Date: Mon, 20 Jun 2016 06:53:35 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-amd64@FreeBSD.org Subject: [Bug 210379] [panic] in6_lltable_dump_entry bcopy page fault Message-ID: <bug-210379-6-c9ILehIHCW@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-210379-6@https.bugs.freebsd.org/bugzilla/> References: <bug-210379-6@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D210379 Andrey V. Elsukov <ae@FreeBSD.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |ae@FreeBSD.org --- Comment #5 from Andrey V. Elsukov <ae@FreeBSD.org> --- Recently I have the same panic when I did `ndp -c`. This is not fresh CURRENT: commit 3a7d342befa3ff4d0e3ecd5baf88e128a41b636f Author: pfg <pfg@FreeBSD.org> Date: Tue Apr 12 17:23:03 2016 +0000 Replace 0 with NULL for pointers in misc. device drivers. Found with devel/coccinelle. --- Fatal trap 12: page fault while in kernel mode cpuid =3D 2; apic id =3D 02 fault virtual address =3D 0x0 fault code =3D supervisor read data, page not present instruction pointer =3D 0x20:0xffffffff80ae80d4 stack pointer =3D 0x28:0xfffffe0233953440 frame pointer =3D 0x28:0xfffffe0233953450 code segment =3D base 0x0, limit 0xfffff, type 0x1b =3D DPL 0, pres 1, long 1, def32 0, gran 1 processor eflags =3D interrupt enabled, resume, IOPL =3D 0 current process =3D 93382 (ndp) (kgdb) bt #0 doadump (textdump=3D865414752) at pcpu.h:221 #1 0xffffffff803473b6 in db_fncall (dummy1=3D<value optimized out>, dummy2=3D<value optimized out>, dummy3=3D<value optimized out>,=20 dummy4=3D<value optimized out>) at /usr/src/sys/ddb/db_command.c:568 #2 0xffffffff80346e59 in db_command (cmd_table=3D<value optimized out>) at /usr/src/sys/ddb/db_command.c:440 #3 0xffffffff80346bb4 in db_command_loop () at /usr/src/sys/ddb/db_command.c:493 #4 0xffffffff8034968b in db_trap (type=3D<value optimized out>, code=3D<va= lue optimized out>) at /usr/src/sys/ddb/db_main.c:251 #5 0xffffffff8078e453 in kdb_trap (type=3D<value optimized out>, code=3D<v= alue optimized out>, tf=3D<value optimized out>) at /usr/src/sys/kern/subr_kdb.c:654 #6 0xffffffff80aea591 in trap_fatal (frame=3D0xfffffe0233953390, eva=3D0) = at /usr/src/sys/amd64/amd64/trap.c:836 #7 0xffffffff80aea7c3 in trap_pfault (frame=3D0xfffffe0233953390, usermode= =3D0) at /usr/src/sys/amd64/amd64/trap.c:691 #8 0xffffffff80ae9d6c in trap (frame=3D0xfffffe0233953390) at /usr/src/sys/amd64/amd64/trap.c:442 #9 0xffffffff80acd411 in calltrap () at /usr/src/sys/amd64/amd64/exception.S:236 #10 0xffffffff80ae80d4 in bcopy () at /usr/src/sys/amd64/amd64/support.S:122 #11 0xffffffff809666fe in in6_lltable_dump_entry (llt=3D<value optimized ou= t>, lle=3D0xfffff80173bb2200, wr=3D0xfffffe0233953858) at /usr/src/sys/netinet6/in6.c:2370 #12 0xffffffff80848103 in htable_foreach_lle (llt=3D<value optimized out>, f=3D<value optimized out>, farg=3D<value optimized out>) at /usr/src/sys/net/if_llatbl.c:143 #13 0xffffffff80846bad in lltable_sysctl_dumparp (af=3D<value optimized out= >, wr=3D<value optimized out>) at /usr/src/sys/net/if_llatbl.c:658 #14 0xffffffff808580cb in