Date: Mon, 06 Sep 2004 09:59:39 +0200 From: Andreas Kohn <andreas.kohn@gmx.net> To: freebsd-current@freebsd.org Cc: Robert Watson <rwatson@freebsd.org> Subject: Re: Panic (Page fault) related to ipv6? [softclock, nd6_timer, in6_purgeaddr, in6_unlink_ifa] Message-ID: <1094457578.1787.18.camel@klamath.ankon.de.eu.org> In-Reply-To: <1094432328.878.7.camel@klamath.ankon.de.eu.org> References: <1094432328.878.7.camel@klamath.ankon.de.eu.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--=-6rJOoX/tXyDN7VTTqQHb Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable On Mon, 2004-09-06 at 02:58, Andreas Kohn wrote: > Hi, >=20 > just got this panic, perhaps someone is interested. Happened when > reading a probably damaged CD, don't know if that is related (didn't > look so in the backtrace). >=20 > System is FreeBSD klamath.ankon.de.eu.org 6.0-CURRENT FreeBSD > 6.0-CURRENT #16: Sun Sep 5 12:18:47 CEST 2004 =20 > root@klamath.ankon.de.eu.org:/usr/obj/usr/src/sys/KLAMATH i386, > sources from around ~0900. >=20 > Kernel config contains IPV6, IPSEC (so no mpsafenet), ULE, and the > default setting for PREEMPTION (i didn't set any), no WITNESS or > INVARIANTS, but makeoptions DEBUG=3D-g. >=20 > Here it is: > ----- >=20 > Fatal trap 12: page fault while in kernel mode > fault virtual address =3D 0x1 > fault code =3D supervisor write, page not present > instruction pointer =3D 0x8:0xc05e5f12 > stack pointer =3D 0x10:0xcbf1dc0c > frame pointer =3D 0x10:0xcbf1dc28 > code segment =3D base 0x0, limit 0xfffff, type 0x1b > =3D DPL 0, pres 1, def32 1, gran 1 > processor eflags =3D interrupt enabled, resume, IOPL =3D 0 > current process =3D 27 (swi5: clock sio) > trap number =3D 12 > panic: page fault >=20 >=20 >=20 > (kgdb) bt full > #0 doadump () at pcpu.h:159 > #1 0xc051b576 in boot (howto=3D260) at > #2 0xc051bcf7 in panic (fmt=3D0xc0708284 "%s") > #3 0xc06de456 in trap_fatal (frame=3D0xcbf1dbcc, eva=3D1) > #4 0xc06de6fb in trap_pfault (frame=3D0xcbf1dbcc, usermode=3D0, eva=3D1) > #5 0xc06deaf5 in trap (frame=3D > #6 0xc06d019a in calltrap () at /usr/src/sys/i386/i386/exception.s:140 > #7 0x00000018 in ?? () > #8 0x00000010 in ?? () > #9 0x00000010 in ?? () > #10 0xc1df0000 in ?? () > #11 0xffffffff in ?? () > #12 0xcbf1dc28 in ?? () > #13 0xcbf1dbf8 in ?? () > #14 0xc1df0000 in ?? () > #15 0xc1cd5200 in ?? () > #16 0xc1df0000 in ?? () > #17 0x00000001 in ?? () > #18 0x0000000c in ?? () > #19 0x00000002 in ?? () > #20 0xc05e5f12 in in6_unlink_ifa (ia=3D0x0, ifp=3D0xc1df0000) > #21 0xc05e615d in in6_purgeaddr (ifa=3D0xc1df0000) > #22 0xc06019bf in nd6_timer (ignored_arg=3D0x0) > #23 0xc052ab55 in softclock (dummy=3D0x0) at > #24 0xc0502229 in ithread_loop (arg=3D0xc18f8580) > #25 0xc0500f82 in fork_exit (callout=3D0xc0502170 <ithread_loop>, arg=3D0= x0, > #26 0xc06d01fc in fork_trampoline () at Okay, I read the thread on http://lists.freebsd.org/pipermail/freebsd-current/2004-September/036475.ht= ml (5.3-BETA3 panic, probably IPv6+SMP+mpsafenet related; rwatson CC'd), as= well as http://www.freebsd.org/cgi/query-pr.cgi?pr=3D70393 (similar panic = with