I could have stuck a LONG time on this one if I wasn't testing something that results in the very thing that causes the panic. I don't have the exact details, but what I did is the following: ifconfig fxp0 10.0.2.6/16 (well, that's configured during boot) route add 10.0.14.247 10.0.2.7 ping 10.0.14.247 This results in an ICMP Redirect being returned by 10.0.2.7. Upon it's receival, the machine panics. I'm using a current from yesterday (29th). Here are a couple of backtraces: [0] dcs_at_dcs:/dos/crash$ gdb -k kernel.18 vmcore.18 GNU gdb 5.2.1 (FreeBSD) Copyright 2002 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "i386-undermydesk-freebsd"... panic: recurse panic messages: --- panic: recurse syncing disks, buffers remaining... 2228 2228 2228 2228 2228 2228 2228 2228 2228 2228 2228 2228 2228 2228 2228 2228 2228 2228 2228 2228 ad0: WARNING - WRITE_DMA recovered from missing interrupt giving up on 1090 buffers Uptime: 19h10m15s Dumping 255 MB 16 32 48 64 80 96 112 128 144 160 176 192 208 224 240 --- Reading symbols from /boot/kernel/snd_cmi.ko...done. Loaded symbols for /boot/kernel/snd_cmi.ko Reading symbols from /boot/kernel/snd_pcm.ko...done. Loaded symbols for /boot/kernel/snd_pcm.ko Reading symbols from /usr/obj/usr/src/sys/DCS/modules/usr/src/sys/modules/mac_biba/mac_biba.ko.debug...done. Loaded symbols for /usr/obj/usr/src/sys/DCS/modules/usr/src/sys/modules/mac_biba/mac_biba.ko.debug Reading symbols from /usr/obj/usr/src/sys/DCS/modules/usr/src/sys/modules/mac_mls/mac_mls.ko.debug...done. Loaded symbols for /usr/obj/usr/src/sys/DCS/modules/usr/src/sys/modules/mac_mls/mac_mls.ko.debug Reading symbols from /usr/obj/usr/src/sys/DCS/modules/usr/src/sys/modules/acpi/acpi.ko.debug...done. Loaded symbols for /usr/obj/usr/src/sys/DCS/modules/usr/src/sys/modules/acpi/acpi.ko.debug Reading symbols from /boot/kernel/green_saver.ko...done. Loaded symbols for /boot/kernel/green_saver.ko Reading symbols from /usr/obj/usr/src/sys/DCS/modules/usr/src/sys/modules/linux/linux.ko.debug...done. Loaded symbols for /usr/obj/usr/src/sys/DCS/modules/usr/src/sys/modules/linux/linux.ko.debug #0 doadump () at /usr/src/sys/kern/kern_shutdown.c:240 240 dumping++; (kgdb) bt full #0 doadump () at /usr/src/sys/kern/kern_shutdown.c:240 No locals. #1 0xc04e48d1 in boot (howto=256) at /usr/src/sys/kern/kern_shutdown.c:372 No locals. #2 0xc04e4c67 in panic () at /usr/src/sys/kern/kern_shutdown.c:550 td = (struct thread *) 0xc12c5be0 bootopt = 256 newpanic = 1 ap = 0xcdb1aa0c "\032\fdÀ¶" buf = "recurse", '\0' <repeats 248 times> #3 0xc050a853 in witness_lock (lock=0xc47ec090, flags=8, file=0xc0640c1a "/usr/src/sys/net/route.c", line=565) at /usr/src/sys/kern/subr_witness.c:722 lock_list = (struct lock_list_entry **) 0xc12c5c4c lle = (struct lock_list_entry *) 0xc0663eac lock1 = (struct