump works.
>How-To-Repeat:
>Fix:
>Release-Note:
>Audit-Trail:
From: Martin Husemann <martin@duskware.de>
To: gnats-bugs@netbsd.org
Cc:
Subject: Re: kern/55489: Infinite loop in "rump.ifconfig bridge0 create"
Date: Tue, 14 Jul 2020 13:18:29 +0200
On Tue, Jul 14, 2020 at 10:55:00AM +0000, prlw1@cam.ac.uk wrote:
> shmif again?! And "bridge" doesn't appear in the list, so we don't
> break out of the apparently infinite list.
The list can not be infinite unless it has been corrupted (like: accidently
made circular).
But since this is a reproducable quick test for it, it should be possible
to find out what goes wrong...
Martin
From: Patrick Welche <prlw1@cam.ac.uk>
To: gnats-bugs@netbsd.org
Cc:
Subject: Re: kern/55489: Infinite loop in "rump.ifconfig bridge0 create"
Date: Wed, 15 Jul 2020 10:52:20 +0100
Another data point:
$ ifconfig -C
bridge agr vlan tun tap stf lo l2tp gre gif npflog
$ rump.ifconfig -C
agr canlo gif mpls npflog l2tp pppoe tap tun vlan virt shmif ipsec carp canlo gif mpls
presumably here output is limited by if_cloners_count
From: Patrick Welche <prlw1@cam.ac.uk>
To: gnats-bugs@netbsd.org
Cc:
Subject: Re: kern/55489: Infinite loop in "rump.ifconfig bridge0 create"
Date: Thu, 16 Jul 2020 14:27:58 +0100
Work around:
[ 1.0200050] if_clone_attach bridge
[ 1.0200050] if_clone_attach lo
[ 1.0200050] if_clone_attach canlo
[ 1.0200050] if_clone_attach carp
[ 1.0200050] if_clone_attach ipsec
[ 1.0200050] if_clone_attach shmif
[ 1.0200050] mainbus0 (root)
[ 1.0500050] if_clone_attach virt
[ 1.0500050] if_clone_attach vlan
[ 1.0500050] if_clone_attach tun
[ 1.0500050] if_clone_attach tap
[ 1.0500050] if_clone_attach pppoe
[ 1.0500050] if_clone_attach l2tp
[ 1.0500050] if_clone_attach npflog
[ 1.0500050] if_clone_attach mpls
[ 1.0500050] if_clone_attach gif
[ 1.0500050] if_clone_attach canlo
[ 1.0500050] if_clone_attach agr
$ rump.ifconfig -C
agr canlo gif mpls npflog l2tp pppoe tap tun vlan virt shmif ipsec carp canlo gif mpls
so it seems that canloop is attached twice. (bridge,lo) were attached
before the first canloop attachment, and appear to be replaced by (mpls,gif)
in the list which were the 2 entries before the second time canloop is
attached.
Removing netcan from RUMPNETCOMP in sys/rump/net/Makefile.rumpnetcomp
gets
[ 1.0400050] if_clone_attach bridge
[ 1.0400050] if_clone_attach lo
[ 1.0400050] if_clone_attach carp
[ 1.0400050] if_clone_attach ipsec
[ 1.0400050] if_clone_attach shmif
[ 1.0400050] mainbus0 (root)
[ 1.0400050] if_clone_attach virt
[ 1.0400050] if_clone_attach vlan
[ 1.0400050] if_clone_attach tun
[ 1.0400050] if_clone_attach tap
[ 1.0400050] if_clone_attach pppoe
[ 1.0400050] if_clone_attach l2tp
[ 1.0400050] if_clone_attach npflog
[ 1.0400050] if_clone_attach mpls
[ 1.0400050] if_clone_attach gif
[ 1.0400050] if_clone_attach agr
$ rump.ifconfig -C
agr gif mpls npflog l2tp pppoe tap tun vlan virt shmif ipsec carp lo bridge
$ rump.ifconfig bridge0 create
$ rump.ifconfig -a
lo0: flags=0x8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 33624
inet 127.0.0.1/8 flags 0
inet6 ::1/128 flags 0x20<NODAD>
inet6 fe80::1%lo0/64 flags 0 scopeid 0x1
bridge0: flags=0 mtu 1500
and the problem is worked around.
