Summary: | Panic in IPv6 stack - 0xc0d0b1fc is in ip6_input (/usr/src/sys/netinet6/ip6_input.c:702) | ||
---|---|---|---|
Product: | Base System | Reporter: | Tim Bishop <tdb> |
Component: | kern | Assignee: | Andrey V. Elsukov <ae> |
Status: | Closed FIXED | ||
Severity: | Affects Only Me | CC: | ae |
Priority: | --- | ||
Version: | 10.1-STABLE | ||
Hardware: | i386 | ||
OS: | Any |
Description
Tim Bishop
![]() ![]() I've confirmed the same issue occurs on stable/9 as well as stable/10. It used to be fine on stable/7 which is what I was using prior to this update. I haven't tested stable/8. However, I've just tried head and so far it looks like this issue is fixed there. There have been a number of changes to the file where the problem occurred, specifically r274300. It'd be good to get these changes MFCed to stable/10 if possible. (In reply to Tim Bishop from comment #0) > Kernel panic (triggered by receiving an IPv6 ping!). Running stable/10 > r277643. System has a tun0 device controlled by ppp and a gif device > tunnelled over that connection for IPv6. Can you show ifconfig output of your configuration? (In reply to Andrey V. Elsukov from comment #2) > Can you show ifconfig output of your configuration? I've got the machine running HEAD (still no problems since my comment #0), but from console logs I can see the following (IPs anonymised): vr0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=8284b<RXCSUM,TXCSUM,VLAN_MTU,POLLING,WOL_UCAST,WOL_MAGIC,LINKSTATE> ether 00:00:24:cb:15:b8 inet6 fe80::200:24ff:fecb:15b8%vr0 prefixlen 64 scopeid 0x1 nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> media: Ethernet autoselect (100baseTX <full-duplex>) status: active vr1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=8284b<RXCSUM,TXCSUM,VLAN_MTU,POLLING,WOL_UCAST,WOL_MAGIC,LINKSTATE> ether 00:00:24:cb:15:b9 inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255 inet6 fe80::200:24ff:fecb:15b9%vr1 prefixlen 64 scopeid 0x2 inet6 1:1::1 prefixlen 64 inet 1.1.1.198 netmask 0xfffffff8 broadcast 1.1.1.199 nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> media: Ethernet autoselect (100baseTX <full-duplex>) status: active vr2: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=8284b<RXCSUM,TXCSUM,VLAN_MTU,POLLING,WOL_UCAST,WOL_MAGIC,LINKSTATE> ether 00:00:24:cb:15:ba inet 192.168.2.1 netmask 0xffffff00 broadcast 192.168.2.255 inet6 fe80::200:24ff:fecb:15ba%vr2 prefixlen 64 scopeid 0x3 inet6 1:2::1 prefixlen 64 nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> media: Ethernet autoselect (none) status: no carrier vr3: flags=8802<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=8280b<RXCSUM,TXCSUM,VLAN_MTU,WOL_UCAST,WOL_MAGIC,LINKSTATE> ether 00:00:24:cb:15:bb nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> media: Ethernet autoselect pflog0: flags=141<UP,RUNNING,PROMISC> metric 0 mtu 33200 nd6 options=9<PERFORMNUD,IFDISABLED> lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384 options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6> inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x8 inet 127.0.0.1 netmask 0xff000000 nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> gif0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1280 tunnel inet 1.1.1.198 --> 1.1.1.126 inet6 fe80::200:24ff:fecb:15b8%gif0 prefixlen 64 scopeid 0x9 inet6 1:73::2 --> 1:73::1 prefixlen 128 nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> options=1<ACCEPT_REV_ETHIP_VER> tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1492 