FreeBSD Mail Archives

Date:      Wed, 24 Dec 2003 01:34:20 +0200
From:      Victor Ivanov <v0rbiz@icon.bg>
To:        freebsd-stable@freebsd.org
Subject:   possible (kernel) bug with zebra
Message-ID:  <20031223233420.GA5508@icon.icon.bg>

next in thread | raw e-mail | index | archive | help


--lEGEL1/lMxI0MVQ2
Content-Type: multipart/mixed; boundary="vkogqOf2sHV7VnPd"
Content-Disposition: inline


--vkogqOf2sHV7VnPd
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

Hello,

I don't know if my machine has some hardware problem, but I've noticed this
strange behavior with zebra 0.93b_7 on 4.9-STABLE.
The first problem is zebra's inconsistent(?) handling of routing information,
especialy when it comes to point-to-point interfaces (like tun) and ones
handled by ppp(8).
When ppp shuts down a link, it first deletes all routes, including the
route to the remote host. Then it downs the interface. Zebra gets confused
about this, because it gets the RTM_DELETE messages, but not the RTM_DELADDR
message it seems to expect. (Which happens if you just do ifconfig -alias,
there is a RTM_DELETE and then RTM_DELADDR)
As a result, the zebra's routing table becomes bogus and the advertised
routes are not correct. To fix this for now, I've put a script to do a
ifconfig -alias which is run from ppp.linkdown.
So far so good, but the kernel starts to panic :/
Attached are the results from two consecutive panics

I can provide more information/do more tests if someone finds this
interesting :) Any help is appreciated, of course


--vkogqOf2sHV7VnPd
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename="pool1-core-1.txt"
Content-Transfer-Encoding: quoted-printable

IdlePTD at physical address 0x00402000
initial pcb at physical address 0x00350100
panicstr: page fault
panic messages:
---
Fatal trap 12: page fault while in kernel mode
fault virtual address   =3D 0x4
fault code              =3D supervisor read, page not present
instruction pointer     =3D 0x8:0xc01c87dd
stack pointer           =3D 0x10:0xc6c8cd1c
frame pointer           =3D 0x10:0xc6c8cd28
code segment            =3D base 0x0, limit 0xfffff, type 0x1b
                        =3D DPL 0, pres 1, def32 1, gran 1
processor eflags        =3D interrupt enabled, resume, IOPL =3D 0
current process         =3D 259 (zebra)
interrupt mask          =3D=20
trap number             =3D 12
panic: page fault

