[Bug 197286] Panic in IPv6 stack - 0xc0d0b1fc is in ip6_input (/usr/src/sys/netinet6/ip6_input.c:702)
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=197286 Andrey V. Elsukov a...@freebsd.org changed: What|Removed |Added Assignee|freebsd-bugs@FreeBSD.org|a...@freebsd.org -- You are receiving this mail because: You are the assignee for the bug. ___ freebsd-bugs@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-bugs To unsubscribe, send any mail to freebsd-bugs-unsubscr...@freebsd.org
[Bug 197286] Panic in IPv6 stack - 0xc0d0b1fc is in ip6_input (/usr/src/sys/netinet6/ip6_input.c:702)
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=197286 --- Comment #4 from Andrey V. Elsukov a...@freebsd.org --- r274300 is very dangerous for merging to stable/10. Can you try this patch instead? It disables LLE operations for tunneling interfaces, and therefore ip6_input() will go through another code path for such packets. Index: in6.c === --- in6.c(revision 279514) +++ in6.c(working copy) @@ -155,6 +155,8 @@ in6_ifaddloop(struct ifaddr *ifa) ia = ifa2ia6(ifa); ifp = ifa-ifa_ifp; +if (nd6_need_cache(ifp) == 0) +return; IF_AFDATA_LOCK(ifp); ifa-ifa_rtrequest = nd6_rtrequest; ln = lla_lookup(LLTABLE6(ifp), (LLE_CREATE | LLE_IFADDR | Index: nd6.c === --- nd6.c(revision 279514) +++ nd6.c(working copy) @@ -2185,9 +2185,6 @@ nd6_need_cache(struct ifnet *ifp) case IFT_IEEE80211: #endif case IFT_INFINIBAND: -case IFT_GIF:/* XXX need more cases? */ -case IFT_PPP: -case IFT_TUNNEL: case IFT_BRIDGE: case IFT_PROPVIRTUAL: return (1); -- You are receiving this mail because: You are the assignee for the bug. ___ freebsd-bugs@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-bugs To unsubscribe, send any mail to freebsd-bugs-unsubscr...@freebsd.org
[Bug 197286] Panic in IPv6 stack - 0xc0d0b1fc is in ip6_input (/usr/src/sys/netinet6/ip6_input.c:702)
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=197286 Andrey V. Elsukov a...@freebsd.org changed: What|Removed |Added CC||a...@freebsd.org --- Comment #2 from Andrey V. Elsukov a...@freebsd.org --- (In reply to Tim Bishop from comment #0) Kernel panic (triggered by receiving an IPv6 ping!). Running stable/10 r277643. System has a tun0 device controlled by ppp and a gif device tunnelled over that connection for IPv6. Can you show ifconfig output of your configuration? -- You are receiving this mail because: You are the assignee for the bug. ___ freebsd-bugs@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-bugs To unsubscribe, send any mail to freebsd-bugs-unsubscr...@freebsd.org
[Bug 197286] Panic in IPv6 stack - 0xc0d0b1fc is in ip6_input (/usr/src/sys/netinet6/ip6_input.c:702)
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=197286 --- Comment #3 from Tim Bishop t...@freebsd.org --- (In reply to Andrey V. Elsukov from comment #2) Can you show ifconfig output of your configuration? I've got the machine running HEAD (still no problems since my comment #0), but from console logs I can see the following (IPs anonymised): vr0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST metric 0 mtu 1500 options=8284bRXCSUM,TXCSUM,VLAN_MTU,POLLING,WOL_UCAST,WOL_MAGIC,LINKSTATE ether 00:00:24:cb:15:b8 inet6 fe80::200:24ff:fecb:15b8%vr0 prefixlen 64 scopeid 0x1 nd6 options=21PERFORMNUD,AUTO_LINKLOCAL media: Ethernet autoselect (100baseTX full-duplex) status: active vr1: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST metric 0 mtu 1500 options=8284bRXCSUM,TXCSUM,VLAN_MTU,POLLING,WOL_UCAST,WOL_MAGIC,LINKSTATE ether 00:00:24:cb:15:b9 inet 192.168.1.1 netmask 0xff00 broadcast 192.168.1.255 inet6 fe80::200:24ff:fecb:15b9%vr1 prefixlen 64 scopeid 0x2 inet6 1:1::1 prefixlen 64 inet 1.1.1.198 netmask 0xfff8 broadcast 1.1.1.199 nd6 options=21PERFORMNUD,AUTO_LINKLOCAL media: Ethernet autoselect (100baseTX full-duplex) status: active vr2: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST metric 0 mtu 1500 options=8284bRXCSUM,TXCSUM,VLAN_MTU,POLLING,WOL_UCAST,WOL_MAGIC,LINKSTATE ether 00:00:24:cb:15:ba inet 192.168.2.1 netmask 0xff00 broadcast 192.168.2.255 inet6 fe80::200:24ff:fecb:15ba%vr2 prefixlen 64 scopeid 0x3 inet6 1:2::1 prefixlen 64 nd6 