options=80000<LINKSTATE> inet 1.1.1.198 --> 1.1.1.27 netmask 0xffffffff nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> Opened by PID 838 tun0 is a ppp managed link using PPPoE over vr0. gif0 is an IPv6 tunnel which goes out over the tun0 connection. vr1 and vr2 are internal networking. r274300 is very dangerous for merging to stable/10. Can you try this patch instead? It disables LLE operations for tunneling interfaces, and therefore ip6_input() will go through another code path for such packets. Index: in6.c =================================================================== --- in6.c (revision 279514) +++ in6.c (working copy) @@ -155,6 +155,8 @@ in6_ifaddloop(struct ifaddr *ifa) ia = ifa2ia6(ifa); ifp = ifa->ifa_ifp; + if (nd6_need_cache(ifp) == 0) + return; IF_AFDATA_LOCK(ifp); ifa->ifa_rtrequest = nd6_rtrequest; ln = lla_lookup(LLTABLE6(ifp), (LLE_CREATE | LLE_IFADDR | Index: nd6.c =================================================================== --- nd6.c (revision 279514) +++ nd6.c (working copy) @@ -2185,9 +2185,6 @@ nd6_need_cache(struct ifnet *ifp) case IFT_IEEE80211: #endif case IFT_INFINIBAND: - case IFT_GIF: /* XXX need more cases? */ - case IFT_PPP: - case IFT_TUNNEL: case IFT_BRIDGE: case IFT_PROPVIRTUAL: return (1); (In reply to Andrey V. Elsukov from comment #4) Sorry, I can't at the moment since the machine is now running HEAD, so I'd have to do a complete rebuild including packages. If I do get a chance I'll report back though. (In reply to Andrey V. Elsukov from comment #4) I've just tested this patch on stable/10 r280197. I can confirm that without the patch I get a panic, and with the patch I don't. That suggests this fixes the problem. I will continue to run with the patch just to make sure there aren't any side effects. A commit references this bug: Author: ae Date: Wed Apr 22 20:42:18 UTC 2015 New revision: 281868 URL: https://svnweb.freebsd.org/changeset/base/281868 Log: MFC r274988 (with modification): Skip L2 addresses lookups for tunneling interfaces. PR: 197286 Changes: _U stable/10/ _U stable/10/sys/gnu/dts/ stable/10/sys/netinet6/in6.c stable/10/sys/netinet6/nd6.c A commit references this bug: Author: ae Date: Wed Apr 22 20:48:57 UTC 2015 New revision: 281869 URL: https://svnweb.freebsd.org/changeset/base/281869 Log: MFC r274988 (with modification): Skip L2 addresses lookups for tunneling interfaces. PR: 197286 Changes: _U stable/9/sys/ _U stable/9/sys/amd64/include/xen/ _U stable/9/sys/boot/ _U stable/9/sys/boot/forth/ _U stable/9/sys/boot/i386/efi/ _U stable/9/sys/boot/i386/gptboot/ _U stable/9/sys/boot/ia64/efi/ _U stable/9/sys/boot/ia64/ski/ _U stable/9/sys/boot/powerpc/boot1.chrp/ _U stable/9/sys/boot/powerpc/ofw/ _U stable/9/sys/cddl/contrib/opensolaris/ _U stable/9/sys/conf/ _U stable/9/sys/contrib/dev/acpica/ _U stable/9/sys/contrib/dev/run/ _U stable/9/sys/contrib/octeon-sdk/ _U stable/9/sys/contrib/pf/ _U stable/9/sys/contrib/x86emu/ _U stable/9/sys/dev/ _U stable/9/sys/dev/e1000/ _U stable/9/sys/dev/isp/ _U stable/9/sys/dev/ixgbe/ _U stable/9/sys/dev/puc/ _U stable/9/sys/dev/usb/wlan/if_run.c _U stable/9/sys/dev/usb/wlan/if_runreg.h _U stable/9/sys/fs/ _U stable/9/sys/fs/ntfs/ _U stable/9/sys/modules/ _U stable/9/sys/modules/ixgbe/ _U stable/9/sys/modules/svr4/ _U stable/9/sys/net/ stable/9/sys/netinet6/in6.c stable/9/sys/netinet6/nd6.c _U stable/9/sys/netpfil/ _U stable/9/sys/sys/ Fixed in stable/9 and stable/10. Thanks! |