From owner-freebsd-bugs@FreeBSD.ORG Fri Aug 13 05:00:44 2004 Return-Path: Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 81F5716A4CE for ; Fri, 13 Aug 2004 05:00:44 +0000 (GMT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 615DC43D1D for ; Fri, 13 Aug 2004 05:00:44 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.11/8.12.11) with ESMTP id i7D50iQs031022 for ; Fri, 13 Aug 2004 05:00:44 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.12.11/8.12.11/Submit) id i7D50ihi031014; Fri, 13 Aug 2004 05:00:44 GMT (envelope-from gnats) Resent-Date: Fri, 13 Aug 2004 05:00:44 GMT Resent-Message-Id: <200408130500.i7D50ihi031014@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Sangwoo Shim Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BFCCD16A4CE for ; Fri, 13 Aug 2004 04:55:36 +0000 (GMT) Received: from www.freebsd.org (www.freebsd.org [216.136.204.117]) by mx1.FreeBSD.org (Postfix) with ESMTP id A6C4243D46 for ; Fri, 13 Aug 2004 04:55:36 +0000 (GMT) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (localhost [127.0.0.1]) by www.freebsd.org (8.12.11/8.12.11) with ESMTP id i7D4taJb019789 for ; Fri, 13 Aug 2004 04:55:36 GMT (envelope-from nobody@www.freebsd.org) Received: (from nobody@localhost) by www.freebsd.org (8.12.11/8.12.11/Submit) id i7D4tac1019788; Fri, 13 Aug 2004 04:55:36 GMT (envelope-from nobody) Message-Id: <200408130455.i7D4tac1019788@www.freebsd.org> Date: Fri, 13 Aug 2004 04:55:36 GMT From: Sangwoo Shim To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-2.3 Subject: kern/70393: Panic in nd6_slowtimo (pflog related?) X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 13 Aug 2004 05:00:44 -0000 >Number: 70393 >Category: kern >Synopsis: Panic in nd6_slowtimo (pflog related?) >Confidential: no >Severity: critical >Priority: high >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Fri Aug 13 05:00:43 GMT 2004 >Closed-Date: >Last-Modified: >Originator: Sangwoo Shim >Release: 5-current >Organization: >Environment: FreeBSD ssw 5.2-CURRENT FreeBSD 5.2-CURRENT #1: Thu Aug 12 07:08:05 KST 2004 root@ssw:/usr/obj/usr/src/sys/SSW-SMP i386 >Description: I recently got this panic. 1~2 times in a day. It seems that pflog is the culprit.. pflog0's if_afdata contains nothing but null. I couldn't reproduce the panic with pf.ko unloaded. option INET6 is in kernel configuration. The machine is SMP. If you need more information, please let me know. I'm using FreeBSD-current of Aug 12. panic messages: --- Fatal trap 12: page fault while in kernel mode cpuid = 0; apic id = 01 fault virtual address = 0x8 fault code = supervisor read, page not present instruction pointer = 0x8:0xc056ec72 stack pointer = 0x10:0xd53efcb8 frame pointer = 0x10:0xd53efcc4 code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, def32 1, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 37 (swi5: clock sio) Dumping 511 MB 16 32 48 64 80 96 112 128 144 160 176 192 208 224 240 256 272 288 304 320 336 3 52 368 384 400 416 432 448 464 480 496 --- #0 doadump () at pcpu.h:159 159 pcpu.h: No such file or directory. in pcpu.h doadump () at pcpu.h:159 159 in pcpu.h (kgdb) bt #0 doadump () at pcpu.h:159 #1 0xc043b83a in db_fncall (dummy1=0, dummy2=0, dummy3=-717292800, dummy4=0xd53efae8 "\034\xfb\xbe\xd5\xa2) at /usr/src/sys/ddb/db_command.c:53 1 #2 0xc043b648 in db_command (last_cmdp=0xc069cea4, cmd_table=0x0, aux_cmd_tablep=0xc066cc44, aux_cmd_tablep_end=0xc066cc48) at /usr/src/sys/ddb/db_command.c:349 #3 0xc043b710 in db_command_loop () at /usr/src/sys/ddb/db_command.c:455 #4 0xc043d289 in db_trap (type=12, code=0) at /usr/src/sys/ddb/db_main.c:221 #5 0xc04d9020 in kdb_trap (type=12, code=0, tf=0xd53efc78) at /usr/src/sys/kern/subr_kdb.c:401 #6 0xc062795d in trap_fatal (frame=0xd53efc78, eva=8) at /usr/src/sys/i386/i386/trap.c:807 #7 0xc06276bb in trap_pfault (frame=0xd53efc78, usermode=0, eva=8) at /usr/src/sys/i386/i386/trap.c:730 #8 0xc06272d1 in trap (frame= {tf_fs = -1045626856, tf_es = -717357040, tf_ds = -717357040, tf_edi = -10 45585920, tf_esi = -1045508608, tf_ebp = -717292348, tf_isp = -717292380, tf_ebx = 23040, tf_edx = 1474, tf_ecx = -1066723816, tf_eax = 0, tf_trapno = 12, tf_er r = 0, tf_eip = -1068045198, tf_cs = 8, tf_eflags = 66182, tf_esp = 6, tf_ss = 4 }) at /usr/src/sys/i386/i386/trap.c:417 #9 0xc0615b1a in calltrap () at /usr/src/sys/i386/i386/exception.s:140 #10 0xc1ad0018 in ?? () #11 0xd53e0010 in ?? () #12 0xd53e0010 in ?? () #13 0xc1ada000 in ?? () #14 0xc1aece00 in ?? () #15 0xd53efcc4 in ?? () #16 0xd53efca4 in ?? () #17 0x00005a00 in ?? () #18 0x000005c2 in ?? () #19 0xc06b1618 in arc4_sbox () #20 0x00000000 in ?? () #21 0x0000000c in ?? () #22 0x00000000 in ?? () #23 0xc056ec72 in nd6_slowtimo (ignored_arg=0x0) at /usr/src/sys/netinet6/nd6.c:1800 #24 0xc04cd05b in softclock (dummy=0x0) at /usr/src/sys/kern/kern_timeout.c:259 #25 0xc04ab6bd in ithread_loop (arg=0xc1977c00) at /usr/src/sys/kern/kern_intr.c:546 #26 0xc04aa7fd in fork_exit (callout=0xc04ab564 , arg=0xc1977c00, frame=0xd53efd48) at /usr/src/sys/kern/kern_fork.c:819 #27 0xc0615b7c in fork_trampoline () at /usr/src/sys/i386/i386/exception.s:209 (kgdb) up 23 #23 0xc056ec72 in nd6_slowtimo (ignored_arg=0x0) at /usr/src/sys/netinet6/nd6.c:1800 1800 nd6if = ND_IFINFO(ifp); (kgdb) l 1795 1796 callout_reset(&nd6_slowtimo_ch, ND6_SLOWTIMER_INTERVAL * hz, 1797 nd6_slowtimo, NULL); 1798 IFNET_RLOCK(); 1799 for (ifp = TAILQ_FIRST(&ifnet); ifp; ifp = TAILQ_NEXT(ifp, if_li st)) { 1800 nd6if = ND_IFINFO(ifp); 1801 if (nd6if->basereachable && /* already initialized */ 1802 (nd6if->recalctm -= ND6_SLOWTIMER_INTERVAL) <= 0) { 1803 /* 1804 * Since reachable time rarely changes by router (kgdb) p *ifp $1 = {if_softc = 0xc1ada000, if_link = {tqe_next = 0xc1ae1800, tqe_prev = 0xc1adb004}, if_xname = "pflog0\000\000\000\000\000\000\000\000\000", if_dname = 0xc077ee0d "pflog", if_dunit = 0, if_addrhead = { tqh_first = 0xc1ae3e00, tqh_last = 0xc1ae3e60}, if_klist = { slh_first = 0x0}, if_pcount = 0, if_carp = 0x0, if_bpf = 0x0, if_index = 4, if_timer = 0, if_nvlans = 0, if_flags = 0, if_capabilities = 0, if_capenable = 0, if_linkmib = 0x0, if_linkmiblen = 0, if_data = {ifi_type = 246 '\xf6\xa7, ifi_physical = 0 '\0', ifi_addrlen = 0 '\ 0', ifi_hdrlen = 48 '0', ifi_link_state = 0 '\0', ifi_recvquota = 0 '\0', ifi_xmitquota = 0 '\0', ifi_mtu = 33208, ifi_metric = 0, ifi_baudrate = 0, ifi_ipackets = 0, ifi_ierrors = 0, ifi_opackets = 0, ifi_oerrors = 0, ifi_collisions = 0, ifi_ibytes = 0, ifi_obytes = 0, ifi_imcasts = 0, ifi_omcasts = 0, ifi_iqdrops = 0, ifi_noproto = 0, ifi_hwassist = 0, ifi_unused = 0, ifi_lastchange = {tv_sec = 1, tv_usec = 10464}}, if_multiaddrs = {tqh_first = 0x0, tqh_last = 0xc1ada0a8}, if_amcount = 0, if_output = 0xc077d738, if_input = 0, if_start = 0xc077d69c, if_ioctl = 0xc077d760, if_watchdog = 0, if_init = 0, if_resolvemulti = 0, if_snd = {ifq_head = 0x0, ifq_tail = 0x0, ifq_len = 0, ifq_maxlen = 50, ifq_drops = 0, ifq_mtx = {mtx_object = {lo_class = 0xc067db3c, lo_name = 0xc1ada00c "pflog0", lo_type = 0xc0657e7d "if send queue", lo_flags = 196608, lo_list = {tqe_next = 0x0, tqe_prev = 0x0}, lo_witness = 0x0}, mtx_lock = 4, mtx_recurse = 0}, ifq_drv_head = 0x0, ifq_drv_tail = 0x0, ifq_drv_len = 0, ifq_drv_maxlen = 0, altq_type = 0, altq_flags = 0, altq_disc = 0x0, altq_ifp = 0xc1ada000, altq_enqueue = 0, altq_dequeue = 0, altq_request = 0, altq_clfier = 0x0, altq_classify = 0, altq_tbr = 0x0, altq_cdnr = 0x0}, if_broadcastaddr = 0x0, lltables = 0x0, if_label = 0x0, if_prefixhead = {tqh_first = 0x0, tqh_last = 0xc1ada150}, if_afdata = {0x0 }, if_afdata_initialized = 1, if_afdata_mtx = {mtx_object = {lo_class = 0xc067db3c, lo_name = 0xc0657e6d "if_afdata", lo_type = 0xc0657e6d "if_afdata", lo_flags = 196608, lo_list = {tqe_next = 0x0, tqe_prev = 0x0}, lo_witness = 0x0}, mtx_lock = 4, mtx_recurse = 0}, if_starttask = { ta_link = {stqe_next = 0x0}, ta_pending = 0, ta_priority = 0, ta_func = 0xc0527fb4 , ta_context = 0xc1ada000}} >How-To-Repeat: On SMP machine (I'm not sure, but my other machines, which are non-SMP don 't exhibit the problem), kldload pf at boot time. You should have "option INET6" in kernel configuration. Wait for about an hour, then you will encounter the pa nic. >Fix: >Release-Note: >Audit-Trail: >Unformatted: