kern/161805: [panic] [arp] Repeatable panic in ARP code

Eugene Grosbein egrosbein at rdtc.ru
Wed Oct 19 12:30:11 UTC 2011 

>Number:         161805
>Category:       kern
>Synopsis:       [panic] [arp] Repeatable panic in ARP code
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Oct 19 12:30:10 UTC 2011
>Closed-Date:
>Last-Modified:
>Originator:     Eugene Grosbein
>Release:        FreeBSD 8.2-STABLE i386
>Organization:
RDTC JSC
>Environment:
System: FreeBSD gate.zonov.ru 8.2-STABLE FreeBSD 8.2-STABLE #0: Mon Oct 17 20:10:46 MSD 2011 root at gate.zonov.ru:/data/obj/data/src/sys/Office-8 i386

>Description:
	This FreeBSD 8.2-STABLE/i386 system was built from RELENG_8 sources of 17 October 2011.
	It runs mpd-5.3 accepting PPtP connections with proxyarp enabled.
	It panices instantly when an user establishes PPtP connection
	and generates crashdump.

>How-To-Repeat:

	Full rc.conf/mpd.conf/etc. are available on request. kgdb shows:

Script started on Wed Oct 19 16:01:10 2011
kgdb /usr/obj/data/src/sys/Office-8/kernel.debug vmcore.0
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-marcel-freebsd"...

Unread portion of the kernel message buffer:


Fatal trap 12: page fault while in kernel mode
cpuid = 1; apic id = 01
fault virtual address	= 0x0
fault code		= supervisor read, page not present
instruction pointer	= 0x20:0xc09d7df9
stack pointer	        = 0x28:0xe80d09d4
frame pointer	        = 0x28:0xe80d0a04
code segment		= base 0x0, limit 0xfffff, type 0x1b
			= DPL 0, pres 1, def32 1, gran 1
processor eflags	= interrupt enabled, resume, IOPL = 0
current process		= 2820 (arp)
trap number		= 12
panic: page fault
cpuid = 1
Uptime: 52s
Physical memory: 2031 MB
Dumping 191 MB: 176 160 144 128 112 96 80 64 48 32 16

