From owner-freebsd-bugs@freebsd.org  Thu Apr 26 09:25:17 2018
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 56232FA78DD
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Thu, 26 Apr 2018 09:25:17 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org
 [IPv6:2001:1900:2254:206a::50:5])
 by mx1.freebsd.org (Postfix) with ESMTP id EE1E3710CD
 for <freebsd-bugs@freebsd.org>; Thu, 26 Apr 2018 09:25:16 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: by mailman.ysv.freebsd.org (Postfix)
 id AD145FA78D9; Thu, 26 Apr 2018 09:25:16 +0000 (UTC)
Delivered-To: bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 8A858FA78D8
 for <bugs@mailman.ysv.freebsd.org>; Thu, 26 Apr 2018 09:25:16 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from mxrelay.ysv.freebsd.org (mxrelay.ysv.freebsd.org
 [IPv6:2001:1900:2254:206a::19:3])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "mxrelay.ysv.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 01C05710C9
 for <bugs@FreeBSD.org>; Thu, 26 Apr 2018 09:25:16 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mxrelay.ysv.freebsd.org (Postfix) with ESMTPS id 25A48137AE
 for <bugs@FreeBSD.org>; Thu, 26 Apr 2018 09:25:15 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id w3Q9PFNh084842
 for <bugs@FreeBSD.org>; Thu, 26 Apr 2018 09:25:15 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
Received: (from www@localhost)
 by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id w3Q9PFG1084841
 for bugs@FreeBSD.org; Thu, 26 Apr 2018 09:25:15 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
X-Authentication-Warning: kenobi.freebsd.org: www set sender to
 bugzilla-noreply@freebsd.org using -f
From: bugzilla-noreply@freebsd.org
To: bugs@FreeBSD.org
Subject: [Bug 227785] ip_mroute: empty ef->progtab[i].name page fault while
 in kernel mode
Date: Thu, 26 Apr 2018 09:25:15 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: new
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: CURRENT
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: eadler@FreeBSD.org
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform
 op_sys bug_status bug_severity priority component assigned_to reporter
Message-ID: <bug-227785-227@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.25
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 26 Apr 2018 09:25:17 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D227785

            Bug ID: 227785
           Summary: ip_mroute: empty ef->progtab[i].name page fault while
                    in kernel mode
           Product: Base System
           Version: CURRENT
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: kern
          Assignee: bugs@FreeBSD.org
          Reporter: eadler@FreeBSD.org

How to reproduce:

kldload ip_mroute=20


Unread portion of the kernel message buffer:
[341188]
[341188]
[341188] Fatal trap 12: page fault while in kernel mode
[341188] cpuid =3D 17; apic id =3D 11
[341188] fault virtual address  =3D 0x0
[341188] fault code             =3D supervisor read data, page not present
[341188] instruction pointer    =3D 0x20:0xffffffff80c50cd0
[341188] stack pointer          =3D 0x28:0xfffffe00a741c440
[341188] frame pointer          =3D 0x28:0xfffffe00a741c440
[341188] code segment           =3D base 0x0, limit 0xfffff, type 0x1b
[341188]                        =3D DPL 0, pres 1, long 1, def32 0, gran 1
[341188] processor eflags       =3D interrupt enabled, resume, IOPL =3D 0
[341188] current process                =3D 31597 (kldload)

