kern/105966: panic w/IPv6
Mark Kamichoff
prox at prolixium.com
Fri Dec 1 10:50:35 PST 2006
The following reply was made to PR kern/105966; it has been noted by GNATS.
From: Mark Kamichoff <prox at prolixium.com>
To: Ruslan Ermilov <ru at FreeBSD.org>
Cc: bug-followup at FreeBSD.org
Subject: Re: kern/105966: panic w/IPv6
Date: Fri, 1 Dec 2006 13:40:10 -0500
--liOOAslEiF7prFVr
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Ruslan -=20
On Fri, Dec 01, 2006 at 11:26:22AM +0300, Ruslan Ermilov wrote:
> You're running IPv6 routing daemon, ospf6d(8), so you were vulnerable.
> This bug has already been fixed; you need the following file/revision
> to get a fix:
>=20
> $FreeBSD: src/sys/netinet6/nd6.c,v 1.48.2.16 2006/11/29 14:00:29 ru Exp $
>=20
> You can either upgrade your sources, or just pick up this
> revision and recompile your kernel:
>=20
> http://www.freebsd.org/cgi/cvsweb.cgi/~checkout~/src/sys/netinet6/nd6.c?r=
ev=3D1.48.2.16&content-type=3Dtext/plain
>=20
> Please follow-up with the success report so we can close the PR.
Thanks. I have updated my sources, and rebuilt everything. It seems to
be working fine, but judging from past history, the system could be
stable for up to 2-3 weeks, and then panic. It's up to you whether this
PR should be open for such a duration. Either way, I will send an
update when after a couple of weeks.
- Mark
>=20
> On Tue, Nov 28, 2006 at 06:00:29PM +0000, Mark Kamichoff wrote:
> > >Synopsis: panic w/IPv6
> > >Release: 6.2-PRERELEASE
> >=20
> > Unread portion of the kernel message buffer:
> > kernel trap 12 with interrupts disabled
> >=20
> >=20
> > Fatal trap 12: page fault while in kernel mode
> > fault virtual address =3D 0x78
> > fault code =3D supervisor read, page not present
> > instruction pointer =3D 0x20:0xc0554ba7
> > stack pointer =3D 0x28:0xd43f2b28
> > frame pointer =3D 0x28:0xd43f2b2c
> > code segment =3D base 0x0, limit 0xfffff, type 0x1b
> > =3D DPL 0, pres 1, def32 1, gran 1
> > processor eflags =3D resume, IOPL =3D 0
> > current process =3D 11 (swi1: net)
> > trap number =3D 12
> > panic: page fault
> > Uptime: 17d17h21m15s
> > Dumping 510 MB (2 chunks)
> > chunk 0: 1MB (159 pages) ... ok
> > chunk 1: 510MB (130544 pages) 494 478 462 446 430 414 398 382 366 350=
334 318 302 286 270 254 238 222 206 190 174 158 142 126 110 94 78 62 46 30=
14
> >=20
> > #0 doadump () at pcpu.h:165
> > 165 __asm __volatile("movl %%fs:0,%0" : "=3Dr" (td));
> > (kgdb) bt
> > #0 doadump () at pcpu.h:165
> > #1 0xc052f44a in boot (howto=3D260) at /usr/src/sys/kern/kern_shutdown=
=2Ec:409
> > #2 0xc052f754 in panic (fmt=3D0xc0709871 "%s") at /usr/src/sys/kern/ke=
rn_shutdown.c:565
> > #3 0xc06e576d in trap_fatal (frame=3D0xd43f2ae8, eva=3D0) at /usr/src/=
sys/i386/i386/trap.c:837
> > #4 0xc06e4e85 in trap (frame=3D
> > {tf_fs =3D -1067450360, tf_es =3D -734068696, tf_ds =3D 40, tf_ed=
i =3D -1019857920, tf_esi =3D -1020668032, tf_ebp =3D -734057684, tf_isp =
=3D -734057708, tf_ebx =3D -1020701888, tf_edx =3D -1020668032, tf_ecx =3D =
4, tf_eax =3D 4, tf_trapno =3D 12, tf_err =3D 0, tf_eip =3D -1068151897, tf=
_cs =3D 32, tf_eflags =3D 65543, tf_esp =3D -1020668032, tf_ss =3D -7340576=
48}) at /usr/src/sys/i386/i386/trap.c:270
> > #5 0xc06d220a in calltrap () at /usr/src/sys/i386/i386/exception.s:139
> > #6 0xc0554ba7 in turnstile_setowner (ts=3D0xc3295340, owner=3D0x4)
> > at /usr/src/sys/kern/subr_turnstile.c:432
> > #7 0xc0554ed3 in turnstile_wait (lock=3D0xc5df4504, owner=3D0x4)
> > at /usr/src/sys/kern/subr_turnstile.c:591
> > #8 0xc0524db7 in _mtx_lock_sleep (m=3D0xc5df4504, tid=3D3274299264, op=
ts=3D0, file=3D0x0, line=3D0)
> > at /usr/src/sys/kern/kern_mutex.c:579
> > #9 0xc05ffe40 in nd6_output (ifp=3D0xc3363400, origifp=3D0x4, m0=3D0xc=
364a100, dst=3D0xc3777a9c,=20
> > rt0=3D0xc38de6b4) at /usr/src/sys/netinet6/nd6.c:2004
> > #10 0xc05f3aec in ip6_forward (m=3D0xc364a100, srcrt=3D0)
> > at /usr/src/sys/netinet6/ip6_forward.c:626
> > #11 0xc05f4d54 in ip6_input (m=3D0xc364a100) at /usr/src/sys/netinet6/i=
p6_input.c:732
> > #12 0xc05b7aa7 in netisr_processqueue (ni=3D0xc0777c84) at /usr/src/sys=
/net/netisr.c:236
> > #13 0xc05b7c9d in swi_net (dummy=3D0x0) at /usr/src/sys/net/netisr.c:343
> > #14 0xc051631a in ithread_execute_handlers (p=3D0xc329ca78, ie=3D0xc32d=
a300)
> > at /usr/src/sys/kern/kern_intr.c:682
> > #15 0xc051645b in ithread_loop (arg=3D0xc3283700) at /usr/src/sys/kern/=
kern_intr.c:765
> > #16 0xc0514f51 in fork_exit (callout=3D0xc05163f8 <ithread_loop>, arg=
=3D0x4, frame=3D0x4)
> > at /usr/src/sys/kern/kern_fork.c:821
> > #17 0xc06d226c in fork_trampoline () at /usr/src/sys/i386/i386/exceptio=
n.s:208
> > (kgdb)=20
> >=20
> > More information (pkg_info, ps output, etc.):
> >=20
> > http://www.prolixium.com/share/txt/freebsd/ipv6/
> >=20
> > pf.conf can be provided, if needed.
>=20
> --=20
> Ruslan Ermilov
> ru at FreeBSD.org
> FreeBSD committer
>=20
--=20
Mark Kamichoff
prox at prolixium.com
http://prolixium.com/
Rensselaer Polytechnic Institute, Class of 2004
--liOOAslEiF7prFVr
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iD8DBQFFcHcK0TYC9KtF8BMRAmO/AJ9C0wVvwiO7tY1aFgZTcSbGhnqiGwCfTJLa
ae6cVF4aMiz5ValqjVxYwkw=
=KNhl
-----END PGP SIGNATURE-----
--liOOAslEiF7prFVr--
More information about the freebsd-bugs
mailing list