From owner-freebsd-bugs@FreeBSD.ORG Tue Feb 3 02:27:04 2015 Return-Path: Delivered-To: freebsd-bugs@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 43C72D86 for ; Tue, 3 Feb 2015 02:27:04 +0000 (UTC) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 2AC5F9CD for ; Tue, 3 Feb 2015 02:27:04 +0000 (UTC) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.14.9/8.14.9) with ESMTP id t132R4AS063535 for ; Tue, 3 Feb 2015 02:27:04 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-bugs@FreeBSD.org Subject: [Bug 197286] Panic in IPv6 stack - 0xc0d0b1fc is in ip6_input (/usr/src/sys/netinet6/ip6_input.c:702) Date: Tue, 03 Feb 2015 02:27:04 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 10.1-STABLE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: tdb@FreeBSD.org X-Bugzilla-Status: New X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform op_sys bug_status bug_severity priority component assigned_to reporter Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Feb 2015 02:27:04 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=197286 Bug ID: 197286 Summary: Panic in IPv6 stack - 0xc0d0b1fc is in ip6_input (/usr/src/sys/netinet6/ip6_input.c:702) Product: Base System Version: 10.1-STABLE Hardware: i386 OS: Any Status: New Severity: Affects Only Me Priority: --- Component: kern Assignee: freebsd-bugs@FreeBSD.org Reporter: tdb@FreeBSD.org Kernel panic (triggered by receiving an IPv6 ping!). Running stable/10 r277643. System has a tun0 device controlled by ppp and a gif device tunnelled over that connection for IPv6. Fatal trap 12: page fault while in kernel mode cpuid = 0; apic id = 00 fault virtual address = 0x0 fault code = supervisor read, page not present instruction pointer = 0x20:0xc0d0b1fc stack pointer = 0x28:0xdb570738 frame pointer = 0x28:0xdb5708e0 code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, def32 1, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 742 (ppp) trap number = 12 panic: page fault cpuid = 0 KDB: stack backtrace: #0 0xc0b5f3c2 at kdb_backtrace+0x52 #1 0xc0b20fcf at panic+0x11f #2 0xc1027574 at trap_fatal+0x324 #3 0xc10278d5 at trap_pfault+0x355 #4 0xc1026f94 at trap+0x674 #5 0xc1011b8c at calltrap+0x6 #6 0xc0bf828b at netisr_dispatch_src+0x8b #7 0xc0bf8600 at netisr_dispatch+0x20 #8 0xc0bf071e at gif_input+0x35e #9 0xc0c4f781 at in_gif_input+0x51 #10 0xc0c4f5bf at in_gif_input10+0x2f #11 0xc0c58420 at encap4_input+0x210 #12 0xc0c5c432 at ip_input+0x152 #13 0xc0bf828b at netisr_dispatch_src+0x8b #14 0xc0bf8600 at netisr_dispatch+0x20 #15 0xc0bf4904 at tunwrite+0x254 #16 0xc09fe644 at devfs_write_f+0xb4 #17 0xc0b77776 at dofilewrite+0x86 Uptime: 37s Physical memory: 491 MB Dumping 65 MB: 50 34 18 2 Reading symbols from /boot/kernel/pf.ko.symbols...done. Loaded symbols for /boot/kernel/pf.ko.symbols Reading symbols from /boot/kernel/pflog.ko.symbols...done. Loaded symbols for /boot/kernel/pflog.ko.symbols Reading symbols from /boot/kernel/netgraph.ko.symbols...done. Loaded symbols for /boot/kernel/netgraph.ko.symbols Reading symbols from /boot/kernel/ng_ether.ko.symbols...done. Loaded symbols for /boot/kernel/ng_ether.ko.symbols Reading symbols from /boot/kernel/ng_pppoe.ko.symbols...done. Loaded symbols for /boot/kernel/ng_pppoe.ko.symbols Reading symbols from /boot/kernel/ng_socket.ko.symbols...done. Loaded symbols for /boot/kernel/ng_socket.ko.symbols #0 doadump (textdump=-999684992) at pcpu.h:233 233 pcpu.h: No such file or directory. in pcpu.h (kgdb) list *0xc0d0b1fc 0xc0d0b1fc is in ip6_input (/usr/src/sys/netinet6/ip6_input.c:702). 