[Bug 227654] [panic] repeatable crash with IPv6+lagg+vlan+em

bugzilla-noreply at freebsd.org bugzilla-noreply at freebsd.org
Fri Apr 20 23:19:42 UTC 2018 

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=227654

--- Comment #2 from Eugene Grosbein <eugen at freebsd.org> ---
Created attachment 192690
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=192690&action=edit
debugging patch for single user only

Forgot to note that my kernel has VIMAGE too.

I've reproduced this with my home desktop that has serial console, so I've
digged this a bit deeper suspecting that curvnet may be not initialized.
I've added some debugging output, the diff is attached.

KASSERT did not catch this for unknown reason, so it's commented out.

Anyway, curvnet occured to be zero, so any attempt to use V_link_pfil_hook
dereferences NULL producing this panic:

ether_output_frame: vlan61: curvnet 0
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe0453d37780
ether_output() at ether_output+0x64c/frame 0xfffffe0453d37820
arprequest() at arprequest+0x443/frame 0xfffffe0453d37920
arp_ifinit() at arp_ifinit+0x58/frame 0xfffffe0453d37960
arp_handle_ifllchange() at arp_handle_ifllchange+0x3d/frame 0xfffffe0453d37980
if_setlladdr() at if_setlladdr+0x21e/frame 0xfffffe0453d379e0
taskqueue_run_locked() at taskqueue_run_locked+0x14c/frame 0xfffffe0453d37a40
taskqueue_thread_loop() at taskqueue_thread_loop+0x88/frame 0xfffffe0453d37a70
fork_exit() at fork_exit+0x84/frame 0xfffffe0453d37ab0
fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe0453d37ab0
--- trap 0, rip = 0, rsp = 0, rbp = 0 ---


Fatal trap 12: page fault while in kernel mode
cpuid = 3; apic id = 03
fault virtual address   = 0x28
fault code              = supervisor read data, page not present
instruction pointer     = 0x20:0xffffffff80aca683
stack pointer           = 0x28:0xfffffe0453d37790
frame pointer           = 0x28:0xfffffe0453d37820
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 0 (thread taskq)
trap number             = 12
p

-- 
You are receiving this mail because:
You are on the CC list for the bug.

More information about the freebsd-stable mailing list