From nobody Sat May 10 19:38:49 2025 X-Original-To: net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Zvx552kNNz5vkyF for ; Sat, 10 May 2025 19:39:05 +0000 (UTC) (envelope-from kp@freebsd.org) Received: from smtp.freebsd.org (smtp.freebsd.org [96.47.72.83]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Zvx541l89z3fT0; Sat, 10 May 2025 19:39:04 +0000 (UTC) (envelope-from kp@freebsd.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1746905944; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=qtLi7iu+zY0C5goR0xByAst42AJP2ETATRVSdK+8/XM=; b=pweEr/Kjxt0VfkfXy8YPwuuBNIRivp8CgtzLLhUt8fgSQrRuKvNN4xpHXly7uhE3wYXHx8 qNCjcHSOy1H0XjCb9zFL6b32c8CD4Z8GS6mFcxtoC+gyW2+o2+eU8Syw34MVSRE3f76Ger w+2hwooF/otwJo0lBB2y1rCroXKk8n7CJdg62lFkvYxGG1wUiUlruZVsBPHKFVyU4sAqJv VPHgmbITrgBRs9QJt/tX9G8fsV7b+VrofbrDfTYD+yTUlYTLSAZ3maJngtH+aYVFZ7PCZj 5XpAPE9u3CzJ6DsJwl9B8CB2wOq5y9Mi86HxFquuverIH4dh5OI+mNxdQkQMWA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1746905944; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=qtLi7iu+zY0C5goR0xByAst42AJP2ETATRVSdK+8/XM=; b=E2I8XyPTsioLcTdoRGMOgJ0DGfT0yn023Qk4tjiXPAWjSwoxqkKqIkR++BECIzKlpEgUyU rm2H3RxSqJ2DGqh8tTfohgqEEvgmx5it1fS6YdyjSX5A5PttY6iEgbzk02p1FLSl3wWMKT FEA5dNsyFuQxV0DhzgKDdLFNluiHN2JbLUDB+dCqFkwavPtvoWSpnXiq78mw2mTLGe6iwH bjMQ4VGqPYTSHoAifCCOCLGxaWASM8lQZpP48Mmlrzyn1QGABFl/qeikRb5KU6nqwlyR+u 5LfWMQ1Jk0VE0T+L+xkKol6TjzgSm4jprrouAG69jgHwjBuaHMp91RS6HkEkOQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1746905944; a=rsa-sha256; cv=none; b=DjmPxUWNQazRoxls4FNk6oZ18NuTzRWOH0PcZiIfEtpPpfduutH2tUR9iMFGEyfmtjH7w5 ITz0C4BuuXKfvST49WTy6saxuECyqda7CxAuBNoDxzhjGtGwc7bGHJUBU94eU7+5T8ntnA Sl5HLRmA+7mGJ7pJbrJDNEX4p+smtg4Ex4VANzrTpUqIfY5QK+n1nBTX/kNkcuJwdhOPO9 0YTKkZeoaHU3Dqd6+PCwKcNeZqDNbJxaI8qwEdgBc8KcvKCTJFSD6aRCt4rdkody+iRvCE bQG+AoTILXpvY+CldrdRsjpcdRacpSUgJdJBBD9onlQjWA1paEfrYRnPeEj9qA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from venus.codepro.be (venus.codepro.be [5.9.86.228]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "mx1.codepro.be", Issuer "R11" (verified OK)) (Authenticated sender: kp) by smtp.freebsd.org (Postfix) with ESMTPSA id 4Zvx536YmGz160h; Sat, 10 May 2025 19:39:03 +0000 (UTC) (envelope-from kp@freebsd.org) Received: by venus.codepro.be (Postfix, authenticated sender kp) id C953E4217C; Sat, 10 May 2025 21:39:01 +0200 (CEST) Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable From: Kristof Provost List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@FreeBSD.org Mime-Version: 1.0 (1.0) Subject: Re: IPv6 panic (NULL * deref?) in nd6_ifnet_link_event Date: Sat, 10 May 2025 21:38:49 +0200 Message-Id: <167D3E8A-2CF0-4723-BA7A-487DCEF382F4@freebsd.org> References: <080s18s9-8q6r-75rr-s158-338413q14s4p@yvfgf.mnoonqbm.arg> Cc: net@freebsd.org In-Reply-To: <080s18s9-8q6r-75rr-s158-338413q14s4p@yvfgf.mnoonqbm.arg> To: "Bjoern A. Zeeb" X-Mailer: