Reproducible crash w/ IPv6 on FreeBSD 7.1 amd64 under VMware ESXi 3.5

Peter Kieser peter at kieser.ca
Tue May 4 19:25:40 UTC 2010 

On further note: I belive that 'm' should not be NULL ...

#9 0xffffffff8061277f in ip6_input (m=0xffffff0001611a00) at 
/usr/src/sys/netinet6/ip6_input.c:299

-Peter

On 5/4/2010 11:06 AM, Peter Kieser wrote:
> Hello,
>
> My FreeBSD 7.1 guest is crashing when I use IPv6 and ping6 an address 
> that doesn't respond to ICMP or isn't on the network. Am I the only 
> person that has run into this issue? I can reproduce it on a fresh 
> virtual machine, 100% of the time .. Does NOT occur (I've had machines 
> up for 200+ days) if I am not using IPv6.
>
> HOWTO Reproduce:
>
> 1. FreeBSD 7.1 amd64 Guest
> 2. IPv6 networking enabled and configured
> 3. ping6 against an IPv6 address that isn't active on your network and 
> leave it running
> 4. Virtual machine will crash after a number of minutes (from 1~15 
> minutes)
>
> What configuration:
>
> * Generic FreeBSD 7.1 kernel (No custom configuration)
> * No VMware tools or kernel modules installed
> * e1000 virtual Ethernet adapter
> * LSI Logic virtual SCSI controller
> * kern.hz set at 100 in /boot/loader.conf
>
> Kernel revision:
>
> FreeBSD freebsd71.pfak.org 7.1-RELEASE-p11 FreeBSD 7.1-RELEASE-p11 #0: 
> Tue May  4 10:28:31 PDT 2010     
> root at freebsd71.pfak.org:/usr/obj/usr/src/sys/GENERIC  amd64
>
> Kernel dump W/ Backtrace:
>
> Fatal trap 12: page fault while in kernel mode
> cpuid = 1; apic id = 01
> fault virtual address   = 0x18
> fault code              = supervisor read data, page not present
> instruction pointer     = 0x8:0xffffffff80505a66
> stack pointer           = 0x10:0xffffffffac258a60
> frame pointer           = 0x10:0x0
> code segment            = base 0x0, limit 0xfffff, type 0x1b
>                         = DPL 0, pres 1, long 1, def32 0, gran 1
> processor eflags        = interrupt enabled, resume, IOPL = 0
> current process         = 13 (swi1: net)
> trap number             = 12
> panic: page fault
> cpuid = 1
> Uptime: 13m54s
> Physical memory: 3827 MB
> Dumping 323 MB: 308 292 276 260 244 228 212 196 180 164 148 132 116 
> 100 84 68 52 36 20 4
>
> #0  doadump () at pcpu.h:195
> 195             __asm __volatile("movq %%gs:0,%0" : "=r" (td));
> (kgdb) backtrace
> #0  doadump () at pcpu.h:195
> #1  0x0000000000000004 in ?? ()
> #2  0xffffffff804b4d29 in boot (howto=260) at 
> /usr/src/sys/kern/kern_shutdown.c:418
> #3  0xffffffff804b5132 in panic (fmt=0x104 <Address 0x104 out of 
> bounds>) at /usr/src/sys/kern/kern_shutdown.c:574
> #4  0xffffffff8078a1f3 in trap_fatal (frame=0xffffff00010ff000, 
> eva=Variable "eva" is not available.
> ) at /usr/src/sys/amd64/amd64/trap.c:764
> #5  0xffffffff8078a5c5 in trap_pfault (frame=0xffffffffac2589b0, 
> usermode=0) at /usr/src/sys/amd64/amd64/trap.c:680
> #6  0xffffffff8078af08 in trap (frame=0xffffffffac2589b0) at 
> /usr/src/sys/amd64/amd64/trap.c:449
> #7  0xffffffff807706fe in calltrap () at 
> /usr/src/sys/amd64/amd64/exception.S:209
> #8  0xffffffff80505a66 in m_copydata (m=0x0, off=0, len=56, 
> cp=0xffffff00013b9980 "") at /usr/src/sys/kern/uipc_mbuf.c:813
> #9  0xffffffff8061277f in ip6_input (m=0xffffff0001611a00) at 
> /usr/src/sys/netinet6/ip6_input.c:299
> #10 0xffffffff8055ae59 in netisr_processqueue (ni=0xffffffff80acbb08) 
> at /usr/src/sys/net/netisr.c:143
> #11 0xffffffff8055b0eb in swi_net (dummy=Variable "dummy" is not 
> available.
> ) at /usr/src/sys/net/netisr.c:250
> #12 0xffffffff804957c0 in ithread_loop (arg=0xffffff00010fac00) at 
> /usr/src/sys/kern/kern_intr.c:1088
> #13 0xffffffff80492663 in fork_exit (callout=0xffffffff80495650 
> <ithread_loop>, arg=0xffffff00010fac00, frame=0xffffffffac258c80)
>     at /usr/src/sys/kern/kern_fork.c:804
> #14 0xffffffff80770ace in fork_trampoline () at 
> /usr/src/sys/amd64/amd64/exception.S:455
> #15 0x0000000000000000 in ?? ()
> #16 0x0000000000000000 in ?? ()
> #17 0x0000000000000001 in ?? ()
> #18 0x0000000000000000 in ?? ()
> #19 0x0000000000000000 in ?? ()
> #20 0x0000000000000000 in ?? ()
> #21 0x0000000000000000 in ?? ()
> #22 0x0000000000000000 in ?? ()
> #23 0x0000000000000000 in ?? ()
> #24 0x0000000000000000 in ?? ()
> #25 0x0000000000000000 in ?? ()
> #26 0x0000000000000000 in ?? ()
> #27 0x0000000000000000 in ?? ()
> #28 0x0000000000000000 in ?? ()
> #29 0x0000000000000000 in ?? ()
> #30 0x0000000000000000 in ?? ()
> #31 0x0000000000000000 in ?? ()
> #32 0x0000000000000000 in ?? ()
> #33 0x0000000000000000 in ?? ()
> #34 0x0000000000000000 in ?? ()
> #35 0x0000000000000000 in ?? ()
> #36 0x0000000000000000 in ?? ()
> #37 0x0000000000000000 in ?? ()
> #38 0x0000000000000000 in ?? ()
> #39 0x0000000000d43000 in ?? ()
> #40 0xffffffff80ab8440 in tdq_cpu ()
> #41 0x0000000000000000 in ?? ()
> #42 0xffffffff80ac3fc0 in tdq_cpu ()
> #43 0x0000000000000000 in ?? ()
> #44 0xffffff00010ff000 in ?? ()
> #45 0xffffffffac258628 in ?? ()
> #46 0xffffffff80ab77c0 in tdg_maxid ()
> #47 0xffffffff804d5954 in sched_switch (td=0x0, newtd=0x8005c7450, 
> flags=0) at /usr/src/sys/kern/sched_ule.c:1944
> #48 0x0000000000000000 in ?? ()
> #49 0x0000000000000000 in ?? ()
> #50 0x0000000000000000 in ?? ()
> #51 0x0000000000000000 in ?? ()
> ...
> Cannot access memory at address 0xffffffffac259000
> (kgdb)
>
> -Peter
> _______________________________________________
> freebsd-net at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe at freebsd.org"

More information about the freebsd-net mailing list