From: Martin Husemann <martin@duskware.de>
To: gnats-bugs@NetBSD.org
Cc:
Subject: Re: kern/55489: double can cloner attach
Date: Tue, 21 Jul 2020 19:51:47 +0200
[/tmp] martin@martins > gdb rump_allserver
GNU gdb (GDB) 8.3
Copyright (C) 2019 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64--netbsd".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from rump_allserver...
Reading symbols from /usr/libdata/debug//usr/bin/rump_allserver.debug...
(gdb) break if_clone_attach
Function "if_clone_attach" not defined.
Make breakpoint pending on future shared library load? (y or [n]) y
Breakpoint 1 (if_clone_attach) pending.
(gdb) run -sv unix:///tmp/sock
Starting program: /usr/bin/rump_allserver -sv unix:///tmp/sock
[ 1.0000000] Copyright (c) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005,
[ 1.0000000] 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016, 2017,
[ 1.0000000] 2018, 2019, 2020 The NetBSD Foundation, Inc. All rights reserved.
[ 1.0000000] Copyright (c) 1982, 1986, 1989, 1991, 1993
[ 1.0000000] The Regents of the University of California. All rights reserved.
[ 1.0000000] NetBSD 9.99.69 (RUMP-ROAST)
[ 1.0000000] total memory = unlimited (host limit)
[ 1.0000000] pool redzone disabled for 'kmem-04096'
[ 1.0000000] entropy: no seed from bootloader
[ 1.0000000] entropy: ready
[ 1.0000000] timecounter: Timecounters tick every 10.000 msec
[ 1.0000040] timecounter: Timecounter "clockinterrupt" frequency 100 Hz quality 0
[New LWP 15297 of process 8665]
[New LWP 15191 of process 8665]
[New LWP 4171 of process 8665]
[New LWP 17344 of process 8665]
[New LWP 28443 of process 8665]
[New LWP 17598 of process 8665]
[New LWP 17958 of process 8665]
[New LWP 12184 of process 8665]
[New LWP 16263 of process 8665]
[New LWP 3480 of process 8665]
[New LWP 9358 of process 8665]
[ 1.0000050] cpu0 at thinair0: rump virtual cpu
[New LWP 28766 of process 8665]
[New LWP 2937 of process 8665]
[New LWP 6200 of process 8665]
[ 1.0000050] cpu1 at thinair0: rump virtual cpu
[New LWP 8898 of process 8665]
[New LWP 4742 of process 8665]
[New LWP 19669 of process 8665]
[New LWP 6707 of process 8665]
[ 1.0100050] WARNING: ZFS on NetBSD is under development
[ 1.0100050] pool redzone disabled for 'zio_buf_4096'
[ 1.0100050] pool redzone disabled for 'zio_data_buf_4096'
[ 1.0100050] pool redzone disabled for 'zio_buf_8192'
[ 1.0100050] pool redzone disabled for 'zio_data_buf_8192'
[ 1.0100050] pool redzone disabled for 'zio_buf_16384'
[ 1.0100050] pool redzone disabled for 'zio_data_buf_16384'
[ 1.0100050] pool redzone disabled for 'zio_buf_32768'
[ 1.0100050] pool redzone disabled for 'zio_data_buf_32768'
[ 1.0100050] pool redzone disabled for 'zio_buf_65536'
[ 1.0100050] pool redzone disabled for 'zio_data_buf_65536'
[ 1.0100050] pool redzone disabled for 'zio_buf_131072'
[ 1.0100050] pool redzone disabled for 'zio_data_buf_131072'
[ 1.0100050] pool redzone disabled for 'zio_buf_262144'
[ 1.0100050] pool redzone disabled for 'zio_data_buf_262144'
[ 1.0100050] pool redzone disabled for 'zio_buf_524288'
[ 1.0100050] pool redzone disabled for 'zio_data_buf_524288'
[ 1.0100050] pool redzone disabled for 'zio_buf_1048576'
[ 1.0100050] pool redzone disabled for 'zio_data_buf_1048576'
[ 1.0100050] pool redzone disabled for 'zio_buf_2097152'
[ 1.0100050] pool redzone disabled for 'zio_data_buf_2097152'
[ 1.0100050] pool redzone disabled for 'zio_buf_4194304'
[ 1.0100050] pool redzone disabled for 'zio_data_buf_4194304'
[ 1.0100050] pool redzone disabled for 'zio_buf_8388608'
[ 1.0100050] pool redzone disabled for 'zio_data_buf_8388608'
[ 1.0100050] pool redzone disabled for 'zio_buf_16777216'
[ 1.0100050] pool redzone disabled for 'zio_data_buf_16777216'
[New LWP 20549 of process 8665]
[New LWP 13999 of process 8665]
[New LWP 19026 of process 8665]
[New LWP 9032 of process 8665]
[New LWP 14485 of process 8665]
[ 1.0100050] ZFS filesystem version: 5
[New LWP 15319 of process 8665]
[ 1.0100050] pool redzone disabled for 'buf64k'
[ 1.0100050] root file system type: rumpfs
[ 1.0100050] kern.module.path=/stand/amd64/9.99.69/modules
[New LWP 6620 of process 8665]
[New LWP 1833 of process 8665]
[New LWP 13437 of process 8665]
[New LWP 5521 of process 8665]
[New LWP 29785 of process 8665]
[New LWP 1774 of process 8665]
[New LWP 23177 of process 8665]
[New LWP 19136 of process 8665]
[New LWP 21757 of process 8665]
[New LWP 21336 of process 8665]
[New LWP 22281 of process 8665]
[New LWP 8949 of process 8665]
[New LWP 14210 of process 8665]
[New LWP 8660 of process 8665]
[New LWP 3758 of process 8665]
[ 3.5900050] IPsec: Initialized Security Association Processing.
