Date: Thu, 21 Aug 2008 08:10:04 GMT From: Pekka Savola <pekkas@netcore.fi> To: freebsd-bugs@FreeBSD.org Subject: kern/122283: [ip6] [panic] Panic in ip_output related to IPv6 routes Message-ID: <200808210810.m7L8A4jb083247@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR kern/122283; it has been noted by GNATS.
From: Pekka Savola <pekkas@netcore.fi>
To: bug-followup@freebsd.org
Cc:
Subject: kern/122283: [ip6] [panic] Panic in ip_output related to IPv6
routes
Date: Thu, 21 Aug 2008 11:02:42 +0300 (EEST)
This message is in MIME format. The first part should be readable text,
while the remaining parts are likely unreadable without MIME-aware tools.
--1589707168-720828604-1219305515=:23194
Content-Type: TEXT/PLAIN; CHARSET=ISO-8859-15; format=flowed
Content-Transfer-Encoding: 8BIT
Content-ID: <alpine.LRH.1.10.0808211059421.23194@netcore.fi>
FYI,
I've just updated to a newer version of 7.0-STABLE (about Mon Aug 18
22:56:38 EEST 2008), and when I tried re-enabling SMP, I think I hit
the same, or very similar thing (the line is slightly different)
again:
(kgdb) up 7
#7 0xc065450f in ip_output (m=0xc551a200, opt=0x0, ro=0xc5037344, flags=0, imo=0x0, inp=0x0) at /usr/src/sys/netinet/ip_output.c:259
259 mtu = ro->ro_rt->rt_rmx.rmx_mtu;
(kgdb) print *m
$6 = {m_hdr = {mh_next = 0xc5514300, mh_nextpkt = 0x0, mh_data =
0xc551a2ec "E", mh_len = 20, mh_flags = 2, mh_type = 1, pad = "\000"},
M_dat = {MH = {MH_pkthdr = {rcvif = 0xc4e4f800, header = 0x0, len =
80, csum_flags = 0, csum_data = 0, tso_segsz = 0, ether_vtag = 0,
tags = {slh_first = 0x0}}, MH_dat = {MH_ext = {ext_buf =
0x1c000000 <Address 0x1c000000 out of bounds>, ext_free = 0x60,
ext_args = 0x7f062000, ext_size = 288, ref_cnt = 0x509e3741,
ext_type = -1808119544},
[[ removed MH_databuf and M_databuf here ]]
Is the '<address 0x1c000000 out of bounds>' relevant here? If not,
I'm not seeing anything very relevant here, except perhaps locking
problems.
(kgdb) print *ro
$1 = {ro_rt = 0xc51ed000, ro_dst = {sa_len = 16 '\020', sa_family = 2 '\002', sa_data = "\000\000ÉO]á\000\000\000\000\000\000\000"}}
(kgdb) print *ro->ro_rt
$3 = {rt_nodes = {{rn_mklist = 0xc4e5abf0, rn_parent = 0xc4fc1434,
rn_bit = -1, rn_bmask = 0 '\0', rn_flags = 4 '\004', rn_u = {
rn_leaf = {rn_Key = 0xc4f9f960 "\020\002", rn_Mask =
0xc4e57800 "", rn_Dupedkey = 0x0}, rn_node = {rn_Off = -990250656,
rn_L = 0xc4e57800, rn_R = 0x0}}}, {rn_mklist = 0x0,
rn_parent = 0x0, rn_bit = 0, rn_bmask = 0 '\0', rn_flags = 0 '\0',
rn_u = {
rn_leaf = {rn_Key = 0x0, rn_Mask = 0x0, rn_Dupedkey = 0x0},
rn_node = {rn_Off = 0, rn_L = 0x0, rn_R = 0x0}}}},
rt_gateway = 0xc4f9f970, rt_flags = 2051, rt_ifp = 0xc4dd3400,
rt_ifa = 0xc506ce00, rt_rmx = {rmx_mtu = 1500, rmx_expire = 0,
rmx_pksent = 346345}, rt_refcnt = 1, rt_genmask = 0x0, rt_llinfo =
0x0, rt_gwroute = 0xc51dfe88, rt_parent = 0x0, rt_fibnum = 0,
rt_mtx = {lock_object = {lo_name = 0xc0788254 "rtentry", lo_type =
0xc0788254 "rtentry", lo_flags = 21168128, lo_witness_data = {
lod_list = {stqe_next = 0x0}, lod_witness = 0x0}}, mtx_lock =
4, mtx_recurse = 0}}
Therein is "rt_rmx = {rmx_mtu = 1500, rmx_expire = 0, rmx_pksent =
346345}".
