From nobody@FreeBSD.org  Tue Nov 28 18:00:30 2006
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id C822C16A412
	for <freebsd-gnats-submit@FreeBSD.org>; Tue, 28 Nov 2006 18:00:30 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [69.147.83.33])
	by mx1.FreeBSD.org (Postfix) with ESMTP id CA85C43CA1
	for <freebsd-gnats-submit@FreeBSD.org>; Tue, 28 Nov 2006 18:00:26 +0000 (GMT)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.13.1/8.13.1) with ESMTP id kASI0TsC019752
	for <freebsd-gnats-submit@FreeBSD.org>; Tue, 28 Nov 2006 18:00:29 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.13.1/8.13.1/Submit) id kASI0TTg019751;
	Tue, 28 Nov 2006 18:00:29 GMT
	(envelope-from nobody)
Message-Id: <200611281800.kASI0TTg019751@www.freebsd.org>
Date: Tue, 28 Nov 2006 18:00:29 GMT
From: Mark Kamichoff<prox@prolixium.com>
To: freebsd-gnats-submit@FreeBSD.org
Subject: panic w/IPv6
X-Send-Pr-Version: www-3.0

>Number:         105966
>Category:       kern
>Synopsis:       panic w/IPv6 with pf on 6.X
>Confidential:   no
>Severity:       serious
>Priority:       low
>Responsible:    ru
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Nov 28 18:10:12 GMT 2006
>Closed-Date:    Thu Dec 14 23:06:01 GMT 2006
>Last-Modified:  Thu Feb 22 12:40:06 GMT 2007
>Originator:     Mark Kamichoff
>Release:        6.2-PRERELEASE
>Organization:
>Environment:
FreeBSD starfire.prolixium.com 6.2-PRERELEASE FreeBSD 6.2-PRERELEASE #6: Fri Nov 10 13:54:19 EST 2006     root@starfire.prolixium.com:/usr/obj/usr/src/sys/STARFIRE  i386
>Description:
I've been seeing a recurring kernel panic on a couple 6.x machines, all
running pf and IPv6.

The machine in question here is a router, and terminates several OpenVPN
tunnels as well as IPv6-in-IPv4 tunnels. Quagga is used for OSPFv2 and
OSPFv3 routing protocols.

Unread portion of the kernel message buffer:
kernel trap 12 with interrupts disabled


Fatal trap 12: page fault while in kernel mode
fault virtual address   = 0x78
fault code              = supervisor read, page not present
instruction pointer     = 0x20:0xc0554ba7
stack pointer           = 0x28:0xd43f2b28
frame pointer           = 0x28:0xd43f2b2c
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, def32 1, gran 1
processor eflags        = resume, IOPL = 0
current process         = 11 (swi1: net)
trap number             = 12
panic: page fault
Uptime: 17d17h21m15s
Dumping 510 MB (2 chunks)
  chunk 0: 1MB (159 pages) ... ok
  chunk 1: 510MB (130544 pages) 494 478 462 446 430 414 398 382 366 350 334 318 302 286 270 254 238 222 206 190 174 158 142 126 110 94 78 62 46 30 14

#0  doadump () at pcpu.h:165
165             __asm __volatile("movl %%fs:0,%0" : "=r" (td));
(kgdb) bt
#0  doadump () at pcpu.h:165
#1  0xc052f44a in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:409
#2  0xc052f754 in panic (fmt=0xc0709871 "%s") at /usr/src/sys/kern/kern_shutdown.c:565
#3  0xc06e576d in trap_fatal (frame=0xd43f2ae8, eva=0) at /usr/src/sys/i386/i386/trap.c:837
#4  0xc06e4e85 in trap (frame=
      {tf_fs = -1067450360, tf_es = -734068696, tf_ds = 40, tf_edi = -1019857920, tf_esi = -1020668032, tf_ebp = -734057684, tf_isp = -734057708, tf_ebx = -1020701888, tf_edx = -1020668032, tf_ecx = 4, tf_eax = 4, tf_trapno = 12, tf_err = 0, tf_eip = -1068151897, tf_cs = 32, tf_eflags = 65543, tf_esp = -1020668032, tf_ss = -734057648}) at /usr/src/sys/i386/i386/trap.c:270
#5  0xc06d220a in calltrap () at /usr/src/sys/i386/i386/exception.s:139
#6  0xc0554ba7 in turnstile_setowner (ts=0xc3295340, owner=0x4)
    at /usr/src/sys/kern/subr_turnstile.c:432
#7  0xc0554ed3 in turnstile_wait (lock=0xc5df4504, owner=0x4)
    at /usr/src/sys/kern/subr_turnstile.c:591
#8  0xc0524db7 in _mtx_lock_sleep (m=0xc5df4504, tid=3274299264, opts=0, file=0x0, line=0)
    at /usr/src/sys/kern/kern_mutex.c:579
#9  0xc05ffe40 in nd6_output (ifp=0xc3363400, origifp=0x4, m0=0xc364a100, dst=0xc3777a9c, 
    rt0=0xc38de6b4) at /usr/src/sys/netinet6/nd6.c:2004
#10 0xc05f3aec in ip6_forward (m=0xc364a100, srcrt=0)
    at /usr/src/sys/netinet6/ip6_forward.c:626
#11 0xc05f4d54 in ip6_input (m=0xc364a100) at /usr/src/sys/netinet6/ip6_input.c:732
#12 0xc05b7aa7 in netisr_processqueue (ni=0xc0777c84) at /usr/src/sys/net/netisr.c:236
#13 0xc05b7c9d in swi_net (dummy=0x0) at /usr/src/sys/net/netisr.c:343
#14 0xc051631a in ithread_execute_handlers (p=0xc329ca78, ie=0xc32da300)
    at /usr/src/sys/kern/kern_intr.c:682
#15 0xc051645b in ithread_loop (arg=0xc3283700) at /usr/src/sys/kern/kern_intr.c:765
#16 0xc0514f51 in fork_exit (callout=0xc05163f8 <ithread_loop>, arg=0x4, frame=0x4)
    at /usr/src/sys/kern/kern_fork.c:821
#17 0xc06d226c in fork_trampoline () at /usr/src/sys/i386/i386/exception.s:208
(kgdb) 

More information (pkg_info, ps output, etc.):

http://www.prolixium.com/share/txt/freebsd/ipv6/

pf.conf can be provided, if needed.

- Mark
>How-To-Repeat:
Unknown.  This happens every couple of weeks.
>Fix:

>Release-Note:
>Audit-Trail:

From: Ruslan Ermilov <ru@FreeBSD.org>
To: Mark Kamichoff <prox@prolixium.com>
Cc: bug-followup@FreeBSD.org
Subject: Re: kern/105966: panic w/IPv6
Date: Fri, 1 Dec 2006 11:26:22 +0300

 You're running IPv6 routing daemon, ospf6d(8), so you were vulnerable.
 This bug has already been fixed; you need the following file/revision
 to get a fix:
 
 $FreeBSD: src/sys/netinet6/nd6.c,v 1.48.2.16 2006/11/29 14:00:29 ru Exp $
 
 You can either upgrade your sources, or just pick up this
 revision and recompile your kernel:
 
 http://www.freebsd.org/cgi/cvsweb.cgi/~checkout~/src/sys/netinet6/nd6.c?rev=1.48.2.16&content-type=text/plain
 
 Please follow-up with the success report so we can close the PR.
 