[New LWP 7951 of process 8665]
[New LWP 3147 of process 8665]
Thread 1 "" hit Breakpoint 1, if_clone_attach (ifc=0x73e55d40a360)
at /usr/src/sys/rump/net/lib/libnet/../../../../net/if.c:1720
1720 {
(gdb) bt
#0 if_clone_attach (ifc=0x73e55d40a360)
at /usr/src/sys/rump/net/lib/libnet/../../../../net/if.c:1720
#1 0x000073e5572bef7b in rump_component_init (
type=type@entry=RUMP_COMPONENT_NET_IF)
at /usr/src/lib/librump/../../sys/rump/librump/rumpkern/rump.c:602
#2 0x000073e557a0cf9d in rumpcompinitRUMP__FACTION_NET ()
at /usr/src/lib/librumpnet/../../sys/rump/librump/rumpnet/rump_net.c:57
#3 0x000073e5572bef7b in rump_component_init (
type=type@entry=RUMP__FACTION_NET)
at /usr/src/lib/librump/../../sys/rump/librump/rumpkern/rump.c:602
#4 0x000073e5572bf4a3 in rump_init ()
at /usr/src/lib/librump/../../sys/rump/librump/rumpkern/rump.c:436
#5 0x0000000038802c21 in main (argc=<optimized out>, argv=0x7f7fff010808)
at /usr/src/usr.bin/rump_allserver/rump_allserver.c:401
(gdb) p ifc
$1 = (struct if_clone *) 0x73e55d40a360
(gdb) p *ifc
$2 = {ifc_list = {le_next = 0x0, le_prev = 0x0},
ifc_name = 0x73e55d208661 "bridge", ifc_namelen = 6,
ifc_create = 0x73e55d2049d0 <bridge_clone_create>,
ifc_destroy = 0x73e55d205b4b <bridge_clone_destroy>}
(gdb) c
Continuing.
Thread 1 "" hit Breakpoint 1, if_clone_attach (ifc=0x73e55d0c9b60)
at /usr/src/sys/rump/net/lib/libnet/../../../../net/if.c:1720
1720 {
(gdb) p *ifc
$3 = {ifc_list = {le_next = 0x0, le_prev = 0x0},
ifc_name = 0x73e55ceaf531 "lo", ifc_namelen = 2,
ifc_create = 0x73e55ce94cf7 <loop_clone_create>,
ifc_destroy = 0x73e55ce94cbb <loop_clone_destroy>}
(gdb) c
Continuing.
