kern/119123: Kernel crashed while running Avahi and IPv6

Ashish Shukla wahjava at gmail.com
Fri Dec 28 15:10:02 PST 2007 

>Number:         119123
>Category:       kern
>Synopsis:       Kernel crashed while running Avahi and IPv6
>Confidential:   no
>Severity:       serious
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Dec 28 23:10:01 UTC 2007
>Closed-Date:
>Last-Modified:
>Originator:     Ashish Shukla
>Release:        7.0-BETA4
>Organization:
N/A
>Environment:
FreeBSD chateau.d.lf 7.0-BETA4 FreeBSD 7.0-BETA4 #1: Wed Dec 19 13:22:36 IST 2007 toor at chatteau.d.lf:/usr/obj/usr/src/sys/GENERIC amd64
>Description:
While running into GNOME, and play with Avahi and nss_mdns to get mDNS working over IPv6 link-local, kernel crashed. In the next restart. After savecore, I tried to debug the problem, and following is the output of my inspection:

----8<----8<----
[abbe at chateau ~/crashes]$ kgdb /boot/kernel/kernel vmcore.0
[GDB will not be able to debug user-mode threads:
/usr/lib/libthread_db.so: Undefined symbol "ps_pglobal_lookup"]
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "amd64-marcel-freebsd".

Unread portion of the kernel message buffer:


Fatal trap 12: page fault while in kernel mode
cpuid = 0; apic id = 00
fault virtual address   = 0xffffff0101880530
fault code              = supervisor read data, page not present
instruction pointer     = 0x8:0xffffffff80594e8e
stack pointer           = 0x10:0xffffffffaf2807c0
frame pointer           = 0x10:0xffffff0001fe5700
code segment            = base 0x0, limit 0xfffff, type 0x1b
                       = DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 953 (avahi-daemon)
trap number             = 12
panic: page fault
cpuid = 0
Uptime: 1h7m27s
Physical memory: 2025 MB
Dumping 311 MB: 296 280 264 248 232 216 200 184 168 152 136 120 104 88
72 56 40 24 8

#0  doadump () at pcpu.h:194
194     pcpu.h: No such file or directory.
       in pcpu.h
(kgdb) bt
#0  doadump () at pcpu.h:194
#1  0x0000000000000004 in ?? ()
#2  0xffffffff80451c46 in boot (howto=260) at
/usr/src/sys/kern/kern_shutdown.c:409
#3  0xffffffff80452072 in panic (fmt=0x104 <Address 0x104 out of
bounds>) at /usr/src/sys/kern/kern_shutdown.c:563
#4  0xffffffff8070bcfa in trap_fatal (frame=0xffffff00035869c0,
eva=18446742974254081128) at /usr/src/sys/amd64/amd64/trap.c:724
#5  0xffffffff8070c0a1 in trap_pfault (frame=0xffffffffaf280710,
usermode=0) at /usr/src/sys/amd64/amd64/trap.c:641
#6  0xffffffff8070c95f in trap (frame=0xffffffffaf280710) at
/usr/src/sys/amd64/amd64/trap.c:410
#7  0xffffffff806f383e in calltrap () at
/usr/src/sys/amd64/amd64/exception.S:169
#8  0xffffffff80594e8e in ip6_setpktopts (control=0xffffff0001fe5700,
opt=0xffffffffaf280870, stickyopt=Variable "stickyopt" is not
available.
) at /usr/src/sys/netinet6/ip6_output.c:2813
#9  0xffffffff805a7083 in udp6_send (so=Variable "so" is not available.
) at /usr/src/sys/netinet6/udp6_usrreq.c:523
#10 0xffffffff804a0e77 in sosend_generic (so=0xffffff0003365ae0,
addr=0xffffff0003029560, uio=0xffffffffaf280a30,
top=0xffffff00034b3100, control=0xffffff0001fe5700, flags=Variable
"flags" is not available.
)
   at /usr/src/sys/kern/uipc_socket.c:1240
#11 0xffffffff804a3866 in kern_sendit (td=0xffffff00035869c0, s=16,
mp=0xffffffffaf280af0, flags=0, control=0xffffff0001fe5700,
segflg=Variable "segflg" is not available.
) at /usr/src/sys/kern/uipc_syscalls.c:789
#12 0xffffffff804a6343 in sendit (td=0xffffff00035869c0, s=16,
mp=0xffffffffaf280af0, flags=0) at
/usr/src/sys/kern/uipc_syscalls.c:730
#13 0xffffffff804a63b4 in sendmsg (td=0xffffff00035869c0,
uap=0xffffffffaf280be0) at /usr/src/sys/kern/uipc_syscalls.c:922
#14 0xffffffff8070c30c in syscall (frame=0xffffffffaf280c70) at
/usr/src/sys/amd64/amd64/trap.c:852
#15 0xffffffff806f3a4b in Xfast_syscall () at
/usr/src/sys/amd64/amd64/exception.S:290
#16 0x00000008011c114c in ?? ()
Previous frame inner to this frame (corrupt stack?)
(kgdb) frame 8
#8  0xffffffff80594e8e in ip6_setpktopts (control=0xffffff0001fe5700,
opt=0xffffffffaf280870, stickyopt=Variable "stickyopt" is not
available.
) at /usr/src/sys/netinet6/ip6_output.c:2813
2813                    cm = mtod(control, struct cmsghdr *);
(kgdb) print control
$2 = (struct mbuf *) 0xffffff0001fe5700
---->8---->8----

I've the crash file, but its around 311 MiB, so not able to upload anywhere. After bzip2-ing, it reduced to 55 MiB, which is still not uploadable for me anywhere.
>How-To-Repeat:
Not reproducible
>Fix:


>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-bugs mailing list