From owner-freebsd-questions@FreeBSD.ORG  Sun Mar  9 06:39:13 2008
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 184EF1065682
	for <freebsd-questions@freebsd.org>;
	Sun,  9 Mar 2008 06:39:13 +0000 (UTC) (envelope-from nsayer@kfu.com)
Received: from quack.kfu.com (6to4.kfu.com [IPv6:2002:478d:4001::1])
	by mx1.freebsd.org (Postfix) with ESMTP id 76BCE8FC21
	for <freebsd-questions@freebsd.org>;
	Sun,  9 Mar 2008 06:39:12 +0000 (UTC) (envelope-from nsayer@kfu.com)
Received: from bacchus.kfu.com (bacchus.kfu.com
	[IPv6:2002:478d:4002:0:216:cbff:fea9:7b6f]) (authenticated bits=0)
	by quack.kfu.com (8.14.2/8.14.2) with ESMTP id m296d7ER013522
	(version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO)
	for <freebsd-questions@freebsd.org>;
	Sat, 8 Mar 2008 22:39:09 -0800 (PST) (envelope-from nsayer@kfu.com)
Message-Id: <0036C1EC-A309-4DB2-B408-5A07E02784B8@kfu.com>
From: Nick Sayer <nsayer@kfu.com>
To: freebsd-questions@freebsd.org
Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0 (Apple Message framework v919.2)
Date: Sat, 8 Mar 2008 22:39:06 -0800
X-Mailer: Apple Mail (2.919.2)
X-Greylist: Sender succeeded SMTP AUTH authentication, not delayed by
	milter-greylist-3.0 (quack.kfu.com
	[IPv6:2002:478d:4001:0:217:31ff:fee9:bc66]);
	Sat, 08 Mar 2008 22:39:09 -0800 (PST)
Subject: 7.0-RELEASE panics in ip_output
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 09 Mar 2008 06:39:13 -0000

Since upgrading to 7.0-RELEASE, I seem to get a panic about once a  
week or so.

I have 6to4 set up on this machine, and the stack trace I get from  
kgdb usually looks something like this:

#0  doadump () at pcpu.h:195
#1  0xc062e2a7 in boot (howto=260) at /usr/src/sys/kern/ 
kern_shutdown.c:409
#2  0xc062e569 in panic (fmt=Variable "fmt" is not available.
) at /usr/src/sys/kern/kern_shutdown.c:563
#3  0xc084ce2c in trap_fatal (frame=0xe679875c, eva=76)
     at /usr/src/sys/i386/i386/trap.c:899
#4  0xc084d0b0 in trap_pfault (frame=0xe679875c, usermode=0, eva=76)
     at /usr/src/sys/i386/i386/trap.c:812
#5  0xc084da5c in trap (frame=0xe679875c) at /usr/src/sys/i386/i386/ 
trap.c:490
#6  0xc0833d3b in calltrap () at /usr/src/sys/i386/i386/exception.s:139
#7  0xc06f23b9 in ip_output (m=0xc4494e00, opt=0x0, ro=0xc3eabbc4,  
flags=0,
     imo=0x0, inp=0x0) at /usr/src/sys/netinet/ip_output.c:169
#8  0xc06ca751 in stf_output (ifp=0xc3ee1000, m=0xc4494e00,  
dst=0xc3ee5bdc,
     rt=0xc3fb5780) at /usr/src/sys/net/if_stf.c:533
#9  0xc077772d in nd6_output (ifp=0xc3ee1000, origifp=0xc3ee1000,
     m0=0xc4494e00, dst=0xc3ee5bdc, rt0=0xc3fb5780)
     at /usr/src/sys/netinet6/nd6.c:2123
#10 0xc07749f2 in ip6_output (m0=0xc4494e00, opt=0xc4089c80,  
ro=0xe6798a0c,
     flags=0, im6o=0x0, ifpp=0x0, inp=0xc3fb2924)
     at /usr/src/sys/netinet6/ip6_output.c:927
#11 0xc0785a27 in udp6_send (so=0xc424d630, flags=0, m=0xc4494e00,
     addr=0xc3e4d880, control=0x0, td=0xc4246210)
     at /usr/src/sys/netinet6/udp6_usrreq.c:675
#12 0xc0681785 in sosend_generic (so=0xc424d630, addr=0xc3e4d880,
     uio=0xe6798bd4, top=0xc4494e00, control=0x0, flags=0,  
td=0xc4246210)
     at /usr/src/sys/kern/uipc_socket.c:1240
#13 0xc067d74f in sosend (so=0xc424d630, addr=0xc3e4d880,  
uio=0xe6798bd4,
     top=0x0, control=0x0, flags=0, td=0xc4246210)
     at /usr/src/sys/kern/uipc_socket.c:1286
#14 0xc0683ed6 in kern_sendit (td=0xc4246210, s=27, mp=0xe6798c58,  
flags=0,
     control=0x0, segflg=UIO_USERSPACE) at /usr/src/sys/kern/ 
uipc_syscalls.c:789
#15 0xc0686f91 in sendit (td=0xc4246210, s=27, mp=0xe6798c58, flags=0)
     at /usr/src/sys/kern/uipc_syscalls.c:730
#16 0xc0687031 in sendmsg (td=0xc4246210, uap=0xe6798cfc)
     at /usr/src/sys/kern/uipc_syscalls.c:922
#17 0xc084d405 in syscall (frame=0xe6798d38)
     at /usr/src/sys/i386/i386/trap.c:1035
#18 0xc0833da0 in Xint0x80_syscall () at /usr/src/sys/i386/i386/ 
exception.s:196
#19 0x00000033 in ?? ()
Previous frame inner to this frame (corrupt stack?)

The exact details can vary, but the line where things seem to blow up  
is always in this code in ip_output.c:

         /*
          * If there is a cached route,
          * check that it is to the same destination
          * and is still up.  If not, free it and try again.
          * The address family should also be checked in case of  
sharing the
          * cache with IPv6.
          */
         if (ro->ro_rt && ((ro->ro_rt->rt_flags & RTF_UP) == 0 ||
                           dst->sin_family != AF_INET ||
                           dst->sin_addr.s_addr != ip->ip_dst.s_addr)) {
                 RTFREE(ro->ro_rt);
                 ro->ro_rt = (struct rtentry *)NULL;
         }


on the RTFREE line.

Is it just me, or is this something other folks have seen as well?