Re: Panic in nd6_slowtimo()

From: Max Laier <max_at_love2party.net> Date: Thu, 12 Aug 2004 19:37:51 +0200 · This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:06 UTC

This was reported before, but I was never able to reproduce it and the 
original reporter didn't reply anymore (iirc). Can you please turn this into 
a PR so that we do not lose track this time? I will be looking into it.

Thanks.

On Thursday 12 August 2004 19:14, Sangwoo Shim wrote:
> [ FreeBSD-current list rejects my mail. So, to pf maintainers.. ]
>
> I recently got this panic. 1~2 times in a day.
> It seems that pflog is the culprit..  pflog0's if_afdata contains
> nothing but null. I couldn't reproduce the panic with pf.ko unloaded.
> option INET6 is in kernel configuration.
> The machine is SMP. If you need more information, please let me know.
> I'm using FreeBSD-current of Aug 12.
>
> panic messages:
> ---
> Fatal trap 12: page fault while in kernel mode
> cpuid = 0; apic id = 01
> fault virtual address   = 0x8
> fault code              = supervisor read, page not present
> instruction pointer     = 0x8:0xc056ec72
> stack pointer           = 0x10:0xd53efcb8
> frame pointer           = 0x10:0xd53efcc4
> code segment            = base 0x0, limit 0xfffff, type 0x1b
>                         = DPL 0, pres 1, def32 1, gran 1
> processor eflags        = interrupt enabled, resume, IOPL = 0
> current process         = 37 (swi5: clock sio)
> Dumping 511 MB
>  16 32 48 64 80 96 112 128 144 160 176 192 208 224 240 256 272 288 304 320
> 336 352 368 384 400 416 432 448 464 480 496 ---
> #0  doadump () at pcpu.h:159
> 159     pcpu.h: No such file or directory.
>         in pcpu.h
> doadump () at pcpu.h:159
> 159     in pcpu.h
> (kgdb) bt
> #0  doadump () at pcpu.h:159
> #1  0xc043b83a in db_fncall (dummy1=0, dummy2=0, dummy3=-717292800,
>     dummy4=0xd53efae8 "\034壺螺) at /usr/src/sys/ddb/db_command.c:531
> #2  0xc043b648 in db_command (last_cmdp=0xc069cea4, cmd_table=0x0,
>     aux_cmd_tablep=0xc066cc44, aux_cmd_tablep_end=0xc066cc48)
>     at /usr/src/sys/ddb/db_command.c:349
> #3  0xc043b710 in db_command_loop () at /usr/src/sys/ddb/db_command.c:455
> #4  0xc043d289 in db_trap (type=12, code=0) at
> /usr/src/sys/ddb/db_main.c:221 #5  0xc04d9020 in kdb_trap (type=12, code=0,
> tf=0xd53efc78)
>     at /usr/src/sys/kern/subr_kdb.c:401
> #6  0xc062795d in trap_fatal (frame=0xd53efc78, eva=8)
>     at /usr/src/sys/i386/i386/trap.c:807
> #7  0xc06276bb in trap_pfault (frame=0xd53efc78, usermode=0, eva=8)
>     at /usr/src/sys/i386/i386/trap.c:730
> #8  0xc06272d1 in trap (frame=
>       {tf_fs = -1045626856, tf_es = -717357040, tf_ds = -717357040, tf_edi
> = -1045585920, tf_esi = -1045508608, tf_ebp = -717292348, tf_isp =
> -717292380, tf_ebx = 23040, tf_edx = 1474, tf_ecx = -1066723816, tf_eax =
> 0, tf_trapno = 12, tf_err = 0, tf_eip = -1068045198, tf_cs = 8, tf_eflags =
> 66182, tf_esp = 6, tf_ss = 4}) at /usr/src/sys/i386/i386/trap.c:417 #9 
> 0xc0615b1a in calltrap () at /usr/src/sys/i386/i386/exception.s:140 #10
> 0xc1ad0018 in ?? ()
> #11 0xd53e0010 in ?? ()
> #12 0xd53e0010 in ?? ()
> #13 0xc1ada000 in ?? ()
> #14 0xc1aece00 in ?? ()
> #15 0xd53efcc4 in ?? ()
> #16 0xd53efca4 in ?? ()
> #17 0x00005a00 in ?? ()
> #18 0x000005c2 in ?? ()
> #19 0xc06b1618 in arc4_sbox ()
> #20 0x00000000 in ?? ()
> #21 0x0000000c in ?? ()
> #22 0x00000000 in ?? ()
> #23 0xc056ec72 in nd6_slowtimo (ignored_arg=0x0)
>     at /usr/src/sys/netinet6/nd6.c:1800
> #24 0xc04cd05b in softclock (dummy=0x0) at
> /usr/src/sys/kern/kern_timeout.c:259 #25 0xc04ab6bd in ithread_loop
> (arg=0xc1977c00)
>     at /usr/src/sys/kern/kern_intr.c:546
