possible (kernel) bug with zebra

Victor Ivanov v0rbiz at icon.bg
Tue Dec 23 15:34:30 PST 2003 

Hello,

I don't know if my machine has some hardware problem, but I've noticed this
strange behavior with zebra 0.93b_7 on 4.9-STABLE.
The first problem is zebra's inconsistent(?) handling of routing information,
especialy when it comes to point-to-point interfaces (like tun) and ones
handled by ppp(8).
When ppp shuts down a link, it first deletes all routes, including the
route to the remote host. Then it downs the interface. Zebra gets confused
about this, because it gets the RTM_DELETE messages, but not the RTM_DELADDR
message it seems to expect. (Which happens if you just do ifconfig -alias,
there is a RTM_DELETE and then RTM_DELADDR)
As a result, the zebra's routing table becomes bogus and the advertised
routes are not correct. To fix this for now, I've put a script to do a
ifconfig -alias which is run from ppp.linkdown.
So far so good, but the kernel starts to panic :/
Attached are the results from two consecutive panics

I can provide more information/do more tests if someone finds this
interesting :) Any help is appreciated, of course

-------------- next part --------------
IdlePTD at physical address 0x00402000
initial pcb at physical address 0x00350100
panicstr: page fault
panic messages:
---
Fatal trap 12: page fault while in kernel mode
fault virtual address   = 0x4
fault code              = supervisor read, page not present
instruction pointer     = 0x8:0xc01c87dd
stack pointer           = 0x10:0xc6c8cd1c
frame pointer           = 0x10:0xc6c8cd28
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, def32 1, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 259 (zebra)
interrupt mask          = 
trap number             = 12
panic: page fault

