INET6 related tailq crash?

From: Larry Rosenman <ler_at_lerctr.org>
Date: Tue, 2 Feb 2016 21:05:49 -0600
Got the following panic:

borg.lerctr.org dumped core - see /var/crash/vmcore.20

Tue Feb  2 20:59:14 CST 2016

FreeBSD borg.lerctr.org 11.0-CURRENT FreeBSD 11.0-CURRENT #4 r294926: Wed Jan 27 12:37:06 CST 2016     root_at_borg.lerctr.org:/usr/obj/usr/src/sys/VT-LER  amd64

panic: Bad tailq NEXT(0xffffffff81e8b5f8->tqh_last) != NULL

GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "amd64-marcel-freebsd"...

Unread portion of the kernel message buffer:
panic: Bad tailq NEXT(0xffffffff81e8b5f8->tqh_last) != NULL
cpuid = 4
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe2e025122c0
vpanic() at vpanic+0x182/frame 0xfffffe2e02512340
panic() at panic+0x43/frame 0xfffffe2e025123a0
nd6_ra_input() at nd6_ra_input+0x13da/frame 0xfffffe2e02512680
icmp6_input() at icmp6_input+0x97e/frame 0xfffffe2e02512820
ip6_input() at ip6_input+0xc3c/frame 0xfffffe2e02512900
netisr_dispatch_src() at netisr_dispatch_src+0x81/frame 0xfffffe2e02512960
ether_demux() at ether_demux+0x15e/frame 0xfffffe2e02512990
ether_nh_input() at ether_nh_input+0x344/frame 0xfffffe2e025129d0
netisr_dispatch_src() at netisr_dispatch_src+0x81/frame 0xfffffe2e02512a30
ether_input() at ether_input+0x4f/frame 0xfffffe2e02512a60
if_input() at if_input+0xa/frame 0xfffffe2e02512a70
em_rxeof() at em_rxeof+0x2f5/frame 0xfffffe2e02512ae0
em_handle_que() at em_handle_que+0x40/frame 0xfffffe2e02512b20
taskqueue_run_locked() at taskqueue_run_locked+0xf0/frame 0xfffffe2e02512b80
taskqueue_thread_loop() at taskqueue_thread_loop+0x88/frame 0xfffffe2e02512bb0
fork_exit() at fork_exit+0x84/frame 0xfffffe2e02512bf0
fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe2e02512bf0
--- trap 0, rip = 0, rsp = 0, rbp = 0 ---
Uptime: 8h40m34s
Dumping 3340 out of 64467 MB:..1%..11%..21%..31%..41%..51%..61%..71%..81%..91%

