From owner-freebsd-net@FreeBSD.ORG  Thu Jan  6 13:40:11 2011
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 0CB521065672
	for <freebsd-net@hub.freebsd.org>; Thu,  6 Jan 2011 13:40:11 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
	[IPv6:2001:4f8:fff6::28])
	by mx1.freebsd.org (Postfix) with ESMTP id D61A48FC08
	for <freebsd-net@hub.freebsd.org>; Thu,  6 Jan 2011 13:40:10 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
	by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id p06DeArb067178
	for <freebsd-net@freefall.freebsd.org>; Thu, 6 Jan 2011 13:40:10 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.14.4/8.14.4/Submit) id p06DeAVj067177;
	Thu, 6 Jan 2011 13:40:10 GMT (envelope-from gnats)
Date: Thu, 6 Jan 2011 13:40:10 GMT
Message-Id: <201101061340.p06DeAVj067177@freefall.freebsd.org>
To: freebsd-net@FreeBSD.org
From: Mike Tancsa <mike@sentex.net>
Cc: 
Subject: Re: kern/153497: [netgraph] netgraph panic with ipv6 enabled
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: Mike Tancsa <mike@sentex.net>
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 06 Jan 2011 13:40:11 -0000

The following reply was made to PR kern/153497; it has been noted by GNATS.

From: Mike Tancsa <mike@sentex.net>
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: kern/153497: [netgraph] netgraph panic with ipv6 enabled
Date: Thu, 06 Jan 2011 08:30:08 -0500

 Another panic
 
 
 
 Fatal trap 12: page fault while in kernel mode
 cpuid = 0; apic id = 00
 fault virtual address   = 0x537b6
 fault code              = supervisor read, page not present
 instruction pointer     = 0x20:0xc5f29e79
 stack pointer           = 0x28:0xc4e8f9b4
 frame pointer           = 0x28:0xc4e8f9d0
 code segment            = base 0x0, limit 0xfffff, type 0x1b
                         = DPL 0, pres 1, def32 1, gran 1
 processor eflags        = interrupt enabled, resume, IOPL = 0
 current process         = 0 (em1 taskq)
 trap number             = 12
 panic: page fault
 cpuid = 0
 Uptime: 6d7h49m4s
 Physical memory: 2036 MB
 Dumping 273 MB: 258 242 226 210 194 178 162 146 130 114 98 82 66 50 34 18 2
 