 On Tue, Nov 28, 2006 at 06:00:29PM +0000, Mark Kamichoff wrote:
 > >Synopsis:       panic w/IPv6
 > >Release:        6.2-PRERELEASE
 > 
 > Unread portion of the kernel message buffer:
 > kernel trap 12 with interrupts disabled
 > 
 > 
 > Fatal trap 12: page fault while in kernel mode
 > fault virtual address   = 0x78
 > fault code              = supervisor read, page not present
 > instruction pointer     = 0x20:0xc0554ba7
 > stack pointer           = 0x28:0xd43f2b28
 > frame pointer           = 0x28:0xd43f2b2c
 > code segment            = base 0x0, limit 0xfffff, type 0x1b
 >                         = DPL 0, pres 1, def32 1, gran 1
 > processor eflags        = resume, IOPL = 0
 > current process         = 11 (swi1: net)
 > trap number             = 12
 > panic: page fault
 > Uptime: 17d17h21m15s
 > Dumping 510 MB (2 chunks)
 >   chunk 0: 1MB (159 pages) ... ok
 >   chunk 1: 510MB (130544 pages) 494 478 462 446 430 414 398 382 366 350 334 318 302 286 270 254 238 222 206 190 174 158 142 126 110 94 78 62 46 30 14
 > 
 > #0  doadump () at pcpu.h:165
 > 165             __asm __volatile("movl %%fs:0,%0" : "=r" (td));
 > (kgdb) bt
 > #0  doadump () at pcpu.h:165
 > #1  0xc052f44a in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:409
 > #2  0xc052f754 in panic (fmt=0xc0709871 "%s") at /usr/src/sys/kern/kern_shutdown.c:565
 > #3  0xc06e576d in trap_fatal (frame=0xd43f2ae8, eva=0) at /usr/src/sys/i386/i386/trap.c:837
 > #4  0xc06e4e85 in trap (frame=
 >       {tf_fs = -1067450360, tf_es = -734068696, tf_ds = 40, tf_edi = -1019857920, tf_esi = -1020668032, tf_ebp = -734057684, tf_isp = -734057708, tf_ebx = -1020701888, tf_edx = -1020668032, tf_ecx = 4, tf_eax = 4, tf_trapno = 12, tf_err = 0, tf_eip = -1068151897, tf_cs = 32, tf_eflags = 65543, tf_esp = -1020668032, tf_ss = -734057648}) at /usr/src/sys/i386/i386/trap.c:270
 > #5  0xc06d220a in calltrap () at /usr/src/sys/i386/i386/exception.s:139
 > #6  0xc0554ba7 in turnstile_setowner (ts=0xc3295340, owner=0x4)
 >     at /usr/src/sys/kern/subr_turnstile.c:432
 > #7  0xc0554ed3 in turnstile_wait (lock=0xc5df4504, owner=0x4)
 >     at /usr/src/sys/kern/subr_turnstile.c:591
 > #8  0xc0524db7 in _mtx_lock_sleep (m=0xc5df4504, tid=3274299264, opts=0, file=0x0, line=0)
 >     at /usr/src/sys/kern/kern_mutex.c:579
 > #9  0xc05ffe40 in nd6_output (ifp=0xc3363400, origifp=0x4, m0=0xc364a100, dst=0xc3777a9c, 
 >     rt0=0xc38de6b4) at /usr/src/sys/netinet6/nd6.c:2004
 > #10 0xc05f3aec in ip6_forward (m=0xc364a100, srcrt=0)
 >     at /usr/src/sys/netinet6/ip6_forward.c:626
 > #11 0xc05f4d54 in ip6_input (m=0xc364a100) at /usr/src/sys/netinet6/ip6_input.c:732
 > #12 0xc05b7aa7 in netisr_processqueue (ni=0xc0777c84) at /usr/src/sys/net/netisr.c:236
 > #13 0xc05b7c9d in swi_net (dummy=0x0) at /usr/src/sys/net/netisr.c:343
 > #14 0xc051631a in ithread_execute_handlers (p=0xc329ca78, ie=0xc32da300)
 >     at /usr/src/sys/kern/kern_intr.c:682
 > #15 0xc051645b in ithread_loop (arg=0xc3283700) at /usr/src/sys/kern/kern_intr.c:765
 > #16 0xc0514f51 in fork_exit (callout=0xc05163f8 <ithread_loop>, arg=0x4, frame=0x4)
 >     at /usr/src/sys/kern/kern_fork.c:821
 > #17 0xc06d226c in fork_trampoline () at /usr/src/sys/i386/i386/exception.s:208
 > (kgdb) 
 > 
 > More information (pkg_info, ps output, etc.):
 > 
 > http://www.prolixium.com/share/txt/freebsd/ipv6/
 > 
 > pf.conf can be provided, if needed.
 