Reading symbols from /boot/kernel/linux.ko...Reading symbols from /usr/lib/debug//boot/kernel/linux.ko.debug...done.
done.
Loaded symbols for /boot/kernel/linux.ko
Reading symbols from /boot/kernel/linux_common.ko...Reading symbols from /usr/lib/debug//boot/kernel/linux_common.ko.debug...done.
done.
Loaded symbols for /boot/kernel/linux_common.ko
Reading symbols from /boot/kernel/if_lagg.ko...Reading symbols from /usr/lib/debug//boot/kernel/if_lagg.ko.debug...done.
done.
Loaded symbols for /boot/kernel/if_lagg.ko
Reading symbols from /boot/kernel/snd_envy24ht.ko...Reading symbols from /usr/lib/debug//boot/kernel/snd_envy24ht.ko.debug...done.
done.
Loaded symbols for /boot/kernel/snd_envy24ht.ko
Reading symbols from /boot/kernel/snd_spicds.ko...Reading symbols from /usr/lib/debug//boot/kernel/snd_spicds.ko.debug...done.
done.
Loaded symbols for /boot/kernel/snd_spicds.ko
Reading symbols from /boot/kernel/coretemp.ko...Reading symbols from /usr/lib/debug//boot/kernel/coretemp.ko.debug...done.
done.
Loaded symbols for /boot/kernel/coretemp.ko
Reading symbols from /boot/kernel/fuse.ko...Reading symbols from /usr/lib/debug//boot/kernel/fuse.ko.debug...done.
done.
Loaded symbols for /boot/kernel/fuse.ko
Reading symbols from /boot/kernel/ichsmb.ko...Reading symbols from /usr/lib/debug//boot/kernel/ichsmb.ko.debug...done.
done.
Loaded symbols for /boot/kernel/ichsmb.ko
Reading symbols from /boot/kernel/smbus.ko...Reading symbols from /usr/lib/debug//boot/kernel/smbus.ko.debug...done.
done.
Loaded symbols for /boot/kernel/smbus.ko
Reading symbols from /boot/kernel/ichwd.ko...Reading symbols from /usr/lib/debug//boot/kernel/ichwd.ko.debug...done.
done.
Loaded symbols for /boot/kernel/ichwd.ko
Reading symbols from /boot/kernel/cpuctl.ko...Reading symbols from /usr/lib/debug//boot/kernel/cpuctl.ko.debug...done.
done.
Loaded symbols for /boot/kernel/cpuctl.ko
Reading symbols from /boot/kernel/cryptodev.ko...Reading symbols from /usr/lib/debug//boot/kernel/cryptodev.ko.debug...done.
done.
Loaded symbols for /boot/kernel/cryptodev.ko
Reading symbols from /boot/kernel/dtraceall.ko...Reading symbols from /usr/lib/debug//boot/kernel/dtraceall.ko.debug...done.
done.
Loaded symbols for /boot/kernel/dtraceall.ko
Reading symbols from /boot/kernel/profile.ko...Reading symbols from /usr/lib/debug//boot/kernel/profile.ko.debug...done.
done.
Loaded symbols for /boot/kernel/profile.ko
Reading symbols from /boot/kernel/dtrace.ko...Reading symbols from /usr/lib/debug//boot/kernel/dtrace.ko.debug...done.
done.
Loaded symbols for /boot/kernel/dtrace.ko
Reading symbols from /boot/kernel/systrace_freebsd32.ko...Reading symbols from /usr/lib/debug//boot/kernel/systrace_freebsd32.ko.debug...done.
done.
Loaded symbols for /boot/kernel/systrace_freebsd32.ko
Reading symbols from /boot/kernel/systrace.ko...Reading symbols from /usr/lib/debug//boot/kernel/systrace.ko.debug...done.
done.
Loaded symbols for /boot/kernel/systrace.ko
Reading symbols from /boot/kernel/sdt.ko...Reading symbols from /usr/lib/debug//boot/kernel/sdt.ko.debug...done.
done.
Loaded symbols for /boot/kernel/sdt.ko
Reading symbols from /boot/kernel/fasttrap.ko...Reading symbols from /usr/lib/debug//boot/kernel/fasttrap.ko.debug...done.
done.
Loaded symbols for /boot/kernel/fasttrap.ko
Reading symbols from /boot/kernel/fbt.ko...Reading symbols from /usr/lib/debug//boot/kernel/fbt.ko.debug...done.
done.
Loaded symbols for /boot/kernel/fbt.ko
Reading symbols from /boot/kernel/dtnfscl.ko...Reading symbols from /usr/lib/debug//boot/kernel/dtnfscl.ko.debug...done.
done.
Loaded symbols for /boot/kernel/dtnfscl.ko
Reading symbols from /boot/kernel/dtmalloc.ko...Reading symbols from /usr/lib/debug//boot/kernel/dtmalloc.ko.debug...done.
done.
Loaded symbols for /boot/kernel/dtmalloc.ko
Reading symbols from /boot/kernel/ipmi.ko...Reading symbols from /usr/lib/debug//boot/kernel/ipmi.ko.debug...done.
done.
Loaded symbols for /boot/kernel/ipmi.ko
Reading symbols from /boot/kernel/ipmi_linux.ko...Reading symbols from /usr/lib/debug//boot/kernel/ipmi_linux.ko.debug...done.
done.
Loaded symbols for /boot/kernel/ipmi_linux.ko
Reading symbols from /boot/kernel/hwpmc.ko...Reading symbols from /usr/lib/debug//boot/kernel/hwpmc.ko.debug...done.