sysctl_rtsock (oidp=3D<value optimized out>, arg1=3D<value optimized out>, arg2=3D<value optimized out>, req=3D0xfffffe0= 233953858) at /usr/src/sys/net/rtsock.c:1864 #15 0xffffffff80756301 in sysctl_root_handler_locked (oid=3D0xffffffff81170= 638, arg1=3D0xfffffe0233953928, arg2=3D4, req=3D0xfffffe0233953858,=20 tracker=3D0xfffffe02339537d0) at /usr/src/sys/kern/kern_sysctl.c:165 #16 0xffffffff80755ad6 in sysctl_root (arg1=3D<value optimized out>, arg2= =3D<value optimized out>) at /usr/src/sys/kern/kern_sysctl.c:1841 #17 0xffffffff80756076 in userland_sysctl (td=3D<value optimized out>, name=3D0xfffffe0233953920, namelen=3D6, old=3D<value optimized out>,=20 oldlenp=3D<value optimized out>, inkernel=3D<value optimized out>, new= =3D<value optimized out>, newlen=3D<value optimized out>,=20 retval=3D0xfffffe0233953520, flags=3D0) at /usr/src/sys/kern/kern_sysct= l.c:1944 #18 0xffffffff80755e84 in sys___sysctl (td=3D0xfffff801c81539a0, uap=3D0xfffffe0233953a40) at /usr/src/sys/kern/kern_sysctl.c:1871 #19 0xffffffff80aeaf68 in amd64_syscall (td=3D<value optimized out>, traced= =3D0) at subr_syscall.c:135 (kgdb) f 11 #11 0xffffffff809666fe in in6_lltable_dump_entry (llt=3D<value optimized ou= t>, lle=3D0xfffff80173bb2200, wr=3D0xfffffe0233953858) at /usr/src/sys/netinet6/in6.c:2370 2370 bcopy(lle->ll_addr, LLADDR(sdl), ifp->if_addrlen); (kgdb) p *lle $1 =3D {lle_next =3D {le_next =3D 0x0, le_prev =3D 0xfffff800039bab08}, r_l= 3addr =3D {addr4 =3D {s_addr =3D 2917007613}, addr6 =3D {__u6_addr =3D { __u6_addr8 =3D 0xfffff80173bb2210 "=EF=BF=BD", __u6_addr16 =3D 0xff= fff80173bb2210, __u6_addr32 =3D 0xfffff80173bb2210}}},=20 r_linkdata =3D 0xfffff80173bb2220 "", r_hdrlen =3D 0 '\0', spare0 =3D 0xfffff80173bb2239 "", r_flags =3D 0, r_skip_req =3D 0, lle_tbl =3D 0xfffff800039bac00,=20 lle_head =3D 0xfffff800039bab08, lle_free =3D 0xffffffff80966920 <in6_lltable_destroy_lle>, la_hold =3D 0xfffff801d1c0ed00, la_numheld =3D 0= ,=20 la_expire =3D 793804, la_flags =3D 64, la_asked =3D 2, la_preempt =3D 0, = ln_state =3D 0, ln_router =3D 0, ln_ntick =3D 0, lle_remtime =3D 0, lle_hittime =3D 0,=20 lle_refcnt =3D 2, ll_addr =3D 0x0, lle_chain =3D {le_next =3D 0x0, le_pre= v =3D 0x0}, lle_timer =3D {c_links =3D {le =3D {le_next =3D 0x0,=20 le_prev =3D 0xfffffe0000c9d030}, sle =3D {sle_next =3D 0x0}, tqe = =3D {tqe_next =3D 0x0, tqe_prev =3D 0xfffffe0000c9d030}}, c_time =3D 3409362326052764,=20 c_precision =3D 268435450, c_arg =3D 0xfffff80173bb2200, c_func =3D 0xffffffff80982620 <nd6_llinfo_timer>, c_lock =3D 0x0, c_flags =3D 2, c_ifl= ags =3D 20,=20 c_cpu =3D 0}, lle_lock =3D {lock_object =3D {lo_name =3D 0xffffffff80e9= b1a0 "lle", lo_flags =3D 90374144, lo_data =3D 0, lo_witness =3D 0x0}, rw_lock =3D 1},= =20 req_mtx =3D {lock_object =3D {lo_name =3D 0xffffffff80e9b1a4 "lle req", l= o_flags =3D 16973824, lo_data =3D 0, lo_witness =3D 0x0}, mtx_lock =3D 4}} (kgdb) p lle->ll_addr $2 =3D 0x0 --=20 You are receiving this mail because: You are on the CC list for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-210379-6-c9ILehIHCW>