[Bug 202351] [ip6] [panic] Kernel panic in ip6_forward (different from 128247, 131038)

bugzilla-noreply at freebsd.org bugzilla-noreply at freebsd.org
Sat Aug 15 19:12:50 UTC 2015 

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=202351

            Bug ID: 202351
           Summary: [ip6] [panic] Kernel panic in ip6_forward (different
                    from 128247, 131038)
           Product: Base System
           Version: 10.2-RELEASE
          Hardware: amd64
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: kern
          Assignee: freebsd-bugs at FreeBSD.org
          Reporter: dennis.noordsij at helsinki.fi

Since upgrading to 10.2-RELEASE I am experiencing regular (every few hours)
kernel panics.

>From reading bug reports 128246 and 131038 I think it is not the same bug,
especially since those 2 should have been patched already.

Please let me know which information, if any, is needed from for example
/var/crash/core.txt.0. This is not a mission critical system, so I am happy to
try out patches or perform other tests. 


Some notes:

- System is a Xeon E3-1220v3, Supermicro X10-something motherboard, 16GB ECC
RAM.
- I use a custom kernel with as only difference ROUTETABLES=6
- Main network interface is igb0
- bridge0 exists for tap0+igb0 for bhyve (using iohyve for setup) with a
FreeBSD guest (which otherwise itself works fine).
- I don't actually (explicitly) use ip6 for anything, nor have any specific ip6
rules in pf.conf




Highlights:

Fatal trap 12: page fault while in kernel mode
cpuid = 3; apic id = 06
fault virtual address   = 0x28
fault code      = supervisor read data, page not present
instruction pointer = 0x20:0xffffffff809ff8db
stack pointer           = 0x28:0xfffffe0000270f90
frame pointer           = 0x28:0xfffffe0000270fa0
code segment        = base 0x0, limit 0xfffff, type 0x1b
            = DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags    = interrupt enabled, resume, IOPL = 0
current process     = 12 (irq269: igb0:que 3)
trap number     = 12
panic: page fault
cpuid = 3
KDB: stack backtrace:
#0 0xffffffff80984e30 at kdb_backtrace+0x60
#1 0xffffffff809489e6 at vpanic+0x126
#2 0xffffffff809488b3 at panic+0x43
#3 0xffffffff80d4aadb at trap_fatal+0x36b
#4 0xffffffff80d4addd at trap_pfault+0x2ed
#5 0xffffffff80d4a47a at trap+0x47a
#6 0xffffffff80d307f2 at calltrap+0x8
#7 0xffffffff80989cbc at kvprintf+0xf9c
#8 0xffffffff8098a71d at _vprintf+0x8d
#9 0xffffffff80988a1c at log+0x5c
#10 0xffffffff80b15f97 at ip6_forward+0x107
#11 0xffffffff8203460e at pf_refragment6+0x16e
#12 0xffffffff820263b4 at pf_test6+0x1044
#13 0xffffffff8202e2cd at pf_check6_out+0x4d
#14 0xffffffff80a18634 at pfil_run_hooks+0x84
#15 0xffffffff81d2e798 at bridge_pfil+0x218
#16 0xffffffff81d2f5be at bridge_broadcast+0xde
#17 0xffffffff81d2f3ef at bridge_forward+0x20f



With line numbers:

#12 0xffffffff80b15f97 in ip6_forward (m=0xfffff8000bff8c00,
    srcrt=<value optimized out>) at /usr/src/sys/netinet6/ip6_forward.c:142
#13 0xffffffff8203460e in pf_refragment6 (ifp=<value optimized out>,
    m0=<value optimized out>, mtag=<value optimized out>)
    at /usr/src/sys/modules/pf/../../netpfil/pf/pf_norm.c:1158
#14 0xffffffff820263b4 in pf_test6 (dir=<value optimized out>,
    ifp=0xfffff8000f299000, m0=0xfffffe0000271608, inp=<value optimized out>)
    at /usr/src/sys/modules/pf/../../netpfil/pf/pf.c:6453
#15 0xffffffff8202e2cd in pf_check6_out (arg=<value optimized out>,
    m=0xfffffe0000271608, ifp=0xfffff8000f299000, dir=<value optimized out>,
    inp=0x0) at /usr/src/sys/modules/pf/../../netpfil/pf/pf_ioctl.c:3616
#16 0xffffffff80a18634 in pfil_run_hooks (ph=0xffffffff8168e6d0,
    mp=0xfffffe0000271720, ifp=0xfffff8000f299000, dir=2, inp=0x0)
    at /usr/src/sys/net/pfil.c:82
#17 0xffffffff81d2e798 in bridge_pfil (mp=0xfffffe0000271720,
    bifp=0xfffff8000f299000, ifp=0x0, dir=2)
    at /usr/src/sys/modules/if_bridge/../../net/if_bridge.c:3210
#18 0xffffffff81d2f5be in bridge_broadcast (sc=0xfffff80011b58800,
    src_if=0xfffff80007656000, m=0xfffff80020c52300, runfilt=1)
    at /usr/src/sys/modules/if_bridge/../../net/if_bridge.c:2456
#19 0xffffffff81d2f3ef in bridge_forward (sc=0xfffff80011b58800,
    sbif=<value optimized out>, m=0xfffff80020c52300)
    at /usr/src/sys/modules/if_bridge/../../net/if_bridge.c:2178
#20 0xffffffff81d2d93c in bridge_input (ifp=<value optimized out>,
    m=0xfffff8004a00d100)
    at /usr/src/sys/modules/if_bridge/../../net/if_bridge.c:2298
#21 0xffffffff80a0f77a in ether_nh_input (m=<value optimized out>)
    at /usr/src/sys/net/if_ethersubr.c:607
#22 0xffffffff80a177d2 in netisr_dispatch_src (proto=<value optimized out>,
    source=<value optimized out>, m=0x28) at /usr/src/sys/net/netisr.c:976
#23 0xffffffff804f715c in igb_rxeof (count=98)
    at /usr/src/sys/dev/e1000/if_igb.c:4808
#24 0xffffffff804f7801 in igb_msix_que (arg=0xfffff80007645b38)
    at /usr/src/sys/dev/e1000/if_igb.c:1621
#25 0xffffffff8091482b in intr_event_execute_handlers (
    p=<value optimized out>, ie=0xfffff80007672400)
    at /usr/src/sys/kern/kern_intr.c:1264
#26 0xffffffff80914c76 in ithread_loop (arg=0xfffff8000767cac0)
    at /usr/src/sys/kern/kern_intr.c:1277
#27 0xffffffff8091244a in fork_exit (
    callout=0xffffffff80914be0 <ithread_loop>, arg=0xfffff8000767cac0,
    frame=0xfffffe0000271ac0) at /usr/src/sys/kern/kern_fork.c:1018
#28 0xffffffff80d30d2e in fork_trampoline ()
    at /usr/src/sys/amd64/amd64/exception.S:611
#29 0x0000000000000000 in ?? ()

-- 
You are receiving this mail because:
You are the assignee for the bug.

More information about the freebsd-bugs mailing list