Site Navigation

Date:      Mon, 20 Jun 2016 06:53:35 +0000
From:      bugzilla-noreply@freebsd.org
To:        freebsd-amd64@FreeBSD.org
Subject:   [Bug 210379] [panic] in6_lltable_dump_entry bcopy page fault
Message-ID:  <bug-210379-6-c9ILehIHCW@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-210379-6@https.bugs.freebsd.org/bugzilla/>
References:  <bug-210379-6@https.bugs.freebsd.org/bugzilla/>

---

next in thread | previous in thread | raw e-mail | index | archive | help

---

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D210379

Andrey V. Elsukov <ae@FreeBSD.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |ae@FreeBSD.org

--- Comment #5 from Andrey V. Elsukov <ae@FreeBSD.org> ---
Recently I have the same panic when I did `ndp -c`.
This is not fresh CURRENT:

commit 3a7d342befa3ff4d0e3ecd5baf88e128a41b636f
Author: pfg <pfg@FreeBSD.org>
Date:   Tue Apr 12 17:23:03 2016 +0000

    Replace 0 with NULL for pointers in misc. device drivers.

    Found with devel/coccinelle.
---


Fatal trap 12: page fault while in kernel mode
cpuid =3D 2; apic id =3D 02
fault virtual address   =3D 0x0
fault code              =3D supervisor read data, page not present
instruction pointer     =3D 0x20:0xffffffff80ae80d4
stack pointer           =3D 0x28:0xfffffe0233953440
frame pointer           =3D 0x28:0xfffffe0233953450
code segment            =3D base 0x0, limit 0xfffff, type 0x1b
                        =3D DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags        =3D interrupt enabled, resume, IOPL =3D 0
current process         =3D 93382 (ndp)

(kgdb) bt
#0  doadump (textdump=3D865414752) at pcpu.h:221
#1  0xffffffff803473b6 in db_fncall (dummy1=3D<value optimized out>,
dummy2=3D<value optimized out>, dummy3=3D<value optimized out>,=20
    dummy4=3D<value optimized out>) at /usr/src/sys/ddb/db_command.c:568
#2  0xffffffff80346e59 in db_command (cmd_table=3D<value optimized out>) at
/usr/src/sys/ddb/db_command.c:440
#3  0xffffffff80346bb4 in db_command_loop () at
/usr/src/sys/ddb/db_command.c:493
#4  0xffffffff8034968b in db_trap (type=3D<value optimized out>, code=3D<va=
lue
optimized out>) at /usr/src/sys/ddb/db_main.c:251
#5  0xffffffff8078e453 in kdb_trap (type=3D<value optimized out>, code=3D<v=
alue
optimized out>, tf=3D<value optimized out>)
    at /usr/src/sys/kern/subr_kdb.c:654
#6  0xffffffff80aea591 in trap_fatal (frame=3D0xfffffe0233953390, eva=3D0) =
at
/usr/src/sys/amd64/amd64/trap.c:836
#7  0xffffffff80aea7c3 in trap_pfault (frame=3D0xfffffe0233953390, usermode=
=3D0) at
/usr/src/sys/amd64/amd64/trap.c:691
#8  0xffffffff80ae9d6c in trap (frame=3D0xfffffe0233953390) at
/usr/src/sys/amd64/amd64/trap.c:442
#9  0xffffffff80acd411 in calltrap () at
/usr/src/sys/amd64/amd64/exception.S:236
#10 0xffffffff80ae80d4 in bcopy () at /usr/src/sys/amd64/amd64/support.S:122
#11 0xffffffff809666fe in in6_lltable_dump_entry (llt=3D<value optimized ou=
t>,
lle=3D0xfffff80173bb2200, wr=3D0xfffffe0233953858)
    at /usr/src/sys/netinet6/in6.c:2370
#12 0xffffffff80848103 in htable_foreach_lle (llt=3D<value optimized out>,
f=3D<value optimized out>, farg=3D<value optimized out>)
    at /usr/src/sys/net/if_llatbl.c:143
#13 0xffffffff80846bad in lltable_sysctl_dumparp (af=3D<value optimized out=
>,
wr=3D<value optimized out>) at /usr/src/sys/net/if_llatbl.c:658
#14 0xffffffff808580cb in sysctl_rtsock (oidp=3D<value optimized out>,
arg1=3D<value optimized out>, arg2=3D<value optimized out>, req=3D0xfffffe0=
233953858)
    at /usr/src/sys/net/rtsock.c:1864
#15 0xffffffff80756301 in sysctl_root_handler_locked (oid=3D0xffffffff81170=
638,
arg1=3D0xfffffe0233953928, arg2=3D4, req=3D0xfffffe0233953858,=20
    tracker=3D0xfffffe02339537d0) at /usr/src/sys/kern/kern_sysctl.c:165
#16 0xffffffff80755ad6 in sysctl_root (arg1=3D<value optimized out>, arg2=
=3D<value
optimized out>) at /usr/src/sys/kern/kern_sysctl.c:1841
#17 0xffffffff80756076 in userland_sysctl (td=3D<value optimized out>,
name=3D0xfffffe0233953920, namelen=3D6, old=3D<value optimized out>,=20
    oldlenp=3D<value optimized out>, inkernel=3D<value optimized out>, new=
=3D<value
optimized out>, newlen=3D<value optimized out>,=20
    retval=3D0xfffffe0233953520, flags=3D0) at /usr/src/sys/kern/kern_sysct=
l.c:1944
#18 0xffffffff80755e84 in sys___sysctl (td=3D0xfffff801c81539a0,
uap=3D0xfffffe0233953a40) at /usr/src/sys/kern/kern_sysctl.c:1871
#19 0xffffffff80aeaf68 in amd64_syscall (td=3D<value optimized out>, traced=
=3D0) at
subr_syscall.c:135