---
#0  dumpsys () at /usr/src/sys/kern/kern_shutdown.c:487
487             if (dumping++) {
(kgdb) where
#0  dumpsys () at /usr/src/sys/kern/kern_shutdown.c:487
#1  0xc01726ac in boot (howto=256) at /usr/src/sys/kern/kern_shutdown.c:316
#2  0xc0172ae0 in poweroff_wait (junk=0xc030466c, howto=-1070579345)
    at /usr/src/sys/kern/kern_shutdown.c:595
#3  0xc02b595f in trap_fatal (frame=0xc6c8ccdc, eva=4)
    at /usr/src/sys/i386/i386/trap.c:974
#4  0xc02b5621 in trap_pfault (frame=0xc6c8ccdc, usermode=0, eva=4)
    at /usr/src/sys/i386/i386/trap.c:867
#5  0xc02b51d7 in trap (frame={tf_fs = 16, tf_es = 16, tf_ds = 16, 
      tf_edi = -1056391680, tf_esi = -1054480496, tf_ebp = -959918808, 
      tf_isp = -959918840, tf_ebx = 0, tf_edx = -1056391680, tf_ecx = 1, 
      tf_eax = 0, tf_trapno = 12, tf_err = 0, tf_eip = -1071872035, tf_cs = 8, 
      tf_eflags = 66118, tf_esp = -959918696, tf_ss = -1056712704})
    at /usr/src/sys/i386/i386/trap.c:466
#6  0xc01c87dd in arp_rtrequest (req=1, rt=0xc108be00, info=0xc6c8cd98)
    at /usr/src/sys/netinet/if_ether.c:186
#7  0xc01c033e in rtrequest1 (req=1, info=0xc6c8cd98, ret_nrt=0xc6c8cd94)
    at /usr/src/sys/net/route.c:750
#8  0xc01c0dd5 in route_output (m=0xc09b6f00, so=0xc662fe00)
    at /usr/src/sys/net/rtsock.c:341
#9  0xc01bf756 in raw_usend (so=0xc662fe00, flags=0, m=0xc09b6f00, nam=0x0, 
    control=0x0, p=0xc6021dc0) at /usr/src/sys/net/raw_usrreq.c:258
#10 0xc01c0b58 in rts_send (so=0xc662fe00, flags=0, m=0xc09b6f00, nam=0x0, 
    control=0x0, p=0xc6021dc0) at /usr/src/sys/net/rtsock.c:236
#11 0xc0192f0f in sosend (so=0xc662fe00, addr=0x0, uio=0xc6c8ced4, 
    top=0xc09b6f00, control=0x0, flags=0, p=0xc6021dc0)
    at /usr/src/sys/kern/uipc_socket.c:613
#12 0xc0185fee in soo_write (fp=0xc1041e00, uio=0xc6c8ced4, cred=0xc1125080, 
    flags=0, p=0xc6021dc0) at /usr/src/sys/kern/sys_socket.c:81
#13 0xc0182a82 in dofilewrite (p=0xc6021dc0, fp=0xc1041e00, fd=5, 
    buf=0xbfbfee98, nbyte=128, offset=-1, flags=0)
    at /usr/src/sys/sys/file.h:163
#14 0xc0182933 in write (p=0xc6021dc0, uap=0xc6c8cf80)
    at /usr/src/sys/kern/sys_generic.c:329
#15 0xc02b5c19 in syscall2 (frame={tf_fs = 47, tf_es = 47, tf_ds = 47, 
      tf_edi = 128, tf_esi = 134752556, tf_ebp = -1077939936, 
      tf_isp = -959918124, tf_ebx = 16, tf_edx = -1077940584, tf_ecx = 0, 
      tf_eax = 4, tf_trapno = 7, tf_err = 2, tf_eip = 672837944, tf_cs = 31, 
      tf_eflags = 582, tf_esp = -1077940636, tf_ss = 47})
    at /usr/src/sys/i386/i386/trap.c:1175
#16 0xc02a95c5 in Xint0x80_syscall ()
#17 0x8065d99 in ?? ()
#18 0x8065deb in ?? ()
#19 0x804f862 in ?? ()
#20 0x804fa8a in ?? ()
#21 0x8050007 in ?? ()
#22 0x804e3d3 in ?? ()
#23 0x804e44a in ?? ()
#24 0x8066812 in ?? ()
#25 0x806704f in ?? ()
#26 0x805fdb6 in ?? ()
#27 0x804c501 in ?? ()
#28 0x80499aa in ?? ()

-------------- next part --------------
IdlePTD at physical address 0x00402000
initial pcb at physical address 0x00350100
panicstr: page fault
panic messages:
---
Fatal trap 12: page fault while in kernel mode
fault virtual address   = 0x4
fault code              = supervisor read, page not present
instruction pointer     = 0x8:0xc01c87dd
stack pointer           = 0x10:0xc6c8cd1c
frame pointer           = 0x10:0xc6c8cd28
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, def32 1, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 322 (zebra)
interrupt mask          = 
trap number             = 12
panic: page fault