Also:
When I disabled SMP and recompiled, I haven't hit this again. On the
other hand, I've hit various other memory corruption problems on a
less frequent basis.
==================
Fatal trap 12: page fault while in kernel mode
cpuid = 0; apic id = 00
fault virtual address = 0x40
fault code = supervisor read, page not present
instruction pointer = 0x20:0xc065450f
stack pointer = 0x28:0xe530c9c0
frame pointer = 0x28:0xe530ca30
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, def32 1, gran 1
processor eflags = interrupt enabled, resume, IOPL = 0
current process = 14 (swi1: net)
trap number = 12
panic: page fault
cpuid = 0
Uptime: 4m24s
Physical memory: 2039 MB
Dumping 67 MB: 52 36 20 4
#0 doadump () at pcpu.h:195
195 __asm __volatile("movl %%fs:0,%0" : "=r" (td));
(kgdb) bt
#0 doadump () at pcpu.h:195
#1 0xc058bc37 in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:418
#2 0xc058bef9 in panic (fmt=Variable "fmt" is not available.
) at /usr/src/sys/kern/kern_shutdown.c:572
#3 0xc073a48c in trap_fatal (frame=0xe530c980, eva=64) at /usr/src/sys/i386/i386/trap.c:899
#4 0xc073a710 in trap_pfault (frame=0xe530c980, usermode=0, eva=64) at /usr/src/sys/i386/i386/trap.c:812
#5 0xc073b08c in trap (frame=0xe530c980) at /usr/src/sys/i386/i386/trap.c:490
#6 0xc0720b1b in calltrap () at /usr/src/sys/i386/i386/exception.s:139
#7 0xc065450f in ip_output (m=0xc551a200, opt=0x0, ro=0xc5037344, flags=0, imo=0x0, inp=0x0) at /usr/src/sys/netinet/ip_output.c:259
#8 0xc0628e26 in stf_output (ifp=0xc5070c00, m=0xc551a200, dst=0xc08078e4, rt=0xc51de364) at /usr/src/sys/net/if_stf.c:537
#9 0xc068708d in nd6_output (ifp=0xc5070c00, origifp=0xc5070c00, m0=0xc5514300, dst=0xc08078e4, rt0=0xc51de364)
at /usr/src/sys/netinet6/nd6.c:2123
#10 0xc067c0bd in ip6_forward (m=0xc5514300, srcrt=0) at /usr/src/sys/netinet6/ip6_forward.c:605
#11 0xc067e0ee in ip6_input (m=0xc5514300) at /usr/src/sys/netinet6/ip6_input.c:717
#12 0xc062b87d in netisr_processqueue (ni=0xc0800d64) at /usr/src/sys/net/netisr.c:143
#13 0xc062bb0e in swi_net (dummy=0x0) at /usr/src/sys/net/netisr.c:250
#14 0xc056c31b in ithread_loop (arg=0xc4cc58d0) at /usr/src/sys/kern/kern_intr.c:1088
#15 0xc0568eb9 in fork_exit (callout=0xc056c160 <ithread_loop>, arg=0xc4cc58d0, frame=0xe530cd38) at /usr/src/sys/kern/kern_fork.c:781
#16 0xc0720b90 in fork_trampoline () at /usr/src/sys/i386/i386/exception.s:205
--1589707168-720828604-1219305515=:23194--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200808210810.m7L8A4jb083247>