PF). I don't have PF compiled into my kernel or loaded as module, and use ipfw2 only. This machine uses IPv6, but I don't need IPSEC currently and could remove it from the kernel configuration. I will try to apply both Robert Watson's patch and the patch from the PR, but as I don't know how to reproduce the panic it will be rather difficult to say if it is gone after patching. Just guessing here, but find below the values of *ifp. One thing I noticed and which puzzles me a little...is it pure coincidence that frame #16 has the same address listed as ifp? Regards, -- Andreas ----- #15 0xc1cd5200 in ?? () #16 0xc1df0000 in ?? () #17 0x00000001 in ?? () #18 0x0000000c in ?? () #19 0x00000002 in ?? () #20 0xc05e5f12 in in6_unlink_ifa (ia=3D0x0, ifp=3D0xc1df0000) at /usr/src/sys/netinet6/in6.c:1157 #21 0xc05e615d in in6_purgeaddr (ifa=3D0xc1df0000) at /usr/src/sys/netinet6/in6.c:1146 #22 0xc06019bf in nd6_timer (ignored_arg=3D0x0) at /usr/src/sys/netinet6/nd6.c:562 #23 0xc052ab55 in softclock (dummy=3D0x0) at /usr/src/sys/kern/kern_timeout.c:259 #24 0xc0502229 in ithread_loop (arg=3D0xc18f8580) at /usr/src/sys/kern/kern_intr.c:547 #25 0xc0500f82 in fork_exit (callout=3D0xc0502170 <ithread_loop>, arg=3D0x0= , frame=3D0x0) at /usr/src/sys/kern/kern_fork.c:807 #26 0xc06d01fc in fork_trampoline () at /usr/src/sys/i386/i386/exception.s:209 (kgdb) frame 20 #20 0xc05e5f12 in in6_unlink_ifa (ia=3D0x0, ifp=3D0xc1df0000) at /usr/src/sys/netinet6/in6.c:1157 1157 TAILQ_REMOVE(&ifp->if_addrlist, &ia->ia_ifa, ifa_list); (kgdb) p *ifp $1 =3D {if_softc =3D 0xc1d7eaa0, if_link =3D {tqe_next =3D 0xc1cc0330,=20 tqe_prev =3D 0x0},=20 if_xname =3D "\000\000\000\000\000\000\000\000\020\200\216=C1 mt=C0",=20 if_dname =3D 0xc1cd5880 "\037", if_dunit =3D 2, if_addrhead =3D {tqh_firs= t =3D 0x0,=20 tqh_last =3D 0x0}, if_klist =3D {kl_lock =3D 0x0, kl_list =3D {slh_firs= t =3D 0x0}},=20 if_pcount =3D 0, if_carp =3D 0x0, if_bpf =3D 0x0, if_index =3D 0, if_time= r =3D 0,=20 if_nvlans =3D 60132, if_flags =3D -1042816820, if_capabilities =3D 1,=20 if_capenable =3D -1039976912, if_linkmib =3D 0x3, if_linkmiblen =3D 3247342376,=20 if_data =3D {ifi_type =3D 96 '`', ifi_physical =3D 16 '\020',=20 ifi_addrlen =3D 117 'u', ifi_hdrlen =3D 192 '=C0', ifi_link_state =3D 0 '\0',=20 ifi_recvquota =3D 82 'R', ifi_xmitquota =3D 205 '=CD', ifi_datalen =3D = 193 '=C1',=20 ifi_mtu =3D 1, ifi_metric =3D 3254990384, ifi_baudrate =3D 0, ifi_ipack= ets =3D 0,=20 ifi_ierrors =3D 0, ifi_opackets =3D 0, ifi_oerrors =3D 1, ifi_collision= s =3D 0,=20 ifi_ibytes =3D 0, ifi_obytes =3D 3252151496, ifi_imcasts =3D 3252153196= ,=20 ifi_omcasts =3D 2, ifi_iqdrops =3D 3253484064, ifi_noproto =3D 3,=20 ifi_hwassist =3D 3247345724, ifi_unused =3D 3228881728, ifi_lastchange = =3D { tv_sec =3D -1043507072, tv_usec =3D 1}}, if_multiaddrs =3D {tqh_first= =3D 0x0,=20 tqh_last =3D 0x0}, if_amcount =3D 0, if_output =3D 0, if_input =3D 0,=20 if_start =3D 0, if_ioctl =3D 0, if_watchdog =3D 0, if_init =3D 0xc1cc0b28= ,=20 if_resolvemulti =3D 0xc1d7ed8c, if_snd =3D {ifq_head =3D 0x1,=20 ifq_tail =3D 0xc2033630, ifq_len =3D 3, ifq_maxlen =3D -1047624740,=20 ifq_drops =3D -1066069920, ifq_mtx =3D {mtx_object =3D {lo_class =3D 0xc1cd5200,=20 lo_name =3D 0x1 <Address 0x1 out of bounds>,=20 ---Type <return> to continue, or q <return> to quit--- lo_type =3D 0xc2033630 "=E4\232t=C0=F3=D0q=C0=F3=D0q=C0", lo_flags = =3D 0, lo_list =3D { tqe_next =3D 0x0, tqe_prev =3D 0x0}, lo_witness =3D 0x0}, mtx_loc= k =3D 1,=20 mtx_recurse =3D 0}, ifq_drv_head =3D 0x0, ifq_drv_tail =3D 0xc1df0264= ,=20 ifq_drv_len =3D -1042815936, ifq_drv_maxlen =3D 1, altq_type =3D -1040411352,=20 altq_flags =3D 10, altq_disc =3D 0xc18e9018, altq_ifp =3D 0xc0751060,=20 altq_enqueue =3D 0xc1cd5880, altq_dequeue =3D 0x1, altq_request =3D 0xc1fc9528,=20 altq_clfier =3D 0x4cc0, altq_classify =3D 0, altq_tbr =3D 0x0, altq_cdn= r =3D 0x0},=20 if_broadcastaddr =3D 0x9 <Address 0x9 out of bounds>, lltables =3D 0x4cc0= , if_label =3D 0x0, if_prefixhead =3D {tqh_first =3D 0xc1d7e330,=20 tqh_last =3D 0xc1d7e83c}, if_afdata =3D {0x2, 0xc1ec38dc, 0x3, 0xc18e80e8,=20 0xc074d340, 0xc18f8e00, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc1d7e440, 0xc1cc0a18, 0x1, 0xc1b6e318, 0x1, 0xc18e807c, 0xc0751060,=20 0xc1cd5880, 0x1, 0xc1b6e318, 0x18, 0x0, 0x0, 0x0, 0x3, 0x18, 0x0,=20 0xc1d7e8c4, 0xc1cc0908, 0x1, 0xc1ec4000, 0x3},=20 if_afdata_initialized =3D -1047622292, if_afdata_mtx =3D {mtx_object =3D = { lo_class =3D 0xc0751060, lo_name =3D 0xc18f8e00 "*\001",=20 lo_type =3D 0x4 <Address 0x4 out of bounds>, lo_flags =3D 3253485568,= =20 lo_list =3D {tqe_next =3D 0x3b, tqe_prev =3D 0x0}, lo_witness =3D 0x0= },=20 mtx_lock =3D 0, mtx_recurse =3D 3}, if_starttask =3D {ta_link =3D { stqe_next =3D 0x3b}, ta_pending =3D 0, ta_priority =3D -1042814712,=20 ta_func =3D 0xc1d7ed48, ta_context =3D 0x2}} (kgdb) frame 21 #21 0xc05e615d in in6_purgeaddr (ifa=3D0xc1df0000) at /usr/src/sys/netinet6/in6.c:1146 1146 in6_unlink_ifa(ia, ifp); (kgdb) p *ifp $2 =3D {if_softc =3D 0xc058e690, if_link =3D {tqe_next =3D 0xc058eb60,=20 tqe_prev =3D 0xc058e350}, if_xname =3D "=B0=DFX=C0@=F8X=C00=E2X=C0 =E9X= =C0",=20 if_dname =3D 0x3 <Address 0x3 out of bounds>, if_dunit =3D 1, if_addrhead =3D { tqh_first =3D 0xfffffff, tqh_last =3D 0xc058fce0}, if_klist =3D {kl_loc= k =3D 0x0,=20 kl_list =3D {slh_first =3D 0x0}}, if_pcount =3D 0, if_carp =3D 0x0, if_= bpf =3D 0x0,=20 if_index =3D 0, if_timer =3D 0, if_nvlans =3D 12438, if_flags =3D -301047= 508,=20 if_capabilities =3D -1727442502, if_capenable =3D 124634137,=20 if_linkmib =3D 0x706af48f, if_linkmiblen =3D 3915621685, if_data =3D { ifi_type =3D 163 '=A3', ifi_physical =3D 149 '\225', ifi_addrlen =3D 10= 0 'd',=20 ifi_hdrlen =3D 158 '\236', ifi_link_state =3D 50 '2',=20 ifi_recvquota =3D 136 '\210', ifi_xmitquota =3D 219 '=DB',=20 ifi_datalen =3D 14 '\016', ifi_mtu =3D 2044508324, ifi_metric =3D 3772115230,=20 ifi_baudrate =3D 2547177864, ifi_ipackets =3D 162941995,=20 ifi_ierrors =3D 2125561021, ifi_opackets =3D 3887607047,=20 ifi_oerrors =3D 2428444049, ifi_collisions =3D 498536548,=20 ifi_ibytes =3D 1789927666, ifi_obytes =3D 4089016648,=20 ifi_imcasts =3D 2227061214, ifi_omcasts =3D 450548861,=20 ifi_iqdrops =3D 1843258603, ifi_noproto =3D 4107580753,=20 ifi_hwassist =3D 2211677639, ifi_unused =3D 325883990, ifi_lastchange = =3D { tv_sec =3D 1684777152, tv_usec =3D -43845254}}, if_multiaddrs =3D { tqh_first =3D 0x8a65c9ec, tqh_last =3D 0x14015c4f}, if_amcount =3D 1661365465,=20 if_output =3D 0xfa0f3d63, if_input =3D 0x8d080df5, if_start =3D 0x3b6e20c= 8,=20 if_ioctl =3D 0x4c69105e, if_watchdog =3D 0xd56041e4, if_init =3D 0xa26771= 72, ---Type <return> to continue, or q <return> to quit--- if_resolvemulti =3D 0x3c03e4d1, if_snd =3D {ifq_head =3D 0x4b04d447,=20 ifq_tail =3D 0xd20d85fd, ifq_len =3D -1526024853, ifq_maxlen =3D 901097722,=20 ifq_drops =3D 1119000684, ifq_mtx =3D {mtx_object =3D {lo_class =3D 0xdbbbc9d6,=20 lo_name =3D 0xacbcf940 <Address 0xacbcf940 out of bounds>,=20 lo_type =3D 0x32d86ce3 <Address 0x32d86ce3 out of bounds>,=20 lo_flags =3D 1172266101, lo_list =3D {tqe_next =3D 0xdcd60dcf,=20 tqe_prev =3D 0xabd13d59}, lo_witness =3D 0x26d930ac},=20 mtx_lock =3D 1373503546, mtx_recurse =3D 3369554304},=20 ifq_drv_head =3D 0xbfd06116, ifq_drv_tail =3D 0x21b4f4b5,=20 ifq_drv_len =3D 1454621731, ifq_drv_maxlen =3D -809855591,=20 altq_type =3D -1195530993, altq_flags =3D 671266974, altq_disc =3D 0x5f058808,=20 altq_ifp =3D 0xc60cd9b2, altq_enqueue =3D 0xb10be924,=20 altq_dequeue =3D 0x2f6f7c87, altq_request =3D 0x58684c11,=20 altq_clfier =3D 0xc1611dab, altq_classify =3D 0xb6662d3d,=20 altq_tbr =3D 0x76dc4190, altq_cdnr =3D 0x1db7106},=20 if_broadcastaddr =3D 0x98d220bc <Address 0x98d220bc out of bounds>,=20 lltables =3D 0xefd5102a, if_label =3D 0x71b18589, if_prefixhead =3D { tqh_first =3D 0x6b6b51f, tqh_last =3D 0x9fbfe4a5}, if_afdata =3D {0xe8b8d433,=20 0x7807c9a2, 0xf00f934, 0x9609a88e, 0xe10e9818, 0x7f6a0dbb, 0x86d3d2d,=20 0x91646c97, 0xe6635c01, 0x6b6b51f4, 0x1c6c6162, 0x856530d8, 0xf262004e,=20 0x6c0695ed, 0x1b01a57b, 0x8208f4c1, 0xf50fc457, 0x65b0d9c6, 0x12b7e950,=20 0x8bbeb8ea, 0xfcb9887c, 0x62dd1ddf, 0x15da2d49, 0x8cd37cf3, 0xfbd44c65,=20 0x4db26158, 0x3ab551ce, 0xa3bc0074, 0xd4bb30e2, 0x4adfa541, 0x3dd895d7,=20 ---Type <return> to continue, or q <return> to quit--- 0xa4d1c46d, 0xd3d6f4fb, 0x4369e96a, 0x346ed9fc, 0xad678846, 0xda60b8d0},=20 if_afdata_initialized =3D 1141124467, if_afdata_mtx =3D {mtx_object =3D { lo_class =3D 0x33031de5,=20 lo_name =3D 0xaa0a4c5f <Address 0xaa0a4c5f out of bounds>,=20 lo_type =3D 0xdd0d7cc9 <Address 0xdd0d7cc9 out of bounds>,=20 lo_flags =3D 1342533948, lo_list =3D {tqe_next =3D 0x270241aa,=20 tqe_prev =3D 0xbe0b1010}, lo_witness =3D 0xc90c2086},=20 mtx_lock =3D 1466479909, mtx_recurse =3D 544179635}, if_starttask =3D { ta_link =3D {stqe_next =3D 0xb966d409}, ta_pending =3D -832445281,=20 ta_priority =3D 1591671054, ta_func =3D 0x29d9c998, ta_context =3D 0xb0d09822}} --=-6rJOoX/tXyDN7VTTqQHb Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQBBPBjpYucd7Ow1ygwRAil0AJ97CKhvS7QUNsCQVCgmq+4b7XmlKQCdHY8f wIKEDHfrcVKbE+uBXFPye4A= =j9ty -----END PGP SIGNATURE----- --=-6rJOoX/tXyDN7VTTqQHb--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1094457578.1787.18.camel>