Date: Fri, 11 Jun 2010 14:14:23 +0200 From: Ivan Voras <ivoras@freebsd.org> To: freebsd-net@freebsd.org Subject: Re: FreeBSD.org IPv6 issue - AAAA records disabled Message-ID: <hut9au$s69$1@dough.gmane.org> In-Reply-To: <4BE961EA.2060806@cs.duke.edu> References: <4BD885C6.10600@FreeBSD.org> <20100429204544.GC1286@arthur.nitro.dk> <1272998683.2406.38.camel@localhost.localdomain> <20100504190328.GC31196@valentine.liquidneon.com> <4BE80F07.8090309@cs.duke.edu> <AANLkTimVvm1AfOoJax9AcSWNLGJqIGe7EPE1FssA7tDe@mail.gmail.com> <4BE82011.6050009@cs.duke.edu> <20100511092000.GA12735@walton.maths.tcd.ie> <4BE961EA.2060806@cs.duke.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On 05/11/10 15:55, Andrew Gallatin wrote: > David Malone wrote: >> On Mon, May 10, 2010 at 11:02:41AM -0400, Andrew Gallatin wrote: >>> I think something may be holding onto an mbuf after free, >>> then re-freeing it. But only after somebody else allocated >>> it. I was hoping that the mbuf double free referenced >>> above was the smoking gun, but it turns out that there isn't >>> even a bge interface in my pr (just bce and mxge). >> >> Weren't there some bugs fixed recently that alowed the arp/ndp code >> to free packets that weren't previously being freed? They'd be good >> candidates for something that holds onto an mbuf for a while and >> then frees it. > > Unfortunately, I think at least the PR I'm looking into pre-dates > those fixes -- these problems started in r202120 (early Jan). > I need to ask what he upgraded from. > > When did IPv6 become unstable for others? For what it's worth, it looks like using IPv6 really is causing my crashes, but in a really wide-spread ways, possibly a deep memory corruption. I've disabled it on the machine I have here that would crash or hang once or twice a week and so far there are no problems with uptime of nearly 10 days. When IPv6 is enabled here, it is used for "everything" - from interactive ssh sessions, http, to NFS. I have 9 core files here with text crashdumps, if anyone's interested. Here's a sample: # grep -i panic core* core.txt.0:panic: sbsndptr: sockbuf 0xffffff007cca8c20 and mbuf 0xffffff00490a6400 clashing core.txt.0:panic: sbsndptr: sockbuf 0xffffff007cca8c20 and mbuf 0xffffff00490a6400 clashing core.txt.0:#2 0xffffffff80585e4c in panic ( core.txt.0:panic: sbsndptr: sockbuf 0xffffff007cca8c20 and mbuf 0xffffff00490a6400 clashing core.txt.1:panic: page fault core.txt.1:panic: page fault core.txt.1:#2 0xffffffff8058afdc in panic (fmt=0xffffffff809364ac "%s") core.txt.1:panic: page fault core.txt.2:panic: general protection fault core.txt.2:panic: general protection fault core.txt.2:#2 0xffffffff8058afdc in panic (fmt=0xffffffff809364ac "%s") core.txt.2:panic: page fault core.txt.2:savecore: reboot after panic: page fault core.txt.2:Feb 17 20:43:07 geri savecore: reboot after panic: page fault core.txt.2:panic: general protection fault core.txt.3:panic: sbdrop core.txt.3:panic: sbdrop core.txt.3:#2 0xffffffff8058afdc in panic (fmt=0xffffffff80963dff "sbdrop") core.txt.3:panic: sbdrop core.txt.4:panic: general protection fault core.txt.4:panic: general protection fault core.txt.4:#2 0xffffffff8058d26c in panic (fmt=0xffffffff80938c44 "%s") core.txt.4:panic: general protection fault core.txt.5:panic: general protection fault core.txt.5:panic: general protection fault core.txt.5:#2 0xffffffff8058d5ac in panic (fmt=0xffffffff80944404 "%s") core.txt.5:panic: general protection fault core.txt.6:panic: sbflush_internal: cc 0 || mb 0xffffff003a7a9600 || mbcnt 4608 core.txt.6:panic: sbflush_internal: cc 0 || mb 0xffffff003a7a9600 || mbcnt 4608 core.txt.6:Dumping 1573 MB:panic: bufwrite: buffer is not busy??? core.txt.6:#2 0xffffffff8058d5ac in panic ( core.txt.6:panic: sbflush_internal: cc 0 || mb 0xffffff003a7a9600 || mbcnt 4608 core.txt.6:Dumping 1573 MB:panic: bufwrite: buffer is not busy??? core.txt.7:panic: sbsndptr: sockbuf 0xffffff0001f7eec8 and mbuf 0xffffff0001909c00 clashing core.txt.7:#2 0xffffffff8058d5ac in panic ( core.txt.7:panic: sbsndptr: sockbuf 0xffffff0001f7eec8 and mbuf 0xffffff0001909c00 clashing core.txt.7:Dumping 1715 MB:panic: bufwrite: buffer is not busy??? core.txt.8:panic: sbdrop core.txt.8:panic: sbdrop core.txt.8:#2 0xffffffff805a2e9c in panic (fmt=0xffffffff8098f15f "sbdrop") core.txt.8:panic: sbdrop All of the dumps have several messages like "em0: discard frame w/o packet header" immediately before crashing.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?hut9au$s69$1>