Spurious crashes in nd6_dad_start() (kgdb) bt #0 doadump () at pcpu.h:197 #1 0xc085aa03 in boot (howto=260) at ../../../kern/kern_shutdown.c:421 #2 0xc085acd7 in panic (fmt=Variable "fmt" is not available. ) at ../../../kern/kern_shutdown.c:576 #3 0xc0b87cfc in trap_fatal (frame=0xe874386c, eva=392) at ../../../i386/i386/trap.c:950 #4 0xc0b87f80 in trap_pfault (frame=0xe874386c, usermode=0, eva=392) at ../../../i386/i386/trap.c:863 #5 0xc0b8895c in trap (frame=0xe874386c) at ../../../i386/i386/trap.c:541 #6 0xc0b6b27b in calltrap () at ../../../i386/i386/exception.s:166 #7 0xc084a374 in _mtx_lock_sleep (m=0xc743c67c, tid=3415908928, opts=0, file=0x0, line=0) at ../../../kern/kern_mutex.c:339 #8 0xc09edc36 in nd6_dad_start (ifa=0xc743c600, delay=171) at ../../../netinet6/nd6_nbr.c:1180 #9 0xc09d8810 in in6_update_ifa (ifp=0xc5c29800, ifra=0xe8743a4c, ia=0xc743c600, flags=Variable "flags" is not available. ) at ../../../netinet6/in6.c:1306 #10 0xc09db9fd in in6_ifattach (ifp=0xc5c29800, altifp=0x0) at ../../../netinet6/in6_ifattach.c:466 #11 0xc09d68d7 in in6_if_up (ifp=0xc5c29800) at ../../../netinet6/in6.c:2151 #12 0xc08fb1a5 in ifioctl (so=0xcad05d00, cmd=2151704858, data=0xc6c63bc0 "ng9", td=0xcb9aa240) at ../../../net/if.c:2097 #13 0xc089ca02 in soo_ioctl (fp=0xc6625390, cmd=2151704858, data=0xc6c63bc0, active_cred=0xc70fa200, td=0xcb9aa240) at ../../../kern/sys_socket.c:204 #14 0xc08956e5 in kern_ioctl (td=0xcb9aa240, fd=33, com=2151704858, data=0xc6c63bc0 "ng9") at file.h:269 #15 0xc0895844 in ioctl (td=0xcb9aa240, uap=0xe8743cfc) at ../../../kern/sys_generic.c:571 #16 0xc0b882d5 in syscall (frame=0xe8743d38) at ../../../i386/i386/trap.c:1101 #17 0xc0b6b2e0 in Xint0x80_syscall () at ../../../i386/i386/exception.s:262 #18 0x00000033 in ?? () (kgdb) frame 7 #7 0xc084a374 in _mtx_lock_sleep (m=0xc743c67c, tid=3415908928, opts=0, file=0x0, line=0) at ../../../kern/kern_mutex.c:339 339 owner = (struct thread *)(v & ~MTX_FLAGMASK); (kgdb) print v $1 = 6 (kgdb) x/i $eip 0xc084a374 <_mtx_lock_sleep+68>: mov 0x188(%ecx),%eax (kgdb) info reg ecx ecx 0x0 0 (kgdb) list 334 * If the owner is running on another CPU, spin until the 335 * owner stops running or the state of the lock changes. 336 */ 337 v = m->mtx_lock; 338 if (v != MTX_UNOWNED) { 339 owner = (struct thread *)(v & ~MTX_FLAGMASK); 340 #ifdef ADAPTIVE_GIANT 341 if (TD_IS_RUNNING(owner)) { 342 #else 343 if (m != &Giant && TD_IS_RUNNING(owner)) { (kgdb) print *m $2 = {lock_object = {lo_name = 0xc0c3efef "ifaddr", lo_type = 0xc0c3efef "ifaddr", lo_flags = 16908288, lo_witness_data = { lod_list = {stqe_next = 0x0}, lod_witness = 0x0}}, mtx_lock = 6, mtx_recurse = 0} (kgdb) frame 8 #8 0xc09edc36 in nd6_dad_start (ifa=0xc743c600, delay=171) at ../../../netinet6/nd6_nbr.c:1180 1180 IFAREF(ifa); /* just for safety */ (kgdb) list 1175 * Note that we must delay the first transmission, if this is the 1176 * first packet to be sent from the interface after interface 1177 * (re)initialization. 1178 */ 1179 dp->dad_ifa = ifa; 1180 IFAREF(ifa); /* just for safety */ 1181 dp->dad_count = ip6_dad_count; 1182 dp->dad_ns_icount = dp->dad_na_icount = 0; 1183 dp->dad_ns_ocount = dp->dad_ns_tcount = 0; 1184 if (delay == 0) { (kgdb) print *ifa $3 = {ifa_addr = 0xc743c694, ifa_dstaddr = 0xc743c6cc, ifa_netmask = 0xc743c6e8, if_data = {ifi_type = 0 '\0', ifi_physical = 0 '\0', ifi_addrlen = 0 '\0', ifi_hdrlen = 0 '\0', ifi_link_state = 0 '\0', ifi_spare_char1 = 0 '\0', ifi_spare_char2 = 0 '\0', ifi_datalen = 0 '\0', ifi_mtu = 0, ifi_metric = 0, ifi_baudrate = 0, ifi_ipackets = 0, ifi_ierrors = 0, ifi_opackets = 0, ifi_oerrors = 0, ifi_collisions = 0, ifi_ibytes = 0, ifi_obytes = 0, ifi_imcasts = 0, ifi_omcasts = 0, ifi_iqdrops = 0, ifi_noproto = 0, ifi_hwassist = 0, ifi_epoch = 0, ifi_lastchange = { tv_sec = 0, tv_usec = 0}}, ifa_ifp = 0xc5c29800, ifa_link = { tqe_next = 0x0, tqe_prev = 0xc594f960}, ifa_rtrequest = 0xc09eabc0 <nd6_rtrequest>, ifa_flags = 256, ifa_refcnt = 0, ifa_metric = 0, ifa_claim_addr = 0, ifa_mtx = {lock_object = { lo_name = 0xc0c3efef "ifaddr", lo_type = 0xc0c3efef "ifaddr", lo_flags = 16908288, lo_witness_data = {lod_list = {stqe_next = 0x0}, lod_witness = 0x0}}, mtx_lock = 6, mtx_recurse = 0}} Fix: Unknown. How-To-Repeat: Happens after 20-30 days of uptime.
Responsible Changed From-To: freebsd-bugs->freebsd-net Over to maintainer(s).
For bugs matching the following criteria: Status: In Progress Changed: (is less than) 2014-06-01 Reset to default assignee and clear in-progress tags. Mail being skipped
Keyword: crash – in lieu of summary line prefix: [panic] * bulk change for the keyword * summary lines may be edited manually (not in bulk). Keyword descriptions and search interface: <https://bugs.freebsd.org/bugzilla/describekeywords.cgi>