[Bug 210379] [panic] in6_lltable_dump_entry bcopy page fault

bugzilla-noreply at freebsd.org bugzilla-noreply at freebsd.org
Mon Jun 20 06:53:36 UTC 2016 

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=210379

Andrey V. Elsukov <ae at FreeBSD.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |ae at FreeBSD.org

--- Comment #5 from Andrey V. Elsukov <ae at FreeBSD.org> ---
Recently I have the same panic when I did `ndp -c`.
This is not fresh CURRENT:

commit 3a7d342befa3ff4d0e3ecd5baf88e128a41b636f
Author: pfg <pfg at FreeBSD.org>
Date:   Tue Apr 12 17:23:03 2016 +0000

    Replace 0 with NULL for pointers in misc. device drivers.

    Found with devel/coccinelle.
---


Fatal trap 12: page fault while in kernel mode
cpuid = 2; apic id = 02
fault virtual address   = 0x0
fault code              = supervisor read data, page not present
instruction pointer     = 0x20:0xffffffff80ae80d4
stack pointer           = 0x28:0xfffffe0233953440
frame pointer           = 0x28:0xfffffe0233953450
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 93382 (ndp)

(kgdb) bt
#0  doadump (textdump=865414752) at pcpu.h:221
#1  0xffffffff803473b6 in db_fncall (dummy1=<value optimized out>,
dummy2=<value optimized out>, dummy3=<value optimized out>, 
    dummy4=<value optimized out>) at /usr/src/sys/ddb/db_command.c:568
#2  0xffffffff80346e59 in db_command (cmd_table=<value optimized out>) at
/usr/src/sys/ddb/db_command.c:440
#3  0xffffffff80346bb4 in db_command_loop () at
/usr/src/sys/ddb/db_command.c:493
#4  0xffffffff8034968b in db_trap (type=<value optimized out>, code=<value
optimized out>) at /usr/src/sys/ddb/db_main.c:251
#5  0xffffffff8078e453 in kdb_trap (type=<value optimized out>, code=<value
optimized out>, tf=<value optimized out>)
    at /usr/src/sys/kern/subr_kdb.c:654
#6  0xffffffff80aea591 in trap_fatal (frame=0xfffffe0233953390, eva=0) at
/usr/src/sys/amd64/amd64/trap.c:836
#7  0xffffffff80aea7c3 in trap_pfault (frame=0xfffffe0233953390, usermode=0) at
/usr/src/sys/amd64/amd64/trap.c:691
#8  0xffffffff80ae9d6c in trap (frame=0xfffffe0233953390) at
/usr/src/sys/amd64/amd64/trap.c:442
#9  0xffffffff80acd411 in calltrap () at
/usr/src/sys/amd64/amd64/exception.S:236
#10 0xffffffff80ae80d4 in bcopy () at /usr/src/sys/amd64/amd64/support.S:122
#11 0xffffffff809666fe in in6_lltable_dump_entry (llt=<value optimized out>,
lle=0xfffff80173bb2200, wr=0xfffffe0233953858)
    at /usr/src/sys/netinet6/in6.c:2370
#12 0xffffffff80848103 in htable_foreach_lle (llt=<value optimized out>,
f=<value optimized out>, farg=<value optimized out>)
    at /usr/src/sys/net/if_llatbl.c:143
#13 0xffffffff80846bad in lltable_sysctl_dumparp (af=<value optimized out>,
wr=<value optimized out>) at /usr/src/sys/net/if_llatbl.c:658
#14 0xffffffff808580cb in sysctl_rtsock (oidp=<value optimized out>,
arg1=<value optimized out>, arg2=<value optimized out>, req=0xfffffe0233953858)
    at /usr/src/sys/net/rtsock.c:1864
#15 0xffffffff80756301 in sysctl_root_handler_locked (oid=0xffffffff81170638,
arg1=0xfffffe0233953928, arg2=4, req=0xfffffe0233953858, 
    tracker=0xfffffe02339537d0) at /usr/src/sys/kern/kern_sysctl.c:165
#16 0xffffffff80755ad6 in sysctl_root (arg1=<value optimized out>, arg2=<value
optimized out>) at /usr/src/sys/kern/kern_sysctl.c:1841
#17 0xffffffff80756076 in userland_sysctl (td=<value optimized out>,
name=0xfffffe0233953920, namelen=6, old=<value optimized out>, 
    oldlenp=<value optimized out>, inkernel=<value optimized out>, new=<value
optimized out>, newlen=<value optimized out>, 
    retval=0xfffffe0233953520, flags=0) at /usr/src/sys/kern/kern_sysctl.c:1944
#18 0xffffffff80755e84 in sys___sysctl (td=0xfffff801c81539a0,
uap=0xfffffe0233953a40) at /usr/src/sys/kern/kern_sysctl.c:1871
#19 0xffffffff80aeaf68 in amd64_syscall (td=<value optimized out>, traced=0) at
subr_syscall.c:135

(kgdb) f 11
#11 0xffffffff809666fe in in6_lltable_dump_entry (llt=<value optimized out>,
lle=0xfffff80173bb2200, wr=0xfffffe0233953858)
    at /usr/src/sys/netinet6/in6.c:2370
2370                            bcopy(lle->ll_addr, LLADDR(sdl),
ifp->if_addrlen);
(kgdb) p *lle
$1 = {lle_next = {le_next = 0x0, le_prev = 0xfffff800039bab08}, r_l3addr =
{addr4 = {s_addr = 2917007613}, addr6 = {__u6_addr = {
        __u6_addr8 = 0xfffff80173bb2210 "�", __u6_addr16 = 0xfffff80173bb2210,
__u6_addr32 = 0xfffff80173bb2210}}}, 
  r_linkdata = 0xfffff80173bb2220 "", r_hdrlen = 0 '\0', spare0 =
0xfffff80173bb2239 "", r_flags = 0, r_skip_req = 0, lle_tbl =
0xfffff800039bac00, 
  lle_head = 0xfffff800039bab08, lle_free = 0xffffffff80966920
<in6_lltable_destroy_lle>, la_hold = 0xfffff801d1c0ed00, la_numheld = 0, 
  la_expire = 793804, la_flags = 64, la_asked = 2, la_preempt = 0, ln_state =
0, ln_router = 0, ln_ntick = 0, lle_remtime = 0, lle_hittime = 0, 
  lle_refcnt = 2, ll_addr = 0x0, lle_chain = {le_next = 0x0, le_prev = 0x0},
lle_timer = {c_links = {le = {le_next = 0x0, 
        le_prev = 0xfffffe0000c9d030}, sle = {sle_next = 0x0}, tqe = {tqe_next
= 0x0, tqe_prev = 0xfffffe0000c9d030}}, c_time = 3409362326052764, 
    c_precision = 268435450, c_arg = 0xfffff80173bb2200, c_func =
0xffffffff80982620 <nd6_llinfo_timer>, c_lock = 0x0, c_flags = 2, c_iflags =
20, 
    c_cpu = 0}, lle_lock = {lock_object = {lo_name = 0xffffffff80e9b1a0 "lle",
lo_flags = 90374144, lo_data = 0, lo_witness = 0x0}, rw_lock = 1}, 
  req_mtx = {lock_object = {lo_name = 0xffffffff80e9b1a4 "lle req", lo_flags =
16973824, lo_data = 0, lo_witness = 0x0}, mtx_lock = 4}}
(kgdb) p lle->ll_addr
$2 = 0x0

-- 
You are receiving this mail because:
You are on the CC list for the bug.

More information about the freebsd-amd64 mailing list