lock_instance *) 0xc06b77a4 lock2 = (struct lock_instance *) 0x0 class = (struct lock_class *) 0xc0663eac w = (struct witness *) 0xc0693eb0 w1 = (struct witness *) 0xc0693eb0 td = (struct thread *) 0xc06b77a4 i = -1 j = 0 go_into_ddb = 0 #4 0xc04dac8a in _mtx_lock_flags (m=0xc06b77a4, opts=0, file=0xc0663eac "{idÀ\t", line=-998326128) at /usr/src/sys/kern/kern_mutex.c:336 No locals. #5 0xc055871e in rtrequest1 (req=2, info=0xcdb1aac8, ret_nrt=0x0) at /usr/src/sys/net/route.c:565 error = 0 rt = (struct rtentry *) 0xc47ec000 rn = (struct radix_node *) 0xc06b77a4 rnh = (struct radix_node_head *) 0xc29e6400 ifa = (struct ifaddr *) 0x1 ndst = (struct sockaddr *) 0xc47ec090 #6 0xc05584fa in rtrequest (req=0, dst=0x0, gateway=0x0, netmask=0x0, flags=0, ret_nrt=0x0) at /usr/src/sys/net/route.c:477 info = {rti_addrs = 0, rti_info = {0xc3951ea0, 0xc3951eb0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, ---Type <return> to continue, or q <return> to quit--- rti_flags = 2087, rti_ifa = 0x0, rti_ifp = 0x0} #7 0xc0559131 in rt_setgate (rt=0xc47ec000, dst=0xc3951ea0, gate=0xc066d75c) at /usr/src/sys/net/route.c:938 rnh = (struct radix_node_head *) 0xc29e6400 new = 0xcdb1aac8 "" old = 0xc06b84c0 "¬>fÀ\"\005dÀ\"\005dÀ" dlen = 16 glen = 16 #8 0xc05582df in rtredirect (dst=0xc066d74c, gateway=0xc066d75c, netmask=0x0, flags=38, src=0xc066d76c) at /usr/src/sys/net/route.c:369 rt = (struct rtentry *) 0xc47ec000 error = 0 stat = (short int *) 0xc06b8894 info = {rti_addrs = 582, rti_info = {0xc0663eac, 0x0, 0xc06931a0, 0x3f1, 0xc063a81f, 0xcdb1ab98, 0xc04d0000, 0xc06931a0}, rti_flags = 1, rti_ifa = 0xc0637b5e, rti_ifp = 0x0} ifa = (struct ifaddr *) 0xc297b600 #9 0xc05624bf in icmp_input (m=0xc12d8000, off=20) at /usr/src/sys/netinet/ip_icmp.c:565 hlen = 20 icp = (struct icmp *) 0xc1745834 ip = (struct ip *) 0xc1745820 icmplen = 36 i = 0 ia = (struct in_ifaddr *) 0x0 ctlfunc = (void (*)(int, struct sockaddr *, void *)) 0 code = 1 #10 0xc05636ea in ip_input (m=0xc12d8000) at /usr/src/sys/netinet/ip_input.c:1014 ip = (struct ip *) 0xc1745820 fp = (struct ipq *) 0xc297b600 ia = (struct in_ifaddr *) 0xc297b600 ifa = (struct ifaddr *) 0x0 i = 0 hlen = 20 checkif = 1 sum = 0 pkt_dst = {s_addr = 100794378} divert_info = 0 args = {m = 0xc050aafe, oif = 0x0, next_hop = 0x0, rule = 0x0, eh = 0x0, ro = 0xc12c5c4c, ---Type <return> to continue, or q <return> to quit--- dst = 0xc06b9bf4, flags = 137, f_id = {dst_ip = 3227781664, src_ip = 3450973348, dst_port = 44352, src_port = 49229, proto = 244 'ô', flags = 155 '\233'}, divert_rule = 0, retval = 3227745118} cro = {ro_rt = 0xc0640a20, ro_dst = {sa_len = 10 '\n', sa_family = 181 'µ', sa_data = "cÀ\003\0\0\0à[,Á|¬±Í"}} #11 0xc0555a6e in netisr_processqueue (ni=0xc06b8690) at /usr/src/sys/net/netisr.c:140 m = (struct mbuf *) 0xc12d8000 #12 0xc0555ea8 