Reproducible crash w/ IPv6 on FreeBSD 7.1 amd64 under VMware ESXi 3.5

Peter Kieser peter at kieser.ca
Tue May 4 18:24:50 UTC 2010 

Hello,

My FreeBSD 7.1 guest is crashing when I use IPv6 and ping6 an address 
that doesn't respond to ICMP or isn't on the network. Am I the only 
person that has run into this issue? I can reproduce it on a fresh 
virtual machine, 100% of the time .. Does NOT occur (I've had machines 
up for 200+ days) if I am not using IPv6.

HOWTO Reproduce:

1. FreeBSD 7.1 amd64 Guest
2. IPv6 networking enabled and configured
3. ping6 against an IPv6 address that isn't active on your network and 
leave it running
4. Virtual machine will crash after a number of minutes (from 1~15 minutes)

What configuration:

* Generic FreeBSD 7.1 kernel (No custom configuration)
* No VMware tools or kernel modules installed
* e1000 virtual Ethernet adapter
* LSI Logic virtual SCSI controller
* kern.hz set at 100 in /boot/loader.conf

Kernel revision:

FreeBSD freebsd71.pfak.org 7.1-RELEASE-p11 FreeBSD 7.1-RELEASE-p11 #0: 
Tue May  4 10:28:31 PDT 2010     
root at freebsd71.pfak.org:/usr/obj/usr/src/sys/GENERIC  amd64

Kernel dump W/ Backtrace:

Fatal trap 12: page fault while in kernel mode
cpuid = 1; apic id = 01
fault virtual address   = 0x18
fault code              = supervisor read data, page not present
instruction pointer     = 0x8:0xffffffff80505a66
stack pointer           = 0x10:0xffffffffac258a60
frame pointer           = 0x10:0x0
code segment            = base 0x0, limit 0xfffff, type 0x1b
                         = DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 13 (swi1: net)
trap number             = 12
panic: page fault
cpuid = 1
Uptime: 13m54s
Physical memory: 3827 MB
Dumping 323 MB: 308 292 276 260 244 228 212 196 180 164 148 132 116 100 
84 68 52 36 20 4

#0  doadump () at pcpu.h:195
195             __asm __volatile("movq %%gs:0,%0" : "=r" (td));
(kgdb) backtrace
#0  doadump () at pcpu.h:195
#1  0x0000000000000004 in ?? ()
#2  0xffffffff804b4d29 in boot (howto=260) at 
/usr/src/sys/kern/kern_shutdown.c:418
#3  0xffffffff804b5132 in panic (fmt=0x104 <Address 0x104 out of 
bounds>) at /usr/src/sys/kern/kern_shutdown.c:574
#4  0xffffffff8078a1f3 in trap_fatal (frame=0xffffff00010ff000, 
eva=Variable "eva" is not available.
) at /usr/src/sys/amd64/amd64/trap.c:764
#5  0xffffffff8078a5c5 in trap_pfault (frame=0xffffffffac2589b0, 
usermode=0) at /usr/src/sys/amd64/amd64/trap.c:680
#6  0xffffffff8078af08 in trap (frame=0xffffffffac2589b0) at 
/usr/src/sys/amd64/amd64/trap.c:449
#7  0xffffffff807706fe in calltrap () at 
/usr/src/sys/amd64/amd64/exception.S:209
#8  0xffffffff80505a66 in m_copydata (m=0x0, off=0, len=56, 
cp=0xffffff00013b9980 "") at /usr/src/sys/kern/uipc_mbuf.c:813
#9  0xffffffff8061277f in ip6_input (m=0xffffff0001611a00) at 
/usr/src/sys/netinet6/ip6_input.c:299
#10 0xffffffff8055ae59 in netisr_processqueue (ni=0xffffffff80acbb08) at 
/usr/src/sys/net/netisr.c:143
#11 0xffffffff8055b0eb in swi_net (dummy=Variable "dummy" is not available.
) at /usr/src/sys/net/netisr.c:250
#12 0xffffffff804957c0 in ithread_loop (arg=0xffffff00010fac00) at 
/usr/src/sys/kern/kern_intr.c:1088
#13 0xffffffff80492663 in fork_exit (callout=0xffffffff80495650 
<ithread_loop>, arg=0xffffff00010fac00, frame=0xffffffffac258c80)
     at /usr/src/sys/kern/kern_fork.c:804
#14 0xffffffff80770ace in fork_trampoline () at 
/usr/src/sys/amd64/amd64/exception.S:455
#15 0x0000000000000000 in ?? ()
#16 0x0000000000000000 in ?? ()
#17 0x0000000000000001 in ?? ()
#18 0x0000000000000000 in ?? ()
#19 0x0000000000000000 in ?? ()
#20 0x0000000000000000 in ?? ()
#21 0x0000000000000000 in ?? ()
#22 0x0000000000000000 in ?? ()
#23 0x0000000000000000 in ?? ()
#24 0x0000000000000000 in ?? ()
#25 0x0000000000000000 in ?? ()
#26 0x0000000000000000 in ?? ()
#27 0x0000000000000000 in ?? ()
#28 0x0000000000000000 in ?? ()
#29 0x0000000000000000 in ?? ()
#30 0x0000000000000000 in ?? ()
#31 0x0000000000000000 in ?? ()
#32 0x0000000000000000 in ?? ()
#33 0x0000000000000000 in ?? ()
#34 0x0000000000000000 in ?? ()
#35 0x0000000000000000 in ?? ()
#36 0x0000000000000000 in ?? ()
#37 0x0000000000000000 in ?? ()
#38 0x0000000000000000 in ?? ()
#39 0x0000000000d43000 in ?? ()
#40 0xffffffff80ab8440 in tdq_cpu ()
#41 0x0000000000000000 in ?? ()
#42 0xffffffff80ac3fc0 in tdq_cpu ()
#43 0x0000000000000000 in ?? ()
#44 0xffffff00010ff000 in ?? ()
#45 0xffffffffac258628 in ?? ()
#46 0xffffffff80ab77c0 in tdg_maxid ()
#47 0xffffffff804d5954 in sched_switch (td=0x0, newtd=0x8005c7450, 
flags=0) at /usr/src/sys/kern/sched_ule.c:1944
#48 0x0000000000000000 in ?? ()
#49 0x0000000000000000 in ?? ()
#50 0x0000000000000000 in ?? ()
#51 0x0000000000000000 in ?? ()
...
Cannot access memory at address 0xffffffffac259000
(kgdb)

-Peter

More information about the freebsd-net mailing list