Reading symbols from /boot/kernel/dummynet.ko...Reading symbols from /boot/kernel/dummynet.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/dummynet.ko
Reading symbols from /boot/kernel/ng_socket.ko...Reading symbols from /boot/kernel/ng_socket.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/ng_socket.ko
Reading symbols from /boot/kernel/netgraph.ko...Reading symbols from /boot/kernel/netgraph.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/netgraph.ko
Reading symbols from /boot/kernel/ng_mppc.ko...Reading symbols from /boot/kernel/ng_mppc.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/ng_mppc.ko
Reading symbols from /boot/kernel/rc4.ko...Reading symbols from /boot/kernel/rc4.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/rc4.ko
Reading symbols from /boot/kernel/ng_ether.ko...Reading symbols from /boot/kernel/ng_ether.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/ng_ether.ko
Reading symbols from /boot/modules/ng_ipacct.ko...done.
Loaded symbols for /boot/modules/ng_ipacct.ko
Reading symbols from /boot/kernel/ng_tee.ko...Reading symbols from /boot/kernel/ng_tee.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/ng_tee.ko
Reading symbols from /boot/kernel/ng_pptpgre.ko...Reading symbols from /boot/kernel/ng_pptpgre.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/ng_pptpgre.ko
Reading symbols from /boot/kernel/ng_ksocket.ko...Reading symbols from /boot/kernel/ng_ksocket.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/ng_ksocket.ko
Reading symbols from /boot/kernel/ng_iface.ko...Reading symbols from /boot/kernel/ng_iface.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/ng_iface.ko
Reading symbols from /boot/kernel/ng_ppp.ko...Reading symbols from /boot/kernel/ng_ppp.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/ng_ppp.ko
Reading symbols from /boot/kernel/ng_tcpmss.ko...Reading symbols from /boot/kernel/ng_tcpmss.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/ng_tcpmss.ko
#0  doadump () at pcpu.h:231
231	pcpu.h: No such file or directory.
	in pcpu.h
(kgdb) bt
#0  doadump () at pcpu.h:231
#1  0xc08cd7a3 in boot (howto=260) at /data/src/sys/kern/kern_shutdown.c:441
#2  0xc08cda07 in panic (fmt=Variable "fmt" is not available.
) at /data/src/sys/kern/kern_shutdown.c:614
#3  0xc0c3aadc in trap_fatal (frame=0xe80d0994, eva=0) at /data/src/sys/i386/i386/trap.c:978
#4  0xc0c3ab79 in trap_pfault (frame=0xe80d0994, usermode=0, eva=0) at /data/src/sys/i386/i386/trap.c:840
#5  0xc0c3b859 in trap (frame=0xe80d0994) at /data/src/sys/i386/i386/trap.c:559
#6  0xc0c2216c in calltrap () at /data/src/sys/i386/i386/exception.s:168
#7  0xc09d7df9 in in_lltable_lookup (llt=0xc6143400, flags=Variable "flags" is not available.
) at /data/src/sys/netinet/in.c:1463
#8  0xc098233f in lla_rt_output (rtm=0xc67f0500, info=0xe80d0a7c) at if_llatbl.h:196
#9  0xc098f857 in route_output (m=0xc68a0600, so=0xc5920b44) at /data/src/sys/net/rtsock.c:638
#10 0xc098b498 in raw_usend (so=0xc5920b44, flags=Variable "flags" is not available.
) at /data/src/sys/net/raw_usrreq.c:238
#11 0xc098e695 in rts_send (so=0xc5920b44, flags=0, m=0xc68a0600, nam=0x0, control=0x0, td=0xc655a000)
    at /data/src/sys/net/rtsock.c:386
#12 0xc0930c3a in sosend_generic (so=0xc5920b44, addr=0x0, uio=0xe80d0c48, top=0xc68a0600, control=0x0, flags=0, 
    td=0xc655a000) at /data/src/sys/kern/uipc_socket.c:1294
#13 0xc092ccff in sosend (so=0xc5920b44, addr=0x0, uio=0xe80d0c48, top=0x0, control=0x0, flags=0, td=0xc655a000)
    at /data/src/sys/kern/uipc_socket.c:1338
#14 0xc0913ea3 in soo_write (fp=0xc6887c78, uio=0xe80d0c48, active_cred=0xc5957100, flags=0, td=0xc655a000)
    at /data/src/sys/kern/sys_socket.c:100
#15 0xc090cdf7 in dofilewrite (td=0xc655a000, fd=3, fp=0xc6887c78, auio=0xe80d0c48, offset=-1, flags=0) at file.h:239
#16 0xc090d0e8 in kern_writev (td=0xc655a000, fd=3, auio=0xe80d0c48) at /data/src/sys/kern/sys_generic.c:447
#17 0xc090d16f in write (td=0xc655a000, uap=0xe80d0cec) at /data/src/sys/kern/sys_generic.c:363
#18 0xc0c3b0d2 in syscall (frame=0xe80d0d28) at subr_syscall.c:114
#19 0xc0c221d1 in Xint0x80_syscall () at /data/src/sys/i386/i386/exception.s:266
#20 0x00000033 in ?? ()
Previous frame inner to this frame (corrupt stack?)
(kgdb) frame 7
#7  0xc09d7df9 in in_lltable_lookup (llt=0xc6143400, flags=Variable "flags" is not available.
) at /data/src/sys/netinet/in.c:1463

1463				if ((*sa ^ *addr) & *mask) {
(kgdb) l
1458			addr = (const char *)l3addr;
1459			len = ((const struct sockaddr_in *)l3addr)->sin_len;
1460			lim = addr + len;
1461	
1462			for ( ; addr < lim; sa++, mask++, addr++) {
1463				if ((*sa ^ *addr) & *mask) {
1464	#ifdef DIAGNOSTIC
1465					log(LOG_INFO, "IPv4 address: \"%s\" is not on the network\n",
1466					    inet_ntoa(((const struct sockaddr_in *)l3addr)->sin_addr));
1467	#endif
(kgdb) p sa
No symbol "sa" in current context.
(kgdb) p addr
No symbol "addr" in current context.
(kgdb) p mask
No symbol "mask" in current context.

>Fix:

	Unknown.


>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-bugs mailing list