On Mon, 2004-09-06 at 02:58, Andreas Kohn wrote: > Hi, > > just got this panic, perhaps someone is interested. Happened when > reading a probably damaged CD, don't know if that is related (didn't > look so in the backtrace). > > System is FreeBSD klamath.ankon.de.eu.org 6.0-CURRENT FreeBSD > 6.0-CURRENT #16: Sun Sep 5 12:18:47 CEST 2004 > root_at_klamath.ankon.de.eu.org:/usr/obj/usr/src/sys/KLAMATH i386, > sources from around ~0900. > > Kernel config contains IPV6, IPSEC (so no mpsafenet), ULE, and the > default setting for PREEMPTION (i didn't set any), no WITNESS or > INVARIANTS, but makeoptions DEBUG=-g. > > Here it is: > ----- > > Fatal trap 12: page fault while in kernel mode > fault virtual address = 0x1 > fault code = supervisor write, page not present > instruction pointer = 0x8:0xc05e5f12 > stack pointer = 0x10:0xcbf1dc0c > frame pointer = 0x10:0xcbf1dc28 > code segment = base 0x0, limit 0xfffff, type 0x1b > = DPL 0, pres 1, def32 1, gran 1 > processor eflags = interrupt enabled, resume, IOPL = 0 > current process = 27 (swi5: clock sio) > trap number = 12 > panic: page fault > > > > (kgdb) bt full > #0 doadump () at pcpu.h:159 > #1 0xc051b576 in boot (howto=260) at > #2 0xc051bcf7 in panic (fmt=0xc0708284 "%s") > #3 0xc06de456 in trap_fatal (frame=0xcbf1dbcc, eva=1) > #4 0xc06de6fb in trap_pfault (frame=0xcbf1dbcc, usermode=0, eva=1) > #5 0xc06deaf5 in trap (frame= > #6 0xc06d019a in calltrap () at /usr/src/sys/i386/i386/exception.s:140 > #7 0x00000018 in ?? () > #8 0x00000010 in ?? () > #9 0x00000010 in ?? () > #10 0xc1df0000 in ?? () > #11 0xffffffff in ?? () > #12 0xcbf1dc28 in ?? () > #13 0xcbf1dbf8 in ?? () > #14 0xc1df0000 in ?? () > #15 0xc1cd5200 in ?? () > #16 0xc1df0000 in ?? () > #17 0x00000001 in ?? () > #18 0x0000000c in ?? () > #19 0x00000002 in ?? () > #20 0xc05e5f12 in in6_unlink_ifa (ia=0x0, ifp=0xc1df0000) > #21 0xc05e615d in in6_purgeaddr (ifa=0xc1df0000) > #22 0xc06019bf in nd6_timer (ignored_arg=0x0) > #23 0xc052ab55 in softclock (dummy=0x0) at > #24 0xc0502229 in ithread_loop (arg=0xc18f8580) > #25 0xc0500f82 in fork_exit (callout=0xc0502170 <ithread_loop>, arg=0x0, > #26 0xc06d01fc in fork_trampoline () at Okay, I read the thread on http://lists.freebsd.org/pipermail/freebsd-current/2004-September/036475.html (5.3-BETA3 panic, probably IPv6+SMP+mpsafenet related; rwatson CC'd), as well as http://www.freebsd.org/cgi/query-pr.cgi?pr=70393 (similar panic with PF). I don't have PF compiled into my kernel or loaded as module, and use ipfw2 only. This machine uses IPv6, but I don't need IPSEC currently and could remove it from the kernel configuration. I will try to apply both