Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 12 Aug 2004 23:01:15 GMT
From:      Sangwoo Shim <ssw.at.neo.redjade.org@FreeBSD.org>
To:        freebsd-gnats-submit@FreeBSD.org
Subject:   kern/70384: Panic in nd6_slowtimo() (related to pflog?)
Message-ID:  <200408122301.i7CN1FUm074912@www.freebsd.org>
Resent-Message-ID: <200408122310.i7CNAIsY086612@freefall.freebsd.org>

next in thread | raw e-mail | index | archive | help

>Number:         70384
>Category:       kern
>Synopsis:       Panic in nd6_slowtimo() (related to pflog?)
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Aug 12 23:10:17 GMT 2004
>Closed-Date:
>Last-Modified:
>Originator:     Sangwoo Shim
>Release:        -current of Aug 12.
>Organization:
>Environment:
FreeBSD ssw 5.2-CURRENT FreeBSD 5.2-CURRENT #1: Thu Aug 12 07:08:05 KST 2004     root@ssw:/usr/obj/usr/src/sys/SSW-SMP  i386
>Description:
      I recently got this panic. 1~2 times in a day.
It seems that pflog is the culprit..  pflog0's if_afdata contains
nothing but null. I couldn't reproduce the panic with pf.ko unloaded.
option INET6 is in kernel configuration.
The machine is SMP. If you need more information, please let me know.
I'm using FreeBSD-current of Aug 12.

