Bug 140142 - [ip6] [panic] FreeBSD 7.2-amd64 panic w/IPv6
Summary: [ip6] [panic] FreeBSD 7.2-amd64 panic w/IPv6
Status: Open
Alias: None
Product: Base System
Classification: Unclassified
Component: kern (show other bugs)
Version: 7.2-RELEASE
Hardware: Any Any
: Normal Affects Only Me
Assignee: freebsd-bugs (Nobody)
URL:
Keywords: crash
Depends on:
Blocks:
 
Reported: 2009-10-31 15:30 UTC by Mark Kamichoff
Modified: 2022-10-17 12:17 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Mark Kamichoff 2009-10-31 15:30:05 UTC
Hi - 

My machine received a kernel panic yesterday that appears to be related to IPv6 forwarding.  The machine in question runs a few 6in4 IPv6 tunnels, uses Quagga's bgpd for dynamic routing and pf for firewalling.

During the time of panic IPv6 usage was not very high.

Below is some info. & the kernel backtrace.  Please let me know what else to provide in order to assist:

Console message:

Fatal trap 12: page fault while in kernel mode
cpuid = 0; apic id = 00
fault virtual address    = 0x400
fault code          = supervisor write data, page not present
instruction pointer = 0x8:0xffffffff803ffa16
stack pointer          = 0x10:0xfffffffe8002c970
frame pointer          = 0x10:0x0
code segment        = base rx0, limit 0xfffff, type 0x1b
               = DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags    = interrupt enabled, resume, IOPL = 0 
current process          = 15 (swi1: net)
trap number         = 12
panic: page fault
cpuid = 0
Uptime: 71d20h7m6s
Physical memory: 999 MB
Dumping 298 MB: 283 267 251 235 219 203 187 171 155 139 123 107 91 75 59 43 27 11
Dump complete
Automatic reboot in 15 seconds - press a key on the console to abort
Rebooting...

Info:

(dax:11:08)# kldstat
Id Refs Address            Size     Name
 1    6 0xffffffff80100000 6ef168   kernel
 2    1 0xffffffff807f0000 14d8     accf_http.ko
 3    1 0xffffffff807f2000 1bf0     coretemp.ko
 4    1 0xffffffff80a22000 978      pflog.ko
 5    1 0xffffffff80a23000 2ae8c    pf.ko
 6    1 0xffffffff80a4e000 1b15     if_gre.ko
(dax:11:08)# kgdb kernel.debug /var/crash/vmcore.2
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "amd64-marcel-freebsd"...

Unread portion of the kernel message buffer:


Fatal trap 12: page fault while in kernel mode
cpuid = 0; apic id = 00
fault virtual address   = 0x400
fault code              = supervisor write data, page not present
instruction pointer     = 0x8:0xffffffff803ffa16
stack pointer           = 0x10:0xfffffffe8002c970
frame pointer           = 0x10:0x0
code segment            = base rx0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 15 (swi1: net)
trap number             = 12
panic: page fault
cpuid = 0
Uptime: 71d20h7m6s
Physical memory: 999 MB
Dumping 298 MB: 283 267 251 235 219 203 187 171 155 139 123 107 91 75 59 43 27 11