Thread 1 "" hit Breakpoint 1, if_clone_attach (ifc=0x73e55c406380)
at /usr/src/sys/rump/net/lib/libnet/../../../../net/if.c:1720
1720 {
(gdb) p *ifc
$4 = {ifc_list = {le_next = 0x0, le_prev = 0x0},
ifc_name = 0x73e55c204cae "canlo", ifc_namelen = 5,
ifc_create = 0x73e55c202c66 <canloop_clone_create>,
ifc_destroy = 0x73e55c202d0e <canloop_clone_destroy>}
(gdb) bt
#0 if_clone_attach (ifc=0x73e55c406380)
at /usr/src/sys/rump/net/lib/libnet/../../../../net/if.c:1720
#1 0x000073e5572bef7b in rump_component_init (
type=type@entry=RUMP_COMPONENT_NET_IF)
at /usr/src/lib/librump/../../sys/rump/librump/rumpkern/rump.c:602
#2 0x000073e557a0cf9d in rumpcompinitRUMP__FACTION_NET ()
at /usr/src/lib/librumpnet/../../sys/rump/librump/rumpnet/rump_net.c:57
#3 0x000073e5572bef7b in rump_component_init (
type=type@entry=RUMP__FACTION_NET)
at /usr/src/lib/librump/../../sys/rump/librump/rumpkern/rump.c:602
#4 0x000073e5572bf4a3 in rump_init ()
at /usr/src/lib/librump/../../sys/rump/librump/rumpkern/rump.c:436
#5 0x0000000038802c21 in main (argc=<optimized out>, argv=0x7f7fff010808)
at /usr/src/usr.bin/rump_allserver/rump_allserver.c:401
(gdb) c
Continuing.
Thread 1 "" hit Breakpoint 1, if_clone_attach (
ifc=0x73e55d0c98c0 <rumpns_carp_cloner>)
at /usr/src/sys/rump/net/lib/libnet/../../../../net/if.c:1720
1720 {
(gdb) p *ifc
$5 = {ifc_list = {le_next = 0x0, le_prev = 0x0},
ifc_name = 0x73e55ceae347 "carp", ifc_namelen = 4,
ifc_create = 0x73e55ce85c2b <carp_clone_create>,
ifc_destroy = 0x73e55ce8694b <carp_clone_destroy>}
(gdb) c
Continuing.
Thread 1 "" hit Breakpoint 1, if_clone_attach (
ifc=0x73e55b00b3c0 <rumpns_ipsec_cloner>)
at /usr/src/sys/rump/net/lib/libnet/../../../../net/if.c:1720
1720 {
(gdb) p *ifc
$6 = {ifc_list = {le_next = 0x0, le_prev = 0x0},
ifc_name = 0x73e55ae09a84 "ipsec", ifc_namelen = 5,
ifc_create = 0x73e55ae049c6 <if_ipsec_clone_create>,
ifc_destroy = 0x73e55ae07c2f <if_ipsec_clone_destroy>}
(gdb) c
Continuing.
Thread 1 "" hit Breakpoint 1, if_clone_attach (
ifc=0x73e559805340 <rumpns_shmif_cloner>)
at /usr/src/sys/rump/net/lib/libnet/../../../../net/if.c:1720
1720 {
(gdb) p *ifc
$7 = {ifc_list = {le_next = 0x0, le_prev = 0x0},
ifc_name = 0x73e559603d20 "shmif", ifc_namelen = 5,
ifc_create = 0x73e559602acb <shmif_clone>,
ifc_destroy = 0x73e5596026f7 <shmif_unclone>}
(gdb) c
Continuing.
[New LWP 6209 of process 8665]
[New LWP 4912 of process 8665]
[ 3.5900050] mainbus0 (root)
[New LWP 19818 of process 8665]
[New LWP 19823 of process 8665]
Thread 1 "" hit Breakpoint 1, if_clone_attach (
ifc=0x73e558403260 <rumpns_virt_cloner>)
at /usr/src/sys/rump/net/lib/libnet/../../../../net/if.c:1720
1720 {
(gdb) p *ifc
$8 = {ifc_list = {le_next = 0x0, le_prev = 0x0},
ifc_name = 0x73e558202777 "virt", ifc_namelen = 4,
ifc_create = 0x73e558202047 <virtif_clone>,
ifc_destroy = 0x73e558201fd3 <virtif_unclone>}
(gdb) c
Continuing.
Thread 1 "" hit Breakpoint 1, if_clone_attach (
ifc=0x73e558c07340 <rumpns_vlan_cloner>)
at /usr/src/sys/rump/net/lib/libnet/../../../../net/if.c:1720
1720 {
(gdb) p *ifc
$9 = {ifc_list = {le_next = 0x0, le_prev = 0x0},
ifc_name = 0x73e558a05e46 "vlan", ifc_namelen = 4,
ifc_create = 0x73e558a029d3 <vlan_clone_create>,
ifc_destroy = 0x73e558a037c1 <vlan_clone_destroy>}
(gdb) c
Continuing.
