[Bug 197286] Panic in IPv6 stack - 0xc0d0b1fc is in ip6_input (/usr/src/sys/netinet6/ip6_input.c:702)
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=197286 Andrey V. Elsukov a...@freebsd.org changed: What|Removed |Added Assignee|freebsd-bugs@FreeBSD.org|a...@freebsd.org -- You are receiving this mail because: You are the assignee for the bug. ___ freebsd-bugs@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-bugs To unsubscribe, send any mail to freebsd-bugs-unsubscr...@freebsd.org
[Bug 197286] Panic in IPv6 stack - 0xc0d0b1fc is in ip6_input (/usr/src/sys/netinet6/ip6_input.c:702)
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=197286 --- Comment #4 from Andrey V. Elsukov a...@freebsd.org --- r274300 is very dangerous for merging to stable/10. Can you try this patch instead? It disables LLE operations for tunneling interfaces, and therefore ip6_input() will go through another code path for such packets. Index: in6.c === --- in6.c(revision 279514) +++ in6.c(working copy) @@ -155,6 +155,8 @@ in6_ifaddloop(struct ifaddr *ifa) ia = ifa2ia6(ifa); ifp = ifa-ifa_ifp; +if (nd6_need_cache(ifp) == 0) +return; IF_AFDATA_LOCK(ifp); ifa-ifa_rtrequest = nd6_rtrequest; ln = lla_lookup(LLTABLE6(ifp), (LLE_CREATE | LLE_IFADDR | Index: nd6.c === --- nd6.c(revision 279514) +++ nd6.c(working copy) @@ -2185,9 +2185,6 @@ nd6_need_cache(struct ifnet *ifp) case IFT_IEEE80211: #endif case IFT_INFINIBAND: -case IFT_GIF:/* XXX need more cases? */ -case IFT_PPP: -case IFT_TUNNEL: case IFT_BRIDGE: case IFT_PROPVIRTUAL: return (1); -- You are receiving this mail because: You are the assignee for the bug. ___ freebsd-bugs@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-bugs To unsubscribe, send any mail to freebsd-bugs-unsubscr...@freebsd.org
[Bug 197286] Panic in IPv6 stack - 0xc0d0b1fc is in ip6_input (/usr/src/sys/netinet6/ip6_input.c:702)
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=197286 Andrey V. Elsukov a...@freebsd.org changed: What|Removed |Added CC||a...@freebsd.org --- Comment #2 from Andrey V. Elsukov a...@freebsd.org --- (In reply to Tim Bishop from comment #0) Kernel panic (triggered by receiving an IPv6 ping!). Running stable/10 r277643. System has a tun0 device controlled by ppp and a gif device tunnelled over that connection for IPv6. Can you show ifconfig output of your configuration? -- You are receiving this mail because: You are the assignee for the bug. ___ freebsd-bugs@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-bugs To unsubscribe, send any mail to freebsd-bugs-unsubscr...@freebsd.org
[Bug 197286] Panic in IPv6 stack - 0xc0d0b1fc is in ip6_input (/usr/src/sys/netinet6/ip6_input.c:702)
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=197286 --- Comment #3 from Tim Bishop t...@freebsd.org --- (In reply to Andrey V. Elsukov from comment #2) Can you show ifconfig output of your configuration? I've got the machine running HEAD (still no problems since my comment #0), but from console logs I can see the following (IPs anonymised): vr0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST metric 0 mtu 1500 options=8284bRXCSUM,TXCSUM,VLAN_MTU,POLLING,WOL_UCAST,WOL_MAGIC,LINKSTATE ether 00:00:24:cb:15:b8 inet6 fe80::200:24ff:fecb:15b8%vr0 prefixlen 64 scopeid 0x1 nd6 options=21PERFORMNUD,AUTO_LINKLOCAL media: Ethernet autoselect (100baseTX full-duplex) status: active vr1: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST metric 0 mtu 1500 options=8284bRXCSUM,TXCSUM,VLAN_MTU,POLLING,WOL_UCAST,WOL_MAGIC,LINKSTATE ether 00:00:24:cb:15:b9 inet 192.168.1.1 netmask 0xff00 broadcast 192.168.1.255 inet6 fe80::200:24ff:fecb:15b9%vr1 prefixlen 64 scopeid 0x2 inet6 