Date: Thu, 26 Apr 2018 09:25:15 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 227785] ip_mroute: empty ef->progtab[i].name page fault while in kernel mode Message-ID: <bug-227785-227@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D227785 Bug ID: 227785 Summary: ip_mroute: empty ef->progtab[i].name page fault while in kernel mode Product: Base System Version: CURRENT Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: kern Assignee: bugs@FreeBSD.org Reporter: eadler@FreeBSD.org How to reproduce: kldload ip_mroute=20 Unread portion of the kernel message buffer: [341188] [341188] [341188] Fatal trap 12: page fault while in kernel mode [341188] cpuid =3D 17; apic id =3D 11 [341188] fault virtual address =3D 0x0 [341188] fault code =3D supervisor read data, page not present [341188] instruction pointer =3D 0x20:0xffffffff80c50cd0 [341188] stack pointer =3D 0x28:0xfffffe00a741c440 [341188] frame pointer =3D 0x28:0xfffffe00a741c440 [341188] code segment =3D base 0x0, limit 0xfffff, type 0x1b [341188] =3D DPL 0, pres 1, long 1, def32 0, gran 1 [341188] processor eflags =3D interrupt enabled, resume, IOPL =3D 0 [341188] current process =3D 31597 (kldload) __curthread () at ./machine/pcpu.h:230 230 __asm("movq %%gs:%1,%0" : "=3Dr" (td) (kgdb) bt #0 __curthread () at ./machine/pcpu.h:230 #1 doadump (textdump=3D0x1) at /usr/src/sys/kern/kern_shutdown.c:361 #2 0xffffffff80434f4c in db_fncall_generic (addr=3D<optimized out>, rv=3D<optimized out>, nargs=3D<optimized out>, args=3D<optimized out>) at /usr/src/sys/ddb/db_command.c:609 #3 db_fncall (dummy1=3D<optimized out>, dummy2=3D<optimized out>, dummy3=3D<optimized out>, dummy4=3D<optimized out>) at /usr/src/sys/ddb/db_command.c:657 #4 0xffffffff80434a99 in db_command (last_cmdp=3D<optimized out>, cmd_table=3D<optimized out>, dopager=3D<optimized out>) at /usr/src/sys/ddb/db_command.c:481 #5 0xffffffff80434814 in db_command_loop () at /usr/src/sys/ddb/db_command.c:534 #6 0xffffffff80437a3f in db_trap (type=3D<optimized out>, code=3D<optimize= d out>) at /usr/src/sys/ddb/db_main.c:250 #7 0xffffffff80babf53 in kdb_trap (type=3D0xc, code=3D0x0, tf=3D<optimized= out>) at /usr/src/sys/kern/subr_kdb.c:697 #8 0xffffffff81025170 in trap_fatal (frame=3D0xfffffe00a741c380, eva=3D0x0= ) at /usr/src/sys/amd64/amd64/trap.c:815 #9 0xffffffff81025282 in trap_pfault (frame=3D0xfffffe00a741c380, usermode=3D<optimized out>) at /usr/src/sys/amd64/amd64/trap.c:664 #10 0xffffffff81024a72 in trap (frame=3D0xfffffe00a741c380) at /usr/src/sys/amd64/amd64/trap.c:413 #11 <signal handler called> #12 strncmp (s1=3D0x0, s2=3D0xffffffff812562ea "set_", n=3D0x4) at /usr/src/sys/libkern/strncmp.c:44 #13 0xffffffff8114f214 in link_elf_lookup_set (lf=3D0xfffff8003930c800, name=3D0xffffffff83bacc82 "sdt_providers_set", startp=3D0xfffffe00a741c4a0, stopp=3D0xfffffe00a741c4a8, countp=3D0x0) at /usr/src/sys/kern/link_elf_obj= .c:1265 #14 0xffffffff83bac5e9 in sdt_kld_unload_try (arg=3D<optimized out>, lf=3D0xfffff8003930cc00, error=3D0xfffffe00a741c504) at /usr/src/sys/cddl/dev/sdt/sdt.c:314 #15 0xffffffff80b3712b in linker_file_unload (file=3D0xfffff8003930c800, flags=3D0x1) at /usr/src/sys/kern/kern_linker.c:656 #16 0xffffffff8114d76f in link_elf_load_file (cls=3D<optimized out>, filename=3D<optimized out>, result=3D<optimized out>) at /usr/src/sys/kern/link_elf_obj.c:1002 #17 0xffffffff80b36a2c in LINKER_LOAD_FILE (cls=3D0xffffffff81b7dc80 <link_elf_class>, result=3D0x0, filename=3D<optimized out>) at ./linker_if.= h:180 #18 linker_load_file (filename=3D<optimized out>, result=3D<optimized out>)= at /usr/src/sys/kern/kern_linker.c:447 #19 linker_load_module (kldname=3D<optimized out>, modname=3D0x0, parent=3D= 0x0, verinfo=3D<optimized out>, lfpp=3D0xfffffe00a741c918) at /usr/src/sys/kern/kern_linker.c:2092 #20 0xffffffff80b38361 in kern_kldload (td=3D<optimized out>, file=3D<optim= ized out>, fileid=3D0xfffffe00a741c964) at /usr/src/sys/kern/kern_linker.c:1071 #21 0xffffffff80b3848b in sys_kldload (td=3D0xfffff800461cc560, uap=3D<opti= mized out>) at /usr/src/sys/kern/kern_linker.c:1097 #22 0xffffffff8102606b in syscallenter (td=3D0xfffff800461cc560) at /usr/src/sys/amd64/amd64/../../kern/subr_syscall.c:134 #23 amd64_syscall (td=3D0xfffff800461cc560, traced=3D0x0) at /usr/src/sys/amd64/amd64/trap.c:936 #24 <signal handler called> #25 0x00000008002cfd8a in ?? () Backtrace stopped: Cannot access memory at address 0x7fffffffd468 (kgdb) frame 12 Stack level 12, frame at 0xfffffe00a741c450: rip =3D 0xffffffff80c50cd0 in strncmp (/usr/src/sys/libkern/strncmp.c:44);= saved rip =3D 0xffffffff8114f214 called by frame at 0xfffffe00a741c4a0, caller of frame at 0xfffffe00a741c4= 40 source language c. Arglist at 0xfffffe00a741c440, args: s1=3D0x0, s2=3D0xffffffff812562ea "se= t_", n=3D0x4 Locals at 0xfffffe00a741c440, Previous frame's sp is 0xfffffe00a741c450 Saved registers: rbp at 0xfffffe00a741c440, rip at 0xfffffe00a741c448 s1 =3D 0x0 s2 =3D 0xffffffff812562ea "set_" n =3D 0x4 No locals. (kgdb) list 1260 void **start, **stop; 1261 int i, count; 1262 1263 /* Relative to section number */ 1264 for (i =3D 0; i < ef->nprogtab; i++) { 1265 if ((strncmp(ef->progtab[i].name, "set_", 4) =3D=3D= 0) && 1266 strcmp(ef->progtab[i].name + 4, name) =3D=3D 0)= { 1267 start =3D (void **)ef->progtab[i].addr; 1268 stop =3D (void **)((char *)ef->progtab[i].a= ddr + 1269 ef->progtab[i].size); (kgdb) p ef->progtab[i] $8 =3D { addr =3D 0x0, size =3D 0x0, flags =3D 0x0, sec =3D 0x0, name =3D 0x0 } further details here: https://reviews.freebsd.org/P173 --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-227785-227>