Date: Thu, 12 Aug 2004 23:01:15 GMT From: Sangwoo Shim <ssw.at.neo.redjade.org@FreeBSD.org> To: freebsd-gnats-submit@FreeBSD.org Subject: kern/70384: Panic in nd6_slowtimo() (related to pflog?) Message-ID: <200408122301.i7CN1FUm074912@www.freebsd.org> Resent-Message-ID: <200408122310.i7CNAIsY086612@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 70384
>Category: kern
>Synopsis: Panic in nd6_slowtimo() (related to pflog?)
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Thu Aug 12 23:10:17 GMT 2004
>Closed-Date:
>Last-Modified:
>Originator: Sangwoo Shim
>Release: -current of Aug 12.
>Organization:
>Environment:
FreeBSD ssw 5.2-CURRENT FreeBSD 5.2-CURRENT #1: Thu Aug 12 07:08:05 KST 2004 root@ssw:/usr/obj/usr/src/sys/SSW-SMP i386
>Description:
I recently got this panic. 1~2 times in a day.
It seems that pflog is the culprit.. pflog0's if_afdata contains
nothing but null. I couldn't reproduce the panic with pf.ko unloaded.
option INET6 is in kernel configuration.
The machine is SMP. If you need more information, please let me know.
I'm using FreeBSD-current of Aug 12.
panic messages:
---
Fatal trap 12: page fault while in kernel mode
cpuid = 0; apic id = 01
fault virtual address = 0x8
fault code = supervisor read, page not present
instruction pointer = 0x8:0xc056ec72
stack pointer = 0x10:0xd53efcb8
frame pointer = 0x10:0xd53efcc4
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, def32 1, gran 1
processor eflags = interrupt enabled, resume, IOPL = 0
current process = 37 (swi5: clock sio)
Dumping 511 MB
16 32 48 64 80 96 112 128 144 160 176 192 208 224 240 256 272 288 304 320 336
+352 368 384 400 416 432 448 464 480 496
---
#0 doadump () at pcpu.h:159
159 pcpu.h: No such file or directory.
in pcpu.h
doadump () at pcpu.h:159
159 in pcpu.h
(kgdb) bt
#0 doadump () at pcpu.h:159
#1 0xc043b83a in db_fncall (dummy1=0, dummy2=0, dummy3=-717292800,
dummy4=0xd53efae8 "\034壺螺) at /usr/src/sys/ddb/db_command.c:531
#2 0xc043b648 in db_command (last_cmdp=0xc069cea4, cmd_table=0x0,
aux_cmd_tablep=0xc066cc44, aux_cmd_tablep_end=0xc066cc48)
at /usr/src/sys/ddb/db_command.c:349
#3 0xc043b710 in db_command_loop () at /usr/src/sys/ddb/db_command.c:455
#4 0xc043d289 in db_trap (type=12, code=0) at /usr/src/sys/ddb/db_main.c:221
#5 0xc04d9020 in kdb_trap (type=12, code=0, tf=0xd53efc78)
at /usr/src/sys/kern/subr_kdb.c:401
#6 0xc062795d in trap_fatal (frame=0xd53efc78, eva=8)
at /usr/src/sys/i386/i386/trap.c:807
#7 0xc06276bb in trap_pfault (frame=0xd53efc78, usermode=0, eva=8)
at /usr/src/sys/i386/i386/trap.c:730
#8 0xc06272d1 in trap (frame=
{tf_fs = -1045626856, tf_es = -717357040, tf_ds = -717357040, tf_edi =
+-1045585920, tf_esi = -1045508608, tf_ebp = -717292348, tf_isp = -717292380,
+tf_ebx = 23040, tf_edx = 1474, tf_ecx = -1066723816, tf_eax = 0, tf_trapno =
+12, tf_err = 0, tf_eip = -1068045198, tf_cs = 8, tf_eflags = 66182, tf_esp = 6,
+tf_ss = 4}) at /usr/src/sys/i386/i386/trap.c:417
#9 0xc0615b1a in calltrap () at /usr/src/sys/i386/i386/exception.s:140
#10 0xc1ad0018 in ?? ()
#11 0xd53e0010 in ?? ()
#12 0xd53e0010 in ?? ()
#13 0xc1ada000 in ?? ()
#14 0xc1aece00 in ?? ()
#15 0xd53efcc4 in ?? ()
#16 0xd53efca4 in ?? ()
#17 0x00005a00 in ?? ()
#18 0x000005c2 in ?? ()
#19 0xc06b1618 in arc4_sbox ()
#20 0x00000000 in ?? ()
#21 0x0000000c in ?? ()
#22 0x00000000 in ?? ()
#23 0xc056ec72 in nd6_slowtimo (ignored_arg=0x0)
at /usr/src/sys/netinet6/nd6.c:1800
#24 0xc04cd05b in softclock (dummy=0x0) at /usr/src/sys/kern/kern_timeout.c:259