> #26 0xc04aa7fd in fork_exit (callout=0xc04ab564 <ithread_loop>,
>     arg=0xc1977c00, frame=0xd53efd48) at /usr/src/sys/kern/kern_fork.c:819
> #27 0xc0615b7c in fork_trampoline () at
> /usr/src/sys/i386/i386/exception.s:209 (kgdb) up 23
> #23 0xc056ec72 in nd6_slowtimo (ignored_arg=0x0)
>     at /usr/src/sys/netinet6/nd6.c:1800
> 1800                    nd6if = ND_IFINFO(ifp);
> (kgdb) l
> 1795
> 1796            callout_reset(&nd6_slowtimo_ch, ND6_SLOWTIMER_INTERVAL *
> hz, 1797                nd6_slowtimo, NULL);
> 1798            IFNET_RLOCK();
> 1799            for (ifp = TAILQ_FIRST(&ifnet); ifp; ifp = TAILQ_NEXT(ifp,
> if_list)) { 1800                    nd6if = ND_IFINFO(ifp);
> 1801                    if (nd6if->basereachable && /* already initialized
> */ 1802                        (nd6if->recalctm -= ND6_SLOWTIMER_INTERVAL)
> <= 0) { 1803                            /*
> 1804                             * Since reachable time rarely changes by
> router (kgdb) p *ifp
> $1 = {if_softc = 0xc1ada000, if_link = {tqe_next = 0xc1ae1800,
>     tqe_prev = 0xc1adb004},
>   if_xname = "pflog0\000\000\000\000\000\000\000\000\000",
>   if_dname = 0xc077ee0d "pflog", if_dunit = 0, if_addrhead = {
>     tqh_first = 0xc1ae3e00, tqh_last = 0xc1ae3e60}, if_klist = {
>     slh_first = 0x0}, if_pcount = 0, if_carp = 0x0, if_bpf = 0x0,
>   if_index = 4, if_timer = 0, if_nvlans = 0, if_flags = 0,
>   if_capabilities = 0, if_capenable = 0, if_linkmib = 0x0, if_linkmiblen =
> 0, if_data = {ifi_type = 246 '炊, ifi_physical = 0 '\0', ifi_addrlen = 0
> '\0', ifi_hdrlen = 48 '0', ifi_link_state = 0 '\0', ifi_recvquota = 0 '\0',
> ifi_xmitquota = 0 '\0', ifi_mtu = 33208, ifi_metric = 0, ifi_baudrate = 0,
> ifi_ipackets = 0, ifi_ierrors = 0, ifi_opackets = 0, ifi_oerrors = 0,
> ifi_collisions = 0, ifi_ibytes = 0, ifi_obytes = 0, ifi_imcasts = 0,
> ifi_omcasts = 0, ifi_iqdrops = 0, ifi_noproto = 0, ifi_hwassist = 0,
> ifi_unused = 0, ifi_lastchange = {tv_sec = 1, tv_usec = 10464}},
> if_multiaddrs = {tqh_first = 0x0, tqh_last = 0xc1ada0a8}, if_amcount = 0,
> if_output = 0xc077d738, if_input = 0, if_start = 0xc077d69c,
>   if_ioctl = 0xc077d760, if_watchdog = 0, if_init = 0, if_resolvemulti = 0,
>   if_snd = {ifq_head = 0x0, ifq_tail = 0x0, ifq_len = 0, ifq_maxlen = 50,
>     ifq_drops = 0, ifq_mtx = {mtx_object = {lo_class = 0xc067db3c,
>         lo_name = 0xc1ada00c "pflog0", lo_type = 0xc0657e7d "if send
> queue", lo_flags = 196608, lo_list = {tqe_next = 0x0, tqe_prev = 0x0},
> lo_witness = 0x0}, mtx_lock = 4, mtx_recurse = 0}, ifq_drv_head = 0x0,
> ifq_drv_tail = 0x0, ifq_drv_len = 0, ifq_drv_maxlen = 0, altq_type = 0,
> altq_flags = 0, altq_disc = 0x0, altq_ifp = 0xc1ada000, altq_enqueue = 0,
> altq_dequeue = 0, altq_request = 0, altq_clfier = 0x0, altq_classify = 0,
> altq_tbr = 0x0, altq_cdnr = 0x0}, if_broadcastaddr = 0x0, lltables = 0x0,
> if_label = 0x0, if_prefixhead = {tqh_first = 0x0, tqh_last = 0xc1ada150},
> if_afdata = {0x0 <repeats 37 times>}, if_afdata_initialized = 1,
> if_afdata_mtx = {mtx_object = {lo_class = 0xc067db3c,
>       lo_name = 0xc0657e6d "if_afdata", lo_type = 0xc0657e6d "if_afdata",
>       lo_flags = 196608, lo_list = {tqe_next = 0x0, tqe_prev = 0x0},
>       lo_witness = 0x0}, mtx_lock = 4, mtx_recurse = 0}, if_starttask = {
>     ta_link = {stqe_next = 0x0}, ta_pending = 0, ta_priority = 0,
>     ta_func = 0xc0527fb4 <if_start_deferred>, ta_context = 0xc1ada000}}
>
> Thanks.
> - Sangwoo Shim

-- 
/"\  Best regards,			| mlaier_at_freebsd.org
\ /  Max Laier				| ICQ #67774661
 X   http://pf4freebsd.love2party.net/	| mlaier_at_EFnet
/ \  ASCII Ribbon Campaign		| Against HTML Mail and News