__curthread () at ./machine/pcpu.h:230
230             __asm("movq %%gs:%1,%0" : "=3Dr" (td)

(kgdb) bt
#0  __curthread () at ./machine/pcpu.h:230
#1  doadump (textdump=3D0x1) at /usr/src/sys/kern/kern_shutdown.c:361
#2  0xffffffff80434f4c in db_fncall_generic (addr=3D<optimized out>,
rv=3D<optimized out>, nargs=3D<optimized out>, args=3D<optimized out>) at
/usr/src/sys/ddb/db_command.c:609
#3  db_fncall (dummy1=3D<optimized out>, dummy2=3D<optimized out>,
dummy3=3D<optimized out>, dummy4=3D<optimized out>) at
/usr/src/sys/ddb/db_command.c:657
#4  0xffffffff80434a99 in db_command (last_cmdp=3D<optimized out>,
cmd_table=3D<optimized out>, dopager=3D<optimized out>) at
/usr/src/sys/ddb/db_command.c:481
#5  0xffffffff80434814 in db_command_loop () at
/usr/src/sys/ddb/db_command.c:534
#6  0xffffffff80437a3f in db_trap (type=3D<optimized out>, code=3D<optimize=
d out>)
at /usr/src/sys/ddb/db_main.c:250
#7  0xffffffff80babf53 in kdb_trap (type=3D0xc, code=3D0x0, tf=3D<optimized=
 out>) at
/usr/src/sys/kern/subr_kdb.c:697
#8  0xffffffff81025170 in trap_fatal (frame=3D0xfffffe00a741c380, eva=3D0x0=
) at
/usr/src/sys/amd64/amd64/trap.c:815
#9  0xffffffff81025282 in trap_pfault (frame=3D0xfffffe00a741c380,
usermode=3D<optimized out>) at /usr/src/sys/amd64/amd64/trap.c:664
#10 0xffffffff81024a72 in trap (frame=3D0xfffffe00a741c380) at
/usr/src/sys/amd64/amd64/trap.c:413
#11 <signal handler called>
#12 strncmp (s1=3D0x0, s2=3D0xffffffff812562ea "set_", n=3D0x4) at
/usr/src/sys/libkern/strncmp.c:44
#13 0xffffffff8114f214 in link_elf_lookup_set (lf=3D0xfffff8003930c800,
name=3D0xffffffff83bacc82 "sdt_providers_set", startp=3D0xfffffe00a741c4a0,
stopp=3D0xfffffe00a741c4a8, countp=3D0x0) at /usr/src/sys/kern/link_elf_obj=
.c:1265
#14 0xffffffff83bac5e9 in sdt_kld_unload_try (arg=3D<optimized out>,
lf=3D0xfffff8003930cc00, error=3D0xfffffe00a741c504) at
/usr/src/sys/cddl/dev/sdt/sdt.c:314
#15 0xffffffff80b3712b in linker_file_unload (file=3D0xfffff8003930c800,
flags=3D0x1) at /usr/src/sys/kern/kern_linker.c:656
#16 0xffffffff8114d76f in link_elf_load_file (cls=3D<optimized out>,
filename=3D<optimized out>, result=3D<optimized out>) at
/usr/src/sys/kern/link_elf_obj.c:1002
#17 0xffffffff80b36a2c in LINKER_LOAD_FILE (cls=3D0xffffffff81b7dc80
<link_elf_class>, result=3D0x0, filename=3D<optimized out>) at ./linker_if.=
h:180
#18 linker_load_file (filename=3D<optimized out>, result=3D<optimized out>)=
 at
/usr/src/sys/kern/kern_linker.c:447
#19 linker_load_module (kldname=3D<optimized out>, modname=3D0x0, parent=3D=
0x0,
verinfo=3D<optimized out>, lfpp=3D0xfffffe00a741c918) at
/usr/src/sys/kern/kern_linker.c:2092
#20 0xffffffff80b38361 in kern_kldload (td=3D<optimized out>, file=3D<optim=
ized
out>, fileid=3D0xfffffe00a741c964) at /usr/src/sys/kern/kern_linker.c:1071
#21 0xffffffff80b3848b in sys_kldload (td=3D0xfffff800461cc560, uap=3D<opti=
mized
out>) at /usr/src/sys/kern/kern_linker.c:1097
#22 0xffffffff8102606b in syscallenter (td=3D0xfffff800461cc560) at
/usr/src/sys/amd64/amd64/../../kern/subr_syscall.c:134
#23 amd64_syscall (td=3D0xfffff800461cc560, traced=3D0x0) at
/usr/src/sys/amd64/amd64/trap.c:936
#24 <signal handler called>
#25 0x00000008002cfd8a in ?? ()
Backtrace stopped: Cannot access memory at address 0x7fffffffd468

(kgdb) frame 12
Stack level 12, frame at 0xfffffe00a741c450:
 rip =3D 0xffffffff80c50cd0 in strncmp (/usr/src/sys/libkern/strncmp.c:44);=
 saved
rip =3D 0xffffffff8114f214
 called by frame at 0xfffffe00a741c4a0, caller of frame at 0xfffffe00a741c4=
40
 source language c.
 Arglist at 0xfffffe00a741c440, args: s1=3D0x0, s2=3D0xffffffff812562ea "se=
t_",
n=3D0x4
 Locals at 0xfffffe00a741c440, Previous frame's sp is 0xfffffe00a741c450
 Saved registers:
  rbp at 0xfffffe00a741c440, rip at 0xfffffe00a741c448
s1 =3D 0x0
s2 =3D 0xffffffff812562ea "set_"
n =3D 0x4
No locals.

(kgdb) list
1260            void **start, **stop;
1261            int i, count;
1262
1263            /* Relative to section number */
1264            for (i =3D 0; i < ef->nprogtab; i++) {
1265                    if ((strncmp(ef->progtab[i].name, "set_", 4) =3D=3D=
 0) &&
1266                        strcmp(ef->progtab[i].name + 4, name) =3D=3D 0)=
 {
1267                            start  =3D (void **)ef->progtab[i].addr;
1268                            stop =3D (void **)((char *)ef->progtab[i].a=
ddr +
1269                                ef->progtab[i].size);

(kgdb) p ef->progtab[i]
$8 =3D {
  addr =3D 0x0,
  size =3D 0x0,
  flags =3D 0x0,
  sec =3D 0x0,
  name =3D 0x0
}

further details here: https://reviews.freebsd.org/P173

--=20
You are receiving this mail because:
You are the assignee for the bug.=