(kgdb) f 11
#11 0xffffffff809666fe in in6_lltable_dump_entry (llt=3D<value optimized ou=
t>,
lle=3D0xfffff80173bb2200, wr=3D0xfffffe0233953858)
    at /usr/src/sys/netinet6/in6.c:2370
2370                            bcopy(lle->ll_addr, LLADDR(sdl),
ifp->if_addrlen);
(kgdb) p *lle
$1 =3D {lle_next =3D {le_next =3D 0x0, le_prev =3D 0xfffff800039bab08}, r_l=
3addr =3D
{addr4 =3D {s_addr =3D 2917007613}, addr6 =3D {__u6_addr =3D {
        __u6_addr8 =3D 0xfffff80173bb2210 "=EF=BF=BD", __u6_addr16 =3D 0xff=
fff80173bb2210,
__u6_addr32 =3D 0xfffff80173bb2210}}},=20
  r_linkdata =3D 0xfffff80173bb2220 "", r_hdrlen =3D 0 '\0', spare0 =3D
0xfffff80173bb2239 "", r_flags =3D 0, r_skip_req =3D 0, lle_tbl =3D
0xfffff800039bac00,=20
  lle_head =3D 0xfffff800039bab08, lle_free =3D 0xffffffff80966920
<in6_lltable_destroy_lle>, la_hold =3D 0xfffff801d1c0ed00, la_numheld =3D 0=
,=20
  la_expire =3D 793804, la_flags =3D 64, la_asked =3D 2, la_preempt =3D 0, =
ln_state =3D
0, ln_router =3D 0, ln_ntick =3D 0, lle_remtime =3D 0, lle_hittime =3D 0,=20
  lle_refcnt =3D 2, ll_addr =3D 0x0, lle_chain =3D {le_next =3D 0x0, le_pre=
v =3D 0x0},
lle_timer =3D {c_links =3D {le =3D {le_next =3D 0x0,=20
        le_prev =3D 0xfffffe0000c9d030}, sle =3D {sle_next =3D 0x0}, tqe =
=3D {tqe_next
=3D 0x0, tqe_prev =3D 0xfffffe0000c9d030}}, c_time =3D 3409362326052764,=20
    c_precision =3D 268435450, c_arg =3D 0xfffff80173bb2200, c_func =3D
0xffffffff80982620 <nd6_llinfo_timer>, c_lock =3D 0x0, c_flags =3D 2, c_ifl=
ags =3D
20,=20
    c_cpu =3D 0}, lle_lock =3D {lock_object =3D {lo_name =3D 0xffffffff80e9=
b1a0 "lle",
lo_flags =3D 90374144, lo_data =3D 0, lo_witness =3D 0x0}, rw_lock =3D 1},=
=20
  req_mtx =3D {lock_object =3D {lo_name =3D 0xffffffff80e9b1a4 "lle req", l=
o_flags =3D
16973824, lo_data =3D 0, lo_witness =3D 0x0}, mtx_lock =3D 4}}
(kgdb) p lle->ll_addr
$2 =3D 0x0

--=20
You are receiving this mail because:
You are on the CC list for the bug.=

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-210379-6-c9ILehIHCW>

Legal Notices | © 1995-2025 The FreeBSD Project. All rights reserved.

Contact