done.
Loaded symbols for /boot/kernel/hwpmc.ko
Reading symbols from /boot/kernel/uhid.ko...Reading symbols from /usr/lib/debug//boot/kernel/uhid.ko.debug...done.
done.
Loaded symbols for /boot/kernel/uhid.ko
Reading symbols from /boot/kernel/uplcom.ko...Reading symbols from /usr/lib/debug//boot/kernel/uplcom.ko.debug...done.
done.
Loaded symbols for /boot/kernel/uplcom.ko
Reading symbols from /boot/kernel/ucom.ko...Reading symbols from /usr/lib/debug//boot/kernel/ucom.ko.debug...done.
done.
Loaded symbols for /boot/kernel/ucom.ko
Reading symbols from /boot/kernel/nullfs.ko...Reading symbols from /usr/lib/debug//boot/kernel/nullfs.ko.debug...done.
done.
Loaded symbols for /boot/kernel/nullfs.ko
Reading symbols from /boot/kernel/fdescfs.ko...Reading symbols from /usr/lib/debug//boot/kernel/fdescfs.ko.debug...done.
done.
Loaded symbols for /boot/kernel/fdescfs.ko
Reading symbols from /boot/kernel/linux64.ko...Reading symbols from /usr/lib/debug//boot/kernel/linux64.ko.debug...done.
done.
Loaded symbols for /boot/kernel/linux64.ko
Reading symbols from /boot/kernel/pf.ko...Reading symbols from /usr/lib/debug//boot/kernel/pf.ko.debug...done.
done.
Loaded symbols for /boot/kernel/pf.ko
#0  doadump (textdump=1) at pcpu.h:221
221	pcpu.h: No such file or directory.
	in pcpu.h
(kgdb) #0  doadump (textdump=1) at pcpu.h:221
#1  0xffffffff80b3b7a5 in kern_reboot (howto=260)
    at /usr/src/sys/kern/kern_shutdown.c:364
#2  0xffffffff80b3bd7b in vpanic (fmt=<value optimized out>, 
    ap=<value optimized out>) at /usr/src/sys/kern/kern_shutdown.c:757
#3  0xffffffff80b3bdc3 in panic (fmt=0x0)
    at /usr/src/sys/kern/kern_shutdown.c:688
#4  0xffffffff80d3252a in nd6_ra_input (m=<value optimized out>, 
    off=<value optimized out>, icmp6len=<value optimized out>)
    at /usr/src/sys/netinet6/nd6_rtr.c:804
#5  0xffffffff80d0b42e in icmp6_input (mp=<value optimized out>, 
    offp=0xfffffe2e0251284c, proto=<value optimized out>)
    at /usr/src/sys/netinet6/icmp6.c:796
#6  0xffffffff80d20eac in ip6_input (m=Cannot access memory at address 0x0
)
    at /usr/src/sys/netinet6/ip6_input.c:917
#7  0xffffffff80c207e1 in netisr_dispatch_src (proto=<value optimized out>, 
    source=<value optimized out>, m=0xfffff8007f05ed00)
    at /usr/src/sys/net/netisr.c:972
#8  0xffffffff80c1693e in ether_demux (ifp=<value optimized out>, 
    m=<value optimized out>) at /usr/src/sys/net/if_ethersubr.c:803
#9  0xffffffff80c17684 in ether_nh_input (m=<value optimized out>)
    at /usr/src/sys/net/if_ethersubr.c:609
#10 0xffffffff80c207e1 in netisr_dispatch_src (proto=<value optimized out>, 
    source=<value optimized out>, m=0xfffff8007f05ed00)
    at /usr/src/sys/net/netisr.c:972
#11 0xffffffff80c16c3f in ether_input (ifp=0xfffff8002ad93800, m=0x0)
    at /usr/src/sys/net/if_ethersubr.c:713
#12 0xffffffff80c13a9a in if_input (ifp=0x0, sendmp=0x0)
    at /usr/src/sys/net/if.c:3814
#13 0xffffffff80628715 in em_rxeof (count=95)
    at /usr/src/sys/dev/e1000/if_em.c:4713
#14 0xffffffff80629c60 in em_handle_que (context=0xfffffe1eaa5a8000, 
    pending=<value optimized out>) at /usr/src/sys/dev/e1000/if_em.c:1572
#15 0xffffffff80b895b0 in taskqueue_run_locked (queue=0xfffff8001a81e500)
    at /usr/src/sys/kern/subr_taskqueue.c:430
#16 0xffffffff80b8a088 in taskqueue_thread_loop (arg=<value optimized out>)
    at /usr/src/sys/kern/subr_taskqueue.c:683
#17 0xffffffff80b00114 in fork_exit (
    callout=0xffffffff80b8a000 <taskqueue_thread_loop>, 
    arg=0xfffffe1eaa5aa730, frame=0xfffffe2e02512c00)
    at /usr/src/sys/kern/kern_fork.c:1010
#18 0xffffffff80f6042e in fork_trampoline ()
    at /usr/src/sys/amd64/amd64/exception.S:609
#19 0x0000000000000000 in ?? ()
Current language:  auto; currently minimal

Core IS available. 

Ideas?

FreeBSD borg.lerctr.org 11.0-CURRENT FreeBSD 11.0-CURRENT #4 r294926: Wed Jan 27 12:37:06 CST 2016     root_at_borg.lerctr.org:/usr/obj/usr/src/sys/VT-LER  amd64


-- 
Larry Rosenman                     http://www.lerctr.org/~ler
Phone: +1 214-642-9640                 E-Mail: ler_at_lerctr.org
US Mail: 7011 W Parmer Ln, Apt 1115, Austin, TX 78729-6961
Received on Wed Feb 03 2016 - 02:06:04 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:41:02 UTC