in swi_net (dummy=0x0) at /usr/src/sys/net/netisr.c:246 ni = (struct netisr *) 0x0 bits = 262144 i = 0 #13 0xc04ceef2 in ithread_loop (arg=0xc12c2a00) at /usr/src/sys/kern/kern_intr.c:540 ithd = (struct ithd *) 0xc12c2a00 ih = (struct intrhand *) 0xc12bd200 td = (struct thread *) 0xc12c5be0 p = (struct proc *) 0xc12c45ac #14 0xc04cdeef in fork_exit (callout=0xc04ced60 <ithread_loop>, arg=0x0, frame=0x0) at /usr/src/sys/kern/kern_fork.c:796 p = (struct proc *) 0xc12c45ac td = (struct thread *) 0x0 [0] dcs_at_dcs:/dos/crash$ gdb -k kernel.18 vmcore.19 GNU gdb 5.2.1 (FreeBSD) Copyright 2002 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "i386-undermydesk-freebsd"... panic: recurse panic messages: --- panic: recurse syncing disks, buffers remaining... 2229 panic: bremfree: removing a buffer not on a queue Uptime: 2m31s Dumping 255 MB 16 32 48 64 80 96 112 128 144 160 176 192 208 224 240 --- Reading symbols from /boot/kernel/snd_cmi.ko...done. Loaded symbols for /boot/kernel/snd_cmi.ko Reading symbols from /boot/kernel/snd_pcm.ko...done. Loaded symbols for /boot/kernel/snd_pcm.ko Reading symbols from /usr/obj/usr/src/sys/DCS/modules/usr/src/sys/modules/mac_biba/mac_biba.ko.debug...done. Loaded symbols for /usr/obj/usr/src/sys/DCS/modules/usr/src/sys/modules/mac_biba/mac_biba.ko.debug Reading symbols from /usr/obj/usr/src/sys/DCS/modules/usr/src/sys/modules/mac_mls/mac_mls.ko.debug...done. Loaded symbols for /usr/obj/usr/src/sys/DCS/modules/usr/src/sys/modules/mac_mls/mac_mls.ko.debug Reading symbols from /usr/obj/usr/src/sys/DCS/modules/usr/src/sys/modules/acpi/acpi.ko.debug...done. Loaded symbols for /usr/obj/usr/src/sys/DCS/modules/usr/src/sys/modules/acpi/acpi.ko.debug Reading symbols from /boot/kernel/green_saver.ko...done. Loaded symbols for /boot/kernel/green_saver.ko Reading symbols from /usr/obj/usr/src/sys/DCS/modules/usr/src/sys/modules/linux/linux.ko.debug...done. Loaded symbols for /usr/obj/usr/src/sys/DCS/modules/usr/src/sys/modules/linux/linux.ko.debug #0 doadump () at /usr/src/sys/kern/kern_shutdown.c:240 240 dumping++; (kgdb) bt full #0 doadump () at /usr/src/sys/kern/kern_shutdown.c:240 No locals. #1 0xc04e48d1 in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:372 No locals. #2 0xc04e4c67 in panic () at /usr/src/sys/kern/kern_shutdown.c:550 td = (struct thread *) 0xc12c5be0 bootopt = 260 newpanic = 0 ap = 0xcdb1a4a8 "\001" buf = "recurse", '\0' <repeats 248 times> #3 0xc052bae1 in bremfreel (bp=0xc7c010f8) at /usr/src/sys/kern/vfs_bio.c:645 old_qindex = 0 #4 0xc052b9b5 in bremfree (bp=0x0) at /usr/src/sys/kern/vfs_bio.c:627 No locals. #5 0xc052f65e in getblk (vp=0xc2fae490, blkno=-237580, size=16384, slpflag=0, slptimeo=0, flags=0) at /usr/src/sys/kern/vfs_bio.c:2468 lockflags = -943714056 bp = (struct buf *) 0x0 #6 0xc052bbb2 in breadn (vp=0xc2fae490, blkno=0, size=0, rablkno=0x0, rabsize=0x0, cnt=0, cred=0x0, bpp=0x0) at /usr/src/sys/kern/vfs_bio.c:698 bp = (struct buf *) 0xc2aa2800 rabp = (struct buf *) 0x193e0 i = -1068651200 rv = 0 readwait = 0 #7 0xc052bb5c in bread (vp=0x0, blkno=0, size=0, cred=0x0, bpp=0x0) at /usr/src/sys/kern/vfs_bio.c:680 No locals. #8 0xc05877d3 in ffs_balloc_ufs2 (vp=0xc2fae490, startoffset=0, size=16384, cred=0xc12b4e80, flags=131072, bpp=0xcdb1a78c) at /usr/src/sys/ufs/ffs/ffs_balloc.c:706 ip = (struct inode *) 0xc2fa72bc dp = (struct ufs2_dinode *) 0xc2f92700 lbn = 238492 lastlbn = 255300 fs = (struct fs *) 0xc2aa2800 bp = (struct buf *) 0xc7b992f0 nbp = (struct buf *) 0x1 ---Type <return> to continue, or q <return> to quit--- indirs = {{in_lbn = -2061, in_off = 1, in_exists = 0}, {in_lbn = -2061, in_off = 115, in_exists = 0}, { in_lbn = -237580, in_off = 912, in_exists = 0}, {in_lbn = -4589907378279700672, in_off = -1066856144, in_exists = 0}, {in_lbn = 1034019891824, in_off = -1054057504, in_exists = 0}} nb = -3624935819250134048 newb = -4583662787045097069 bap = (ufs2_daddr_t *) 0xc8cb4000 pref = 0 allocib = (ufs2_daddr_t *) 0x0 blkp = (ufs2_daddr_t *) 0x193e0 allocblk = (ufs2_daddr_t *) 0xcdb1a6c4 allociblk = {4294967296, 1918783159134, 3228090240, -4582112244565694720} deallocated = -1029036032 osize = -1056799872 nsize = -843995592 num = 2 i = 2 error = -1023744880 unwindidx = -1 td = (struct thread *) 0xc12c5be0 #9 0xc0590325 in ffs_copyonwrite (devvp=0xc2ab17fc, bp=0xc7be83f0) at /usr/src/sys/ufs/ffs/ffs_snapshot.c:1992 snaphead = (struct snaphead *) 0xc2a3f978 ibp = (struct buf *) 0x0 cbp = (struct buf *) 0x1000 savedcbp = (struct buf *) 0x0 td = (struct thread *) 0xc12c5be0 fs = (struct fs *) 0xc2aa2800 ip = (struct inode *) 0xc2fa72bc vp = (struct vnode *) 0xc2fae490 lbn = 238492 blkno = -3624935815984706560 snapblklist = (ufs2_daddr_t *) 0x0 lower = -1023774020 upper = -1029436416 mid = 0 indiroff = 0 snapshot_locked = 1 ---Type <return> to continue, or q <return> to quit--- error = 0 #10 0xc04a7812 in spec_xstrategy (vp=0xc2ab17fc, bp=0xc7be83f0) at /usr/src/sys/fs/specfs/spec_vnops.c:474 mp = (struct mount *) 0x0 error = 0 dsw = (struct cdevsw *) 0x0 td = (struct thread *) 0xc12c5be0 #11 0xc04a7962 in spec_specstrategy (ap=0xcdb1a844) at /usr/src/sys/fs/specfs/spec_vnops.c:534 No locals. #12 0xc04a68f8 in spec_vnoperate (ap=0x0) at /usr/src/sys/fs/specfs/spec_vnops.c:122 No locals. #13 0xc05ac9ec in ufs_strategy (ap=0x0) at vnode_if.h:1141 bp = (struct buf *) 0xc7be83f0 vp = (struct vnode *) 0xcdb1a844 ip = (struct inode *) 0xc2fa7000 blkno = -4583568765916019874 error = -843995068 #14 0xc05ad7a8 in ufs_vnoperate (ap=0x0) at /usr/src/sys/ufs/ufs/ufs_vnops.c:2793 No locals. #15 0xc052c2dd in bwrite (bp=0xc7be83f0) at vnode_if.h:1116 oldflags = 180 newbp = (struct buf *) 0x0 #16 0xc052cb4c in bawrite (bp=0x0) at /usr/src/sys/kern/vfs_bio.c:1144 No locals. #17 0xc059d4e9 in ffs_fsync (ap=0xcdb1a93c) at /usr/src/sys/ufs/ffs/ffs_vnops.c:247 vp = (struct vnode *) 0xc2fa5db0 ip = (struct inode *) 0xc7be83f0 bp = (struct buf *) 0xc7be83f0 nbp = (struct buf *) 0x0 error = 0 wait = 0 passes = 4 skipmeta = 0 lbn = 1 #18 0xc059c6d3 in ffs_sync (mp=0xc2a54000, waitfor=2, cred=0xc12b4e80, td=0xc068c2a0) at vnode_if.h:627 nvp = (struct vnode *) 0xc2fa5a44 vp = (struct vnode *) 0xc2fa5db0 ---Type <return> to continue, or q <return> to quit--- devvp = (struct vnode *) 0xc2fa5db0 ip = (struct inode *) 0x0 ump = (struct ufsmount *) 0xc2a40c00 fs = (struct fs *) 0xc2aa2800 error = 0 count = 0 lockreq = 65554 allerror = 0 restart = 0 #19 0xc054297b in sync (td=0xc068c2a0, uap=0x0) at /usr/src/sys/kern/vfs_syscalls.c:142 mp = (struct mount *) 0xc2a54000 nmp = (struct mount *) 0x0 asyncflag = 0 #20 0xc04e44df in boot (howto=256) at /usr/src/sys/kern/kern_shutdown.c:306 bp = (struct buf *) 0xc7b26fe8 iter = 0 nbusy = 2229 pbusy = 2229 subiter = 2229 #21 0xc04e4c67 in panic () at /usr/src/sys/kern/kern_shutdown.c:550 td = (struct thread *) 0xc12c5be0 bootopt = 256 newpanic = 1 ap = 0xcdb1aa0c "\032\fdÀ¶" buf = "recurse", '\0' <repeats 248 times> #22 0xc050a853 in witness_lock (lock=0xc2fadd90, flags=8, file=0xc0640c1a "/usr/src/sys/net/route.c", line=565) at /usr/src/sys/kern/subr_witness.c:722 lock_list = (struct lock_list_entry **) 0xc12c5c4c lle = (struct lock_list_entry *) 0xc0663eac lock1 = (struct lock_instance *) 0xc06b7734 lock2 = (struct lock_instance *) 0x0 class = (struct lock_class *) 0xc0663eac w = (struct witness *) 0xc0693eb0 w1 = (struct witness *) 0xc0693eb0 td = (struct thread *) 0xc06b7734 i = -1 ---Type <return> to continue, or q <return> to quit--- j = 0 go_into_ddb = 0 #23 0xc04dac8a in _mtx_lock_flags (m=0xc06b7734, opts=0, file=0xc0663eac "{idÀ\t", line=-1023746672) at /usr/src/sys/kern/kern_mutex.c:336 No locals. #24 0xc055871e in rtrequest1 (req=2, info=0xcdb1aac8, ret_nrt=0x0) at /usr/src/sys/net/route.c:565 error = 0 rt = (struct rtentry *) 0xc2fadd00 rn = (struct radix_node *) 0xc06b7734 rnh = (struct radix_node_head *) 0xc29e6400 ifa = (struct ifaddr *) 0x1 ndst = (struct sockaddr *) 0xc2fadd90 #25 0xc05584fa in rtrequest (req=0, dst=0x0, gateway=0x0, netmask=0x0, flags=0, ret_nrt=0x0) at /usr/src/sys/net/route.c:477 info = {rti_addrs = 0, rti_info = {0xc2945f00, 0xc2945f10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, rti_flags = 2087, rti_ifa = 0x0, rti_ifp = 0x0} #26 0xc0559131 in rt_setgate (rt=0xc2fadd00, dst=0xc2945f00, gate=0xc066d75c) at /usr/src/sys/net/route.c:938 rnh = (struct radix_node_head *) 0xc29e6400 new = 0xcdb1aac8 "" old = 0xc06b84c0 "¬>fÀ\"\005dÀ\"\005dÀ" dlen = 16 glen = 16 #27 