697 bad = 1; 698 #define sa_equal(a1, a2) \ 699 (bcmp((a1), (a2), ((a1))->sin6_len) == 0) 700 IF_ADDR_RLOCK(ifp); 701 TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) { 702 if (ifa->ifa_addr->sa_family != dst6.sin6_family) 703 continue; 704 if (sa_equal(&dst6, ifa->ifa_addr)) 705 break; 706 } Current language: auto; currently minimal (kgdb) backtrace #0 doadump (textdump=-999684992) at pcpu.h:233 #1 0xc0b20c3d in kern_reboot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:452 #2 0xc0b2100d in panic (fmt=) at /usr/src/sys/kern/kern_shutdown.c:759 #3 0xc1027574 in trap_fatal (frame=, eva=) at /usr/src/sys/i386/i386/trap.c:1023 #4 0xc10278d5 in trap_pfault (frame=0x0, usermode=, eva=0) at /usr/src/sys/i386/i386/trap.c:835 #5 0xc1026f94 in trap (frame=0xdb5706f8) at /usr/src/sys/i386/i386/trap.c:532 #6 0xc1011b8c in calltrap () at /usr/src/sys/i386/i386/exception.s:170 #7 0xc0d0b1fc in ip6_input (m=0xc4571830) at /usr/src/sys/netinet6/ip6_input.c:702 #8 0xc0bf828b in netisr_dispatch_src (proto=, source=, m=0x0) at /usr/src/sys/net/netisr.c:972 #9 0xc0bf8600 in netisr_dispatch (proto=10, m=0xc4ae3a00) at /usr/src/sys/net/netisr.c:1063 #10 0xc0bf071e in gif_input (m=0xc4ae3a00, ifp=0xc52d2800, proto=, ecn=12 '\f') at /usr/src/sys/net/if_gif.c:693 #11 0xc0c4f781 in in_gif_input (mp=0xdb5709ac, offp=) at /usr/src/sys/netinet/in_gif.c:166 #12 0xc0c4f5bf in in_gif_input10 (m=0xc4ae3a00, off=20) at /usr/src/sys/netinet/in_gif.c:143 #13 0xc0c58420 in encap4_input (m=0xc4ae3a00) at /usr/src/sys/netinet/ip_encap.c:191 #14 0xc0c5c432 in ip_input (m=0xc4ae3a00) at /usr/src/sys/netinet/ip_input.c:734 #15 0xc0bf828b in netisr_dispatch_src (proto=, source=, m=0x0) at /usr/src/sys/net/netisr.c:972 #16 0xc0bf8600 in netisr_dispatch (proto=1, m=0xc4ae3a00) at /usr/src/sys/net/netisr.c:1063 #17 0xc0bf4904 in tunwrite (dev=0xc4b5e700, uio=, flag=0) at /usr/src/sys/net/if_tun.c:926 #18 0xc09fe644 in devfs_write_f (fp=, uio=0xdb570be8, flags=, td=) at /usr/src/sys/fs/devfs/devfs_vnops.c:1678 #19 0xc0b77776 in dofilewrite (td=0xc52cc930, fd=6, fp=0xc4be9498, auio=0xdb570be8, offset=-1, flags=0) at file.h:304 #20 0xc0b77476 in kern_writev (td=0xc52cc930, fd=6, auio=) at /usr/src/sys/kern/sys_generic.c:481 #21 0xc0b773cc in sys_write (td=, uap=) at /usr/src/sys/kern/sys_generic.c:396 #22 0xc1028036 in syscall (frame=) at subr_syscall.c:134 #23 0xc1011c21 in Xint0x80_syscall () at /usr/src/sys/i386/i386/exception.s:270 #24 0x00000033 in ?? () Previous frame inner to this frame (corrupt stack?) (kgdb) Bug is reproducible and I have the kernel dump available. -- You are receiving this mail because: You are the assignee for the bug.