From owner-freebsd-net@freebsd.org Mon Jun 20 06:53:36 2016 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 35970A7B81E for ; Mon, 20 Jun 2016 06:53:36 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 2538F2090 for ; Mon, 20 Jun 2016 06:53:36 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u5K6rZLD024928 for ; Mon, 20 Jun 2016 06:53:36 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-net@FreeBSD.org Subject: [Bug 210379] [panic] in6_lltable_dump_entry bcopy page fault Date: Mon, 20 Jun 2016 06:53:35 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 11.0-CURRENT X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: ae@FreeBSD.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: cc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 Jun 2016 06:53:36 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D210379 Andrey V. Elsukov changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |ae@FreeBSD.org --- Comment #5 from Andrey V. Elsukov --- Recently I have the same panic when I did `ndp -c`. This is not fresh CURRENT: commit 3a7d342befa3ff4d0e3ecd5baf88e128a41b636f Author: pfg Date: Tue Apr 12 17:23:03 2016 +0000 Replace 0 with NULL for pointers in misc. device drivers. Found with devel/coccinelle. --- Fatal trap 12: page fault while in kernel mode cpuid =3D 2; apic id =3D 02 fault virtual address =3D 0x0 fault code =3D supervisor read data, page not present instruction pointer =3D 0x20:0xffffffff80ae80d4 stack pointer =3D 0x28:0xfffffe0233953440 frame pointer =3D 0x28:0xfffffe0233953450 code segment =3D base 0x0, limit 0xfffff, type 0x1b =3D DPL 0, pres 1, long 1, def32 0, gran 1 processor eflags =3D interrupt enabled, resume, IOPL =3D 0 current process =3D 93382 (ndp) (kgdb) bt #0 doadump (textdump=3D865414752) at pcpu.h:221 #1 0xffffffff803473b6 in db_fncall (dummy1=3D, dummy2=3D, dummy3=3D,=20 dummy4=3D) at /usr/src/sys/ddb/db_command.c:568 #2 0xffffffff80346e59 in db_command (cmd_table=3D) at /usr/src/sys/ddb/db_command.c:440 #3 0xffffffff80346bb4 in db_command_loop () at /usr/src/sys/ddb/db_command.c:493 #4 0xffffffff8034968b in db_trap (type=3D, code=3D) at /usr/src/sys/ddb/db_main.c:251 #5 0xffffffff8078e453 in kdb_trap (type=3D, code=3D, tf=3D) at /usr/src/sys/kern/subr_kdb.c:654 #6 0xffffffff80aea591 in trap_fatal (frame=3D0xfffffe0233953390, eva=3D0) = at /usr/src/sys/amd64/amd64/trap.c:836 #7 0xffffffff80aea7c3 in trap_pfault (frame=3D0xfffffe0233953390, usermode= =3D0) at /usr/src/sys/amd64/amd64/trap.c:691 #8 0xffffffff80ae9d6c in trap (frame=3D0xfffffe0233953390) at /usr/src/sys/amd64/amd64/trap.c:442 #9 0xffffffff80acd411 in calltrap () at /usr/src/sys/amd64/amd64/exception.S:236 #10 0xffffffff80ae80d4 in bcopy () at /usr/src/sys/amd64/amd64/support.S:122 #11 0xffffffff809666fe in in6_lltable_dump_entry (llt=3D, lle=3D0xfffff80173bb2200, wr=3D0xfffffe0233953858) at /usr/src/sys/netinet6/in6.c:2370 #12 