kern/70393: Panic in nd6_slowtimo (pflog related?)

Sangwoo Shim ssw at neo.redjade.org
Thu Aug 12 22:00:44 PDT 2004 

>Number:         70393
>Category:       kern
>Synopsis:       Panic in nd6_slowtimo (pflog related?)
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Aug 13 05:00:43 GMT 2004
>Closed-Date:
>Last-Modified:
>Originator:     Sangwoo Shim
>Release:        5-current
>Organization:
>Environment:
FreeBSD ssw 5.2-CURRENT FreeBSD 5.2-CURRENT #1: Thu Aug 12 07:08:05 KST 2004     root at ssw:/usr/obj/usr/src/sys/SSW-SMP  i386
>Description:
      I recently got this panic. 1~2 times in a day.
It seems that pflog is the culprit..  pflog0's if_afdata contains
nothing but null. I couldn't reproduce the panic with pf.ko unloaded. 
option INET6 is in kernel configuration.
The machine is SMP. If you need more information, please let me know.
I'm using FreeBSD-current of Aug 12.

panic messages:
---
Fatal trap 12: page fault while in kernel mode
cpuid = 0; apic id = 01
fault virtual address   = 0x8
fault code              = supervisor read, page not present
instruction pointer     = 0x8:0xc056ec72
stack pointer           = 0x10:0xd53efcb8
frame pointer           = 0x10:0xd53efcc4
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, def32 1, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 37 (swi5: clock sio)
Dumping 511 MB
 16 32 48 64 80 96 112 128 144 160 176 192 208 224 240 256 272 288 304 320 336 3
52 368 384 400 416 432 448 464 480 496
---
#0  doadump () at pcpu.h:159
159     pcpu.h: No such file or directory.
        in pcpu.h
doadump () at pcpu.h:159
159     in pcpu.h
(kgdb) bt
#0  doadump () at pcpu.h:159
#1  0xc043b83a in db_fncall (dummy1=0, dummy2=0, dummy3=-717292800,
    dummy4=0xd53efae8 "\034\xfb\xbe\xd5\xa2) at /usr/src/sys/ddb/db_command.c:53
1
#2  0xc043b648 in db_command (last_cmdp=0xc069cea4, cmd_table=0x0,
    aux_cmd_tablep=0xc066cc44, aux_cmd_tablep_end=0xc066cc48)
    at /usr/src/sys/ddb/db_command.c:349
#3  0xc043b710 in db_command_loop () at /usr/src/sys/ddb/db_command.c:455
#4  0xc043d289 in db_trap (type=12, code=0) at /usr/src/sys/ddb/db_main.c:221
#5  0xc04d9020 in kdb_trap (type=12, code=0, tf=0xd53efc78)
    at /usr/src/sys/kern/subr_kdb.c:401
#6  0xc062795d in trap_fatal (frame=0xd53efc78, eva=8)
    at /usr/src/sys/i386/i386/trap.c:807
#7  0xc06276bb in trap_pfault (frame=0xd53efc78, usermode=0, eva=8)
    at /usr/src/sys/i386/i386/trap.c:730
#8  0xc06272d1 in trap (frame=
      {tf_fs = -1045626856, tf_es = -717357040, tf_ds = -717357040, tf_edi = -10
45585920, tf_esi = -1045508608, tf_ebp = -717292348, tf_isp = -717292380, tf_ebx
 = 23040, tf_edx = 1474, tf_ecx = -1066723816, tf_eax = 0, tf_trapno = 12, tf_er
r = 0, tf_eip = -1068045198, tf_cs = 8, tf_eflags = 66182, tf_esp = 6, tf_ss = 4
}) at /usr/src/sys/i386/i386/trap.c:417
#9  0xc0615b1a in calltrap () at /usr/src/sys/i386/i386/exception.s:140
#10 0xc1ad0018 in ?? ()
#11 0xd53e0010 in ?? ()
#12 0xd53e0010 in ?? ()
#13 0xc1ada000 in ?? ()
#14 0xc1aece00 in ?? ()
#15 0xd53efcc4 in ?? ()
#16 0xd53efca4 in ?? ()
#17 0x00005a00 in ?? ()
#18 0x000005c2 in ?? ()
#19 0xc06b1618 in arc4_sbox ()
#20 0x00000000 in ?? ()
#21 0x0000000c in ?? ()
#22 0x00000000 in ?? ()
#23 0xc056ec72 in nd6_slowtimo (ignored_arg=0x0)
    at /usr/src/sys/netinet6/nd6.c:1800
#24 0xc04cd05b in softclock (dummy=0x0) at /usr/src/sys/kern/kern_timeout.c:259
#25 0xc04ab6bd in ithread_loop (arg=0xc1977c00)
    at /usr/src/sys/kern/kern_intr.c:546
#26 0xc04aa7fd in fork_exit (callout=0xc04ab564 <ithread_loop>,
    arg=0xc1977c00, frame=0xd53efd48) at /usr/src/sys/kern/kern_fork.c:819