iPhone Mail (22E252) > On 10 May 2025, at 21:32, Bjoern A. Zeeb w= rote: >=20 > =EF=BB=BFHi, >=20 > main of the last days. >=20 > Fatal trap 12: page fault while in kernel mode > cpuid =3D 2; apic id =3D 02 > fault virtual address =3D 0x10 > fault code =3D supervisor read data, page not present > instruction pointer =3D 0x20:0xffffffff80dbd769 > stack pointer =3D 0x28:0xfffffe0106296d60 > frame pointer =3D 0x28:0xfffffe0106296d70 > code segment =3D base 0x0, limit 0xfffff, type 0x1b > =3D DPL 0, pres 1, long 1, def32 0, gran 1 > processor eflags =3D interrupt enabled, resume, IOPL =3D 0 > current process =3D 12 (swi6: task queue) > rdi: fffff8002f997800 rsi: 000000000000001c rdx: 0000000000000000 > rcx: 0000000000010000 r8: 0000000000000001 r9: ffffffffffffffff > rax: 0000000000000000 rbx: fffff8002f997a18 rbp: fffffe0106296d70 > r10: ffffffff81c4a1e8 r11: 0000000000000001 r12: fffff80001210700 > r13: fffff80001210728 r14: fffff8002f997800 r15: 0000000000000001 > trap number =3D 12 > panic: page fault > cpuid =3D 2 > time =3D 1746903751 > KDB: stack backtrace: > db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe010629= 6a90 > vpanic() at vpanic+0x136/frame 0xfffffe0106296bc0 > panic() at panic+0x43/frame 0xfffffe0106296c20 > trap_pfault() at trap_pfault+0x48d/frame 0xfffffe0106296c90 > calltrap() at calltrap+0x8/frame 0xfffffe0106296c90 > --- trap 0xc, rip =3D 0xffffffff80dbd769, rsp =3D 0xfffffe0106296d60, rbp =3D= 0xfffffe0106296d70 --- > nd6_ifnet_link_event() at nd6_ifnet_link_event+0x39/frame 0xfffffe0106296d= 70 > do_link_state_change() at do_link_state_change+0x1b1/frame 0xfffffe0106296= dc0 > taskqueue_run_locked() at taskqueue_run_locked+0x1c2/frame 0xfffffe0106296= e40 > taskqueue_run() at taskqueue_run+0x4d/frame 0xfffffe0106296e60 > ithread_loop() at ithread_loop+0x266/frame 0xfffffe0106296ef0 > fork_exit() at fork_exit+0x82/frame 0xfffffe0106296f30 > fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe0106296f30 > --- trap 0x25b01e6e, rip =3D 0x52db004fa566ef34, rsp =3D 0xcadb9a4f3d66773= 4, rbp =3D 0xde5a00adbd42c69c --- > KDB: enter: panic >=20 >=20 > (gdb) l * nd6_ifnet_link_event+0x39 > 0xffffffff80dbd769 is in nd6_ifnet_link_event (sys/netinet6/nd6_rtr.c:327)= . > 322 static void > 323 defrtr_ipv6_only_ipf_down(struct ifnet *ifp) > 324 { > 325 > 326 IF_AFDATA_WLOCK(ifp); > 327 ND_IFINFO(ifp)->flags &=3D ~ND6_IFF_IPV6_ONLY; > 328 IF_AFDATA_WUNLOCK(ifp); > 329 } > 330 #endif /* EXPERIMENTAL */ > 331 >=20 That may be a known issue. There=E2=80=99s something odd with teardown where= we sometimes clean up af_data for INET6 and still try to send v6 traffic. I= know of panics where there=E2=80=99s a fib6_lookup() that returns a route w= ith no v6 af_data.=20 I put a hack in the pfsense tree to make the panic less likely, but I don=E2= =80=99t know what the root cause is.=20 =E2=80=94=20 Kristof=