From owner-freebsd-bugs@FreeBSD.ORG  Fri Oct 26 12:00:01 2012
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
Delivered-To: freebsd-bugs@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
 by hub.freebsd.org (Postfix) with ESMTP id 7897BE1B
 for <freebsd-bugs@hub.freebsd.org>; Fri, 26 Oct 2012 12:00:01 +0000 (UTC)
 (envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.FreeBSD.org [8.8.178.135])
 by mx1.freebsd.org (Postfix) with ESMTP id 6081F8FC0A
 for <freebsd-bugs@hub.freebsd.org>; Fri, 26 Oct 2012 12:00:01 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
 by freefall.freebsd.org (8.14.5/8.14.5) with ESMTP id q9QC00JO098082
 for <freebsd-bugs@freefall.freebsd.org>; Fri, 26 Oct 2012 12:00:00 GMT
 (envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
 by freefall.freebsd.org (8.14.5/8.14.5/Submit) id q9QC00Xw098081;
 Fri, 26 Oct 2012 12:00:00 GMT (envelope-from gnats)
Date: Fri, 26 Oct 2012 12:00:00 GMT
Message-Id: <201210261200.q9QC00Xw098081@freefall.freebsd.org>
To: freebsd-bugs@FreeBSD.org
Cc: 
From: "Charbon, Julien" <jcharbon@verisign.com>
Subject: Re: kern/172963: Kernel panic in udp_input()
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
Reply-To: "Charbon, Julien" <jcharbon@verisign.com>
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 26 Oct 2012 12:00:01 -0000

The following reply was made to PR kern/172963; it has been noted by GNATS.

From: "Charbon, Julien" <jcharbon@verisign.com>
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: kern/172963: Kernel panic in udp_input()
Date: Fri, 26 Oct 2012 13:54:38 +0200

   I confirm that this race condition is also present in IPv6 UDP code 
 (Not a surprise as FreeBSD UDP v4 and v6 codes are pretty symmetric), 
 and below the stack trace:
 
 Fatal trap 12: page fault while in kernel mode
 cpuid = 7; apic id = 22
 fault virtual address   = 0x7
 fault code              = supervisor read data, page not present
 instruction pointer     = 0x20:0xffffffff807b60be
 stack pointer           = 0x28:0xffffffa41c83e510
 frame pointer           = 0x28:0xffffffa41c83e5a0
 code segment            = base 0x0, limit 0xfffff, type 0x1b
                          = DPL 0, pres 1, long 1, def32 0, gran 1
 processor eflags        = interrupt enabled, resume, IOPL = 0
 current process         = 12 (irq291: ix1:que 7)
 trap number             = 12
 panic: page fault
 cpuid = 7
 KDB: stack backtrace:
 #0 0xffffffff80642b3e at kdb_backtrace+0x5e
 #1 0xffffffff8060fd57 at panic+0x187
 #2 0xffffffff80905990 at trap_fatal+0x290
 #3 0xffffffff80905ce1 at trap_pfault+0x201
 #4 0xffffffff8090619f at trap+0x3df
 #5 0xffffffff808ed674 at calltrap+0x8
 #6 0xffffffff807b6986 at ip6_savecontrol+0x36
 #7 0xffffffff807cd5c0 at udp6_append+0x60
 #8 0xffffffff807ce99d at udp6_input+0x63d
 #9 0xffffffff807b76bf at ip6_input+0xb4f
 #10 0xffffffff806cb23e at netisr_dispatch_src+0x7e
 #11 0xffffffff806c12dd at ether_demux+0x14d
 #12 0xffffffff806c16e7 at ether_input+0x197
 #13 0xffffffff806c11ff at ether_demux+0x6f
 #14 0xffffffff806c16e7 at ether_input+0x197
 #15 0xffffffff803e3d8b at ixgbe_rxeof+0x1eb
 #16 0xffffffff803e4578 at ixgbe_msix_que+0xa8
 #17 0xffffffff805e7794 at intr_event_execute_handlers+0x104
 
 --
 Julien