 
 (kgdb) bt
 #0  doadump () at pcpu.h:231
 #1  0xc068cee3 in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:419
 #2  0xc068d147 in panic (fmt=Variable "fmt" is not available.
 ) at /usr/src/sys/kern/kern_shutdown.c:592
 #3  0xc08f082c in trap_fatal (frame=0xc4e8f974, eva=341942) at
 /usr/src/sys/i386/i386/trap.c:946
 #4  0xc08f0a90 in trap_pfault (frame=0xc4e8f974, usermode=0, eva=341942)
 at /usr/src/sys/i386/i386/trap.c:859
 #5  0xc08f0f39 in trap (frame=0xc4e8f974) at
 /usr/src/sys/i386/i386/trap.c:532
 #6  0xc08d825c in calltrap () at /usr/src/sys/i386/i386/exception.s:166
 #7  0xc5f29e79 in ng_address_hook (here=0x0, item=0xc5f56180,
 hook=0xca5d1300, retaddr=0) at
 /usr/src/sys/modules/netgraph/netgraph/../../../netgraph/ng_base.c:3525
 #8  0xc5f6777d in ng_iface_send (ifp=0xcbad4800, m=0xcabfa200,
 sa=Variable "sa" is not available.
 ) at /usr/src/sys/modules/netgraph/iface/../../../netgraph/ng_iface.c:475
 #9  0xc5f67bd8 in ng_iface_output (ifp=0xcbad4800, m=0xcabfa200,
 dst=0xc4e8fafc, ro=0xc4e8faf4) at
 /usr/src/sys/modules/netgraph/iface/../../../netgraph/ng_iface.c:410
 #10 0xc075f58e in ip_output (m=0xcabfa200, opt=0x0, ro=0xc4e8faf4,
 flags=Variable "flags" is not available.
 ) at /usr/src/sys/netinet/ip_output.c:634
 #11 0xc075c3f9 in ip_forward (m=0xcabfa200, srcrt=0) at
 /usr/src/sys/netinet/ip_input.c:1521
 #12 0xc075da02 in ip_input (m=0xcabfa200) at
 /usr/src/sys/netinet/ip_input.c:729
 #13 0xc073ffc9 in netisr_dispatch_src (proto=1, source=0, m=0xcabfa200)
 at /usr/src/sys/net/netisr.c:917
 #14 0xc0740260 in netisr_dispatch (proto=1, m=0xcabfa200) at
 /usr/src/sys/net/netisr.c:1004
 #15 0xc0737111 in ether_demux (ifp=0xc5275400, m=0xcabfa200) at
 /usr/src/sys/net/if_ethersubr.c:894
 #16 0xc073767f in ether_input (ifp=0xc5275400, m=0xcabfa200) at
 /usr/src/sys/net/if_ethersubr.c:753
 #17 0xc052e9aa in em_rxeof (rxr=0xc520c400, count=98, done=0x0) at
 /usr/src/sys/dev/e1000/if_em.c:4283
 #18 0xc052ebcd in em_handle_que (context=0xc5277000, pending=1) at
 /usr/src/sys/dev/e1000/if_em.c:1482
 #19 0xc06c6a8a in taskqueue_run_locked (queue=0xc5270000) at
 /usr/src/sys/kern/subr_taskqueue.c:250
 #20 0xc06c6c1c in taskqueue_thread_loop (arg=0xc527b568) at
 /usr/src/sys/kern/subr_taskqueue.c:387
 #21 0xc06627d1 in fork_exit (callout=0xc06c6b60 <taskqueue_thread_loop>,
 arg=0xc527b568, frame=0xc4e8fd28) at /usr/src/sys/kern/kern_fork.c:845
 #22 0xc08d82d4 in fork_trampoline () at
 /usr/src/sys/i386/i386/exception.s:273
 (kgdb) up 7
 #7  0xc5f29e79 in ng_address_hook (here=0x0, item=0xc5f56180,
 hook=0xca5d1300, retaddr=0) at
 /usr/src/sys/modules/netgraph/netgraph/../../../netgraph/ng_base.c:3525
 3525            if (peernode == NULL) {
 (kgdb) list
 3520            if (NG_HOOK_NOT_VALID(peer)) {
 3521                    BZXXXPRINTF("NG_HOOK_NOT_VALID(peer)");
 3522                    goto outahere;
 3523            }
 3524            peernode = NG_PEER_NODE(hook);
 3525            if (peernode == NULL) {
 3526                    BZXXXPRINTF("peernode == NULL");
 3527                    goto outahere;
 3528            }
 3529            if (NG_NODE_NOT_VALID(peernode)) {
 (kgdb)
 (kgdb) p *hook
 $1 = {hk_name = "inet", '\0' <repeats 27 times>, hk_private = 0x0,
 hk_flags = 48, hk_type = 0, hk_peer = 0xcb7eb100, hk_node = 0xc6226c00,
 hk_hooks = {le_next = 0x0,
     le_prev = 0xc6226c34}, hk_rcvmsg = 0, hk_rcvdata = 0, hk_refs = 2}
 (kgdb) p *peer
 $2 = {hk_name = "ng381", '\0' <repeats 26 times>, hk_private =
 0xc5f69160, hk_flags = 0, hk_type = 1, hk_peer = 0xcb51c6c0, hk_node =
 0x53792, hk_hooks = {le_next = 0xca6d5e00,
     le_prev = 0xcb4a3480}, hk_rcvmsg = 0xc5f30904 <ng_name_hash+452>,
 hk_rcvdata = 0xcb720c00, hk_refs = -973929112}
 (kgdb) p *peernode
 Cannot access memory at address 0x53792