0xc05582df in rtredirect (dst=0xc066d74c, gateway=0xc066d75c, netmask=0x0, flags=38, src=0xc066d76c) at /usr/src/sys/net/route.c:369 rt = (struct rtentry *) 0xc2fadd00 error = 0 stat = (short int *) 0xc06b8894 info = {rti_addrs = 582, rti_info = {0xc0663eac, 0x0, 0xc06931a0, 0x3f1, 0xc063a81f, 0xcdb1ab98, 0xc04d0000, 0xc06931a0}, rti_flags = 1, rti_ifa = 0xc0637b5e, rti_ifp = 0x0} ifa = (struct ifaddr *) 0xc297ba00 #28 0xc05624bf in icmp_input (m=0xc12dbd00, off=20) at /usr/src/sys/netinet/ip_icmp.c:565 hlen = 20 icp = (struct icmp *) 0xc177a034 ip = (struct ip *) 0xc177a020 icmplen = 36 i = 0 ---Type <return> to continue, or q <return> to quit--- ia = (struct in_ifaddr *) 0x0 ctlfunc = (void (*)(int, struct sockaddr *, void *)) 0 code = 1 #29 0xc05636ea in ip_input (m=0xc12dbd00) at /usr/src/sys/netinet/ip_input.c:1014 ip = (struct ip *) 0xc177a020 fp = (struct ipq *) 0xc297ba00 ia = (struct in_ifaddr *) 0xc297ba00 ifa = (struct ifaddr *) 0x0 i = 0 hlen = 20 checkif = 1 sum = 0 pkt_dst = {s_addr = 100794378} divert_info = 0 args = {m = 0xc050aafe, oif = 0x0, next_hop = 0x0, rule = 0x0, eh = 0x0, ro = 0xc12c5c4c, dst = 0xc06b9bf4, flags = 137, f_id = {dst_ip = 3227781664, src_ip = 3450973348, dst_port = 44352, src_port = 49229, proto = 244 'ô', flags = 155 '\233'}, divert_rule = 0, retval = 3227745118} cro = {ro_rt = 0xc0640a20, ro_dst = {sa_len = 10 '\n', sa_family = 181 'µ', sa_data = "cÀ\003\0\0\0à[,Á|¬±Í"}} #30 0xc0555a6e in netisr_processqueue (ni=0xc06b8690) at /usr/src/sys/net/netisr.c:140 m = (struct mbuf *) 0xc12dbd00 #31 0xc0555ea8 in swi_net (dummy=0x0) at /usr/src/sys/net/netisr.c:246 ni = (struct netisr *) 0x0 bits = 262144 i = 0 #32 0xc04ceef2 in ithread_loop (arg=0xc12c2a00) at /usr/src/sys/kern/kern_intr.c:540 ithd = (struct ithd *) 0xc12c2a00 ih = (struct intrhand *) 0xc12bd200 td = (struct thread *) 0xc12c5be0 p = (struct proc *) 0xc12c45ac #33 0xc04cdeef in fork_exit (callout=0xc04ced60 <ithread_loop>, arg=0x0, frame=0x0) at /usr/src/sys/kern/kern_fork.c:796 p = (struct proc *) 0xc12c45ac td = (struct thread *) 0x0 I'm assuming on a preliminary basis that this one is not rwatson's fault. :-) Anyone wanting more data, or even tests, as it seems simple to reproduce, please cc the e-mail to dcs_at_tcoip.com.br, as I'm WAY behind on current_at_. -- Daniel C. Sobral (8-DCS) Gerencia de Operacoes Divisao de Comunicacao de Dados Coordenacao de Seguranca VIVO Centro Oeste Norte Fones: 55-61-313-7654/Cel: 55-61-9618-0904 E-mail: Daniel.Capo_at_tco.net.br Daniel.Sobral_at_tcoip.com.br dcs_at_tcoip.com.br Outros: dcs_at_newsguy.com dcs_at_freebsd.org capo_at_notorious.bsdconspiracy.net The volume of paper expands to fill the available briefcases. -- Jerry BrownReceived on Thu Oct 30 2003 - 06:33:33 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:37:27 UTC