Thread 1 "" hit Breakpoint 1, if_clone_attach (ifc=0x73e5590052a0)
at /usr/src/sys/rump/net/lib/libnet/../../../../net/if.c:1720
1720 {
(gdb) p *ifc
$10 = {ifc_list = {le_next = 0x0, le_prev = 0x0},
ifc_name = 0x73e558e03d91 "tun", ifc_namelen = 3,
ifc_create = 0x73e558e02857 <tun_clone_create>,
ifc_destroy = 0x73e558e02658 <tun_clone_destroy>}
(gdb) c
Continuing.
Thread 1 "" hit Breakpoint 1, if_clone_attach (
ifc=0x73e559406420 <rumpns_tap_cloners>)
at /usr/src/sys/rump/net/lib/libnet/../../../../net/if.c:1720
1720 {
(gdb) p *ifc
$11 = {ifc_list = {le_next = 0x0, le_prev = 0x0},
ifc_name = 0x73e559204c01 "tap", ifc_namelen = 3,
ifc_create = 0x73e559204010 <tap_clone_create>,
ifc_destroy = 0x73e559204b95 <tap_clone_destroy>}
(gdb) c
Continuing.
Thread 1 "" hit Breakpoint 1, if_clone_attach (ifc=0x73e559c16500)
at /usr/src/sys/rump/net/lib/libnet/../../../../net/if.c:1720
1720 {
(gdb) p *ifc
$12 = {ifc_list = {le_next = 0x0, le_prev = 0x0},
ifc_name = 0x73e559a11eeb "pppoe", ifc_namelen = 5,
ifc_create = 0x73e559a046ed <pppoe_clone_create>,
ifc_destroy = 0x73e559a0412b <pppoe_clone_destroy>}
(gdb) c
Continuing.
Thread 1 "" hit Breakpoint 1, if_clone_attach (
ifc=0x73e55a4083e0 <rumpns_l2tp_cloner>)
at /usr/src/sys/rump/net/lib/libnet/../../../../net/if.c:1720
1720 {
(gdb) p *ifc
$13 = {ifc_list = {le_next = 0x0, le_prev = 0x0},
ifc_name = 0x73e55a207203 "l2tp", ifc_namelen = 4,
ifc_create = 0x73e55a2052f8 <l2tp_clone_create>,
ifc_destroy = 0x73e55a204f29 <l2tp_clone_destroy>}
(gdb) c
Continuing.
[New LWP 21446 of process 8665]
Thread 1 "" hit Breakpoint 1, if_clone_attach (ifc=0x73e55a8351a0)
at /usr/src/sys/rump/net/lib/libnet/../../../../net/if.c:1720
1720 {
(gdb) p *ifc
$14 = {ifc_list = {le_next = 0x0, le_prev = 0x0},
ifc_name = 0x73e55a62845d "npflog", ifc_namelen = 6,
ifc_create = 0x73e55a60f927 <npflog_clone_create>,
ifc_destroy = 0x73e55a60f8b4 <npflog_clone_destroy>}
(gdb) c
Continuing.
Thread 1 "" hit Breakpoint 1, if_clone_attach (ifc=0x73e55ac04260)
at /usr/src/sys/rump/net/lib/libnet/../../../../net/if.c:1720
1720 {
(gdb) p *ifc
$15 = {ifc_list = {le_next = 0x0, le_prev = 0x0},
ifc_name = 0x73e55aa03090 "mpls", ifc_namelen = 4,
ifc_create = 0x73e55aa01dcb <mpls_clone_create>,
ifc_destroy = 0x73e55aa01d7d <mpls_clone_destroy>}
(gdb) c
Continuing.
Thread 1 "" hit Breakpoint 1, if_clone_attach (ifc=0x73e55b4083e0)
at /usr/src/sys/rump/net/lib/libnet/../../../../net/if.c:1720
1720 {
(gdb) p *ifc
$16 = {ifc_list = {le_next = 0x0, le_prev = 0x0},
ifc_name = 0x73e55b20704a "gif", ifc_namelen = 3,
ifc_create = 0x73e55b20432b <gif_clone_create>,
ifc_destroy = 0x73e55b2049b5 <gif_clone_destroy>}
(gdb) c
Continuing.
