Panic (Page fault) related to ipv6? [softclock, nd6_timer, in6_purgeaddr, in6_unlink_ifa]

From: Andreas Kohn <andreas.kohn_at_gmx.net>
Date: Mon, 06 Sep 2004 02:58:49 +0200
Hi,

just got this panic, perhaps someone is interested. Happened when
reading a probably damaged CD, don't know if that is related (didn't
look so in the backtrace).

System is FreeBSD klamath.ankon.de.eu.org 6.0-CURRENT FreeBSD
6.0-CURRENT #16: Sun Sep  5 12:18:47 CEST 2004    
root_at_klamath.ankon.de.eu.org:/usr/obj/usr/src/sys/KLAMATH  i386,
sources from around ~0900.

Kernel config contains IPV6, IPSEC (so no mpsafenet), ULE, and the
default setting for PREEMPTION (i didn't set any), no WITNESS or
INVARIANTS, but makeoptions DEBUG=-g.

Here it is:
-----

Fatal trap 12: page fault while in kernel mode
fault virtual address   = 0x1
fault code              = supervisor write, page not present
instruction pointer     = 0x8:0xc05e5f12
stack pointer           = 0x10:0xcbf1dc0c
frame pointer           = 0x10:0xcbf1dc28
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, def32 1, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 27 (swi5: clock sio)
trap number             = 12
panic: page fault



(kgdb) bt full
#0  doadump () at pcpu.h:159
No locals.
#1  0xc051b576 in boot (howto=260) at
/usr/src/sys/kern/kern_shutdown.c:385
        first_buf_printf = 1
#2  0xc051bcf7 in panic (fmt=0xc0708284 "%s")
    at /usr/src/sys/kern/kern_shutdown.c:541
        bootopt = 260
        newpanic = 0
        buf = "page fault", '\0' <repeats 245 times>
#3  0xc06de456 in trap_fatal (frame=0xcbf1dbcc, eva=1)
    at /usr/src/sys/i386/i386/trap.c:809
        code = 16
        type = 12
        ss = 16
        esp = 0
        softseg = {ssd_base = 0, ssd_limit = 1048575, ssd_type = 27, 
  ssd_dpl = 0, ssd_p = 1, ssd_xx = 4, ssd_xx1 = 1, ssd_def32 = 1,
ssd_gran = 1}
#4  0xc06de6fb in trap_pfault (frame=0xcbf1dbcc, usermode=0, eva=1)
    at /usr/src/sys/i386/i386/trap.c:727
        va = 0
        vm = (struct vmspace *) 0x0
        map = 0xc076cb20
        rv = 1
---Type <return> to continue, or q <return> to quit---
        ftype = 1 '\001'
        p = (struct proc *) 0x0
#5  0xc06deaf5 in trap (frame=
      {tf_fs = 24, tf_es = 16, tf_ds = 16, tf_edi = -1042350080, tf_esi
= -1, tf_ebp = -873341912, tf_isp = -873341960, tf_ebx = -1042350080,
tf_edx = -1043508736, tf_ecx = -1042350080, tf_eax = 1, tf_trapno = 12,
tf_err = 2, tf_eip = -1067557102, tf_cs = 8, tf_eflags = 66182, tf_esp =
4, tf_ss = 582})
    at /usr/src/sys/i386/i386/trap.c:417
        p = (struct proc *) 0xc1901540
        sticks = 3421625312
        i = 0
        ucode = 0
        type = 12
        code = 2
        eva = 1
#6  0xc06d019a in calltrap () at /usr/src/sys/i386/i386/exception.s:140
No locals.
#7  0x00000018 in ?? ()
No symbol table info available.
#8  0x00000010 in ?? ()
No symbol table info available.
#9  0x00000010 in ?? ()
No symbol table info available.
---Type <return> to continue, or q <return> to quit---
#10 0xc1df0000 in ?? ()
No symbol table info available.
#11 0xffffffff in ?? ()
No symbol table info available.
#12 0xcbf1dc28 in ?? ()
No symbol table info available.
#13 0xcbf1dbf8 in ?? ()
No symbol table info available.
#14 0xc1df0000 in ?? ()
No symbol table info available.
#15 0xc1cd5200 in ?? ()
No symbol table info available.
#16 0xc1df0000 in ?? ()
No symbol table info available.
#17 0x00000001 in ?? ()
No symbol table info available.
#18 0x0000000c in ?? ()
No symbol table info available.
#19 0x00000002 in ?? ()
No symbol table info available.
#20 0xc05e5f12 in in6_unlink_ifa (ia=0x0, ifp=0xc1df0000)
    at /usr/src/sys/netinet6/in6.c:1157
        oia = (struct in6_ifaddr *) 0xc1df0000
---Type <return> to continue, or q <return> to quit---
#21 0xc05e615d in in6_purgeaddr (ifa=0xc1df0000)
    at /usr/src/sys/netinet6/in6.c:1146
        ifp = (struct ifnet *) 0xc0751060
#22 0xc06019bf in nd6_timer (ignored_arg=0x0)
    at /usr/src/sys/netinet6/nd6.c:562
        regen = 0
        ln = (struct llinfo_nd6 *) 0xc1d7e440
        dr = (struct nd_defrouter *) 0x0
        pr = (struct nd_prefix *) 0x0
        ia6 = (struct in6_ifaddr *) 0xc1df0000
        nia6 = (struct in6_ifaddr *) 0xc1d7e440
#23 0xc052ab55 in softclock (dummy=0x0) at
/usr/src/sys/kern/kern_timeout.c:259
        c_func = (void (*)(void *)) 0xc0601880 <nd6_timer>
        c_arg = (void *) 0x0
        c_flags = 6
        c = (struct callout *) 0x0
        bucket = (struct callout_tailq *) 0xc688c460
        steps = 6
        depth = 4
        mpcalls = 1
        gcalls = 3
        wakeup_cookie = 6
#24 0xc0502229 in ithread_loop (arg=0xc18f8580)
---Type <return> to continue, or q <return> to quit---
    at /usr/src/sys/kern/kern_intr.c:547
        ih = (struct intrhand *) 0xc18f3380
        p = (struct proc *) 0xc1901540
        count = 0
        warming = 5000
        warned = 0
#25 0xc0500f82 in fork_exit (callout=0xc0502170 <ithread_loop>, arg=0x0,
    frame=0x0) at /usr/src/sys/kern/kern_fork.c:807
        p = (struct proc *) 0xc1901540
#26 0xc06d01fc in fork_trampoline () at
/usr/src/sys/i386/i386/exception.s:209
No locals.

----

Please don't hesitate to ask for any additional information you might
need.

Thank you!

Regards,
Andreas Kohn
Received on Sun Sep 05 2004 - 22:58:52 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:10 UTC