---
#0  dumpsys () at /usr/src/sys/kern/kern_shutdown.c:487
487             if (dumping++) {
(kgdb) where
#0  dumpsys () at /usr/src/sys/kern/kern_shutdown.c:487
#1  0xc01726ac in boot (howto=256) at /usr/src/sys/kern/kern_shutdown.c:316
#2  0xc0172ae0 in poweroff_wait (junk=0xc030466c, howto=-1070579345)
    at /usr/src/sys/kern/kern_shutdown.c:595
#3  0xc02b595f in trap_fatal (frame=0xc6c8ccdc, eva=4)
    at /usr/src/sys/i386/i386/trap.c:974
#4  0xc02b5621 in trap_pfault (frame=0xc6c8ccdc, usermode=0, eva=4)
    at /usr/src/sys/i386/i386/trap.c:867
#5  0xc02b51d7 in trap (frame={tf_fs = 16, tf_es = 16, tf_ds = 16, 
      tf_edi = -1056672256, tf_esi = -1056288112, tf_ebp = -959918808, 
      tf_isp = -959918840, tf_ebx = 0, tf_edx = -1056672256, tf_ecx = 1, 
      tf_eax = 0, tf_trapno = 12, tf_err = 0, tf_eip = -1071872035, tf_cs = 8, 
      tf_eflags = 66118, tf_esp = -959918696, tf_ss = -1056716032})
    at /usr/src/sys/i386/i386/trap.c:466
#6  0xc01c87dd in arp_rtrequest (req=1, rt=0xc1047600, info=0xc6c8cd98)
    at /usr/src/sys/netinet/if_ether.c:186
#7  0xc01c033e in rtrequest1 (req=1, info=0xc6c8cd98, ret_nrt=0xc6c8cd94)
    at /usr/src/sys/net/route.c:750
#8  0xc01c0dd5 in route_output (m=0xc09b4300, so=0xc662fd40)
    at /usr/src/sys/net/rtsock.c:341
#9  0xc01bf756 in raw_usend (so=0xc662fd40, flags=0, m=0xc09b4300, nam=0x0, 
    control=0x0, p=0xc6021dc0) at /usr/src/sys/net/raw_usrreq.c:258
#10 0xc01c0b58 in rts_send (so=0xc662fd40, flags=0, m=0xc09b4300, nam=0x0, 
    control=0x0, p=0xc6021dc0) at /usr/src/sys/net/rtsock.c:236
#11 0xc0192f0f in sosend (so=0xc662fd40, addr=0x0, uio=0xc6c8ced4, 
    top=0xc09b4300, control=0x0, flags=0, p=0xc6021dc0)
    at /usr/src/sys/kern/uipc_socket.c:613
#12 0xc0185fee in soo_write (fp=0xc1020500, uio=0xc6c8ced4, cred=0xc113de00, 
    flags=0, p=0xc6021dc0) at /usr/src/sys/kern/sys_socket.c:81
#13 0xc0182a82 in dofilewrite (p=0xc6021dc0, fp=0xc1020500, fd=5, 
    buf=0xbfbfee98, nbyte=128, offset=-1, flags=0)
    at /usr/src/sys/sys/file.h:163
#14 0xc0182933 in write (p=0xc6021dc0, uap=0xc6c8cf80)
    at /usr/src/sys/kern/sys_generic.c:329
#15 0xc02b5c19 in syscall2 (frame={tf_fs = 47, tf_es = 47, tf_ds = 47, 
      tf_edi = 128, tf_esi = 134752556, tf_ebp = -1077939936, 
      tf_isp = -959918124, tf_ebx = 16, tf_edx = -1077940584, tf_ecx = 0, 
      tf_eax = 4, tf_trapno = 7, tf_err = 2, tf_eip = 672837944, tf_cs = 31, 
      tf_eflags = 582, tf_esp = -1077940636, tf_ss = 47})
    at /usr/src/sys/i386/i386/trap.c:1175
#16 0xc02a95c5 in Xint0x80_syscall ()
#17 0x8065d99 in ?? ()
#18 0x8065deb in ?? ()
#19 0x804f862 in ?? ()
#20 0x804fa8a in ?? ()
#21 0x8050007 in ?? ()
#22 0x804e3d3 in ?? ()
#23 0x804e44a in ?? ()
#24 0x8066812 in ?? ()
#25 0x806704f in ?? ()
#26 0x805fdb6 in ?? ()
#27 0x804c501 in ?? ()
#28 0x80499aa in ?? ()
...
(kgdb) up
#6  0xc01c87dd in arp_rtrequest (req=1, rt=0xc1047600, info=0xc6c8cd98)
    at /usr/src/sys/netinet/if_ether.c:186
186                     if ((rt->rt_flags & RTF_HOST) == 0 &&
...
(kgdb) print /x rt->rt_flags
$3 = 0x18001

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 248 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20031224/07354605/attachment.bin

More information about the freebsd-stable mailing list