Reading symbols from /boot/kernel/accf_http.ko...Reading symbols from /boot/kernel/accf_http.ko.symbols...done.
done. 
Loaded symbols for /boot/kernel/accf_http.ko
Reading symbols from /boot/kernel/coretemp.ko...Reading symbols from /boot/kernel/coretemp.ko.symbols...done.
done.          
Loaded symbols for /boot/kernel/coretemp.ko
Reading symbols from /boot/kernel/pflog.ko...Reading symbols from /boot/kernel/pflog.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/pflog.ko
Reading symbols from /boot/kernel/pf.ko...Reading symbols from /boot/kernel/pf.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/pf.ko
Reading symbols from /boot/kernel/if_gre.ko...Reading symbols from /boot/kernel/if_gre.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/if_gre.ko
Reading symbols from /boot/kernel/linux.ko...Reading symbols from /boot/kernel/linux.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/linux.ko
#0  doadump () at pcpu.h:195
195             __asm __volatile("movq %%gs:0,%0" : "=r" (td));
(kgdb) 
(kgdb) bt
(kgdb) bt
#0  doadump () at pcpu.h:195
#1  0x8888888888888889 in ?? ()
#2  0xffffffff802a859b in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:418
#3  0xffffffff802a8a42 in panic (fmt=0x104 <Address 0x104 out of bounds>) at /usr/src/sys/kern/kern_shutdown.c:574
#4  0xffffffff804d5273 in trap_fatal (frame=0xffffff0001182370, eva=Variable "eva" is not available.) at /usr/src/sys/amd64/amd64/trap.c:757
#5  0xffffffff804d5645 in trap_pfault (frame=0xfffffffe8002c8c0, usermode=0) at /usr/src/sys/amd64/amd64/trap.c:673
#6  0xffffffff804d5f84 in trap (frame=0xfffffffe8002c8c0) at /usr/src/sys/amd64/amd64/trap.c:444
#7  0xffffffff804ba0ee in calltrap () at /usr/src/sys/amd64/amd64/exception.S:209
#8  0xffffffff803ffa16 in in6_setscope (in6=0xfffffffe8002ca40, ifp=0x0, ret_id=0xfffffffe8002ca5c) at atomic.h:143
#9  0xffffffff803ed38c in ip6_forward (m=0xffffff0024843000, srcrt=0) at /usr/src/sys/netinet6/ip6_forward.c:424
#10 0xffffffff803ef448 in ip6_input (m=0xffffff0024843000) at /usr/src/sys/netinet6/ip6_input.c:719
#11 0xffffffff80351179 in netisr_processqueue (ni=0xffffffff806f0488) at /usr/src/sys/net/netisr.c:143
#12 0xffffffff8035140b in swi_net (dummy=Variable "dummy" is not available.) at /usr/src/sys/net/netisr.c:250
#13 0xffffffff80288120 in ithread_loop (arg=0xffffff000116dba0) at /usr/src/sys/kern/kern_intr.c:1088
#14 0xffffffff80284f93 in fork_exit (callout=0xffffffff80287fb0 <ithread_loop>, arg=0xffffff000116dba0, frame=0xfffffffe8002cc80) at /usr/src/sys/kern/kern_fork.c:810
#15 0xffffffff804ba4ae in fork_trampoline () at /usr/src/sys/amd64/amd64/exception.S:455
#16 0x0000000000000000 in ?? ()
#17 0x0000000000000000 in ?? ()
#18 0x0000000000000001 in ?? ()
#19 0x0000000000000000 in ?? ()
#20 0x0000000000000000 in ?? ()
#21 0x0000000000000000 in ?? ()
#22 0x0000000000000000 in ?? ()
#23 0x0000000000000000 in ?? ()
#24 0x0000000000000000 in ?? ()
#25 0x0000000000000000 in ?? ()
#26 0x0000000000000000 in ?? ()
#27 0x0000000000000000 in ?? ()
#28 0x0000000000000000 in ?? ()
#29 0x0000000000000000 in ?? ()
#30 0x0000000000000000 in ?? ()
#31 0x0000000000000000 in ?? ()
#32 0x0000000000000000 in ?? ()
#33 0x0000000000000000 in ?? ()
#34 0x0000000000000000 in ?? ()
#35 0x0000000000000000 in ?? ()
#36 0x0000000000000000 in ?? ()
#37 0x0000000000000000 in ?? ()
#38 0x0000000000000000 in ?? ()
#39 0x0000000000000000 in ?? ()
#40 0x000000000081a000 in ?? ()
#41 0xffffffff806dc100 in tdg_maxid ()
#42 0xffffffff806e8900 in tdq_cpu ()
#43 0xffffffff806e8900 in tdq_cpu ()
#44 0xffffff0001182370 in ?? ()
#45 0xffffff00011826a0 in ?? ()
#46 0xfffffffe8002cb28 in ?? ()
#47 0xffffff0001182370 in ?? ()
#48 0xffffffff802cbbb8 in sched_switch (td=0xffffffff80287fb0, newtd=0x80052d350, flags=Variable "flags" is not available.) at /usr/src/sys/kern/sched_ule.c:1938
#49 0x0000000000000000 in ?? ()
#50 0x0000000000000000 in ?? ()
#51 0x0000000000000000 in ?? ()
#52 0x0000000000000000 in ?? ()
#53 0x0000000000000000 in ?? ()
#54 0x0000000000000000 in ?? ()
#55 0x0000000000000000 in ?? ()
#56 0x0000000000000000 in ?? ()
#57 0x0000000000000000 in ?? ()
#58 0x0000000000000000 in ?? ()
#59 0x0000000000000000 in ?? ()
#60 0x0000000000000000 in ?? ()
#61 0x0000000000000000 in ?? ()
---Type <return> to continue, or q <return> to quit---
#62 0x0000000000000000 in ?? ()
#63 0x0000000000000000 in ?? ()
#64 0x0000000000000000 in ?? ()
#65 0x0000000000000000 in ?? ()
#66 0x0000000000000000 in ?? ()
#67 0x0000000000000000 in ?? ()
#68 0x0000000000000000 in ?? ()
#69 0x0000000000000000 in ?? ()
#70 0x0000000000000000 in ?? ()
#71 0x0000000000000000 in ?? ()
#72 0x0000000000000000 in ?? ()
#73 0x0000000000000000 in ?? ()
#74 0x0000000000000000 in ?? ()
#75 0x0000000000000000 in ?? ()
#76 0x0000000000000000 in ?? ()
#77 0x0000000000000000 in ?? ()
#78 0x0000000000000000 in ?? ()
#79 0x0000000000000000 in ?? ()
#80 0x0000000000000000 in ?? ()
#81 0x0000000000000000 in ?? ()
#82 0x0000000000000000 in ?? ()
#83 0x0000000000000000 in ?? ()
#84 0x0000000000000000 in ?? ()
#85 0x0000000000000000 in ?? ()
#86 0x0000000000000000 in ?? ()
#87 0x0000000000000000 in ?? ()
#88 0x0000000000000000 in ?? ()
#89 0x0000000000000000 in ?? ()
#90 0x0000000000000000 in ?? ()
#91 0x0000000000000000 in ?? ()
#92 0x0000000000000000 in ?? ()
#93 0x0000000000000000 in ?? ()
#94 0x0000000000000000 in ?? ()
#95 0x0000000000000000 in ?? ()
#96 0x0000000000000000 in ?? ()
#97 0x0000000000000000 in ?? ()
#98 0x0000000000000000 in ?? ()
#99 0x0000000000000000 in ?? ()
#100 0x0000000000000000 in ?? ()
#101 0x0000000000000000 in ?? ()
#102 0x0000000000000000 in ?? ()
#103 0x0000000000000000 in ?? ()
#104 0x0000000000000000 in ?? ()
#105 0x0000000000000000 in ?? ()
#106 0x0000000000000000 in ?? ()
#107 0x0000000000000000 in ?? ()
#108 0x0000000000000000 in ?? ()
#109 0x0000000000000000 in ?? ()
#110 0x0000000000000000 in ?? ()
#111 0x0000000000000000 in ?? ()
#112 0x0000000000000000 in ?? ()
#113 0x0000000000000000 in ?? ()
#114 0x0000000000000000 in ?? ()
#115 0x0000000000000000 in ?? ()
#116 0x0000000000000000 in ?? ()
Cannot access memory at address 0xfffffffe8002d000
(kgdb)

Thanks!

- Mark

Fix: 

Unknown
How-To-Repeat: Unknown (IPv6 usage assumed)
Comment 1 Mark Linimon freebsd_committer freebsd_triage 2009-11-01 08:33:55 UTC
Responsible Changed
From-To: freebsd-amd64->freebsd-net

reclassify.
Comment 2 Eitan Adler freebsd_committer freebsd_triage 2017-12-31 08:01:36 UTC
For bugs matching the following criteria:

Status: In Progress Changed: (is less than) 2014-06-01

Reset to default assignee and clear in-progress tags.

Mail being skipped
Comment 3 Graham Perrin freebsd_committer freebsd_triage 2022-10-17 12:17:15 UTC
Keyword: 

    crash

– in lieu of summary line prefix: 

    [panic]

* bulk change for the keyword
* summary lines may be edited manually (not in bulk). 

Keyword descriptions and search interface: 

    <https://bugs.freebsd.org/bugzilla/describekeywords.cgi>