#27 0xc0615b7c in fork_trampoline () at /usr/src/sys/i386/i386/exception.s:209
(kgdb) up 23
#23 0xc056ec72 in nd6_slowtimo (ignored_arg=0x0)
    at /usr/src/sys/netinet6/nd6.c:1800
1800                    nd6if = ND_IFINFO(ifp);
(kgdb) l
1795
1796            callout_reset(&nd6_slowtimo_ch, ND6_SLOWTIMER_INTERVAL * hz,
1797                nd6_slowtimo, NULL);
1798            IFNET_RLOCK();
1799            for (ifp = TAILQ_FIRST(&ifnet); ifp; ifp = TAILQ_NEXT(ifp, if_li
st)) {
1800                    nd6if = ND_IFINFO(ifp);
1801                    if (nd6if->basereachable && /* already initialized */
1802                        (nd6if->recalctm -= ND6_SLOWTIMER_INTERVAL) <= 0) {
1803                            /*
1804                             * Since reachable time rarely changes by router
(kgdb) p *ifp
$1 = {if_softc = 0xc1ada000, if_link = {tqe_next = 0xc1ae1800,
    tqe_prev = 0xc1adb004},
  if_xname = "pflog0\000\000\000\000\000\000\000\000\000",
  if_dname = 0xc077ee0d "pflog", if_dunit = 0, if_addrhead = {
    tqh_first = 0xc1ae3e00, tqh_last = 0xc1ae3e60}, if_klist = {
    slh_first = 0x0}, if_pcount = 0, if_carp = 0x0, if_bpf = 0x0,
  if_index = 4, if_timer = 0, if_nvlans = 0, if_flags = 0,
  if_capabilities = 0, if_capenable = 0, if_linkmib = 0x0, if_linkmiblen = 0,
  if_data = {ifi_type = 246 '\xf6\xa7, ifi_physical = 0 '\0', ifi_addrlen = 0 '\
0',
    ifi_hdrlen = 48 '0', ifi_link_state = 0 '\0', ifi_recvquota = 0 '\0',
    ifi_xmitquota = 0 '\0', ifi_mtu = 33208, ifi_metric = 0, ifi_baudrate = 0,
    ifi_ipackets = 0, ifi_ierrors = 0, ifi_opackets = 0, ifi_oerrors = 0,
    ifi_collisions = 0, ifi_ibytes = 0, ifi_obytes = 0, ifi_imcasts = 0,
    ifi_omcasts = 0, ifi_iqdrops = 0, ifi_noproto = 0, ifi_hwassist = 0,
    ifi_unused = 0, ifi_lastchange = {tv_sec = 1, tv_usec = 10464}},
  if_multiaddrs = {tqh_first = 0x0, tqh_last = 0xc1ada0a8}, if_amcount = 0,
  if_output = 0xc077d738, if_input = 0, if_start = 0xc077d69c,
  if_ioctl = 0xc077d760, if_watchdog = 0, if_init = 0, if_resolvemulti = 0,
  if_snd = {ifq_head = 0x0, ifq_tail = 0x0, ifq_len = 0, ifq_maxlen = 50,
    ifq_drops = 0, ifq_mtx = {mtx_object = {lo_class = 0xc067db3c,
        lo_name = 0xc1ada00c "pflog0", lo_type = 0xc0657e7d "if send queue",
        lo_flags = 196608, lo_list = {tqe_next = 0x0, tqe_prev = 0x0},
        lo_witness = 0x0}, mtx_lock = 4, mtx_recurse = 0}, ifq_drv_head = 0x0,
    ifq_drv_tail = 0x0, ifq_drv_len = 0, ifq_drv_maxlen = 0, altq_type = 0,
    altq_flags = 0, altq_disc = 0x0, altq_ifp = 0xc1ada000, altq_enqueue = 0,
    altq_dequeue = 0, altq_request = 0, altq_clfier = 0x0, altq_classify = 0,
    altq_tbr = 0x0, altq_cdnr = 0x0}, if_broadcastaddr = 0x0, lltables = 0x0,
  if_label = 0x0, if_prefixhead = {tqh_first = 0x0, tqh_last = 0xc1ada150},
  if_afdata = {0x0 <repeats 37 times>}, if_afdata_initialized = 1,
  if_afdata_mtx = {mtx_object = {lo_class = 0xc067db3c,
      lo_name = 0xc0657e6d "if_afdata", lo_type = 0xc0657e6d "if_afdata",
      lo_flags = 196608, lo_list = {tqe_next = 0x0, tqe_prev = 0x0},
      lo_witness = 0x0}, mtx_lock = 4, mtx_recurse = 0}, if_starttask = {
    ta_link = {stqe_next = 0x0}, ta_pending = 0, ta_priority = 0,
    ta_func = 0xc0527fb4 <if_start_deferred>, ta_context = 0xc1ada000}}  

>How-To-Repeat:
      On SMP machine (I'm not sure, but my other machines, which are non-SMP don
't exhibit the problem), kldload pf at boot time. You should have "option INET6"
 in kernel configuration. Wait for about an hour, then you will encounter the pa
nic.
>Fix:
      
>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-bugs mailing list