kern/122283: [ip6] [panic] Panic in ip_output related to IPv6 routes
Pekka Savola
pekkas at netcore.fi
Thu Aug 21 08:20:05 UTC 2008
The following reply was made to PR kern/122283; it has been noted by GNATS.
From: Pekka Savola <pekkas at netcore.fi>
To: bug-followup at freebsd.org
Cc:
Subject: kern/122283: [ip6] [panic] Panic in ip_output related to IPv6
routes
Date: Thu, 21 Aug 2008 11:11:28 +0300 (EEST)
FYI,
Here's another, slightly different, crash also with SMP, which occurs
in the same place as Nick's first crash:
(kgdb) up 7
#7 0xc065427c in ip_output (m=0xc51ef800, opt=0x0, ro=0xc50fec84,
flags=0, imo=0x0, inp=0x0) at /usr/src/sys/netinet/ip_output.c:171
171 RTFREE(ro->ro_rt);
(kgdb) list
166 * cache with IPv6.
167 */
168 if (ro->ro_rt && ((ro->ro_rt->rt_flags & RTF_UP) == 0 ||
169 dst->sin_family != AF_INET ||
170 dst->sin_addr.s_addr != ip->ip_dst.s_addr)) {
171 RTFREE(ro->ro_rt);
172 ro->ro_rt = (struct rtentry *)NULL;
173 }
174 #ifdef IPFIREWALL_FORWARD
175 if (ro->ro_rt == NULL && fwd_tag == NULL) {
(kgdb) print *ro
$1 = {ro_rt = 0x0, ro_dst = {sa_len = 16 '\020', sa_family = 2 '\002',
sa_data = "\000\000SYB\224\000\000\000\000\000\000\000"}}
so ro->ro_rt is zero, and RTFREE is doing locking here which gives a
hint why SMP might be a factor here.
This is a rather busy box also running Teredo relay (5-10kpps). I get
hit by this crash in minutes or hours if SMP is enabled.
=========================
Fatal trap 12: page fault while in kernel mode
cpuid = 0; apic id = 00
fault virtual address = 0x4c
fault code = supervisor read, page not present
instruction pointer = 0x20:0xc065427c
stack pointer = 0x28:0xe7781788
frame pointer = 0x28:0xe77817f8
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, def32 1, gran 1
processor eflags = interrupt enabled, resume, IOPL = 0
current process = 929 (miredo)
trap number = 12
panic: page fault
cpuid = 0
Uptime: 16m9s
Physical memory: 2039 MB
Dumping 176 MB: 161 145 129 113 97 81 65 49 33 17 1
#0 doadump () at pcpu.h:195
195 __asm __volatile("movl %%fs:0,%0" : "=r" (td));
(kgdb) bt
#0 doadump () at pcpu.h:195
#1 0xc058bc37 in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:418
#2 0xc058bef9 in panic (fmt=Variable "fmt" is not available.
) at /usr/src/sys/kern/kern_shutdown.c:572
#3 0xc073a48c in trap_fatal (frame=0xe7781748, eva=76)
at /usr/src/sys/i386/i386/trap.c:899
#4 0xc073a710 in trap_pfault (frame=0xe7781748, usermode=0, eva=76)
at /usr/src/sys/i386/i386/trap.c:812
#5 0xc073b08c in trap (frame=0xe7781748) at /usr/src/sys/i386/i386/trap.c:490
#6 0xc0720b1b in calltrap () at /usr/src/sys/i386/i386/exception.s:139
#7 0xc065427c in ip_output (m=0xc51ef800, opt=0x0, ro=0xc50fec84, flags=0,
imo=0x0, inp=0x0) at /usr/src/sys/netinet/ip_output.c:171
#8 0xc0628e26 in stf_output (ifp=0xc4fd6c00, m=0xc51ef800, dst=0xe7781a00,
rt=0xc51da8b8) at /usr/src/sys/net/if_stf.c:537
#9 0xc068708d in nd6_output (ifp=0xc4fd6c00, origifp=0xc4fd6c00,
m0=0xc51ef800, dst=0xe7781a00, rt0=0xc51da8b8)
at /usr/src/sys/netinet6/nd6.c:2123
#10 0xc0684342 in ip6_output (m0=0xc51ef800, opt=0x0, ro=0xe77819fc, flags=0,
im6o=0x0, ifpp=0xe7781a80, inp=0xc52cb924)
at /usr/src/sys/netinet6/ip6_output.c:944
#11 0xc068f4cb in rip6_output (m=0xc51ef800)
at /usr/src/sys/netinet6/raw_ip6.c:448
#12 0xc068fad8 in rip6_send (so=0xc52d51a0, flags=0, m=0xc51ef800,
nam=0xc5007960, control=0x0, td=0xc52ec000)
---Type <return> to continue, or q <return> to quit---
at /usr/src/sys/netinet6/raw_ip6.c:790
#13 0xc05e30a5 in sosend_generic (so=0xc52d51a0, addr=0xc5007960,
uio=0xe7781be8, top=0xc51ef800, control=0x0, flags=0, td=0xc52ec000)
at /usr/src/sys/kern/uipc_socket.c:1246
#14 0xc05debbf in sosend (so=0xc52d51a0, addr=0xc5007960, uio=0xe7781be8,
top=0x0, control=0x0, flags=0, td=0xc52ec000)
at /usr/src/sys/kern/uipc_socket.c:1292
#15 0xc05e5856 in kern_sendit (td=0xc52ec000, s=6, mp=0xe7781c64, flags=0,
control=0x0, segflg=UIO_USERSPACE) at /usr/src/sys/kern/uipc_syscalls.c:805
#16 0xc05e81b2 in sendit (td=0xc52ec000, s=6, mp=0xe7781c64, flags=0)
at /usr/src/sys/kern/uipc_syscalls.c:742
#17 0xc05e83ef in sendto (td=0xc52ec000, uap=0xe7781cfc)
at /usr/src/sys/kern/uipc_syscalls.c:857
#18 0xc073aa49 in syscall (frame=0xe7781d38)
at /usr/src/sys/i386/i386/trap.c:1035
#19 0xc0720b80 in Xint0x80_syscall () at /usr/src/sys/i386/i386/exception.s:196
#20 0x00000033 in ?? ()
Previous frame inner to this frame (corrupt stack?)
--
Pekka Savola "You each name yourselves king, yet the
Netcore Oy kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
More information about the freebsd-bugs
mailing list