[Bug 236853] panic: page fault on rtsock.c

bugzilla-noreply at freebsd.org bugzilla-noreply at freebsd.org
Sat Mar 30 13:43:14 UTC 2019 

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=236853

--- Comment #3 from Andrey V. Elsukov <ae at FreeBSD.org> ---
Fatal trap 12: page fault while in kernel mode
cpuid = 0; apic id = 00
fault virtual address   = 0xdeadc0e6
fault code              = supervisor read data, page not present
instruction pointer     = 0x20:0x10554cb
stack pointer           = 0x28:0x13ef3ba0
frame pointer           = 0x28:0x13ef3c04
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, def32 1, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 12 (swi4: clock (0))
trap number             = 12
panic: page fault
cpuid = 0
time = 1553520118
KDB: stack backtrace:
db_trace_self_wrapper(ccc1c1,1,ac27dc0,13ef39bc,b4dd91,...) at
db_trace_self_wrapper+0x2a/frame 0x13ef3990
kdb_backtrace(e,0,0,13ef3b60,13ef3b60,...) at kdb_backtrace+0x2e/frame
0x13ef39f0
vpanic(1243776,13ef3a34,13ef3a34,13ef3a68,11ef956,...) at vpanic+0x121/frame
0x13ef3a14
panic(1243776,12b225a,2695000,0,deadc0e6,...) at panic+0x14/frame 0x13ef3a28
trap_fatal(15dc000,13ef3b60,13ef3a9c,e556d2,265dc000,...) at
trap_fatal+0x356/frame 0x13ef3a68
trap_pfault(deadc0e6) at trap_pfault+0x35/frame 0x13ef3a9c
trap(13ef3b60,8,28,28,ad9b400,...) at trap+0x3c0/frame 0x13ef3b54
calltrap() at 0xffc0316d/frame 0x13ef3b54
--- trap 0xc, eip = 0x10554cb, esp = 0x13ef3ba0, ebp = 0x13ef3c04 ---
nd6_dad_timer(1d1fe980) at nd6_dad_timer+0x5b/frame 0x13ef3c04
softclock_call_cc(0) at softclock_call_cc+0x122/frame 0x13ef3c68
softclock(1868640) at softclock+0x6f/frame 0x13ef3c84
ithread_loop(adfbf20,13ef3ce8) at ithread_loop+0x156/frame 0x13ef3cb4
fork_exit(dfc5c0,adfbf20,13ef3ce8,0,0,...) at fork_exit+0x6c/frame 0x13ef3cd4
fork_trampoline() at 0xffc033ca/frame 0x13ef3cd4
--- trap 0, eip = 0, esp = 0x13ef3d20, ebp = 0 ---
(null)() at 0

This panic seems happens due to bad pointer dereference in:
if (ND_IFINFO(ifp)->flags & ND6_IFF_IFDISABLED)

The difference between 0xdeadc0e6 and 0xdeadc0de is 8. So, for i386 it seems it
corresponds to offsetof(struct in6_ifextra, nd_ifinfo). And

#define ND_IFINFO(ifp) \
 nd6_dad_stop(struct ifaddr *ifa)(((struct in6_ifextra
*)(ifp)->if_afdata[AF_INET6])->nd_ifinfo)

Can you show the content of *dp and *ifp for 8 frame for vmcore.4?
I.e.
(kgdb)
f 8
p *dp
p *ifp

-- 
You are receiving this mail because:
You are the assignee for the bug.

More information about the freebsd-net mailing list