From owner-freebsd-current@FreeBSD.ORG Fri Jul 31 03:57:30 2009 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D40B7106564A for ; Fri, 31 Jul 2009 03:57:30 +0000 (UTC) (envelope-from bms@incunabulum.net) Received: from out1.smtp.messagingengine.com (out1.smtp.messagingengine.com [66.111.4.25]) by mx1.freebsd.org (Postfix) with ESMTP id A76868FC08 for ; Fri, 31 Jul 2009 03:57:30 +0000 (UTC) (envelope-from bms@incunabulum.net) Received: from compute2.internal (compute2.internal [10.202.2.42]) by out1.messagingengine.com (Postfix) with ESMTP id 4C30A3BCF40; Thu, 30 Jul 2009 23:57:30 -0400 (EDT) Received: from heartbeat2.messagingengine.com ([10.202.2.161]) by compute2.internal (MEProxy); Thu, 30 Jul 2009 23:57:30 -0400 X-Sasl-enc: uRDRielvZBhntSkiDW46iySHbJSDbJa9NMbnUc1tXOAV 1249012649 Received: from anglepoise.lon.incunabulum.net (82-35-112-254.cable.ubr07.dals.blueyonder.co.uk [82.35.112.254]) by mail.messagingengine.com (Postfix) with ESMTPSA id B25A88E7; Thu, 30 Jul 2009 23:57:29 -0400 (EDT) Message-ID: <4A726A5C.6010001@incunabulum.net> Date: Fri, 31 Jul 2009 04:51:56 +0100 From: Bruce Simpson User-Agent: Thunderbird 2.0.0.22 (X11/20090725) MIME-Version: 1.0 To: Mattia Rossi References: <4A61FB2A.3000304@incunabulum.net> <4A724809.1060803@swin.edu.au> In-Reply-To: <4A724809.1060803@swin.edu.au> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: FreeBSD Current Subject: Re: [PATCH] Fix in6p_leave_group() panic by misbehaving apps - VLC SAP service discovey still panics kernel X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 31 Jul 2009 03:57:31 -0000 Mattia Rossi wrote: > (kgdb) > bt > > #0 doadump () at > pcpu.h:246 > > #1 0xc088c5c7 in boot (howto=260) at > /usr/src/sys/kern/kern_shutdown.c:419 > #2 0xc088c8f2 in panic (fmt=Variable "fmt" is not > available. ) at > /usr/src/sys/kern/kern_shutdown.c:575 > > #3 0xc0bc75b3 in trap_fatal (frame=0xc73797fc, eva=8) at > /usr/src/sys/i386/i386/trap.c:933 #4 0xc0bc7810 in > trap_pfault (frame=0xc73797fc, usermode=0, eva=8) at > /usr/src/sys/i386/i386/trap.c:846 #5 0xc0bc8223 in trap > (frame=0xc73797fc) at > /usr/src/sys/i386/i386/trap.c:528 #6 > 0xc0baad0b in calltrap () at > /usr/src/sys/i386/i386/exception.s:165 > #7 0xc071c9a0 in lpoutput (ifp=0xc782b400, m=0xc86f2400, > dst=0xc7379a58, ro=0x0) at /usr/src/sys/dev/ppbus/if_plip.c:669 > #8 0xc0a39018 in nd6_output_lle (ifp=0xc782b400, origifp=0xc782b400, > m0=0xc86f2400, dst=0xc7379a58, rt0=0x0, lle=0x0, chain=0x0) at > /usr/src/sys/netinet6/nd6.c:1914 > #9 0xc0a3912d in nd6_output (ifp=0xc782b400, origifp=0xc782b400, > m0=0xc86f2400, dst=0xc7379a58, rt0=0x0) at > /usr/src/sys/netinet6/nd6.c:1691 #10 0xc0a33ac8 > in ip6_output (m0=0xc7dab500, opt=0xc0dda6a0, ro=0xc7379a50, flags=1, > im6o=0xc7379b30, ifpp=0xc7379b50, > inp=0x0) at > /usr/src/sys/netinet6/ip6_output.c:905 > > #11 0xc0a34833 in mld_dispatch_packet (m=Variable "m" is not > available. > > ) at > /usr/src/sys/netinet6/mld6.c:3074 > > #12 0xc0a34b48 in mld_dispatch_queue (ifq=0xc7379bdc, limit=0) at > /usr/src/sys/netinet6/mld6.c:409 > > #13 0xc0a375e9 in mld_fasttimo () at > /usr/src/sys/netinet6/mld6.c:1421 > > #14 0xc0a19588 in icmp6_fasttimo () at > /usr/src/sys/netinet6/icmp6.c:2231 > > #15 0xc08e1d49 in pffasttimo (arg=0x0) at > /usr/src/sys/kern/uipc_domain.c:522 > > #16 0xc089f50c in softclock (arg=0xc0dc1b80) at > /usr/src/sys/kern/kern_timeout.c:411 > > #17 0xc08635eb in intr_event_execute_handlers (p=0xc755a7f8, > ie=0xc75a0d80) at > /usr/src/sys/kern/kern_intr.c:1165 > > #18 0xc0864b8b in ithread_loop (arg=0xc75591d0) at > /usr/src/sys/kern/kern_intr.c:1178 > > #19 0xc0860e81 in fork_exit (callout=0xc0864b20 , > arg=0xc75591d0, frame=0xc7379d38) at > /usr/src/sys/kern/kern_fork.c:838 #20 > 0xc0baad80 in fork_trampoline () at > /usr/src/sys/i386/i386/exception.s:270 ... > > It really seems it has to do something with IPv6... Actually, this backtrace lands in plip(4). Are you using a laplink cable or similar on this system? I believe the upper code is correct. Haven't had any other reports of panics with other network drivers. It may be something to do with plip's treatment of the mbuf handed off to it; more likely it could be an interaction between the nd6 code and the plip driver. There have been issues with the ARP cache code, which is broadly related to nd6, which Qing Li has been looking at; a fix was recently committed for an issue there. Unfortunately I don't have equipment or free time to look at the plip issue further. Hope this helps. cheers, BMS