1:1::1 prefixlen 64 inet 1.1.1.198 netmask 0xfff8 broadcast 1.1.1.199 nd6 options=21PERFORMNUD,AUTO_LINKLOCAL media: Ethernet autoselect (100baseTX full-duplex) status: active vr2: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST metric 0 mtu 1500 options=8284bRXCSUM,TXCSUM,VLAN_MTU,POLLING,WOL_UCAST,WOL_MAGIC,LINKSTATE ether 00:00:24:cb:15:ba inet 192.168.2.1 netmask 0xff00 broadcast 192.168.2.255 inet6 fe80::200:24ff:fecb:15ba%vr2 prefixlen 64 scopeid 0x3 inet6 1:2::1 prefixlen 64 nd6 options=21PERFORMNUD,AUTO_LINKLOCAL media: Ethernet autoselect (none) status: no carrier vr3: flags=8802BROADCAST,SIMPLEX,MULTICAST metric 0 mtu 1500 options=8280bRXCSUM,TXCSUM,VLAN_MTU,WOL_UCAST,WOL_MAGIC,LINKSTATE ether 00:00:24:cb:15:bb nd6 options=21PERFORMNUD,AUTO_LINKLOCAL media: Ethernet autoselect pflog0: flags=141UP,RUNNING,PROMISC metric 0 mtu 33200 nd6 options=9PERFORMNUD,IFDISABLED lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST metric 0 mtu 16384 options=63RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x8 inet 127.0.0.1 netmask 0xff00 nd6 options=21PERFORMNUD,AUTO_LINKLOCAL gif0: flags=8051UP,POINTOPOINT,RUNNING,MULTICAST metric 0 mtu 1280 tunnel inet 1.1.1.198 -- 1.1.1.126 inet6 fe80::200:24ff:fecb:15b8%gif0 prefixlen 64 scopeid 0x9 inet6 1:73::2 -- 1:73::1 prefixlen 128 nd6 options=21PERFORMNUD,AUTO_LINKLOCAL options=1ACCEPT_REV_ETHIP_VER tun0: flags=8051UP,POINTOPOINT,RUNNING,MULTICAST metric 0 mtu 1492 options=8LINKSTATE inet 1.1.1.198 -- 1.1.1.27 netmask 0x nd6 options=21PERFORMNUD,AUTO_LINKLOCAL Opened by PID 838 tun0 is a ppp managed link using PPPoE over vr0. gif0 is an IPv6 tunnel which goes out over the tun0 connection. vr1 and vr2 are internal networking. -- You are receiving this mail because: You are the assignee for the bug. ___ freebsd-bugs@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-bugs To unsubscribe, send any mail to freebsd-bugs-unsubscr...@freebsd.org
[Bug 197286] Panic in IPv6 stack - 0xc0d0b1fc is in ip6_input (/usr/src/sys/netinet6/ip6_input.c:702)
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=197286 --- Comment #1 from Tim Bishop t...@freebsd.org --- I've confirmed the same issue occurs on stable/9 as well as stable/10. It used to be fine on stable/7 which is what I was using prior to this update. I haven't tested stable/8. However, I've just tried head and so far it looks like this issue is fixed there. There have been a number of changes to the file where the problem occurred, specifically r274300. It'd be good to get these changes MFCed to stable/10 if possible. -- You are receiving this mail because: You are the assignee for the bug. ___ freebsd-bugs@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-bugs To unsubscribe, send any mail to freebsd-bugs-unsubscr...@freebsd.org
[Bug 197286] Panic in IPv6 stack - 0xc0d0b1fc is in ip6_input (/usr/src/sys/netinet6/ip6_input.c:702)
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=197286 Bug ID: 197286 Summary: Panic in IPv6 stack - 0xc0d0b1fc is in ip6_input (/usr/src/sys/netinet6/ip6_input.c:702) Product: Base System Version: 10.1-STABLE Hardware: i386 OS: Any Status: New Severity: Affects Only Me Priority: --- Component: kern Assignee: freebsd-bugs@FreeBSD.org Reporter: t...@freebsd.org Kernel panic (triggered by receiving an IPv6 ping!). Running stable/10 r277643. System has a tun0 device controlled by ppp and a gif device tunnelled over that connection for IPv6. Fatal trap 12: page fault while in kernel mode cpuid = 0; apic id = 00 fault virtual address = 0x0 fault code = supervisor read, page not present instruction pointer = 0x20:0xc0d0b1fc stack pointer = 0x28:0xdb570738 frame pointer = 0x28:0xdb5708e0 code segment= base 0x0, limit 0xf, type 0x1b = DPL 0, pres 1, def32 1, gran 1 processor eflags= interrupt enabled, resume, IOPL = 0 current process = 742 (ppp) trap number = 12 panic: page fault cpuid = 0 KDB: stack backtrace: #0 0xc0b5f3c2 at kdb_backtrace+0x52 #1 0xc0b20fcf at panic+0x11f #2 0xc1027574 at trap_fatal+0x324 #3 0xc10278d5 at trap_pfault+0x355 #4 0xc1026f94 at trap+0x674 #5 0xc1011b8c at calltrap+0x6 #6 0xc0bf828b at netisr_dispatch_src+0x8b #7 0xc0bf8600 at netisr_dispatch+0x20 #8 0xc0bf071e at gif_input+0x35e #9 0xc0c4f781 at in_gif_input+0x51 #10 0xc0c4f5bf at in_gif_input10+0x2f #11 0xc0c58420 at encap4_input+0x210 #12 0xc0c5c432 at ip_input+0x152 #13 0xc0bf828b at netisr_dispatch_src+0x8b #14 0xc0bf8600 at netisr_dispatch+0x20 #15 0xc0bf4904 at tunwrite+0x254 #16 0xc09fe644 at devfs_write_f+0xb4 #17 0xc0b6 at dofilewrite+0x86 Uptime: 37s Physical memory: 491 MB Dumping 65 MB: 50 34 18 2 Reading symbols from /boot/kernel/pf.ko.symbols...done. Loaded symbols for /boot/kernel/pf.ko.symbols Reading symbols from /boot/kernel/pflog.ko.symbols...done. Loaded symbols for /boot/kernel/pflog.ko.symbols Reading symbols from /boot/kernel/netgraph.ko.symbols...done. Loaded symbols for /boot/kernel/netgraph.ko.symbols Reading symbols from /boot/kernel/ng_ether.ko.symbols...done. Loaded symbols for /boot/kernel/ng_ether.ko.symbols Reading symbols from /boot/kernel/ng_pppoe.ko.symbols...done. Loaded symbols for /boot/kernel/ng_pppoe.ko.symbols Reading symbols from /boot/kernel/ng_socket.ko.symbols...done. Loaded symbols for /boot/kernel/ng_socket.ko.symbols #0 doadump (textdump=-999684992) at pcpu.h:233 233 pcpu.h: No such file or directory. in pcpu.h (kgdb) list *0xc0d0b1fc 0xc0d0b1fc is in ip6_input (/usr/src/sys/netinet6/ip6_input.c:702). 697 bad = 1; 698 #define sa_equal(a1, a2) \ 699 (bcmp((a1), (a2), ((a1))-sin6_len) == 0) 700 IF_ADDR_RLOCK(ifp); 701 TAILQ_FOREACH(ifa, ifp-if_addrhead, ifa_link) { 702 if (ifa-ifa_addr-sa_family != dst6.sin6_family) 703 continue; 704 if (sa_equal(dst6, ifa-ifa_addr)) 705 break; 706 } Current language: auto; currently minimal (kgdb) backtrace #0 doadump (textdump=-999684992) at pcpu.h:233 #1 0xc0b20c3d in kern_reboot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:452 #2 0xc0b2100d in panic (fmt=value optimized out) at /usr/src/sys/kern/kern_shutdown.c:759 #3 0xc1027574 in trap_fatal (frame=value optimized out, eva=value optimized out) at /usr/src/sys/i386/i386/trap.c:1023 #4 0xc10278d5 in trap_pfault (frame=0x0, usermode=value optimized out, eva=0) at /usr/src/sys/i386/i386/trap.c:835 #5 0xc1026f94 in trap (frame=0xdb5706f8) at /usr/src/sys/i386/i386/trap.c:532 #6 0xc1011b8c in calltrap () at /usr/src/sys/i386/i386/exception.s:170 #7 0xc0d0b1fc in ip6_input (m=0xc4571830) at /usr/src/sys/netinet6/ip6_input.c:702 #8 0xc0bf828b in netisr_dispatch_src (proto=value optimized out, source=value optimized out, m=0x0) at /usr/src/sys/net/netisr.c:972 #9 0xc0bf8600 in netisr_dispatch (proto=10, m=0xc4ae3a00) at /usr/src/sys/net/netisr.c:1063 #10 0xc0bf071e in gif_input (m=0xc4ae3a00, ifp=0xc52d2800, proto=value optimized out, ecn=12 '\f') at /usr/src/sys/net/if_gif.c:693 #11 0xc0c4f781 in in_gif_input (mp=0xdb5709ac, offp=value optimized out) at /usr/src/sys/netinet/in_gif.c:166 #12 0xc0c4f5bf in in_gif_input10 (m=0xc4ae3a00, off=20) at /usr/src/sys/netinet/in_gif.c:143 #13 0xc0c58420 in encap4_input (m=0xc4ae3a00) at /usr/src/sys/netinet/ip_encap.c:191 #14 0xc0c5c432 in ip_input (m=0xc4ae3a00) at /usr/src/sys/netinet/ip_input.c:734 #15 0xc0bf828b in netisr_dispatch_src (proto=value optimized out, source=value optimized out, m=0x0) at