From owner-freebsd-bugs@FreeBSD.ORG Fri Dec 1 08:30:32 2006 Return-Path: X-Original-To: freebsd-bugs@hub.freebsd.org Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 4204516A415 for ; Fri, 1 Dec 2006 08:30:32 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [69.147.83.40]) by mx1.FreeBSD.org (Postfix) with ESMTP id DE15D43CC7 for ; Fri, 1 Dec 2006 08:30:04 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id kB18UHuq015581 for ; Fri, 1 Dec 2006 08:30:17 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id kB18UHUv015578; Fri, 1 Dec 2006 08:30:17 GMT (envelope-from gnats) Date: Fri, 1 Dec 2006 08:30:17 GMT Message-Id: <200612010830.kB18UHUv015578@freefall.freebsd.org> To: freebsd-bugs@FreeBSD.org From: Ruslan Ermilov Cc: Subject: Re: kern/105966: panic w/IPv6 X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Ruslan Ermilov List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 01 Dec 2006 08:30:32 -0000 The following reply was made to PR kern/105966; it has been noted by GNATS. From: Ruslan Ermilov To: Mark Kamichoff Cc: bug-followup@FreeBSD.org Subject: Re: kern/105966: panic w/IPv6 Date: Fri, 1 Dec 2006 11:26:22 +0300 You're running IPv6 routing daemon, ospf6d(8), so you were vulnerable. This bug has already been fixed; you need the following file/revision to get a fix: $FreeBSD: src/sys/netinet6/nd6.c,v 1.48.2.16 2006/11/29 14:00:29 ru Exp $ You can either upgrade your sources, or just pick up this revision and recompile your kernel: http://www.freebsd.org/cgi/cvsweb.cgi/~checkout~/src/sys/netinet6/nd6.c?rev=1.48.2.16&content-type=text/plain Please follow-up with the success report so we can close the PR. On Tue, Nov 28, 2006 at 06:00:29PM +0000, Mark Kamichoff wrote: > >Synopsis: panic w/IPv6 > >Release: 6.2-PRERELEASE > > Unread portion of the kernel message buffer: > kernel trap 12 with interrupts disabled > > > Fatal trap 12: page fault while in kernel mode > fault virtual address = 0x78 > fault code = supervisor read, page not present > instruction pointer = 0x20:0xc0554ba7 > stack pointer = 0x28:0xd43f2b28 > frame pointer = 0x28:0xd43f2b2c > code segment = base 0x0, limit 0xfffff, type 0x1b > = DPL 0, pres 1, def32 1, gran 1 > processor eflags = resume, IOPL = 0 > current process = 11 (swi1: net) > trap number = 12 > panic: page fault > Uptime: 17d17h21m15s > Dumping 510 MB (2 chunks) > chunk 0: 1MB (159 pages) ... ok > chunk 1: 510MB (130544 pages) 494 478 462 446 430 414 398 382 366 350 334 318 302 286 270 254 238 222 206 190 174 158 142 126 110 94 78 62 46 30 14 > > #0 doadump () at pcpu.h:165 > 165 __asm __volatile("movl %%fs:0,%0" : "=r" (td)); > (kgdb) bt > #0 doadump () at pcpu.h:165 > #1 0xc052f44a in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:409 > #2 0xc052f754 in panic (fmt=0xc0709871 "%s") at /usr/src/sys/kern/kern_shutdown.c:565 > #3 0xc06e576d in trap_fatal (frame=0xd43f2ae8, eva=0) at /usr/src/sys/i386/i386/trap.c:837 > #4 0xc06e4e85 in trap (frame= > {tf_fs = -1067450360, tf_es = -734068696, tf_ds = 40, tf_edi = -1019857920, tf_esi = -1020668032, tf_ebp = -734057684, tf_isp = -734057708, tf_ebx = -1020701888, tf_edx = -1020668032, tf_ecx = 4, tf_eax = 4, tf_trapno = 12, tf_err = 0, tf_eip = -1068151897, tf_cs = 32, tf_eflags = 65543, tf_esp = -1020668032, tf_ss = -734057648}) at /usr/src/sys/i386/i386/trap.c:270 > #5 0xc06d220a in calltrap () at /usr/src/sys/i386/i386/exception.s:139 > #6 0xc0554ba7 in turnstile_setowner (ts=0xc3295340, owner=0x4) > at /usr/src/sys/kern/subr_turnstile.c:432 > #7 0xc0554ed3 in turnstile_wait (lock=0xc5df4504, owner=0x4) > at /usr/src/sys/kern/subr_turnstile.c:591 > #8 0xc0524db7 in _mtx_lock_sleep (m=0xc5df4504, tid=3274299264, opts=0, file=0x0, line=0) > at /usr/src/sys/kern/kern_mutex.c:579 > #9 0xc05ffe40 in nd6_output (ifp=0xc3363400, origifp=0x4, m0=0xc364a100, dst=0xc3777a9c, > rt0=0xc38de6b4) at /usr/src/sys/netinet6/nd6.c:2004 > #10 0xc05f3aec in ip6_forward (m=0xc364a100, srcrt=0) > at /usr/src/sys/netinet6/ip6_forward.c:626 > #11 0xc05f4d54 in ip6_input (m=0xc364a100) at /usr/src/sys/netinet6/ip6_input.c:732 > #12 0xc05b7aa7 in netisr_processqueue (ni=0xc0777c84) at /usr/src/sys/net/netisr.c:236 > #13 0xc05b7c9d in swi_net (dummy=0x0) at /usr/src/sys/net/netisr.c:343 > #14 0xc051631a in ithread_execute_handlers (p=0xc329ca78, ie=0xc32da300) > at /usr/src/sys/kern/kern_intr.c:682 > #15 0xc051645b in ithread_loop (arg=0xc3283700) at /usr/src/sys/kern/kern_intr.c:765 > #16 0xc0514f51 in fork_exit (callout=0xc05163f8 , arg=0x4, frame=0x4) > at /usr/src/sys/kern/kern_fork.c:821 > #17 0xc06d226c in fork_trampoline () at /usr/src/sys/i386/i386/exception.s:208 > (kgdb) > > More information (pkg_info, ps output, etc.): > > http://www.prolixium.com/share/txt/freebsd/ipv6/ > > pf.conf can be provided, if needed. -- Ruslan Ermilov ru@FreeBSD.org FreeBSD committer