Date: Thu, 12 May 2005 01:47:44 -0400 From: gnn@freebsd.org To: JINMEI Tatuya / =?ISO-2022-JP?B?GyRCP0BMQEMjOkgbKEI=?= <jinmei@isl.rdc.toshiba.co.jp> Cc: freebsd-net@freebsd.org Subject: Re: Page Fault in in6_purgeaddr Message-ID: <m2acn1f11b.wl%gnn@neville-neil.com> In-Reply-To: <y7vy8alyugl.wl%jinmei@isl.rdc.toshiba.co.jp> References: <JNENIMAEFKNBLKDGONHIEEEHCOAA.mklein@dis.com> <y7vy8alyugl.wl%jinmei@isl.rdc.toshiba.co.jp>
next in thread | previous in thread | raw e-mail | index | archive | help
At Thu, 12 May 2005 12:49:30 +0900, jinmei wrote: > > >>>>> On Wed, 11 May 2005 15:21:49 -0700, > >>>>> "Mark Klein" <mklein@dis.com> said: > > > I've recently been experiencing a panic that has quickly grown > > beyond my capabilities to debug. Any help is greatly appreciated. > > > Please see: > > > http://www.dis.com/freebsd.1.html > > I cannot reach the web site. If possible, could you post the details > to the mailing list? > I was able to reach the web site. The information is at the end of this email. Later, George (kgdb) bt #0 dumpsys () at /usr/src/sys/kern/kern_shutdown.c:487 #1 0xc0244ca7 in boot (howto=0x104) at /usr/src/sys/kern/kern_shutdown.c:316 #2 0xc02450cc in poweroff_wait (junk=0xc0472d6c, howto=0xc047286f) at /usr/src/sys/kern/kern_shutdown.c:595 #3 0xc03d6a7e in trap_fatal (frame=0xc047bfa4, eva=0x10) at /usr/src/sys/i386/i386/trap.c:974 #4 0xc03d6751 in trap_pfault (frame=0xc047bfa4, usermode=0x0, eva=0x10) at /usr/src/sys/i386/i386/trap.c:867 #5 0xc03d630f in trap (frame={tf_fs = 0x10, tf_es = 0x10, tf_ds = 0x10, tf_edi = 0x1, tf_esi = 0x0, tf_ebp = 0xc047c03c, tf_isp = 0xc047bfd0, tf_ebx = 0x0, tf_edx = 0x20, tf_ecx = 0xb71, tf_eax = 0x0, tf_trapno = 0xc, tf_err = 0x0, tf_eip = 0xc038a63a, tf_cs = 0x8, tf_eflags = 0x10246, tf_esp = 0xc6219ac0, tf_ss = 0xc}) at /usr/src/sys/i386/i386/trap.c:466 #6 0xc038a63a in vnode_pager_generic_putpages (vp=0xc6219ac0, m=0xc047c0dc, bytecount=0x1000, flags=0xc, rtvals=0xc047c0ac) at /usr/src/sys/vm/vnode_pager.c:1034 #7 0xc0373b92 in ffs_putpages (ap=0xc047c070) at /usr/src/sys/ufs/ufs/ufs_readwrite.c:757 #8 0xc038a496 in vnode_pager_putpages (object=0xc63bb78c, m=0xc047c0dc, count=0x1, sync=0xc, rtvals=0xc047c0ac) at vnode_if.h:1147 #9 0xc0387414 in vm_pageout_flush (mc=0xc047c0dc, count=0x1, flags=0xc) at /usr/src/sys/vm/vm_pager.h:147 #10 0xc03849a6 in vm_object_page_collect_flush (object=0xc63bb78c, p=0xc08d21c4, curgeneration=0xa, pagerflags=0xc) at /usr/src/sys/vm/vm_object.c:806 #11 0xc03845a9 in vm_object_page_clean (object=0xc63bb78c, start=0x0, end=0x0, flags=0x4) at /usr/src/sys/vm/vm_object.c:605 #12 0xc0274b3d in vfs_msync (mp=0xc0d00600, flags=0x2) at /usr/src/sys/kern/vfs_subr.c:2731 #13 0xc0275b30 in sync (p=0xc04fa380, uap=0x0) at /usr/src/sys/kern/vfs_syscalls.c:582 #14 0xc0244a42 in boot (howto=0x100) at /usr/src/sys/kern/kern_shutdown.c:235 #15 0xc02450cc in poweroff_wait (junk=0xc0472d6c, howto=0xc047286f) at /usr/src/sys/kern/kern_shutdown.c:595 #16 0xc03d6a7e in trap_fatal (frame=0xc047c330, eva=0xe00cb362) at /usr/src/sys/i386/i386/trap.c:974 #17 0xc03d6751 in trap_pfault (frame=0xc047c330, usermode=0x0, eva=0xe00cb362) at /usr/src/sys/i386/i386/trap.c:867 #18 0xc03d630f in trap (frame={tf_fs = 0x10, tf_es = 0x10, tf_ds = 0x10, tf_edi = 0xe00cb340, tf_esi = 0xe00cb340, tf_ebp = 0xc047c378, tf_isp = 0xc047c35c, tf_ebx = 0xc04e1082, tf_edx = 0x5, tf_ecx = 0x4, tf_eax = 0x41, tf_trapno = 0xc, tf_err = 0x0, tf_eip = 0xc0290911, tf_cs = 0x8, tf_eflags = 0x10206, tf_esp = 0xc0cc7400, tf_ss = 0xc0cc7400}) at /usr/src/sys/i386/i386/trap.c:466 #19 0xc0290911 in if_name (ifp=0xe00cb340) at /usr/src/sys/net/net_osdep.c:62 #20 0xc02c5281 in in6_purgeaddr (ifa=0xc0cc7400) at /usr/src/sys/netinet6/in6.c:1186 #21 0xc02d4dfc in nd6_timer (ignored_arg=0x0) at /usr/src/sys/netinet6/nd6.c:584 #22 0xc024ad7d in softclock () at /usr/src/sys/kern/kern_timeout.c:131 #23 0xc03c97d3 in doreti_swi () (kgdb) frame 20 #20 0xc02c5281 in in6_purgeaddr (ifa=0xc0cc7400) at /usr/src/sys/netinet6/in6.c:1186 1186 log(LOG_ERR, "in6_purgeaddr: failed to remove " (kgdb) list 1158 /* 1159 * XXX: if a change of an existing address failed, keep the entry 1160 * anyway. 1161 */ 1162 if (hostIsNew) 1163 in6_unlink_ifa(ia, ifp); 1164 return(error); 1165 } 1166 1167 void 1168 in6_purgeaddr(ifa) 1169 struct ifaddr *ifa; 1170 { 1171 struct ifnet *ifp = ifa->ifa_ifp; 1172 struct in6_ifaddr *ia = (struct in6_ifaddr *) ifa; 1173 1174 /* stop DAD processing */ 1175 nd6_dad_stop(ifa); 1176 1177 /* 1178 * delete route to the destination of the address being purged. 1179 * The interface must be p2p or loopback in this case. 1180 */ 1181 if ((ia->ia_flags & IFA_ROUTE) != 0 && ia->ia_dstaddr.sin6_len != 0) { 1182 int e; 1183 1184 if ((e = rtinit(&(ia->ia_ifa), (int)RTM_DELETE, RTF_HOST)) 1185 != 0) { 1186 log(LOG_ERR, "in6_purgeaddr: failed to remove " 1187 "a route to the p2p destination: %s on %s, " 1188 "errno=%d\n", 1189 ip6_sprintf(&ia->ia_addr.sin6_addr), if_name(ifp), 1190 e); 1191 /* proceed anyway... */ 1192 } rtinit returned a non-zero status and is trying to log the error. if_name has caused the panic due to an invalid ifp. (kgdb) p *(struct ifaddr *) 0xc0cc7400 $24 = {ifa_addr = 0xc0cc747c, ifa_dstaddr = 0xc0cc74b4, ifa_netmask = 0xc0cc74d0, if_data = {ifi_type = 0x0, ifi_physical = 0x0, ifi_addrlen = 0x0, ifi_hdrlen = 0x0, ifi_recvquota = 0x0, ifi_xmitquota = 0x0, ifi_do_not_use = 0x0, ifi_datalen = 0x0, ifi_mtu = 0x0, ifi_metric = 0x0, ifi_baudrate = 0x0, ifi_ipackets = 0x0, ifi_ierrors = 0x0, ifi_opackets = 0x0, ifi_oerrors = 0x0, ifi_collisions = 0x0, ifi_ibytes = 0x0, ifi_obytes = 0x0, ifi_imcasts = 0x0, ifi_omcasts = 0x0, ifi_iqdrops = 0x0, ifi_noproto = 0x0, ifi_hwassist = 0x32510000, ifi_unused = 0xcde15366, ifi_lastchange = {tv_sec = 0xfcc0, tv_usec = 0x0}}, ifa_ifp = 0xe00cb340, ifa_link = {tqe_next = 0x3d928485, tqe_prev = 0xc0cd5ceb}, ifa_rtrequest = 0xc02d5408 , ifa_flags = 0x1, ifa_refcnt = 0x3, ifa_metric = 0x0, ifa_claim_addr = 0} (kgdb) p in6_addr No symbol "in6_addr" in current context. (kgdb) p in6_ifaddr $25 = (struct in6_ifaddr *) 0xc0cc7400 (kgdb) So, this is the first entry and it has expired. The ifa_ifp value is corrupted. This is quickly beyond my knowledge of networking. Any idea what might be going on? This is a remote machine, so I will have a hard time of trying to set it up for realtime debugging of the kernel until I can get back onsite. This has only recently started. It happened with 4.10 and I recently updated to 4.11 to see if it was fixed in that release. Please note that we ran for quite a while with 4.10 without this happening. Any suggestions are welcome! Thanks! Mark
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?m2acn1f11b.wl%gnn>