 -- 
 Ruslan Ermilov
 ru@FreeBSD.org
 FreeBSD committer

From: Mark Kamichoff <prox@prolixium.com>
To: Ruslan Ermilov <ru@FreeBSD.org>
Cc: bug-followup@FreeBSD.org
Subject: Re: kern/105966: panic w/IPv6
Date: Fri, 1 Dec 2006 13:40:10 -0500

 --liOOAslEiF7prFVr
 Content-Type: text/plain; charset=us-ascii
 Content-Disposition: inline
 Content-Transfer-Encoding: quoted-printable
 
 Ruslan -=20
 
 On Fri, Dec 01, 2006 at 11:26:22AM +0300, Ruslan Ermilov wrote:
 > You're running IPv6 routing daemon, ospf6d(8), so you were vulnerable.
 > This bug has already been fixed; you need the following file/revision
 > to get a fix:
 >=20
 > $FreeBSD: src/sys/netinet6/nd6.c,v 1.48.2.16 2006/11/29 14:00:29 ru Exp $
 >=20
 > You can either upgrade your sources, or just pick up this
 > revision and recompile your kernel:
 >=20
 > http://www.freebsd.org/cgi/cvsweb.cgi/~checkout~/src/sys/netinet6/nd6.c?r=
 ev=3D1.48.2.16&content-type=3Dtext/plain
 >=20
 > Please follow-up with the success report so we can close the PR.
 
 Thanks.  I have updated my sources, and rebuilt everything.  It seems to
 be working fine, but judging from past history, the system could be
 stable for up to 2-3 weeks, and then panic.  It's up to you whether this
 PR should be open for such a duration.  Either way, I will send an
 update when after a couple of weeks.
 
