kern/172963: Kernel panic in udp_input()

[Charbon, Julien]

The following reply was made to PR kern/172963; it has been noted by GNATS.

From: "Charbon, Julien" <jcharbon at verisign.com>
To: bug-followup at FreeBSD.org
Cc:  
Subject: Re: kern/172963: Kernel panic in udp_input()
Date: Fri, 26 Oct 2012 13:54:38 +0200

   I confirm that this race condition is also present in IPv6 UDP code 
 (Not a surprise as FreeBSD UDP v4 and v6 codes are pretty symmetric), 
 and below the stack trace:
 
 Fatal trap 12: page fault while in kernel mode
 cpuid = 7; apic id = 22
 fault virtual address   = 0x7
 fault code              = supervisor read data, page not present
 instruction pointer     = 0x20:0xffffffff807b60be
 stack pointer           = 0x28:0xffffffa41c83e510
 frame pointer           = 0x28:0xffffffa41c83e5a0
 code segment            = base 0x0, limit 0xfffff, type 0x1b
                          = DPL 0, pres 1, long 1, def32 0, gran 1
 processor eflags        = interrupt enabled, resume, IOPL = 0
 current process         = 12 (irq291: ix1:que 7)
 trap number             = 12
 panic: page fault
 cpuid = 7
 KDB: stack backtrace:
 #0 0xffffffff80642b3e at kdb_backtrace+0x5e
 #1 0xffffffff8060fd57 at panic+0x187
 #2 0xffffffff80905990 at trap_fatal+0x290
 #3 0xffffffff80905ce1 at trap_pfault+0x201
 #4 0xffffffff8090619f at trap+0x3df
 #5 0xffffffff808ed674 at calltrap+0x8
 #6 0xffffffff807b6986 at ip6_savecontrol+0x36
 #7 0xffffffff807cd5c0 at udp6_append+0x60
 #8 0xffffffff807ce99d at udp6_input+0x63d
 #9 0xffffffff807b76bf at ip6_input+0xb4f
 #10 0xffffffff806cb23e at netisr_dispatch_src+0x7e
 #11 0xffffffff806c12dd at ether_demux+0x14d
 #12 0xffffffff806c16e7 at ether_input+0x197
 #13 0xffffffff806c11ff at ether_demux+0x6f
 #14 0xffffffff806c16e7 at ether_input+0x197
 #15 0xffffffff803e3d8b at ixgbe_rxeof+0x1eb
 #16 0xffffffff803e4578 at ixgbe_msix_que+0xa8
 #17 0xffffffff805e7794 at intr_event_execute_handlers+0x104
 
 --
 Julien