Thread 1 "" hit Breakpoint 1, if_clone_attach (ifc=0x73e55c406380)
at /usr/src/sys/rump/net/lib/libnet/../../../../net/if.c:1720
1720 {
(gdb) p *ifc
$17 = {ifc_list = {le_next = 0x73e55d0c9b60,
le_prev = 0x73e55d0c98c0 <rumpns_carp_cloner>},
ifc_name = 0x73e55c204cae "canlo", ifc_namelen = 5,
ifc_create = 0x73e55c202c66 <canloop_clone_create>,
ifc_destroy = 0x73e55c202d0e <canloop_clone_destroy>}
(gdb) bt
#0 if_clone_attach (ifc=0x73e55c406380)
at /usr/src/sys/rump/net/lib/libnet/../../../../net/if.c:1720
#1 0x000073e55c202ef0 in if_canloop_modcmd (cmd=<optimized out>,
arg=<optimized out>)
at /usr/src/sys/rump/net/lib/libnetcan/../../../../netcan/if_canloop.c:224
#2 0x000073e5572a13a3 in module_do_builtin (pmod=pmod@entry=0x73e56a848640,
name=<optimized out>, modp=modp@entry=0x0, props=props@entry=0x0)
at /usr/src/lib/librump/../../sys/rump/../kern/kern_module.c:940
#3 0x000073e5572a3155 in module_init_class (modclass=MODULE_CLASS_ANY)
at /usr/src/lib/librump/../../sys/rump/../kern/kern_module.c:618
#4 0x000073e5572bf51c in rump_init ()
at /usr/src/lib/librump/../../sys/rump/librump/rumpkern/rump.c:455
#5 0x0000000038802c21 in main (argc=<optimized out>, argv=0x7f7fff010808)
at /usr/src/usr.bin/rump_allserver/rump_allserver.c:401
From: Paul Goyette <paul@whooppee.com>
To: gnats-bugs@netbsd.org
Cc:
Subject: Re: kern/55489: double can cloner attach
Date: Thu, 23 Jul 2020 13:42:10 -0700 (PDT)
Log to the PR (doesn't seem to have been picked up from cvs)
Module Name: src
Committed By: pgoyette
Date: Tue Jul 21 18:38:18 UTC 2020
Modified Files:
src/sys/rump/net/lib/libnetcan: netcan_component.c
Log Message:
Remove spurious call to canloopinit() in an attempt to fix kern/55489
This attempt at fixing is a result of IRC discussions with martin@ and
riastradh@
To generate a diff of this commit:
cvs rdiff -u -r1.2 -r1.3 src/sys/rump/net/lib/libnetcan/netcan_component.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
+--------------------+--------------------------+-----------------------+
| Paul Goyette | PGP Key fingerprint: | E-mail addresses: |
| (Retired) | FA29 0E3B 35AF E8AE 6651 | paul@whooppee.com |
| Software Developer | 0786 F758 55DE 53BA 7731 | pgoyette@netbsd.org |
+--------------------+--------------------------+-----------------------+
State-Changed-From-To: open->feedback
State-Changed-By: pgoyette@NetBSD.org
State-Changed-When: Thu, 23 Jul 2020 20:47:52 +0000
State-Changed-Why:
Fix committed - please confirm that the problem has been addressed.
From: Patrick Welche <prlw1@cam.ac.uk>
To: gnats-bugs@netbsd.org
Cc:
Subject: Re: kern/55489 (Infinite loop in "rump.ifconfig bridge0 create")
Date: Fri, 24 Jul 2020 15:02:55 +0100
The 100% cpu has been addressed, but I don't understand why adding something
to a list twice would not simply give you list with the entry appearing
twice. bridge actually *disappeared* from the list after the addition
of the second canloop. (I explain better above)
State-Changed-From-To: feedback->closed
State-Changed-By: pgoyette@NetBSD.org
State-Changed-When: Sat, 25 Jul 2020 21:56:59 +0000
State-Changed-Why:
Fix confirmed by originator
From: Martin Husemann <martin@duskware.de>
To: gnats-bugs@netbsd.org
Cc:
Subject: Re: kern/55489 (Infinite loop in "rump.ifconfig bridge0 create")
Date: Sun, 26 Jul 2020 07:21:21 +0200
On Sat, Jul 25, 2020 at 09:15:01PM +0000, Patrick Welche wrote:
> [..] but I don't understand why adding something
> to a list twice would not simply give you list with the entry appearing
> twice.
Both entries used the same (static) storage.
Martin
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.46 2020/01/03 16:35:01 leot Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2020
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.