#25 0xc04ab6bd in ithread_loop (arg=0xc1977c00)
at /usr/src/sys/kern/kern_intr.c:546
#26 0xc04aa7fd in fork_exit (callout=0xc04ab564 <ithread_loop>,
arg=0xc1977c00, frame=0xd53efd48) at /usr/src/sys/kern/kern_fork.c:819
#27 0xc0615b7c in fork_trampoline () at /usr/src/sys/i386/i386/exception.s:209
(kgdb) up 23
#23 0xc056ec72 in nd6_slowtimo (ignored_arg=0x0)
at /usr/src/sys/netinet6/nd6.c:1800
1800 nd6if = ND_IFINFO(ifp);
(kgdb) l
1795
1796 callout_reset(&nd6_slowtimo_ch, ND6_SLOWTIMER_INTERVAL * hz,
1797 nd6_slowtimo, NULL);
1798 IFNET_RLOCK();
1799 for (ifp = TAILQ_FIRST(&ifnet); ifp; ifp = TAILQ_NEXT(ifp,
+if_list)) {
1800 nd6if = ND_IFINFO(ifp);
1801 if (nd6if->basereachable && /* already initialized */
1802 (nd6if->recalctm -= ND6_SLOWTIMER_INTERVAL) <= 0) {
1803 /*
1804 * Since reachable time rarely changes by router
(kgdb) p *ifp
$1 = {if_softc = 0xc1ada000, if_link = {tqe_next = 0xc1ae1800,
tqe_prev = 0xc1adb004},
if_xname = "pflog0\000\000\000\000\000\000\000\000\000",
if_dname = 0xc077ee0d "pflog", if_dunit = 0, if_addrhead = {
tqh_first = 0xc1ae3e00, tqh_last = 0xc1ae3e60}, if_klist = {
slh_first = 0x0}, if_pcount = 0, if_carp = 0x0, if_bpf = 0x0,
if_index = 4, if_timer = 0, if_nvlans = 0, if_flags = 0,
if_capabilities = 0, if_capenable = 0, if_linkmib = 0x0, if_linkmiblen = 0,
if_data = {ifi_type = 246 '炊, ifi_physical = 0 '\0', ifi_addrlen = 0 '\0',
ifi_hdrlen = 48 '0', ifi_link_state = 0 '\0', ifi_recvquota = 0 '\0',
ifi_xmitquota = 0 '\0', ifi_mtu = 33208, ifi_metric = 0, ifi_baudrate = 0,
ifi_ipackets = 0, ifi_ierrors = 0, ifi_opackets = 0, ifi_oerrors = 0,
ifi_collisions = 0, ifi_ibytes = 0, ifi_obytes = 0, ifi_imcasts = 0,
ifi_omcasts = 0, ifi_iqdrops = 0, ifi_noproto = 0, ifi_hwassist = 0,
ifi_unused = 0, ifi_lastchange = {tv_sec = 1, tv_usec = 10464}},
if_multiaddrs = {tqh_first = 0x0, tqh_last = 0xc1ada0a8}, if_amcount = 0,
if_output = 0xc077d738, if_input = 0, if_start = 0xc077d69c,
if_ioctl = 0xc077d760, if_watchdog = 0, if_init = 0, if_resolvemulti = 0,
if_snd = {ifq_head = 0x0, ifq_tail = 0x0, ifq_len = 0, ifq_maxlen = 50,
ifq_drops = 0, ifq_mtx = {mtx_object = {lo_class = 0xc067db3c,
lo_name = 0xc1ada00c "pflog0", lo_type = 0xc0657e7d "if send queue",
lo_flags = 196608, lo_list = {tqe_next = 0x0, tqe_prev = 0x0},
lo_witness = 0x0}, mtx_lock = 4, mtx_recurse = 0}, ifq_drv_head = 0x0,
ifq_drv_tail = 0x0, ifq_drv_len = 0, ifq_drv_maxlen = 0, altq_type = 0,
altq_flags = 0, altq_disc = 0x0, altq_ifp = 0xc1ada000, altq_enqueue = 0,
altq_dequeue = 0, altq_request = 0, altq_clfier = 0x0, altq_classify = 0,
altq_tbr = 0x0, altq_cdnr = 0x0}, if_broadcastaddr = 0x0, lltables = 0x0,
if_label = 0x0, if_prefixhead = {tqh_first = 0x0, tqh_last = 0xc1ada150},
if_afdata = {0x0 <repeats 37 times>}, if_afdata_initialized = 1,
if_afdata_mtx = {mtx_object = {lo_class = 0xc067db3c,
lo_name = 0xc0657e6d "if_afdata", lo_type = 0xc0657e6d "if_afdata",
lo_flags = 196608, lo_list = {tqe_next = 0x0, tqe_prev = 0x0},
lo_witness = 0x0}, mtx_lock = 4, mtx_recurse = 0}, if_starttask = {
ta_link = {stqe_next = 0x0}, ta_pending = 0, ta_priority = 0,
ta_func = 0xc0527fb4 <if_start_deferred>, ta_context = 0xc1ada000}}
>How-To-Repeat:
On SMP machine (I'm not sure, but my other machines, which are non-SMP don't exhibit the problem), kldload pf at boot time. You should have "option INET6" in kernel configuration. Wait for about an hour, then you will encounter the panic.
>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200408122301.i7CN1FUm074912>