On Mon, Sep 16, 2013 at 05:27:30PM +0200, Hans Petter Selasky wrote: > Hi, > > I caught a General protection fault in prelist_remove. Any clues what > this might be?
Any chance you were creating or destroying interfaces around the time this crash happened? There is no locking in the code which manipulates the prefix list (or any of the global NDP data structures), so it's possible to get crashes if, for instance, the prefix expiry callout races with in6_ifdetach() to delete a prefix. It's not clear what caused your crash (not without a crash dump at least), but I imagine it has something to do with this. I've partially fixed this at work by adding a rw lock to protect access to the the prefix, default router, and DAD lists. The patch is here: http://people.freebsd.org/~markj/patches/ndp-locking.diff If anyone can review or test this patch, please let me know. Thanks, -Mar > > FreeBSD-10 from one month back approx. > > > ffffffff80a95810 <prelist_remove>: > > ffffffff80a95810: 55 push %rbp > > ffffffff80a95811: 48 89 e5 mov %rsp,%rbp > > ffffffff80a95814: 41 57 push %r15 > > ffffffff80a95816: 41 56 push %r14 > > ffffffff80a95818: 53 push %rbx > > ffffffff80a95819: 48 83 ec 38 sub $0x38,%rsp > > ffffffff80a9581d: 49 89 ff mov %rdi,%r15 > > ffffffff80a95820: 48 8b 04 25 c0 de 3b mov > > 0xffffffff813bdec0,%rax > > ffffffff80a95827: 81 > > ffffffff80a95828: 48 89 45 e0 mov %rax,-0x20(%rbp) > > ffffffff80a9582c: 49 c7 47 44 00 00 00 movq $0x0,0x44(%r15) > > ffffffff80a95833: 00 > > ffffffff80a95834: 41 f6 47 6c 01 testb $0x1,0x6c(%r15) > > ffffffff80a95839: 74 4d je ffffffff80a95888 > > <prelist_remove+0x78> > > ffffffff80a9583b: 4c 89 ff mov %r15,%rdi > > ffffffff80a9583e: e8 fd 00 00 00 callq ffffffff80a95940 > > <nd6_prefix_offlink> > > ffffffff80a95843: 41 89 c6 mov %eax,%r14d > > ffffffff80a95846: 45 85 f6 test %r14d,%r14d > > ffffffff80a95849: 74 3d je ffffffff80a95888 > > <prelist_remove+0x78> > > ffffffff80a9584b: 8b 04 25 c4 a6 56 81 mov > > 0xffffffff8156a6c4,%eax > > ffffffff80a95852: 85 c0 test %eax,%eax > > ffffffff80a95854: 74 32 je ffffffff80a95888 > > <prelist_remove+0x78> > > ffffffff80a95856: 49 8d 77 20 lea 0x20(%r15),%rsi > > ffffffff80a9585a: 48 8d 7d b0 lea -0x50(%rbp),%rdi > > ffffffff80a9585e: e8 1d fa fd ff callq ffffffff80a75280 > > <ip6_sprintf> > > ffffffff80a95863: 41 0f b6 4f 78 movzbl 0x78(%r15),%ecx > > ffffffff80a95868: 4d 8b 07 mov (%r15),%r8 > > ffffffff80a9586b: 49 83 c0 28 add $0x28,%r8 > > ffffffff80a9586f: bf 03 00 00 00 mov $0x3,%edi > > ffffffff80a95874: 48 c7 c6 c6 17 fa 80 mov > > $0xffffffff80fa17c6,%rsi > > ffffffff80a9587b: 48 89 c2 mov %rax,%rdx > > ffffffff80a9587e: 45 89 f1 mov %r14d,%r9d > > ffffffff80a95881: 30 c0 xor %al,%al > > ffffffff80a95883: e8 08 f0 e5 ff callq ffffffff808f4890 > > <log> > > ffffffff80a95888: 41 83 7f 7c 00 cmpl $0x0,0x7c(%r15) > > ffffffff80a9588d: 7f 6c jg ffffffff80a958fb > > <prelist_remove+0xeb> > > ffffffff80a9588f: 49 8b 47 08 mov 0x8(%r15),%rax > > ffffffff80a95893: 48 85 c0 test %rax,%rax > > ffffffff80a95896: 74 0a je ffffffff80a958a2 > > <prelist_remove+0x92> > > ffffffff80a95898: 49 8d 4f 08 lea 0x8(%r15),%rcx > > ffffffff80a9589c: 48 39 48 10 cmp %rcx,0x10(%rax) > ^^^^ crash here > > ffffffff80a958a0: 75 72 jne ffffffff80a95914 > > <prelist_remove+0x104> > > ffffffff80a958a2: 49 8b 4f 10 mov 0x10(%r15),%rcx > > Non-reproducable. > > --HPS > _______________________________________________ > freebsd-current@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-current > To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org" _______________________________________________ freebsd-current@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