 - Mark
 
 >=20
 > On Tue, Nov 28, 2006 at 06:00:29PM +0000, Mark Kamichoff wrote:
 > > >Synopsis:       panic w/IPv6
 > > >Release:        6.2-PRERELEASE
 > >=20
 > > Unread portion of the kernel message buffer:
 > > kernel trap 12 with interrupts disabled
 > >=20
 > >=20
 > > Fatal trap 12: page fault while in kernel mode
 > > fault virtual address   =3D 0x78
 > > fault code              =3D supervisor read, page not present
 > > instruction pointer     =3D 0x20:0xc0554ba7
 > > stack pointer           =3D 0x28:0xd43f2b28
 > > frame pointer           =3D 0x28:0xd43f2b2c
 > > code segment            =3D base 0x0, limit 0xfffff, type 0x1b
 > >                         =3D DPL 0, pres 1, def32 1, gran 1
 > > processor eflags        =3D resume, IOPL =3D 0
 > > current process         =3D 11 (swi1: net)
 > > trap number             =3D 12
 > > panic: page fault
 > > Uptime: 17d17h21m15s
 > > Dumping 510 MB (2 chunks)
 > >   chunk 0: 1MB (159 pages) ... ok
 > >   chunk 1: 510MB (130544 pages) 494 478 462 446 430 414 398 382 366 350=
  334 318 302 286 270 254 238 222 206 190 174 158 142 126 110 94 78 62 46 30=
  14
 > >=20
 > > #0  doadump () at pcpu.h:165
 > > 165             __asm __volatile("movl %%fs:0,%0" : "=3Dr" (td));
 > > (kgdb) bt
 > > #0  doadump () at pcpu.h:165
 > > #1  0xc052f44a in boot (howto=3D260) at /usr/src/sys/kern/kern_shutdown=
 =2Ec:409
 > > #2  0xc052f754 in panic (fmt=3D0xc0709871 "%s") at /usr/src/sys/kern/ke=
 rn_shutdown.c:565
 > > #3  0xc06e576d in trap_fatal (frame=3D0xd43f2ae8, eva=3D0) at /usr/src/=
 sys/i386/i386/trap.c:837
 > > #4  0xc06e4e85 in trap (frame=3D
 > >       {tf_fs =3D -1067450360, tf_es =3D -734068696, tf_ds =3D 40, tf_ed=
 i =3D -1019857920, tf_esi =3D -1020668032, tf_ebp =3D -734057684, tf_isp =
 =3D -734057708, tf_ebx =3D -1020701888, tf_edx =3D -1020668032, tf_ecx =3D =
 4, tf_eax =3D 4, tf_trapno =3D 12, tf_err =3D 0, tf_eip =3D -1068151897, tf=
 _cs =3D 32, tf_eflags =3D 65543, tf_esp =3D -1020668032, tf_ss =3D -7340576=
 48}) at /usr/src/sys/i386/i386/trap.c:270
 > > #5  0xc06d220a in calltrap () at /usr/src/sys/i386/i386/exception.s:139
 > > #6  0xc0554ba7 in turnstile_setowner (ts=3D0xc3295340, owner=3D0x4)
 > >     at /usr/src/sys/kern/subr_turnstile.c:432
 > > #7  0xc0554ed3 in turnstile_wait (lock=3D0xc5df4504, owner=3D0x4)
 > >     at /usr/src/sys/kern/subr_turnstile.c:591
 > > #8  0xc0524db7 in _mtx_lock_sleep (m=3D0xc5df4504, tid=3D3274299264, op=
 ts=3D0, file=3D0x0, line=3D0)
 > >     at /usr/src/sys/kern/kern_mutex.c:579
 > > #9  0xc05ffe40 in nd6_output (ifp=3D0xc3363400, origifp=3D0x4, m0=3D0xc=
 364a100, dst=3D0xc3777a9c,=20
 > >     rt0=3D0xc38de6b4) at /usr/src/sys/netinet6/nd6.c:2004
 > > #10 0xc05f3aec in ip6_forward (m=3D0xc364a100, srcrt=3D0)
 > >     at /usr/src/sys/netinet6/ip6_forward.c:626
 > > #11 0xc05f4d54 in ip6_input (m=3D0xc364a100) at /usr/src/sys/netinet6/i=
 p6_input.c:732
 > > #12 0xc05b7aa7 in netisr_processqueue (ni=3D0xc0777c84) at /usr/src/sys=
 /net/netisr.c:236
 > > #13 0xc05b7c9d in swi_net (dummy=3D0x0) at /usr/src/sys/net/netisr.c:343
 > > #14 0xc051631a in ithread_execute_handlers (p=3D0xc329ca78, ie=3D0xc32d=
 a300)
 > >     at /usr/src/sys/kern/kern_intr.c:682
 > > #15 0xc051645b in ithread_loop (arg=3D0xc3283700) at /usr/src/sys/kern/=
 kern_intr.c:765
 > > #16 0xc0514f51 in fork_exit (callout=3D0xc05163f8 <ithread_loop>, arg=
 =3D0x4, frame=3D0x4)
 > >     at /usr/src/sys/kern/kern_fork.c:821
 > > #17 0xc06d226c in fork_trampoline () at /usr/src/sys/i386/i386/exceptio=
 n.s:208
 > > (kgdb)=20
 > >=20
 > > More information (pkg_info, ps output, etc.):
 > >=20
 > > http://www.prolixium.com/share/txt/freebsd/ipv6/
 > >=20
 > > pf.conf can be provided, if needed.
 >=20
 > --=20
 > Ruslan Ermilov
 > ru@FreeBSD.org
 > FreeBSD committer
 >=20
 