options=21PERFORMNUD,AUTO_LINKLOCAL media: Ethernet autoselect (none) status: no carrier vr3: flags=8802BROADCAST,SIMPLEX,MULTICAST metric 0 mtu 1500 options=8280bRXCSUM,TXCSUM,VLAN_MTU,WOL_UCAST,WOL_MAGIC,LINKSTATE ether 00:00:24:cb:15:bb nd6 options=21PERFORMNUD,AUTO_LINKLOCAL media: Ethernet autoselect pflog0: flags=141UP,RUNNING,PROMISC metric 0 mtu 33200 nd6 options=9PERFORMNUD,IFDISABLED lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST metric 0 mtu 16384 options=63RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x8 inet 127.0.0.1 netmask 0xff00 nd6 options=21PERFORMNUD,AUTO_LINKLOCAL gif0: flags=8051UP,POINTOPOINT,RUNNING,MULTICAST metric 0 mtu 1280 tunnel inet 1.1.1.198 -- 1.1.1.126 inet6 fe80::200:24ff:fecb:15b8%gif0 prefixlen 64 scopeid 0x9 inet6 1:73::2 -- 1:73::1 prefixlen 128 nd6 options=21PERFORMNUD,AUTO_LINKLOCAL options=1ACCEPT_REV_ETHIP_VER tun0: flags=8051UP,POINTOPOINT,RUNNING,MULTICAST metric 0 mtu 1492 options=8LINKSTATE inet 1.1.1.198 -- 1.1.1.27 netmask 0x nd6 options=21PERFORMNUD,AUTO_LINKLOCAL Opened by PID 838 tun0 is a ppp managed link using PPPoE over vr0. gif0 is an IPv6 tunnel which goes out over the tun0 connection. vr1 and vr2 are internal networking. -- You are receiving this mail because: You are the assignee for the bug. ___ freebsd-bugs@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-bugs To unsubscribe, send any mail to freebsd-bugs-unsubscr...@freebsd.org
[Bug 197286] Panic in IPv6 stack - 0xc0d0b1fc is in ip6_input (/usr/src/sys/netinet6/ip6_input.c:702)
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=197286 --- Comment #1 from Tim Bishop t...@freebsd.org --- I've confirmed the same issue occurs on stable/9 as well as stable/10. It used to be fine on stable/7 which is what I was using prior to this update. I haven't tested stable/8. However, I've just tried head and so far it looks like this issue is fixed there. There have been a number of changes to the file where the problem occurred, specifically r274300. It'd be good to get these changes MFCed to stable/10 if possible. -- You are receiving this mail because: You are the assignee for the bug. ___ freebsd-bugs@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-bugs To unsubscribe, send any mail to freebsd-bugs-unsubscr...@freebsd.org
[Bug 197286] Panic in IPv6 stack - 0xc0d0b1fc is in ip6_input (/usr/src/sys/netinet6/ip6_input.c:702)
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=197286
Bug ID: 197286
Summary: Panic in IPv6 stack - 0xc0d0b1fc is in ip6_input
(/usr/src/sys/netinet6/ip6_input.c:702)
Product: Base System
Version: 10.1-STABLE
Hardware: i386
OS: Any
Status: New
Severity: Affects Only Me
Priority: ---
Component: kern
Assignee: freebsd-bugs@FreeBSD.org
Reporter: t...@freebsd.org
Kernel panic (triggered by receiving an IPv6 ping!). Running stable/10 r277643.
System has a tun0 device controlled by ppp and a gif device tunnelled over that
connection for IPv6.
Fatal trap 12: page fault while in kernel mode
cpuid = 0; apic id = 00
fault virtual address = 0x0
fault code = supervisor read, page not present
instruction pointer = 0x20:0xc0d0b1fc
stack pointer = 0x28:0xdb570738
frame pointer = 0x28:0xdb5708e0
code segment= base 0x0, limit 0xf, type 0x1b
= DPL 0, pres 1, def32 1, gran 1
processor eflags= interrupt enabled, resume, IOPL = 0
current process = 742 (ppp)
trap number = 12
panic: page fault
cpuid = 0
KDB: stack backtrace:
#0 0xc0b5f3c2 at kdb_backtrace+0x52
#1 0xc0b20fcf at panic+0x11f
#2 0xc1027574 at trap_fatal+0x324
#3 0xc10278d5 at trap_pfault+0x355
#4 0xc1026f94 at trap+0x674
#5 0xc1011b8c at calltrap+0x6
#6 0xc0bf828b at netisr_dispatch_src+0x8b
#7 0xc0bf8600 at netisr_dispatch+0x20
#8 0xc0bf071e at gif_input+0x35e
#9 0xc0c4f781 at in_gif_input+0x51
#10 0xc0c4f5bf at in_gif_input10+0x2f
#11 0xc0c58420 at encap4_input+0x210
#12 0xc0c5c432 at ip_input+0x152
#13 0xc0bf828b at netisr_dispatch_src+0x8b
#14 0xc0bf8600 at netisr_dispatch+0x20
#15 0xc0bf4904 at tunwrite+0x254
#16 0xc09fe644 at devfs_write_f+0xb4
#17 0xc0b6 at dofilewrite+0x86
Uptime: 37s
Physical memory: 491 MB
Dumping 65 MB: 50 34 18 2
Reading symbols from /boot/kernel/pf.ko.symbols...done.
