From owner-freebsd-current@FreeBSD.ORG Mon Sep 16 17:09:14 2013 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id B45D8574 for ; Mon, 16 Sep 2013 17:09:14 +0000 (UTC) (envelope-from markjdb@gmail.com) Received: from mail-ve0-x230.google.com (mail-ve0-x230.google.com [IPv6:2607:f8b0:400c:c01::230]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 73CFD2C81 for ; Mon, 16 Sep 2013 17:09:14 +0000 (UTC) Received: by mail-ve0-f176.google.com with SMTP id jx11so3252436veb.35 for ; Mon, 16 Sep 2013 10:09:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=sender:date:from:to:cc:subject:message-id:references:mime-version :content-type:content-disposition:in-reply-to:user-agent; bh=GxN382OqgOzPD7TNHPGn9GvmpQl7CAxZF0riFeol67w=; b=v8jU9zn8FcWxd8OTi2pMJmBxhSfGSBxbTvxLDxVlgeUlwnkKRFxiFzqOJGwi9FBpVz nsaW9iTYjtlDxIxogdF05aZgW5nj6I9Z+8K2+ZpfbIlx4lxcFuropetEXX6qfxpDRdGL iKPQvAAPnnKNBHkKgXNfMkvl9Oe4snp2yqQsjjNNLGN0zLXVULK0gX1eSdx14MtPJOpe Iq9LhnZ6qaXlT94t9dN3PI1GgILaiYiZCE8hs+erNtD/cNNMHOIShcIl8Zz05t1PizTT XIsoNQzv9F4SCmLaRRzfwUIPOFv9lTk6dWSK5uAeib2QIplIltuZ06z3qyRO9goBZhre AxBw== X-Received: by 10.52.94.37 with SMTP id cz5mr1409535vdb.30.1379351353519; Mon, 16 Sep 2013 10:09:13 -0700 (PDT) Received: from charmander (mail1.sandvine.com. [64.7.137.162]) by mx.google.com with ESMTPSA id zn4sm6382131vdb.0.1969.12.31.16.00.00 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Mon, 16 Sep 2013 10:09:13 -0700 (PDT) Sender: Mark Johnston Date: Mon, 16 Sep 2013 13:10:16 -0400 From: Mark Johnston To: Hans Petter Selasky Subject: Re: General Protection Fault in prelist_remove() Message-ID: <20130916171016.GA1509@charmander> References: <52372362.10506@bitfrost.no> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <52372362.10506@bitfrost.no> User-Agent: Mutt/1.5.21 (2010-09-15) Cc: freebsd-current@freebsd.org X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Sep 2013 17:09:14 -0000 On Mon, Sep 16, 2013 at 05:27:30PM +0200, Hans Petter Selasky wrote: > Hi, > > I caught a General protection fault in prelist_remove. Any clues what > this might be? Any chance you were creating or destroying interfaces around the time this crash happened? There is no locking in the code which manipulates the prefix list (or any of the global NDP data structures), so it's possible to get crashes if, for instance, the prefix expiry callout races with in6_ifdetach() to delete a prefix. It's not clear what caused your crash (not without a crash dump at least), but I imagine it has something to do with this. I've partially fixed this at work by adding a rw lock to protect access to the the prefix, default router, and DAD lists. The patch is here: http://people.freebsd.org/~markj/patches/ndp-locking.diff If anyone can review or test this patch, please let me know. Thanks, -Mar > > FreeBSD-10 from one month back approx. > > > ffffffff80a95810 : > > ffffffff80a95810: 55 push %rbp > > ffffffff80a95811: 48 89 e5 mov %rsp,%rbp > > ffffffff80a95814: 41 57 push %r15 > > ffffffff80a95816: 41 56 push %r14 > > ffffffff80a95818: 53 push %rbx > > ffffffff80a95819: 48 83 ec 38 sub $0x38,%rsp > > ffffffff80a9581d: 49 89 ff mov %rdi,%r15 > > ffffffff80a95820: 48 8b 04 25 c0 de 3b mov 0xffffffff813bdec0,%rax > > ffffffff80a95827: 81 > > ffffffff80a95828: 48 89 45 e0 mov %rax,-0x20(%rbp) > > ffffffff80a9582c: 49 c7 47 44 00 00 00 movq $0x0,0x44(%r15) > > ffffffff80a95833: 00 > > ffffffff80a95834: 41 f6 47 6c 01 testb $0x1,0x6c(%r15) > > ffffffff80a95839: 74 4d je ffffffff80a95888 > > ffffffff80a9583b: 4c 89 ff mov %r15,%rdi > > ffffffff80a9583e: e8 fd 00 00 00 callq ffffffff80a95940 > > ffffffff80a95843: 41 89 c6 mov %eax,%r14d > > ffffffff80a95846: 45 85 f6 test %r14d,%r14d > > ffffffff80a95849: 74 3d je ffffffff80a95888 > > ffffffff80a9584b: 8b 04 25 c4 a6 56 81 mov 0xffffffff8156a6c4,%eax > > ffffffff80a95852: 85 c0 test %eax,%eax > > ffffffff80a95854: 74 32 je ffffffff80a95888 > > ffffffff80a95856: 49 8d 77 20 lea 0x20(%r15),%rsi > > ffffffff80a9585a: 48 8d 7d b0 lea -0x50(%rbp),%rdi > > ffffffff80a9585e: e8 1d fa fd ff callq ffffffff80a75280 > > ffffffff80a95863: 41 0f b6 4f 78 movzbl 0x78(%r15),%ecx > > ffffffff80a95868: 4d 8b 07 mov (%r15),%r8 > > ffffffff80a9586b: 49 83 c0 28 add $0x28,%r8 > > ffffffff80a9586f: bf 03 00 00 00 mov $0x3,%edi > > ffffffff80a95874: 48 c7 c6 c6 17 fa 80 mov $0xffffffff80fa17c6,%rsi > > ffffffff80a9587b: 48 89 c2 mov %rax,%rdx > > ffffffff80a9587e: 45 89 f1 mov %r14d,%r9d > > ffffffff80a95881: 30 c0 xor %al,%al > > ffffffff80a95883: e8 08 f0 e5 ff callq ffffffff808f4890 > > ffffffff80a95888: 41 83 7f 7c 00 cmpl $0x0,0x7c(%r15) > > ffffffff80a9588d: 7f 6c jg ffffffff80a958fb > > ffffffff80a9588f: 49 8b 47 08 mov 0x8(%r15),%rax > > ffffffff80a95893: 48 85 c0 test %rax,%rax > > ffffffff80a95896: 74 0a je ffffffff80a958a2 > > ffffffff80a95898: 49 8d 4f 08 lea 0x8(%r15),%rcx > > ffffffff80a9589c: 48 39 48 10 cmp %rcx,0x10(%rax) > ^^^^ crash here > > ffffffff80a958a0: 75 72 jne ffffffff80a95914 > > ffffffff80a958a2: 49 8b 4f 10 mov 0x10(%r15),%rcx > > Non-reproducable. > > --HPS > _______________________________________________ > freebsd-current@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-current > To unsubscribe, send any mail to "freebsd-current-unsubscribe@freebsd.org"