Date: Sat, 30 Mar 2019 13:43:11 +0000 From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 236853] panic: page fault on rtsock.c Message-ID: <bug-236853-7501-KJ2JMZ0P3l@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-236853-7501@https.bugs.freebsd.org/bugzilla/> References: <bug-236853-7501@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D236853 --- Comment #3 from Andrey V. Elsukov <ae@FreeBSD.org> --- Fatal trap 12: page fault while in kernel mode cpuid =3D 0; apic id =3D 00 fault virtual address =3D 0xdeadc0e6 fault code =3D supervisor read data, page not present instruction pointer =3D 0x20:0x10554cb stack pointer =3D 0x28:0x13ef3ba0 frame pointer =3D 0x28:0x13ef3c04 code segment =3D base 0x0, limit 0xfffff, type 0x1b =3D DPL 0, pres 1, def32 1, gran 1 processor eflags =3D interrupt enabled, resume, IOPL =3D 0 current process =3D 12 (swi4: clock (0)) trap number =3D 12 panic: page fault cpuid =3D 0 time =3D 1553520118 KDB: stack backtrace: db_trace_self_wrapper(ccc1c1,1,ac27dc0,13ef39bc,b4dd91,...) at db_trace_self_wrapper+0x2a/frame 0x13ef3990 kdb_backtrace(e,0,0,13ef3b60,13ef3b60,...) at kdb_backtrace+0x2e/frame 0x13ef39f0 vpanic(1243776,13ef3a34,13ef3a34,13ef3a68,11ef956,...) at vpanic+0x121/frame 0x13ef3a14 panic(1243776,12b225a,2695000,0,deadc0e6,...) at panic+0x14/frame 0x13ef3a28 trap_fatal(15dc000,13ef3b60,13ef3a9c,e556d2,265dc000,...) at trap_fatal+0x356/frame 0x13ef3a68 trap_pfault(deadc0e6) at trap_pfault+0x35/frame 0x13ef3a9c trap(13ef3b60,8,28,28,ad9b400,...) at trap+0x3c0/frame 0x13ef3b54 calltrap() at 0xffc0316d/frame 0x13ef3b54 --- trap 0xc, eip =3D 0x10554cb, esp =3D 0x13ef3ba0, ebp =3D 0x13ef3c04 --- nd6_dad_timer(1d1fe980) at nd6_dad_timer+0x5b/frame 0x13ef3c04 softclock_call_cc(0) at softclock_call_cc+0x122/frame 0x13ef3c68 softclock(1868640) at softclock+0x6f/frame 0x13ef3c84 ithread_loop(adfbf20,13ef3ce8) at ithread_loop+0x156/frame 0x13ef3cb4 fork_exit(dfc5c0,adfbf20,13ef3ce8,0,0,...) at fork_exit+0x6c/frame 0x13ef3c= d4 fork_trampoline() at 0xffc033ca/frame 0x13ef3cd4 --- trap 0, eip =3D 0, esp =3D 0x13ef3d20, ebp =3D 0 --- (null)() at 0 This panic seems happens due to bad pointer dereference in: if (ND_IFINFO(ifp)->flags & ND6_IFF_IFDISABLED) The difference between 0xdeadc0e6 and 0xdeadc0de is 8. So, for i386 it seem= s it corresponds to offsetof(struct in6_ifextra, nd_ifinfo). And #define ND_IFINFO(ifp) \ nd6_dad_stop(struct ifaddr *ifa)(((struct in6_ifextra *)(ifp)->if_afdata[AF_INET6])->nd_ifinfo) Can you show the content of *dp and *ifp for 8 frame for vmcore.4? I.e. (kgdb) f 8 p *dp p *ifp --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-236853-7501-KJ2JMZ0P3l>