 --=20
 Mark Kamichoff
 prox@prolixium.com
 http://prolixium.com/
 Rensselaer Polytechnic Institute, Class of 2004
 
 --liOOAslEiF7prFVr
 Content-Type: application/pgp-signature; name="signature.asc"
 Content-Description: Digital signature
 Content-Disposition: inline
 
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.5 (GNU/Linux)
 
 iD8DBQFFcHcK0TYC9KtF8BMRAmO/AJ9C0wVvwiO7tY1aFgZTcSbGhnqiGwCfTJLa
 ae6cVF4aMiz5ValqjVxYwkw=
 =KNhl
 -----END PGP SIGNATURE-----
 
 --liOOAslEiF7prFVr--
State-Changed-From-To: open->feedback 
State-Changed-By: ru 
State-Changed-When: Fri Dec 1 20:28:56 UTC 2006 
State-Changed-Why:  
I believe I might have fixed this problem already; give the 
originator 3 weeks for testing. 


Responsible-Changed-From-To: freebsd-bugs->ru 
Responsible-Changed-By: ru 
Responsible-Changed-When: Fri Dec 1 20:28:56 UTC 2006 
Responsible-Changed-Why:  

http://www.freebsd.org/cgi/query-pr.cgi?pr=105966 

From: Ruslan Ermilov <ru@FreeBSD.org>
To: Mark Kamichoff <prox@prolixium.com>
Cc: bug-followup@FreeBSD.org
Subject: Re: kern/105966: panic w/IPv6
Date: Fri, 1 Dec 2006 23:29:43 +0300

 --dc+cDN39EJAMEtIO
 Content-Type: text/plain; charset=us-ascii
 Content-Disposition: inline
 Content-Transfer-Encoding: quoted-printable
 
 On Fri, Dec 01, 2006 at 01:40:10PM -0500, Mark Kamichoff wrote:
 > Ruslan -=20
 >=20
 > On Fri, Dec 01, 2006 at 11:26:22AM +0300, Ruslan Ermilov wrote:
 > > You're running IPv6 routing daemon, ospf6d(8), so you were vulnerable.
 > > This bug has already been fixed; you need the following file/revision
 > > to get a fix:
 > >=20
 > > $FreeBSD: src/sys/netinet6/nd6.c,v 1.48.2.16 2006/11/29 14:00:29 ru Exp=
  $
 > >=20
 > > You can either upgrade your sources, or just pick up this
 > > revision and recompile your kernel:
 > >=20
 > > http://www.freebsd.org/cgi/cvsweb.cgi/~checkout~/src/sys/netinet6/nd6.c=
 ?rev=3D1.48.2.16&content-type=3Dtext/plain
 > >=20
 > > Please follow-up with the success report so we can close the PR.
 >=20
 > Thanks.  I have updated my sources, and rebuilt everything.  It seems to
 > be working fine, but judging from past history, the system could be
 > stable for up to 2-3 weeks, and then panic.  It's up to you whether this
 > PR should be open for such a duration.  Either way, I will send an
 > update when after a couple of weeks.
 >=20
 I'll switch it to the "feedback" state then, and then if I don't hear
 =66rom you in 3 weeks (or hear good news from you) will close it as
 fixed.
 