panic messages:
---
Fatal trap 12: page fault while in kernel mode
cpuid = 0; apic id = 01
fault virtual address   = 0x8
fault code              = supervisor read, page not present
instruction pointer     = 0x8:0xc056ec72
stack pointer           = 0x10:0xd53efcb8
frame pointer           = 0x10:0xd53efcc4
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, def32 1, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 37 (swi5: clock sio)
Dumping 511 MB
 16 32 48 64 80 96 112 128 144 160 176 192 208 224 240 256 272 288 304 320 336
+352 368 384 400 416 432 448 464 480 496
---
#0  doadump () at pcpu.h:159
159     pcpu.h: No such file or directory.
        in pcpu.h
doadump () at pcpu.h:159
159     in pcpu.h
(kgdb) bt
#0  doadump () at pcpu.h:159
#1  0xc043b83a in db_fncall (dummy1=0, dummy2=0, dummy3=-717292800,
    dummy4=0xd53efae8 "\034&#22778;&#34746;) at /usr/src/sys/ddb/db_command.c:531
#2  0xc043b648 in db_command (last_cmdp=0xc069cea4, cmd_table=0x0,
    aux_cmd_tablep=0xc066cc44, aux_cmd_tablep_end=0xc066cc48)
    at /usr/src/sys/ddb/db_command.c:349
#3  0xc043b710 in db_command_loop () at /usr/src/sys/ddb/db_command.c:455
#4  0xc043d289 in db_trap (type=12, code=0) at /usr/src/sys/ddb/db_main.c:221
#5  0xc04d9020 in kdb_trap (type=12, code=0, tf=0xd53efc78)
    at /usr/src/sys/kern/subr_kdb.c:401
#6  0xc062795d in trap_fatal (frame=0xd53efc78, eva=8)
    at /usr/src/sys/i386/i386/trap.c:807
#7  0xc06276bb in trap_pfault (frame=0xd53efc78, usermode=0, eva=8)
    at /usr/src/sys/i386/i386/trap.c:730
#8  0xc06272d1 in trap (frame=
      {tf_fs = -1045626856, tf_es = -717357040, tf_ds = -717357040, tf_edi =
+-1045585920, tf_esi = -1045508608, tf_ebp = -717292348, tf_isp = -717292380,
+tf_ebx = 23040, tf_edx = 1474, tf_ecx = -1066723816, tf_eax = 0, tf_trapno =
+12, tf_err = 0, tf_eip = -1068045198, tf_cs = 8, tf_eflags = 66182, tf_esp = 6,
+tf_ss = 4}) at /usr/src/sys/i386/i386/trap.c:417
#9  0xc0615b1a in calltrap () at /usr/src/sys/i386/i386/exception.s:140
#10 0xc1ad0018 in ?? ()
#11 0xd53e0010 in ?? ()
#12 0xd53e0010 in ?? ()
#13 0xc1ada000 in ?? ()
#14 0xc1aece00 in ?? ()
#15 0xd53efcc4 in ?? ()
#16 0xd53efca4 in ?? ()
#17 0x00005a00 in ?? ()
#18 0x000005c2 in ?? ()
#19 0xc06b1618 in arc4_sbox ()
#20 0x00000000 in ?? ()
#21 0x0000000c in ?? ()
#22 0x00000000 in ?? ()
#23 0xc056ec72 in nd6_slowtimo (ignored_arg=0x0)
    at /usr/src/sys/netinet6/nd6.c:1800
#24 0xc04cd05b in softclock (dummy=0x0) at /usr/src/sys/kern/kern_timeout.c:259
#25 0xc04ab6bd in ithread_loop (arg=0xc1977c00)
    at /usr/src/sys/kern/kern_intr.c:546
#26 0xc04aa7fd in fork_exit (callout=0xc04ab564 <ithread_loop>,
    arg=0xc1977c00, frame=0xd53efd48) at /usr/src/sys/kern/kern_fork.c:819
#27 0xc0615b7c in fork_trampoline () at /usr/src/sys/i386/i386/exception.s:209
(kgdb) up 23
#23 0xc056ec72 in nd6_slowtimo (ignored_arg=0x0)
    at /usr/src/sys/netinet6/nd6.c:1800
1800                    nd6if = ND_IFINFO(ifp);
(kgdb) l
1795
1796            callout_reset(&nd6_slowtimo_ch, ND6_SLOWTIMER_INTERVAL * hz,
1797                nd6_slowtimo, NULL);
1798            IFNET_RLOCK();
1799            for (ifp = TAILQ_FIRST(&ifnet); ifp; ifp = TAILQ_NEXT(ifp,
+if_list)) {
1800                    nd6if = ND_IFINFO(ifp);
1801                    if (nd6if->basereachable && /* already initialized */
1802                        (nd6if->recalctm -= ND6_SLOWTIMER_INTERVAL) <= 0) {
1803                            /*
1804                             * Since reachable time rarely changes by router
(kgdb) p *ifp
$1 = {if_softc = 0xc1ada000, if_link = {tqe_next = 0xc1ae1800,
    tqe_prev = 0xc1adb004},
  if_xname = "pflog0\000\000\000\000\000\000\000\000\000",
  if_dname = 0xc077ee0d "pflog", if_dunit = 0, if_addrhead = {
    tqh_first = 0xc1ae3e00, tqh_last = 0xc1ae3e60}, if_klist = {
    slh_first = 0x0}, if_pcount = 0, if_carp = 0x0, if_bpf = 0x0,
  if_index = 4, if_timer = 0, if_nvlans = 0, if_flags = 0,
  if_capabilities = 0, if_capenable = 0, if_linkmib = 0x0, if_linkmiblen = 0,
  if_data = {ifi_type = 246 '&#28810;, ifi_physical = 0 '\0', ifi_addrlen = 0 '\0',
    ifi_hdrlen = 48 '0', ifi_link_state = 0 '\0', ifi_recvquota = 0 '\0',
    ifi_xmitquota = 0 '\0', ifi_mtu = 33208, ifi_metric = 0, ifi_baudrate = 0,
    ifi_ipackets = 0, ifi_ierrors = 0, ifi_opackets = 0, ifi_oerrors = 0,
    ifi_collisions = 0, ifi_ibytes = 0, ifi_obytes = 0, ifi_imcasts = 0,
    ifi_omcasts = 0, ifi_iqdrops = 0, ifi_noproto = 0, ifi_hwassist = 0,
    ifi_unused = 0, ifi_lastchange = {tv_sec = 1, tv_usec = 10464}},
  if_multiaddrs = {tqh_first = 0x0, tqh_last = 0xc1ada0a8}, if_amcount = 0,
  if_output = 0xc077d738, if_input = 0, if_start = 0xc077d69c,
  if_ioctl = 0xc077d760, if_watchdog = 0, if_init = 0, if_resolvemulti = 0,
  if_snd = {ifq_head = 0x0, ifq_tail = 0x0, ifq_len = 0, ifq_maxlen = 50,
    ifq_drops = 0, ifq_mtx = {mtx_object = {lo_class = 0xc067db3c,
        lo_name = 0xc1ada00c "pflog0", lo_type = 0xc0657e7d "if send queue",
        lo_flags = 196608, lo_list = {tqe_next = 0x0, tqe_prev = 0x0},
        lo_witness = 0x0}, mtx_lock = 4, mtx_recurse = 0}, ifq_drv_head = 0x0,
    ifq_drv_tail = 0x0, ifq_drv_len = 0, ifq_drv_maxlen = 0, altq_type = 0,
    altq_flags = 0, altq_disc = 0x0, altq_ifp = 0xc1ada000, altq_enqueue = 0,
    altq_dequeue = 0, altq_request = 0, altq_clfier = 0x0, altq_classify = 0,
    altq_tbr = 0x0, altq_cdnr = 0x0}, if_broadcastaddr = 0x0, lltables = 0x0,
  if_label = 0x0, if_prefixhead = {tqh_first = 0x0, tqh_last = 0xc1ada150},
  if_afdata = {0x0 <repeats 37 times>}, if_afdata_initialized = 1,
  if_afdata_mtx = {mtx_object = {lo_class = 0xc067db3c,
      lo_name = 0xc0657e6d "if_afdata", lo_type = 0xc0657e6d "if_afdata",
      lo_flags = 196608, lo_list = {tqe_next = 0x0, tqe_prev = 0x0},
      lo_witness = 0x0}, mtx_lock = 4, mtx_recurse = 0}, if_starttask = {
    ta_link = {stqe_next = 0x0}, ta_pending = 0, ta_priority = 0,
    ta_func = 0xc0527fb4 <if_start_deferred>, ta_context = 0xc1ada000}}

>How-To-Repeat:
      On SMP machine (I'm not sure, but my other machines, which are non-SMP don't exhibit the problem), kldload pf at boot time. You should have "option INET6" in kernel configuration. Wait for about an hour, then you will encounter the panic.
>Fix:
      
>Release-Note:
>Audit-Trail:
>Unformatted:



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200408122301.i7CN1FUm074912>