---
#0  dumpsys () at /usr/src/sys/kern/kern_shutdown.c:487
487             if (dumping++) {
(kgdb) where
#0  dumpsys () at /usr/src/sys/kern/kern_shutdown.c:487
#1  0xc01726ac in boot (howto=3D256) at /usr/src/sys/kern/kern_shutdown.c:3=
16
#2  0xc0172ae0 in poweroff_wait (junk=3D0xc030466c, howto=3D-1070579345)
    at /usr/src/sys/kern/kern_shutdown.c:595
#3  0xc02b595f in trap_fatal (frame=3D0xc6c8ccdc, eva=3D4)
    at /usr/src/sys/i386/i386/trap.c:974
#4  0xc02b5621 in trap_pfault (frame=3D0xc6c8ccdc, usermode=3D0, eva=3D4)
    at /usr/src/sys/i386/i386/trap.c:867
#5  0xc02b51d7 in trap (frame=3D{tf_fs =3D 16, tf_es =3D 16, tf_ds =3D 16,=
=20
      tf_edi =3D -1056391680, tf_esi =3D -1054480496, tf_ebp =3D -959918808=
,=20
      tf_isp =3D -959918840, tf_ebx =3D 0, tf_edx =3D -1056391680, tf_ecx =
=3D 1,=20
      tf_eax =3D 0, tf_trapno =3D 12, tf_err =3D 0, tf_eip =3D -1071872035,=
 tf_cs =3D 8,=20
      tf_eflags =3D 66118, tf_esp =3D -959918696, tf_ss =3D -1056712704})
    at /usr/src/sys/i386/i386/trap.c:466
#6  0xc01c87dd in arp_rtrequest (req=3D1, rt=3D0xc108be00, info=3D0xc6c8cd9=
8)
    at /usr/src/sys/netinet/if_ether.c:186
#7  0xc01c033e in rtrequest1 (req=3D1, info=3D0xc6c8cd98, ret_nrt=3D0xc6c8c=
d94)
    at /usr/src/sys/net/route.c:750
#8  0xc01c0dd5 in route_output (m=3D0xc09b6f00, so=3D0xc662fe00)
    at /usr/src/sys/net/rtsock.c:341
#9  0xc01bf756 in raw_usend (so=3D0xc662fe00, flags=3D0, m=3D0xc09b6f00, na=
m=3D0x0,=20
    control=3D0x0, p=3D0xc6021dc0) at /usr/src/sys/net/raw_usrreq.c:258
#10 0xc01c0b58 in rts_send (so=3D0xc662fe00, flags=3D0, m=3D0xc09b6f00, nam=
=3D0x0,=20
    control=3D0x0, p=3D0xc6021dc0) at /usr/src/sys/net/rtsock.c:236
#11 0xc0192f0f in sosend (so=3D0xc662fe00, addr=3D0x0, uio=3D0xc6c8ced4,=20
    top=3D0xc09b6f00, control=3D0x0, flags=3D0, p=3D0xc6021dc0)
    at /usr/src/sys/kern/uipc_socket.c:613
#12 0xc0185fee in soo_write (fp=3D0xc1041e00, uio=3D0xc6c8ced4, cred=3D0xc1=
125080,=20
    flags=3D0, p=3D0xc6021dc0) at /usr/src/sys/kern/sys_socket.c:81
#13 0xc0182a82 in dofilewrite (p=3D0xc6021dc0, fp=3D0xc1041e00, fd=3D5,=20
    buf=3D0xbfbfee98, nbyte=3D128, offset=3D-1, flags=3D0)
    at /usr/src/sys/sys/file.h:163
#14 0xc0182933 in write (p=3D0xc6021dc0, uap=3D0xc6c8cf80)
    at /usr/src/sys/kern/sys_generic.c:329
#15 0xc02b5c19 in syscall2 (frame=3D{tf_fs =3D 47, tf_es =3D 47, tf_ds =3D =
47,=20
      tf_edi =3D 128, tf_esi =3D 134752556, tf_ebp =3D -1077939936,=20
      tf_isp =3D -959918124, tf_ebx =3D 16, tf_edx =3D -1077940584, tf_ecx =
=3D 0,=20
      tf_eax =3D 4, tf_trapno =3D 7, tf_err =3D 2, tf_eip =3D 672837944, tf=
_cs =3D 31,=20
      tf_eflags =3D 582, tf_esp =3D -1077940636, tf_ss =3D 47})
    at /usr/src/sys/i386/i386/trap.c:1175
#16 0xc02a95c5 in Xint0x80_syscall ()
#17 0x8065d99 in ?? ()
#18 0x8065deb in ?? ()
#19 0x804f862 in ?? ()
#20 0x804fa8a in ?? ()
#21 0x8050007 in ?? ()
#22 0x804e3d3 in ?? ()
#23 0x804e44a in ?? ()
#24 0x8066812 in ?? ()
#25 0x806704f in ?? ()
#26 0x805fdb6 in ?? ()
#27 0x804c501 in ?? ()
#28 0x80499aa in ?? ()


--vkogqOf2sHV7VnPd
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename="pool1-core-2.txt"
Content-Transfer-Encoding: quoted-printable

IdlePTD at physical address 0x00402000
initial pcb at physical address 0x00350100
panicstr: page fault
panic messages:
---
Fatal trap 12: page fault while in kernel mode
fault virtual address   =3D 0x4
fault code              =3D supervisor read, page not present
instruction pointer     =3D 0x8:0xc01c87dd
stack pointer           =3D 0x10:0xc6c8cd1c
frame pointer           =3D 0x10:0xc6c8cd28
code segment            =3D base 0x0, limit 0xfffff, type 0x1b
                        =3D DPL 0, pres 1, def32 1, gran 1
processor eflags        =3D interrupt enabled, resume, IOPL =3D 0
current process         =3D 322 (zebra)
interrupt mask          =3D=20
trap number             =3D 12
panic: page fault