 
 Cheers,
 --=20
 Ruslan Ermilov
 ru@FreeBSD.org
 FreeBSD committer
 
 --dc+cDN39EJAMEtIO
 Content-Type: application/pgp-signature
 Content-Disposition: inline
 
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.5 (FreeBSD)
 
 iD8DBQFFcJC3qRfpzJluFF4RArZSAJ9wg9jwOOiB3sPw9bjTg0UI4K8LkwCfXWUz
 7bBnJdubEo6lP7AL5PfQ3TY=
 =WbJt
 -----END PGP SIGNATURE-----
 
 --dc+cDN39EJAMEtIO--

From: Mark Kamichoff <prox@prolixium.com>
To: Ruslan Ermilov <ru@FreeBSD.org>
Cc: bug-followup@FreeBSD.org
Subject: Re: kern/105966: panic w/IPv6
Date: Thu, 14 Dec 2006 17:37:28 -0500

 Hi Ruslan - 
 
 On Fri, Dec 01, 2006 at 11:29:43PM +0300, Ruslan Ermilov wrote:
 > > Thanks.  I have updated my sources, and rebuilt everything.  It seems to
 > > be working fine, but judging from past history, the system could be
 > > stable for up to 2-3 weeks, and then panic.  It's up to you whether this
 > > PR should be open for such a duration.  Either way, I will send an
 > > update when after a couple of weeks.
 > > 
 > I'll switch it to the "feedback" state then, and then if I don't hear
 > from you in 3 weeks (or hear good news from you) will close it as
 > fixed.
 
 I think we can consider this bug fixed, and PR can be closed.  This
 problem has not reoccurred, since.
 
 Thanks!
 
 - Mark
 
 -- 
 Mark Kamichoff
 prox@prolixium.com
 http://prolixium.com/
 Rensselaer Polytechnic Institute, Class of 2004
State-Changed-From-To: feedback->closed 
State-Changed-By: ru 
State-Changed-When: Thu Dec 14 23:05:15 UTC 2006 
State-Changed-Why:  
Originator confirms that the problem has been fixed. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=105966 

From: Mark Kamichoff <prox@prolixium.com>
To: bug-followup@FreeBSD.org, prox@prolixium.com
Cc:  
Subject: Re: kern/105966: panic w/IPv6
Date: Thu, 22 Feb 2007 07:31:23 -0500

 Hi - 
 
 Can we please reopen kern/105966 [panic w/IPv6 with pf on 6.X]?  The
 problem has resurfaced with 6.2-STABLE:
 
 [starfire:7:28]# uname -a
 FreeBSD starfire.prolixium.com 6.2-STABLE FreeBSD 6.2-STABLE #0: Mon Feb 12 00:14:40 EST 2007 root@starfire.prolixium.com:/usr/obj/usr/src/sys/STARFIRE  i386
 
 [starfire:7:25]# kgdb kernel.debug /var/crash/vmcore.26                    [p0]
 kgdb: kvm_nlist(_stopped_cpus): 
 kgdb: kvm_nlist(_stoppcbs): 
 [GDB will not be able to debug user-mode threads: /usr/lib/libthread_db.so: Undefined symbol "ps_pglobal_lookup"]
 GNU gdb 6.1.1 [FreeBSD]
 Copyright 2004 Free Software Foundation, Inc.
 GDB is free software, covered by the GNU General Public License, and you are
 welcome to change it and/or distribute copies of it under certain conditions.
 Type "show copying" to see the conditions.
 There is absolutely no warranty for GDB.  Type "show warranty" for details.
 This GDB was configured as "i386-marcel-freebsd".
 
 Unread portion of the kernel message buffer:
 kernel trap 12 with interrupts disabled
 
 
 Fatal trap 12: page fault while in kernel mode
 fault virtual address   = 0x78
 fault code              = supervisor read, page not present
 instruction pointer     = 0x20:0xc0555579
 stack pointer           = 0x28:0xd43f2b28
 frame pointer           = 0x28:0xd43f2b2c
 code segment            = base 0x0, limit 0xfffff, type 0x1b
                         = DPL 0, pres 1, def32 1, gran 1
 processor eflags        = resume, IOPL = 0
 current process         = 11 (swi1: net)
 trap number             = 12
 panic: page fault
 Uptime: 9d19h23m7s
 Dumping 510 MB (2 chunks)
   chunk 0: 1MB (159 pages) ... ok
   chunk 1: 510MB (130544 pages) 494 478 462 446 430 414 398 382 366 350 334 318 302 286 270 254 238 222 206 190 174 158 142 126 110 94 78 62 46 30 14
 
