From owner-freebsd-net@FreeBSD.ORG  Sun Apr 27 15:36:44 2008
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id BBAEF1065673
	for <freebsd-net@freebsd.org>; Sun, 27 Apr 2008 15:36:44 +0000 (UTC)
	(envelope-from hlh@restart.be)
Received: from tignes.restart.be (unknown [IPv6:2001:41d0:1:2ad2::1])
	by mx1.freebsd.org (Postfix) with ESMTP id EC5DA8FC26
	for <freebsd-net@freebsd.org>; Sun, 27 Apr 2008 15:36:43 +0000 (UTC)
	(envelope-from hlh@restart.be)
Received: from restart.be (avoriaz.tunnel.bel [IPv6:2001:41d0:1:2ad2::fffe:0])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(Client CN "avoriaz.restart.be", Issuer "CA master" (verified OK))
	by tignes.restart.be (Postfix) with ESMTPS id 9576F1BAC5B
	for <freebsd-net@freebsd.org>; Sun, 27 Apr 2008 17:36:42 +0200 (CEST)
Received: from morzine.restart.bel (morzine6.restart.bel
	[IPv6:2001:41d0:1:2ad2::1:2]) (authenticated bits=0)
	by restart.be (8.14.2/8.14.2) with ESMTP id m3RFadRc061639
	for <freebsd-net@freebsd.org>; Sun, 27 Apr 2008 17:36:40 +0200 (CEST)
	(envelope-from hlh@restart.be)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=restart.be;
	s=avoriaz; t=1209310601; bh=LZ2mye+mh5wEoKZ9Ib3j6ftELhePmBXlDcfQLS2
	nf/M=; h=Message-ID:Date:From:MIME-Version:To:Subject:Content-Type:
	Content-Transfer-Encoding; b=aRiih7+cPVF26St0F6BE51ZSV8SdtqP973B7E
	MMZ4gPANjaBG5RLdFDTtKrDPI2xR9aLsypk7Sg1NJtCG/DSxg==
DomainKey-Signature: a=rsa-sha1; s=avoriaz; d=restart.be; c=nofws; q=dns;
	h=message-id:date:from:organization:user-agent:mime-version:to:
	subject:content-type:content-transfer-encoding:x-scanned-by;
	b=Gvi41OKFUP3Sqps9p7g3iOoTAizJTBdCBTrU9CE+aUOujtzIk3TT7/nLESpm6o0d/
	232crUjWGqn1lJBU7d8+g==
Message-ID: <48149D87.9070202@restart.be>
Date: Sun, 27 Apr 2008 17:36:39 +0200
From: Henri Hennebert <hlh@restart.be>
Organization: RestartSoft
User-Agent: Thunderbird 2.0.0.12 (X11/20080427)
MIME-Version: 1.0
To: freebsd-net@freebsd.org
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Scanned-By: MIMEDefang 2.64 on IPv6:2001:41d0:1:2ad2::1:1
Subject: 7.0-STABLE - ping6 and tap - kernel crash
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 27 Apr 2008 15:36:44 -0000

Hello,

I encounter a crash during a ping6 on a tap interface.

I am running an instance of Freebsd 7.0-RELEASE under qemu.

on the host machine:

# uname -a
FreeBSD morzine.restart.bel 7.0-STABLE FreeBSD 7.0-STABLE #0: Sat Apr 26 
17:49:50 CEST 2008 
root@morzine.restart.bel:/usr/obj/usr/src/sys/MORZINE  i386

# ifconfig -a
em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
	options=19b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4>
	ether 00:e0:81:70:6b:68
	inet6 fe80::2e0:81ff:fe70:6b68%em0 prefixlen 64 scopeid 0x1
	inet 192.168.24.2 netmask 0xffffff00 broadcast 192.168.24.255
	inet6 2001:41d0:1:2ad2::1:2 prefixlen 112
	media: Ethernet 100baseTX (100baseTX <half-duplex>)
	status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
	inet6 ::1 prefixlen 128
	inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2
	inet 127.0.0.1 netmask 0xff000000
tap0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
	ether 00:bd:2c:94:01:00
	inet 192.168.22.1 netmask 0xffffff00 broadcast 192.168.22.255
	inet6 fe80::2bd:2cff:fe94:100%tap0 prefixlen 64 scopeid 0x3
	inet6 2001:41d0:1:2ad2::2:1 prefixlen 112
	Opened by PID 1579

[tap0 is connected to the qemu]

if I ping6 2001:41d0:1:2ad2::2:fe03 witch is not the ipv6 address off 
the qemu configuration, after one or 2 minutes, I get:

kgdb -c /var/crash/vmcore.42  kernel
[GDB will not be able to debug user-mode threads: 
/usr/lib/libthread_db.so: Undefined symbol "ps_pglobal_lookup"]
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain 
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-marcel-freebsd".
There is no member named pathname.
Reading symbols from ./zfs.ko...Reading symbols from 
/bootfs/boot/kernel/zfs.ko.symbols...done.
done.
Loaded symbols for ./zfs.ko
Reading symbols from ./if_tap.ko...Reading symbols from 
/bootfs/boot/kernel/if_tap.ko.symbols...done.
done.
Loaded symbols for ./if_tap.ko
Reading symbols from ./ng_ether.ko...Reading symbols from 
/bootfs/boot/kernel/ng_ether.ko.symbols...done.
done.
Loaded symbols for ./ng_ether.ko
Reading symbols from ./netgraph.ko...Reading symbols from 
/bootfs/boot/kernel/netgraph.ko.symbols...done.
done.
Loaded symbols for ./netgraph.ko
Reading symbols from ./sound.ko...Reading symbols from 
/bootfs/boot/kernel/sound.ko.symbols...done.
done.
Loaded symbols for ./sound.ko
Reading symbols from ./snd_hda.ko...Reading symbols from 
/bootfs/boot/kernel/snd_hda.ko.symbols...done.
done.
Loaded symbols for ./snd_hda.ko
Reading symbols from ./acpi_video.ko...Reading symbols from 
/bootfs/boot/kernel/acpi_video.ko.symbols...done.
done.
Loaded symbols for ./acpi_video.ko
Reading symbols from ./acpi.ko...Reading symbols from 
/bootfs/boot/kernel/acpi.ko.symbols...done.
done.
Loaded symbols for ./acpi.ko
Reading symbols from ./coretemp.ko...Reading symbols from 
/bootfs/boot/kernel/coretemp.ko.symbols...done.
done.
Loaded symbols for ./coretemp.ko
Reading symbols from ./accf_http.ko...Reading symbols from 
/bootfs/boot/kernel/accf_http.ko.symbols...done.
done.
Loaded symbols for ./accf_http.ko
Reading symbols from ./daemon_saver.ko...Reading symbols from 
/bootfs/boot/kernel/daemon_saver.ko.symbols...done.
done.
Loaded symbols for ./daemon_saver.ko
Reading symbols from ./agp.ko...Reading symbols from 
/bootfs/boot/kernel/agp.ko.symbols...done.
done.
Loaded symbols for ./agp.ko
Reading symbols from ./aio.ko...Reading symbols from 
/bootfs/boot/kernel/aio.ko.symbols...done.
done.
Loaded symbols for ./aio.ko
Reading symbols from /boot/modules/kqemu.ko...done.
Loaded symbols for /boot/modules/kqemu.ko

Unread portion of the kernel message buffer:


Fatal trap 12: page fault while in kernel mode
cpuid = 0; apic id = 00
fault virtual address	= 0x6d8f17e6
fault code		= supervisor read, page not present
instruction pointer	= 0x20:0xa06e4bd3
stack pointer	        = 0x28:0xf734fc30
frame pointer	        = 0x28:0xf734fc4c
code segment		= base 0x0, limit 0xfffff, type 0x1b
			= DPL 0, pres 1, def32 1, gran 1
processor eflags	= interrupt enabled, resume, IOPL = 0
current process		= 14 (swi4: clock sio)
trap number		= 12
panic: page fault
cpuid = 0
KDB: stack backtrace:
db_trace_self_wrapper(a08224e4,f734facc,a05b270f,a083dd24,0,...) at 
db_trace_self_wrapper+0x26
kdb_backtrace(a083dd24,0,a0804f82,f734fad8,0,...) at kdb_backtrace+0x29
panic(a0804f82,a083f01d,a5535224,1,1,...) at panic+0x10f
trap_fatal(a089d000,6d8f1000,1,0,0,...) at trap_fatal+0x333
trap_pfault(81,f734fb74,a05d0bdc,a826e220,a5535000,...) at trap_pfault+0x270
trap(f734fbf0) at trap+0x3fa
calltrap() at calltrap+0x6
--- trap 0xc, eip = 0xa06e4bd3, esp = 0xf734fc30, ebp = 0xf734fc4c ---
icmp6_error2(a71e8500,1,3,0,a56e9800,...) at icmp6_error2+0xc3
nd6_llinfo_timer(ad2a3140,a5537440,0,f734fcbc,a05ba486,...) at 
nd6_llinfo_timer+0x158
softclock(0,0,a081e0bf,46b,0,...) at softclock+0x2ba
ithread_loop(a55345b0,f734fd38,0,0,0,...) at ithread_loop+0x1ab
fork_exit(a05926f0,a55345b0,f734fd38) at fork_exit+0x99
fork_trampoline() at fork_trampoline+0x8
--- trap 0, eip = 0, esp = 0xf734fd70, ebp = 0 ---
Uptime: 11m32s
Physical memory: 2030 MB
Dumping 205 MB: 190 174 158 142 126 110 94 78 62 46 30 14

#0  doadump () at pcpu.h:195
195	pcpu.h: No such file or directory.
	in pcpu.h
(kgdb)

gnat show me nothing relevant - any idea ?

Henri