---
#0  dumpsys () at /usr/src/sys/kern/kern_shutdown.c:487
487             if (dumping++) {
(kgdb) where
#0  dumpsys () at /usr/src/sys/kern/kern_shutdown.c:487
#1  0xc01726ac in boot (howto=3D256) at /usr/src/sys/kern/kern_shutdown.c:3=
16
#2  0xc0172ae0 in poweroff_wait (junk=3D0xc030466c, howto=3D-1070579345)
    at /usr/src/sys/kern/kern_shutdown.c:595
#3  0xc02b595f in trap_fatal (frame=3D0xc6c8ccdc, eva=3D4)
    at /usr/src/sys/i386/i386/trap.c:974
#4  0xc02b5621 in trap_pfault (frame=3D0xc6c8ccdc, usermode=3D0, eva=3D4)
    at /usr/src/sys/i386/i386/trap.c:867
#5  0xc02b51d7 in trap (frame=3D{tf_fs =3D 16, tf_es =3D 16, tf_ds =3D 16,=
=20
      tf_edi =3D -1056672256, tf_esi =3D -1056288112, tf_ebp =3D -959918808=
,=20
      tf_isp =3D -959918840, tf_ebx =3D 0, tf_edx =3D -1056672256, tf_ecx =
=3D 1,=20
      tf_eax =3D 0, tf_trapno =3D 12, tf_err =3D 0, tf_eip =3D -1071872035,=
 tf_cs =3D 8,=20
      tf_eflags =3D 66118, tf_esp =3D -959918696, tf_ss =3D -1056716032})
    at /usr/src/sys/i386/i386/trap.c:466
#6  0xc01c87dd in arp_rtrequest (req=3D1, rt=3D0xc1047600, info=3D0xc6c8cd9=
8)
    at /usr/src/sys/netinet/if_ether.c:186
#7  0xc01c033e in rtrequest1 (req=3D1, info=3D0xc6c8cd98, ret_nrt=3D0xc6c8c=
d94)
    at /usr/src/sys/net/route.c:750
#8  0xc01c0dd5 in route_output (m=3D0xc09b4300, so=3D0xc662fd40)
    at /usr/src/sys/net/rtsock.c:341
#9  0xc01bf756 in raw_usend (so=3D0xc662fd40, flags=3D0, m=3D0xc09b4300, na=
m=3D0x0,=20
    control=3D0x0, p=3D0xc6021dc0) at /usr/src/sys/net/raw_usrreq.c:258
#10 0xc01c0b58 in rts_send (so=3D0xc662fd40, flags=3D0, m=3D0xc09b4300, nam=
=3D0x0,=20
    control=3D0x0, p=3D0xc6021dc0) at /usr/src/sys/net/rtsock.c:236
#11 0xc0192f0f in sosend (so=3D0xc662fd40, addr=3D0x0, uio=3D0xc6c8ced4,=20
    top=3D0xc09b4300, control=3D0x0, flags=3D0, p=3D0xc6021dc0)
    at /usr/src/sys/kern/uipc_socket.c:613
#12 0xc0185fee in soo_write (fp=3D0xc1020500, uio=3D0xc6c8ced4, cred=3D0xc1=
13de00,=20
    flags=3D0, p=3D0xc6021dc0) at /usr/src/sys/kern/sys_socket.c:81
#13 0xc0182a82 in dofilewrite (p=3D0xc6021dc0, fp=3D0xc1020500, fd=3D5,=20
    buf=3D0xbfbfee98, nbyte=3D128, offset=3D-1, flags=3D0)
    at /usr/src/sys/sys/file.h:163
#14 0xc0182933 in write (p=3D0xc6021dc0, uap=3D0xc6c8cf80)
    at /usr/src/sys/kern/sys_generic.c:329
#15 0xc02b5c19 in syscall2 (frame=3D{tf_fs =3D 47, tf_es =3D 47, tf_ds =3D =
47,=20
      tf_edi =3D 128, tf_esi =3D 134752556, tf_ebp =3D -1077939936,=20
      tf_isp =3D -959918124, tf_ebx =3D 16, tf_edx =3D -1077940584, tf_ecx =
=3D 0,=20
      tf_eax =3D 4, tf_trapno =3D 7, tf_err =3D 2, tf_eip =3D 672837944, tf=
_cs =3D 31,=20
      tf_eflags =3D 582, tf_esp =3D -1077940636, tf_ss =3D 47})
    at /usr/src/sys/i386/i386/trap.c:1175
#16 0xc02a95c5 in Xint0x80_syscall ()
#17 0x8065d99 in ?? ()
#18 0x8065deb in ?? ()
#19 0x804f862 in ?? ()
#20 0x804fa8a in ?? ()
#21 0x8050007 in ?? ()
#22 0x804e3d3 in ?? ()
#23 0x804e44a in ?? ()
#24 0x8066812 in ?? ()
#25 0x806704f in ?? ()
#26 0x805fdb6 in ?? ()
#27 0x804c501 in ?? ()
#28 0x80499aa in ?? ()
=2E..
(kgdb) up
#6  0xc01c87dd in arp_rtrequest (req=3D1, rt=3D0xc1047600, info=3D0xc6c8cd9=
8)
    at /usr/src/sys/netinet/if_ether.c:186
186                     if ((rt->rt_flags & RTF_HOST) =3D=3D 0 &&
=2E..
(kgdb) print /x rt->rt_flags
$3 =3D 0x18001


--vkogqOf2sHV7VnPd--

--lEGEL1/lMxI0MVQ2
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.0i for non-commercial use
MessageID: ustob39ZP0pESj3I85MkUpoyZB4LevBi

iQA/AwUBP+jQ/MQsfVafPWCcEQJ/3gCdGKK2jICdv/tTz6R/we6n5PezOnEAn3l/
eXrLJEqIlx8AUKKoNQP7vAj5
=S5ZR
-----END PGP SIGNATURE-----

--lEGEL1/lMxI0MVQ2--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20031223233420.GA5508>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation