Date: Tue, 04 May 2010 12:25:39 -0700 From: Peter Kieser <peter@kieser.ca> To: freebsd-net@freebsd.org Cc: freebsd-stable@freebsd.org Subject: Re: Reproducible crash w/ IPv6 on FreeBSD 7.1 amd64 under VMware ESXi 3.5 Message-ID: <4BE074B3.4050500@kieser.ca> In-Reply-To: <4BE0620A.3090906@kieser.ca> References: <4BE0620A.3090906@kieser.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
On further note: I belive that 'm' should not be NULL ... #9 0xffffffff8061277f in ip6_input (m=0xffffff0001611a00) at /usr/src/sys/netinet6/ip6_input.c:299 -Peter On 5/4/2010 11:06 AM, Peter Kieser wrote: > Hello, > > My FreeBSD 7.1 guest is crashing when I use IPv6 and ping6 an address > that doesn't respond to ICMP or isn't on the network. Am I the only > person that has run into this issue? I can reproduce it on a fresh > virtual machine, 100% of the time .. Does NOT occur (I've had machines > up for 200+ days) if I am not using IPv6. > > HOWTO Reproduce: > > 1. FreeBSD 7.1 amd64 Guest > 2. IPv6 networking enabled and configured > 3. ping6 against an IPv6 address that isn't active on your network and > leave it running > 4. Virtual machine will crash after a number of minutes (from 1~15 > minutes) > > What configuration: > > * Generic FreeBSD 7.1 kernel (No custom configuration) > * No VMware tools or kernel modules installed > * e1000 virtual Ethernet adapter > * LSI Logic virtual SCSI controller > * kern.hz set at 100 in /boot/loader.conf > > Kernel revision: > > FreeBSD freebsd71.pfak.org 7.1-RELEASE-p11 FreeBSD 7.1-RELEASE-p11 #0: > Tue May 4 10:28:31 PDT 2010 > root@freebsd71.pfak.org:/usr/obj/usr/src/sys/GENERIC amd64 > > Kernel dump W/ Backtrace: > > Fatal trap 12: page fault while in kernel mode > cpuid = 1; apic id = 01 > fault virtual address = 0x18 > fault code = supervisor read data, page not present > instruction pointer = 0x8:0xffffffff80505a66 > stack pointer = 0x10:0xffffffffac258a60 > frame pointer = 0x10:0x0 > code segment = base 0x0, limit 0xfffff, type 0x1b > = DPL 0, pres 1, long 1, def32 0, gran 1 > processor eflags = interrupt enabled, resume, IOPL = 0 > current process = 13 (swi1: net) > trap number = 12 > panic: page fault > cpuid = 1 > Uptime: 13m54s > Physical memory: 3827 MB > Dumping 323 MB: 308 292 276 260 244 228 212 196 180 164 148 132 116 > 100 84 68 52 36 20 4 > > #0 doadump () at pcpu.h:195 > 195 __asm __volatile("movq %%gs:0,%0" : "=r" (td)); > (kgdb) backtrace > #0 doadump () at pcpu.h:195 > #1 0x0000000000000004 in ?? () > #2 0xffffffff804b4d29 in boot (howto=260) at > /usr/src/sys/kern/kern_shutdown.c:418 > #3 0xffffffff804b5132 in panic (fmt=0x104 <Address 0x104 out of > bounds>) at /usr/src/sys/kern/kern_shutdown.c:574 > #4 0xffffffff8078a1f3 in trap_fatal (frame=0xffffff00010ff000, > eva=Variable "eva" is not available. > ) at /usr/src/sys/amd64/amd64/trap.c:764 > #5 0xffffffff8078a5c5 in trap_pfault (frame=0xffffffffac2589b0, > usermode=0) at /usr/src/sys/amd64/amd64/trap.c:680 > #6 0xffffffff8078af08 in trap (frame=0xffffffffac2589b0) at > /usr/src/sys/amd64/amd64/trap.c:449 > #7 0xffffffff807706fe in calltrap () at > /usr/src/sys/amd64/amd64/exception.S:209 > #8 0xffffffff80505a66 in m_copydata (m=0x0, off=0, len=56, > cp=0xffffff00013b9980 "") at /usr/src/sys/kern/uipc_mbuf.c:813 > #9 0xffffffff8061277f in ip6_input (m=0xffffff0001611a00) at > /usr/src/sys/netinet6/ip6_input.c:299 > #10 0xffffffff8055ae59 in netisr_processqueue (ni=0xffffffff80acbb08) > at /usr/src/sys/net/netisr.c:143 > #11 0xffffffff8055b0eb in swi_net (dummy=Variable "dummy" is not > available. > ) at /usr/src/sys/net/netisr.c:250 > #12 0xffffffff804957c0 in ithread_loop (arg=0xffffff00010fac00) at > /usr/src/sys/kern/kern_intr.c:1088 > #13 0xffffffff80492663 in fork_exit (callout=0xffffffff80495650 > <ithread_loop>, arg=0xffffff00010fac00, frame=0xffffffffac258c80) > at /usr/src/sys/kern/kern_fork.c:804 > #14 0xffffffff80770ace in fork_trampoline () at > /usr/src/sys/amd64/amd64/exception.S:455 > #15 0x0000000000000000 in ?? () > #16 0x0000000000000000 in ?? () > #17 0x0000000000000001 in ?? () > #18 0x0000000000000000 in ?? () > #19 0x0000000000000000 in ?? () > #20 0x0000000000000000 in ?? () > #21 0x0000000000000000 in ?? () > #22 0x0000000000000000 in ?? () > #23 0x0000000000000000 in ?? () > #24 0x0000000000000000 in ?? () > #25 0x0000000000000000 in ?? () > #26 0x0000000000000000 in ?? () > #27 0x0000000000000000 in ?? () > #28 0x0000000000000000 in ?? () > #29 0x0000000000000000 in ?? () > #30 0x0000000000000000 in ?? () > #31 0x0000000000000000 in ?? () > #32 0x0000000000000000 in ?? () > #33 0x0000000000000000 in ?? () > #34 0x0000000000000000 in ?? () > #35 0x0000000000000000 in ?? () > #36 0x0000000000000000 in ?? () > #37 0x0000000000000000 in ?? () > #38 0x0000000000000000 in ?? () > #39 0x0000000000d43000 in ?? () > #40 0xffffffff80ab8440 in tdq_cpu () > #41 0x0000000000000000 in ?? () > #42 0xffffffff80ac3fc0 in tdq_cpu () > #43 0x0000000000000000 in ?? () > #44 0xffffff00010ff000 in ?? () > #45 0xffffffffac258628 in ?? () > #46 0xffffffff80ab77c0 in tdg_maxid () > #47 0xffffffff804d5954 in sched_switch (td=0x0, newtd=0x8005c7450, > flags=0) at /usr/src/sys/kern/sched_ule.c:1944 > #48 0x0000000000000000 in ?? () > #49 0x0000000000000000 in ?? () > #50 0x0000000000000000 in ?? () > #51 0x0000000000000000 in ?? () > ... > Cannot access memory at address 0xffffffffac259000 > (kgdb) > > -Peter > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4BE074B3.4050500>