Loaded symbols for /boot/kernel/pf.ko.symbols
Reading symbols from /boot/kernel/pflog.ko.symbols...done.
Loaded symbols for /boot/kernel/pflog.ko.symbols
Reading symbols from /boot/kernel/netgraph.ko.symbols...done.
Loaded symbols for /boot/kernel/netgraph.ko.symbols
Reading symbols from /boot/kernel/ng_ether.ko.symbols...done.
Loaded symbols for /boot/kernel/ng_ether.ko.symbols
Reading symbols from /boot/kernel/ng_pppoe.ko.symbols...done.
Loaded symbols for /boot/kernel/ng_pppoe.ko.symbols
Reading symbols from /boot/kernel/ng_socket.ko.symbols...done.
Loaded symbols for /boot/kernel/ng_socket.ko.symbols
#0 doadump (textdump=-999684992) at pcpu.h:233
233 pcpu.h: No such file or directory.
in pcpu.h
(kgdb) list *0xc0d0b1fc
0xc0d0b1fc is in ip6_input (/usr/src/sys/netinet6/ip6_input.c:702).
697 bad = 1;
698 #define sa_equal(a1, a2)
\
699 (bcmp((a1), (a2), ((a1))-sin6_len) == 0)
700 IF_ADDR_RLOCK(ifp);
701 TAILQ_FOREACH(ifa, ifp-if_addrhead, ifa_link) {
702 if (ifa-ifa_addr-sa_family !=
dst6.sin6_family)
703 continue;
704 if (sa_equal(dst6, ifa-ifa_addr))
705 break;
706 }
Current language: auto; currently minimal
(kgdb) backtrace
#0 doadump (textdump=-999684992) at pcpu.h:233
#1 0xc0b20c3d in kern_reboot (howto=260) at
/usr/src/sys/kern/kern_shutdown.c:452
#2 0xc0b2100d in panic (fmt=value optimized out) at
/usr/src/sys/kern/kern_shutdown.c:759
#3 0xc1027574 in trap_fatal (frame=value optimized out, eva=value optimized
out) at /usr/src/sys/i386/i386/trap.c:1023
#4 0xc10278d5 in trap_pfault (frame=0x0, usermode=value optimized out,
eva=0) at /usr/src/sys/i386/i386/trap.c:835
#5 0xc1026f94 in trap (frame=0xdb5706f8) at /usr/src/sys/i386/i386/trap.c:532
#6 0xc1011b8c in calltrap () at /usr/src/sys/i386/i386/exception.s:170
#7 0xc0d0b1fc in ip6_input (m=0xc4571830) at
/usr/src/sys/netinet6/ip6_input.c:702
#8 0xc0bf828b in netisr_dispatch_src (proto=value optimized out,
source=value optimized out, m=0x0) at /usr/src/sys/net/netisr.c:972
#9 0xc0bf8600 in netisr_dispatch (proto=10, m=0xc4ae3a00) at
/usr/src/sys/net/netisr.c:1063
#10 0xc0bf071e in gif_input (m=0xc4ae3a00, ifp=0xc52d2800, proto=value
optimized out, ecn=12 '\f') at /usr/src/sys/net/if_gif.c:693
#11 0xc0c4f781 in in_gif_input (mp=0xdb5709ac, offp=value optimized out) at
/usr/src/sys/netinet/in_gif.c:166
#12 0xc0c4f5bf in in_gif_input10 (m=0xc4ae3a00, off=20) at
/usr/src/sys/netinet/in_gif.c:143
#13 0xc0c58420 in encap4_input (m=0xc4ae3a00) at
/usr/src/sys/netinet/ip_encap.c:191
#14 0xc0c5c432 in ip_input (m=0xc4ae3a00) at
/usr/src/sys/netinet/ip_input.c:734
#15 0xc0bf828b in netisr_dispatch_src (proto=value optimized out,
source=value optimized out, m=0x0) at