0xffffffff80848103 in htable_foreach_lle (llt=3D, f=3D, farg=3D) at /usr/src/sys/net/if_llatbl.c:143 #13 0xffffffff80846bad in lltable_sysctl_dumparp (af=3D, wr=3D) at /usr/src/sys/net/if_llatbl.c:658 #14 0xffffffff808580cb in sysctl_rtsock (oidp=3D, arg1=3D, arg2=3D, req=3D0xfffffe0= 233953858) at /usr/src/sys/net/rtsock.c:1864 #15 0xffffffff80756301 in sysctl_root_handler_locked (oid=3D0xffffffff81170= 638, arg1=3D0xfffffe0233953928, arg2=3D4, req=3D0xfffffe0233953858,=20 tracker=3D0xfffffe02339537d0) at /usr/src/sys/kern/kern_sysctl.c:165 #16 0xffffffff80755ad6 in sysctl_root (arg1=3D, arg2= =3D) at /usr/src/sys/kern/kern_sysctl.c:1841 #17 0xffffffff80756076 in userland_sysctl (td=3D, name=3D0xfffffe0233953920, namelen=3D6, old=3D,=20 oldlenp=3D, inkernel=3D, new= =3D, newlen=3D,=20 retval=3D0xfffffe0233953520, flags=3D0) at /usr/src/sys/kern/kern_sysct= l.c:1944 #18 0xffffffff80755e84 in sys___sysctl (td=3D0xfffff801c81539a0, uap=3D0xfffffe0233953a40) at /usr/src/sys/kern/kern_sysctl.c:1871 #19 0xffffffff80aeaf68 in amd64_syscall (td=3D, traced= =3D0) at subr_syscall.c:135 (kgdb) f 11 #11 0xffffffff809666fe in in6_lltable_dump_entry (llt=3D, lle=3D0xfffff80173bb2200, wr=3D0xfffffe0233953858) at /usr/src/sys/netinet6/in6.c:2370 2370 bcopy(lle->ll_addr, LLADDR(sdl), ifp->if_addrlen); (kgdb) p *lle $1 =3D {lle_next =3D {le_next =3D 0x0, le_prev =3D 0xfffff800039bab08}, r_l= 3addr =3D {addr4 =3D {s_addr =3D 2917007613}, addr6 =3D {__u6_addr =3D { __u6_addr8 =3D 0xfffff80173bb2210 "=EF=BF=BD", __u6_addr16 =3D 0xff= fff80173bb2210, __u6_addr32 =3D 0xfffff80173bb2210}}},=20 r_linkdata =3D 0xfffff80173bb2220 "", r_hdrlen =3D 0 '\0', spare0 =3D 0xfffff80173bb2239 "", r_flags =3D 0, r_skip_req =3D 0, lle_tbl =3D 0xfffff800039bac00,=20 lle_head =3D 0xfffff800039bab08, lle_free =3D 0xffffffff80966920 , la_hold =3D 0xfffff801d1c0ed00, la_numheld =3D 0= ,=20 la_expire =3D 793804, la_flags =3D 64, la_asked =3D 2, la_preempt =3D 0, = ln_state =3D 0, ln_router =3D 0, ln_ntick =3D 0, lle_remtime =3D 0, lle_hittime =3D 0,=20 lle_refcnt =3D 2, ll_addr =3D 0x0, lle_chain =3D {le_next =3D 0x0, le_pre= v =3D 0x0}, lle_timer =3D {c_links =3D {le =3D {le_next =3D 0x0,=20 le_prev =3D 0xfffffe0000c9d030}, sle =3D {sle_next =3D 0x0}, tqe = =3D {tqe_next =3D 0x0, tqe_prev =3D 0xfffffe0000c9d030}}, c_time =3D 3409362326052764,=20 c_precision =3D 268435450, c_arg =3D 0xfffff80173bb2200, c_func =3D 0xffffffff80982620 , c_lock =3D 0x0, c_flags =3D 2, c_ifl= ags =3D 20,=20 c_cpu =3D 0}, lle_lock =3D {lock_object =3D {lo_name =3D 0xffffffff80e9= b1a0 "lle", lo_flags =3D 90374144, lo_data =3D 0, lo_witness =3D 0x0}, rw_lock =3D 1},= =20 req_mtx =3D {lock_object =3D {lo_name =3D 0xffffffff80e9b1a4 "lle req", l= o_flags =3D 16973824, lo_data =3D 0, lo_witness =3D 0x0}, mtx_lock =3D 4}} (kgdb) p lle->ll_addr $2 =3D 0x0 --=20 You are receiving this mail because: You are the assignee for the bug.=