Robert Watson's patch and the patch from the PR, but as I don't know how to reproduce the panic it will be rather difficult to say if it is gone after patching. Just guessing here, but find below the values of *ifp. One thing I noticed and which puzzles me a little...is it pure coincidence that frame #16 has the same address listed as ifp? Regards, -- Andreas ----- #15 0xc1cd5200 in ?? () #16 0xc1df0000 in ?? () #17 0x00000001 in ?? () #18 0x0000000c in ?? () #19 0x00000002 in ?? () #20 0xc05e5f12 in in6_unlink_ifa (ia=0x0, ifp=0xc1df0000) at /usr/src/sys/netinet6/in6.c:1157 #21 0xc05e615d in in6_purgeaddr (ifa=0xc1df0000) at /usr/src/sys/netinet6/in6.c:1146 #22 0xc06019bf in nd6_timer (ignored_arg=0x0) at /usr/src/sys/netinet6/nd6.c:562 #23 0xc052ab55 in softclock (dummy=0x0) at /usr/src/sys/kern/kern_timeout.c:259 #24 0xc0502229 in ithread_loop (arg=0xc18f8580) at /usr/src/sys/kern/kern_intr.c:547 #25 0xc0500f82 in fork_exit (callout=0xc0502170 <ithread_loop>, arg=0x0, frame=0x0) at /usr/src/sys/kern/kern_fork.c:807 #26 0xc06d01fc in fork_trampoline () at /usr/src/sys/i386/i386/exception.s:209 (kgdb) frame 20 #20 0xc05e5f12 in in6_unlink_ifa (ia=0x0, ifp=0xc1df0000) at /usr/src/sys/netinet6/in6.c:1157 1157 TAILQ_REMOVE(&ifp->if_addrlist, &ia->ia_ifa, ifa_list); (kgdb) p *ifp $1 = {if_softc = 0xc1d7eaa0, if_link = {tqe_next = 0xc1cc0330, tqe_prev = 0x0}, if_xname = "\000\000\000\000\000\000\000\000\020\200\216Á mtÀ", if_dname = 0xc1cd5880 "\037", if_dunit = 2, if_addrhead = {tqh_first = 0x0, tqh_last = 0x0}, if_klist = {kl_lock = 0x0, kl_list = {slh_first = 0x0}}, if_pcount = 0, if_carp = 0x0, if_bpf = 0x0, if_index = 0, if_timer = 0, if_nvlans = 60132, if_flags = -1042816820, if_capabilities = 1, if_capenable = -1039976912, if_linkmib = 0x3, if_linkmiblen = 3247342376, if_data = {ifi_type = 96 '`', ifi_physical = 16 '\020', ifi_addrlen = 117 'u', ifi_hdrlen = 192 'À', ifi_link_state = 0 '\0', ifi_recvquota = 82 'R', ifi_xmitquota = 205 'Í', ifi_datalen = 193 'Á', ifi_mtu = 1, ifi_metric = 3254990384, ifi_baudrate = 0, ifi_ipackets = 0, ifi_ierrors = 0, ifi_opackets = 0, ifi_oerrors = 1, ifi_collisions = 0, ifi_ibytes = 0, ifi_obytes = 3252151496, ifi_imcasts = 3252153196, ifi_omcasts = 2, ifi_iqdrops = 3253484064, ifi_noproto = 3, ifi_hwassist = 3247345724, ifi_unused = 3228881728, ifi_lastchange = { tv_sec = -1043507072, tv_usec = 1}}, if_multiaddrs = {tqh_first = 0x0, tqh_last = 0x0}, if_amcount = 0, if_output = 0, if_input = 0, if_start = 0, if_ioctl = 0, if_watchdog = 0, if_init = 0xc1cc0b28, if_resolvemulti = 0xc1d7ed8c, if_snd = {ifq_head = 0x1, ifq_tail = 0xc2033630, ifq_len = 3, ifq_maxlen = -1047624740, ifq_drops = -1066069920, ifq_mtx = {mtx_object = {lo_class = 0xc1cd5200, lo_name = 0x1 <Address 0x1 out of bounds>, ---Type <return> to continue, or q <return> to quit--- lo_type = 0xc2033630 "ä\232tÀóÐqÀóÐqÀ", lo_flags = 0, lo_list = { tqe_next = 0x0, tqe_prev = 0x0}, lo_witness = 0x0}, mtx_lock = 1, mtx_recurse = 0}, ifq_drv_head = 0x0, ifq_drv_tail = 0xc1df0264, ifq_drv_len = -1042815936, ifq_drv_maxlen = 1, altq_type = -1040411352, altq_flags = 10, altq_disc = 0xc18e9018, altq_ifp = 0xc0751060, altq_enqueue = 0xc1cd5880, altq_dequeue = 0x1, altq_request = 0xc1fc9528, altq_clfier = 0x4cc0, altq_classify = 0, altq_tbr = 0x0, altq_cdnr = 0x0}, if_broadcastaddr = 0x9 <Address 0x9 out of bounds>, lltables = 0x4cc0, if_label = 0x0, if_prefixhead = {tqh_first = 0xc1d7e330, tqh_last = 0xc1d7e83c}, if_afdata = {0x2, 0xc1ec38dc, 0x3, 0xc18e80e8, 0xc074d340, 0xc18f8e00, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc1d7e440, 0xc1cc0a18, 0x1, 0xc1b6e318, 0x1, 0xc18e807c, 0xc0751060, 0xc1cd5880, 0x1, 0xc1b6e318, 0x18, 0x0, 0x0, 0x0, 0x3, 0x18, 0x0, 0xc1d7e8c4, 0xc1cc0908, 0x1, 0xc1ec4000, 0x3}, if_afdata_initialized = -1047622292, if_afdata_mtx = {mtx_object = { lo_class = 0xc0751060, lo_name = 0xc18f8e00 "*\001", lo_type = 0x4 <Address 0x4 out of bounds>, lo_flags = 3253485568, lo_list = {tqe_next = 0x3b, tqe_prev = 0x0}, lo_witness = 0x0}, mtx_lock = 0, mtx_recurse = 3}, if_starttask = {ta_link = { stqe_next = 0x3b}, ta_pending = 0, ta_priority = -1042814712, ta_func = 0xc1d7ed48, ta_context = 0x2}} (kgdb) frame 21 #21 0xc05e615d in in6_purgeaddr (ifa=0xc1df0000) at /usr/src/sys/netinet6/in6.c:1146 1146 in6_unlink_ifa(ia, ifp); (kgdb) p *ifp $2 = {if_softc = 0xc058e690, if_link = {tqe_next = 0xc058eb60, tqe_prev = 0xc058e350}, if_xname = "°ßXÀ_at_øXÀ0âXÀ éXÀ", if_dname = 0x3 <Address 0x3 out of bounds>, if_dunit = 1, if_addrhead = { tqh_first = 0xfffffff, tqh_last = 0xc058fce0}, if_klist = {kl_lock = 0x0, kl_list = {slh_first = 0x0}}, if_pcount = 0, if_carp = 0x0, if_bpf = 0x0, if_index = 0, if_timer = 0, if_nvlans = 12438, if_flags = -301047508, if_capabilities = -1727442502, if_capenable = 124634137, if_linkmib = 0x706af48f, if_linkmiblen = 3915621685, if_data = { ifi_type = 163 '£', ifi_physical = 149 '\225', ifi_addrlen = 100 'd', ifi_hdrlen = 158 '\236', ifi_link_state = 50 '2', ifi_recvquota = 136 '\210', ifi_xmitquota = 219 'Û', ifi_datalen = 14 '\016', ifi_mtu = 2044508324, ifi_metric = 3772115230, ifi_baudrate = 2547177864, ifi_ipackets = 162941995, ifi_ierrors = 2125561021, ifi_opackets = 3887607047, ifi_oerrors = 2428444049, ifi_collisions = 498536548, ifi_ibytes = 1789927666, ifi_obytes = 4089016648, ifi_imcasts = 2227061214, ifi_omcasts = 450548861, ifi_iqdrops = 1843258603, ifi_noproto = 4107580753, ifi_hwassist = 2211677639, ifi_unused = 325883990, ifi_lastchange = { tv_sec = 1684777152, tv_usec = -43845254}}, if_multiaddrs = { tqh_first = 0x8a65c9ec, tqh_last = 0x14015c4f}, if_amcount = 1661365465, if_output = 0xfa0f3d63, if_input = 0x8d080df5, if_start = 0x3b6e20c8, if_ioctl = 0x4c69105e, if_watchdog = 0xd56041e4, if_init = 0xa2677172, ---Type <return> to continue, or q <return> to quit--- if_resolvemulti = 0x3c03e4d1, if_snd = {ifq_head = 0x4b04d447, ifq_tail = 0xd20d85fd, ifq_len = -1526024853, ifq_maxlen = 901097722, ifq_drops = 1119000684, ifq_mtx = {mtx_object = {lo_class = 0xdbbbc9d6, lo_name = 0xacbcf940 <Address 0xacbcf940 out of bounds>, lo_type = 0x32d86ce3 <Address 0x32d86ce3 out of bounds>, lo_flags = 1172266101, lo_list = {tqe_next = 0xdcd60dcf, tqe_prev = 0xabd13d59}, lo_witness = 0x26d930ac}, mtx_lock = 1373503546, mtx_recurse = 3369554304}, ifq_drv_head = 0xbfd06116, ifq_drv_tail = 0x21b4f4b5, ifq_drv_len = 1454621731, ifq_drv_maxlen = -809855591, altq_type = -1195530993, altq_flags = 671266974, altq_disc = 0x5f058808, altq_ifp = 0xc60cd9b2, altq_enqueue = 0xb10be924, altq_dequeue = 0x2f6f7c87, altq_request = 0x58684c11, altq_clfier = 0xc1611dab, altq_classify = 0xb6662d3d, altq_tbr = 0x76dc4190, altq_cdnr = 0x1db7106}, if_broadcastaddr = 0x98d220bc <Address 0x98d220bc out of bounds>, lltables = 0xefd5102a, if_label = 0x71b18589, if_prefixhead = { tqh_first = 0x6b6b51f, tqh_last = 0x9fbfe4a5}, if_afdata = {0xe8b8d433, 0x7807c9a2, 0xf00f934, 0x9609a88e, 0xe10e9818, 0x7f6a0dbb, 0x86d3d2d, 0x91646c97, 0xe6635c01, 0x6b6b51f4, 0x1c6c6162, 0x856530d8, 0xf262004e, 0x6c0695ed, 0x1b01a57b, 0x8208f4c1, 0xf50fc457, 0x65b0d9c6, 0x12b7e950, 0x8bbeb8ea, 0xfcb9887c, 0x62dd1ddf, 0x15da2d49, 0x8cd37cf3, 0xfbd44c65, 0x4db26158, 0x3ab551ce, 0xa3bc0074, 0xd4bb30e2, 0x4adfa541, 0x3dd895d7, ---Type <return> to continue, or q <return> to quit--- 0xa4d1c46d, 0xd3d6f4fb, 0x4369e96a, 0x346ed9fc, 0xad678846, 0xda60b8d0}, if_afdata_initialized = 1141124467, if_afdata_mtx = {mtx_object = { lo_class = 0x33031de5, lo_name = 0xaa0a4c5f <Address 0xaa0a4c5f out of bounds>, lo_type = 0xdd0d7cc9 <Address 0xdd0d7cc9 out of bounds>, lo_flags = 1342533948, lo_list = {tqe_next = 0x270241aa, tqe_prev = 0xbe0b1010}, lo_witness = 0xc90c2086}, mtx_lock = 1466479909, mtx_recurse = 544179635}, if_starttask = { ta_link = {stqe_next = 0xb966d409}, ta_pending = -832445281, ta_priority = 1591671054, ta_func = 0x29d9c998, ta_context = 0xb0d09822}}
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:10 UTC