Date: Mon, 20 Jun 2016 06:53:35 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-net@FreeBSD.org Subject: [Bug 210379] [panic] in6_lltable_dump_entry bcopy page fault Message-ID: <bug-210379-2472-Z4ssy0LFbD@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-210379-2472@https.bugs.freebsd.org/bugzilla/> References: <bug-210379-2472@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=210379 Andrey V. Elsukov <ae@FreeBSD.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |ae@FreeBSD.org --- Comment #5 from Andrey V. Elsukov <ae@FreeBSD.org> --- Recently I have the same panic when I did `ndp -c`. This is not fresh CURRENT: commit 3a7d342befa3ff4d0e3ecd5baf88e128a41b636f Author: pfg <pfg@FreeBSD.org> Date: Tue Apr 12 17:23:03 2016 +0000 Replace 0 with NULL for pointers in misc. device drivers. Found with devel/coccinelle. --- Fatal trap 12: page fault while in kernel mode cpuid = 2; apic id = 02 fault virtual address = 0x0 fault code = supervisor read data, page not present instruction pointer = 0x20:0xffffffff80ae80d4 stack pointer = 0x28:0xfffffe0233953440 frame pointer = 0x28:0xfffffe0233953450 code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, long 1, def32 0, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 93382 (ndp) (kgdb) bt #0 doadump (textdump=865414752) at pcpu.h:221 #1 0xffffffff803473b6 in db_fncall (dummy1=<value optimized out>, dummy2=<value optimized out>, dummy3=<value optimized out>, dummy4=<value optimized out>) at /usr/src/sys/ddb/db_command.c:568 #2 0xffffffff80346e59 in db_command (cmd_table=<value optimized out>) at /usr/src/sys/ddb/db_command.c:440 #3 0xffffffff80346bb4 in db_command_loop () at /usr/src/sys/ddb/db_command.c:493 #4 0xffffffff8034968b in db_trap (type=<value optimized out>, code=<value optimized out>) at /usr/src/sys/ddb/db_main.c:251 #5 0xffffffff8078e453 in kdb_trap (type=<value optimized out>, code=<value optimized out>, tf=<value optimized out>) at /usr/src/sys/kern/subr_kdb.c:654 #6 0xffffffff80aea591 in trap_fatal (frame=0xfffffe0233953390, eva=0) at /usr/src/sys/amd64/amd64/trap.c:836 #7 0xffffffff80aea7c3 in trap_pfault (frame=0xfffffe0233953390, usermode=0) at /usr/src/sys/amd64/amd64/trap.c:691 #8 0xffffffff80ae9d6c in trap (frame=0xfffffe0233953390) at /usr/src/sys/amd64/amd64/trap.c:442 #9 0xffffffff80acd411 in calltrap () at /usr/src/sys/amd64/amd64/exception.S:236 #10 0xffffffff80ae80d4 in bcopy () at /usr/src/sys/amd64/amd64/support.S:122 #11 0xffffffff809666fe in in6_lltable_dump_entry (llt=<value optimized out>, lle=0xfffff80173bb2200, wr=0xfffffe0233953858) at /usr/src/sys/netinet6/in6.c:2370 #12 0xffffffff80848103 in htable_foreach_lle (llt=<value optimized out>, f=<value optimized out>, farg=<value optimized out>) at /usr/src/sys/net/if_llatbl.c:143 #13 0xffffffff80846bad in lltable_sysctl_dumparp (af=<value optimized out>, wr=<value optimized out>) at /usr/src/sys/net/if_llatbl.c:658 #14 0xffffffff808580cb in sysctl_rtsock (oidp=<value optimized out>, arg1=<value optimized out>, arg2=<value optimized out>, req=0xfffffe0233953858) at /usr/src/sys/net/rtsock.c:1864 #15 0xffffffff80756301 in sysctl_root_handler_locked (oid=0xffffffff81170638, arg1=0xfffffe0233953928, arg2=4, req=0xfffffe0233953858, tracker=0xfffffe02339537d0) at /usr/src/sys/kern/kern_sysctl.c:165 #16 0xffffffff80755ad6 in sysctl_root (arg1=<value optimized out>, arg2=<value optimized out>) at /usr/src/sys/kern/kern_sysctl.c:1841 #17 0xffffffff80756076 in userland_sysctl (td=<value optimized out>, name=0xfffffe0233953920, namelen=6, old=<value optimized out>, oldlenp=<value optimized out>, inkernel=<value optimized out>, new=<value optimized out>, newlen=<value optimized out>, retval=0xfffffe0233953520, flags=0) at /usr/src/sys/kern/kern_sysctl.c:1944 #18 0xffffffff80755e84 in sys___sysctl (td=0xfffff801c81539a0, uap=0xfffffe0233953a40) at /usr/src/sys/kern/kern_sysctl.c:1871 #19 0xffffffff80aeaf68 in amd64_syscall (td=<value optimized out>, traced=0) at subr_syscall.c:135 (kgdb) f 11 #11 0xffffffff809666fe in in6_lltable_dump_entry (llt=<value optimized out>, lle=0xfffff80173bb2200, wr=0xfffffe0233953858) at /usr/src/sys/netinet6/in6.c:2370 2370 bcopy(lle->ll_addr, LLADDR(sdl), ifp->if_addrlen); (kgdb) p *lle $1 = {lle_next = {le_next = 0x0, le_prev = 0xfffff800039bab08}, r_l3addr = {addr4 = {s_addr = 2917007613}, addr6 = {__u6_addr = { __u6_addr8 = 0xfffff80173bb2210 "�", __u6_addr16 = 0xfffff80173bb2210, __u6_addr32 = 0xfffff80173bb2210}}}, r_linkdata = 0xfffff80173bb2220 "", r_hdrlen = 0 '\0', spare0 = 0xfffff80173bb2239 "", r_flags = 0, r_skip_req = 0, lle_tbl = 0xfffff800039bac00, lle_head = 0xfffff800039bab08, lle_free = 0xffffffff80966920 <in6_lltable_destroy_lle>, la_hold = 0xfffff801d1c0ed00, la_numheld = 0, la_expire = 793804, la_flags = 64, la_asked = 2, la_preempt = 0, ln_state = 0, ln_router = 0, ln_ntick = 0, lle_remtime = 0, lle_hittime = 0, lle_refcnt = 2, ll_addr = 0x0, lle_chain = {le_next = 0x0, le_prev = 0x0}, lle_timer = {c_links = {le = {le_next = 0x0, le_prev = 0xfffffe0000c9d030}, sle = {sle_next = 0x0}, tqe = {tqe_next = 0x0, tqe_prev = 0xfffffe0000c9d030}}, c_time = 3409362326052764, c_precision = 268435450, c_arg = 0xfffff80173bb2200, c_func = 0xffffffff80982620 <nd6_llinfo_timer>, c_lock = 0x0, c_flags = 2, c_iflags = 20, c_cpu = 0}, lle_lock = {lock_object = {lo_name = 0xffffffff80e9b1a0 "lle", lo_flags = 90374144, lo_data = 0, lo_witness = 0x0}, rw_lock = 1}, req_mtx = {lock_object = {lo_name = 0xffffffff80e9b1a4 "lle req", lo_flags = 16973824, lo_data = 0, lo_witness = 0x0}, mtx_lock = 4}} (kgdb) p lle->ll_addr $2 = 0x0 -- You are receiving this mail because: You are the assignee for the bug.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-210379-2472-Z4ssy0LFbD>