 #0  doadump () at pcpu.h:165
 165             __asm __volatile("movl %%fs:0,%0" : "=r" (td));
 (kgdb) bt
 #0  doadump () at pcpu.h:165
 #1  0xc052fe16 in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:409
 #2  0xc0530120 in panic (fmt=0xc070b714 "%s")
     at /usr/src/sys/kern/kern_shutdown.c:565
 #3  0xc06e75c5 in trap_fatal (frame=0xd43f2ae8, eva=0)
     at /usr/src/sys/i386/i386/trap.c:837
 #4  0xc06e6cdd in trap (frame=
       {tf_fs = -1067450360, tf_es = -734068696, tf_ds = 40, tf_edi = -1019703296, tf_esi = -1020561536, tf_ebp = -734057684, tf_isp = -734057708, tf_ebx = -1020603584, tf_edx = -1020561536, tf_ecx = 4, tf_eax = 4, tf_trapno = 12, tf_err = 0, tf_eip = -1068149383, tf_cs = 32, tf_eflags = 65543, tf_esp = -1020561536, tf_ss = -734057648}) at /usr/src/sys/i386/i386/trap.c:270
 #5  0xc06d408a in calltrap () at /usr/src/sys/i386/i386/exception.s:139
 #6  0xc0555579 in turnstile_setowner (ts=0xc32ad340, owner=0x4)
     at /usr/src/sys/kern/subr_turnstile.c:434
 #7  0xc05558a5 in turnstile_wait (lock=0xc38a9504, owner=0x4)
     at /usr/src/sys/kern/subr_turnstile.c:593
 #8  0xc0525783 in _mtx_lock_sleep (m=0xc38a9504, tid=3274405760, opts=0, 
     file=0x0, line=0) at /usr/src/sys/kern/kern_mutex.c:579
 #9  0xc06016ae in nd6_output (ifp=0xc3389000, origifp=0x4, m0=0xc60f5500, 
     dst=0xc38a831c, rt0=0xc3764630) at /usr/src/sys/netinet6/nd6.c:2010
 #10 0xc05f5218 in ip6_forward (m=0xc60f5500, srcrt=0)
     at /usr/src/sys/netinet6/ip6_forward.c:626
 #11 0xc05f64ad in ip6_input (m=0xc60f5500)
     at /usr/src/sys/netinet6/ip6_input.c:732
 #12 0xc05b8a67 in netisr_processqueue (ni=0xc0779d44)
     at /usr/src/sys/net/netisr.c:236
 #13 0xc05b8c5d in swi_net (dummy=0x0) at /usr/src/sys/net/netisr.c:343
 #14 0xc0516cca in ithread_execute_handlers (p=0xc32b6a78, ie=0xc32f8300)
     at /usr/src/sys/kern/kern_intr.c:682
 #15 0xc0516e0b in ithread_loop (arg=0xc3283700)
     at /usr/src/sys/kern/kern_intr.c:765
 #16 0xc0515901 in fork_exit (callout=0xc0516da8 <ithread_loop>, arg=0x4, 
     frame=0x4) at /usr/src/sys/kern/kern_fork.c:821
 #17 0xc06d40ec in fork_trampoline () at /usr/src/sys/i386/i386/exception.s:208
 (kgdb)
 
 - Mark
 
 -- 
 Mark Kamichoff
 prox@prolixium.com
 http://prolixium.com/
 Rensselaer Polytechnic Institute, Class of 2004
>Unformatted:
