From owner-freebsd-net@FreeBSD.ORG Thu May 12 05:47:41 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6EB3B16A4CE for ; Thu, 12 May 2005 05:47:41 +0000 (GMT) Received: from mail-relay1.yahoo.com (mail-relay1.yahoo.com [216.145.48.34]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3841143D70 for ; Thu, 12 May 2005 05:47:41 +0000 (GMT) (envelope-from gnn@neville-neil.com) Received: from minion.local.neville-neil.com (proxy7.corp.yahoo.com [216.145.48.98])j4C5le7C065493; Wed, 11 May 2005 22:47:40 -0700 (PDT) Date: Thu, 12 May 2005 01:47:44 -0400 Message-ID: From: gnn@freebsd.org To: JINMEI Tatuya / =?ISO-2022-JP?B?GyRCP0BMQEMjOkgbKEI=?= In-Reply-To: References: User-Agent: Wanderlust/2.12.0 (Your Wildest Dreams) SEMI/1.14.6 (Maruoka) FLIM/1.14.6 (Marutamachi) APEL/10.6 Emacs/21.3.50 (powerpc-apple-darwin7.7.0) MULE/5.0 (SAKAKI) MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka") Content-Type: text/plain; charset=US-ASCII cc: freebsd-net@freebsd.org Subject: Re: Page Fault in in6_purgeaddr X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 May 2005 05:47:41 -0000 At Thu, 12 May 2005 12:49:30 +0900, jinmei wrote: > > >>>>> On Wed, 11 May 2005 15:21:49 -0700, > >>>>> "Mark Klein" said: > > > I've recently been experiencing a panic that has quickly grown > > beyond my capabilities to debug. Any help is greatly appreciated. > > > Please see: > > > http://www.dis.com/freebsd.1.html > > I cannot reach the web site. If possible, could you post the details > to the mailing list? > I was able to reach the web site. The information is at the end of this email. Later, George (kgdb) bt #0 dumpsys () at /usr/src/sys/kern/kern_shutdown.c:487 #1 0xc0244ca7 in boot (howto=0x104) at /usr/src/sys/kern/kern_shutdown.c:316 #2 0xc02450cc in poweroff_wait (junk=0xc0472d6c, howto=0xc047286f) at /usr/src/sys/kern/kern_shutdown.c:595 #3 0xc03d6a7e in trap_fatal (frame=0xc047bfa4, eva=0x10) at /usr/src/sys/i386/i386/trap.c:974 #4 0xc03d6751 in trap_pfault (frame=0xc047bfa4, usermode=0x0, eva=0x10) at /usr/src/sys/i386/i386/trap.c:867 #5 0xc03d630f in trap (frame={tf_fs = 0x10, tf_es = 0x10, tf_ds = 0x10, tf_edi = 0x1, tf_esi = 0x0, tf_ebp = 0xc047c03c, tf_isp = 0xc047bfd0, tf_ebx = 0x0, tf_edx = 0x20, tf_ecx = 0xb71, tf_eax = 0x0, tf_trapno = 0xc, tf_err = 0x0, tf_eip = 0xc038a63a, tf_cs = 0x8, tf_eflags = 0x10246, tf_esp = 0xc6219ac0, tf_ss = 0xc}) at /usr/src/sys/i386/i386/trap.c:466 #6 0xc038a63a in vnode_pager_generic_putpages (vp=0xc6219ac0, m=0xc047c0dc, bytecount=0x1000, flags=0xc, rtvals=0xc047c0ac) at /usr/src/sys/vm/vnode_pager.c:1034 #7 0xc0373b92 in ffs_putpages (ap=0xc047c070) at /usr/src/sys/ufs/ufs/ufs_readwrite.c:757 #8 0xc038a496 in vnode_pager_putpages (object=0xc63bb78c, m=0xc047c0dc, count=0x1, sync=0xc, rtvals=0xc047c0ac) at vnode_if.h:1147 #9 0xc0387414 in vm_pageout_flush (mc=0xc047c0dc, count=0x1, flags=0xc) at /usr/src/sys/vm/vm_pager.h:147 #10 0xc03849a6 in vm_object_page_collect_flush (object=0xc63bb78c, p=0xc08d21c4, curgeneration=0xa, pagerflags=0xc) at /usr/src/sys/vm/vm_object.c:806 #11 0xc03845a9 in vm_object_page_clean (object=0xc63bb78c, start=0x0, end=0x0, flags=0x4) at /usr/src/sys/vm/vm_object.c:605 #12 0xc0274b3d in vfs_msync (mp=0xc0d00600, flags=0x2) at /usr/src/sys/kern/vfs_subr.c:2731 #13 0xc0275b30 in sync (p=0xc04fa380, uap=0x0) at /usr/src/sys/kern/vfs_syscalls.c:582 #14 0xc0244a42 in boot (howto=0x100) at /usr/src/sys/kern/kern_shutdown.c:235 #15 0xc02450cc in poweroff_wait (junk=0xc0472d6c, howto=0xc047286f) at /usr/src/sys/kern/kern_shutdown.c:595 #16 0xc03d6a7e in trap_fatal (frame=0xc047c330, eva=0xe00cb362) at /usr/src/sys/i386/i386/trap.c:974 #17 0xc03d6751 in trap_pfault (frame=0xc047c330, usermode=0x0, eva=0xe00cb362) at /usr/src/sys/i386/i386/trap.c:867 #18 0xc03d630f in trap (frame={tf_fs = 0x10, tf_es = 0x10, tf_ds = 0x10, tf_edi = 0xe00cb340, tf_esi = 0xe00cb340, tf_ebp = 0xc047c378, tf_isp = 0xc047c35c, tf_ebx = 0xc04e1082, tf_edx = 0x5, tf_ecx = 0x4, tf_eax = 0x41, tf_trapno = 0xc, tf_err = 0x0, tf_eip = 0xc0290911, tf_cs = 0x8, tf_eflags = 0x10206, tf_esp = 0xc0cc7400, tf_ss = 0xc0cc7400}) at /usr/src/sys/i386/i386/trap.c:466 #19 0xc0290911 in if_name (ifp=0xe00cb340) at /usr/src/sys/net/net_osdep.c:62 #20 0xc02c5281 in in6_purgeaddr (ifa=0xc0cc7400) at /usr/src/sys/netinet6/in6.c:1186 #21 0xc02d4dfc in nd6_timer (ignored_arg=0x0) at /usr/src/sys/netinet6/nd6.c:584 #22 0xc024ad7d in softclock () at /usr/src/sys/kern/kern_timeout.c:131 #23 0xc03c97d3 in doreti_swi () (kgdb) frame 20 #20 0xc02c5281 in in6_purgeaddr (ifa=0xc0cc7400) at /usr/src/sys/netinet6/in6.c:1186 1186 log(LOG_ERR, "in6_purgeaddr: failed to remove " (kgdb) list 1158 /* 1159 * XXX: if a change of an existing address failed, keep the entry 1160 * anyway. 1161 */ 1162 if (hostIsNew) 1163 in6_unlink_ifa(ia, ifp); 1164 return(error); 1165 } 1166 1167 void 1168 in6_purgeaddr(ifa) 1169 struct ifaddr *ifa; 1170 { 1171 struct ifnet *ifp = ifa->ifa_ifp; 1172 struct in6_ifaddr *ia = (struct in6_ifaddr *) ifa; 1173 1174 /* stop DAD processing */ 1175 nd6_dad_stop(ifa); 1176 1177 /* 1178 * delete route to the destination of the address being purged. 1179 * The interface must be p2p or loopback in this case. 1180 */ 1181 if ((ia->ia_flags & IFA_ROUTE) != 0 && ia->ia_dstaddr.sin6_len != 0) { 1182 int e; 1183 1184 if ((e = rtinit(&(ia->ia_ifa), (int)RTM_DELETE, RTF_HOST)) 1185 != 0) { 1186 log(LOG_ERR, "in6_purgeaddr: failed to remove " 1187 "a route to the p2p destination: %s on %s, " 1188 "errno=%d\n", 1189 ip6_sprintf(&ia->ia_addr.sin6_addr), if_name(ifp), 1190 e); 1191 /* proceed anyway... */ 1192 } rtinit returned a non-zero status and is trying to log the error. if_name has caused the panic due to an invalid ifp. (kgdb) p *(struct ifaddr *) 0xc0cc7400 $24 = {ifa_addr = 0xc0cc747c, ifa_dstaddr = 0xc0cc74b4, ifa_netmask = 0xc0cc74d0, if_data = {ifi_type = 0x0, ifi_physical = 0x0, ifi_addrlen = 0x0, ifi_hdrlen = 0x0, ifi_recvquota = 0x0, ifi_xmitquota = 0x0, ifi_do_not_use = 0x0, ifi_datalen = 0x0, ifi_mtu = 0x0, ifi_metric = 0x0, ifi_baudrate = 0x0, ifi_ipackets = 0x0, ifi_ierrors = 0x0, ifi_opackets = 0x0, ifi_oerrors = 0x0, ifi_collisions = 0x0, ifi_ibytes = 0x0, ifi_obytes = 0x0, ifi_imcasts = 0x0, ifi_omcasts = 0x0, ifi_iqdrops = 0x0, ifi_noproto = 0x0, ifi_hwassist = 0x32510000, ifi_unused = 0xcde15366, ifi_lastchange = {tv_sec = 0xfcc0, tv_usec = 0x0}}, ifa_ifp = 0xe00cb340, ifa_link = {tqe_next = 0x3d928485, tqe_prev = 0xc0cd5ceb}, ifa_rtrequest = 0xc02d5408 , ifa_flags = 0x1, ifa_refcnt = 0x3, ifa_metric = 0x0, ifa_claim_addr = 0} (kgdb) p in6_addr No symbol "in6_addr" in current context. (kgdb) p in6_ifaddr $25 = (struct in6_ifaddr *) 0xc0cc7400 (kgdb) So, this is the first entry and it has expired. The ifa_ifp value is corrupted. This is quickly beyond my knowledge of networking. Any idea what might be going on? This is a remote machine, so I will have a hard time of trying to set it up for realtime debugging of the kernel until I can get back onsite. This has only recently started. It happened with 4.10 and I recently updated to 4.11 to see if it was fixed in that release. Please note that we ran for quite a while with 4.10 without this happening. Any suggestions are welcome! Thanks! Mark