From nobody@FreeBSD.org  Fri Jul 30 07:47:45 2010
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id EEFFD106567C
	for <freebsd-gnats-submit@FreeBSD.org>; Fri, 30 Jul 2010 07:47:45 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21])
	by mx1.freebsd.org (Postfix) with ESMTP id C46A68FC18
	for <freebsd-gnats-submit@FreeBSD.org>; Fri, 30 Jul 2010 07:47:45 +0000 (UTC)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.14.3/8.14.3) with ESMTP id o6U7lj9I019614
	for <freebsd-gnats-submit@FreeBSD.org>; Fri, 30 Jul 2010 07:47:45 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.14.3/8.14.3/Submit) id o6U7ljg1019613;
	Fri, 30 Jul 2010 07:47:45 GMT
	(envelope-from nobody)
Message-Id: <201007300747.o6U7ljg1019613@www.freebsd.org>
Date: Fri, 30 Jul 2010 07:47:45 GMT
From: Vsevolod Volkov <vvv@lucky.net>
To: freebsd-gnats-submit@FreeBSD.org
Subject: [panic] [cdpd] cdpd causes kernel panic
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         149097
>Category:       kern
>Synopsis:       [panic] cdpd causes kernel panic
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    maxim
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Jul 30 07:50:03 UTC 2010
>Closed-Date:    Fri Aug 20 10:50:44 UTC 2010
>Last-Modified:  Fri Aug 20 10:50:44 UTC 2010
>Originator:     Vsevolod Volkov
>Release:        8.1-RELEASE
>Organization:
>Environment:
FreeBSD hostname.carrier.kiev.ua 8.1-RELEASE FreeBSD 8.1-RELEASE #8: Thu Jul 29 14:52:21 EEST 2010     root@hostname.carrier.kiev.ua:/usr/obj/usr/src/sys/hostname  i386
>Description:
Starting cdpd daemon causes immediate kernel panic.
>How-To-Repeat:
1. Install cdpd from the port.
2. Start cdpd using /usr/local/etc/rc.d/cdpd.
>Fix:


>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->feedback 
State-Changed-By: linimon 
State-Changed-When: Tue Aug 3 01:20:41 UTC 2010 
State-Changed-Why:  
We're going to need a lot more information to look at this problem, 
such as the actual panic message and a traceback. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=149097 

From: Valentin Nechayev <netch@netch.kiev.ua>
To: bug-followup@FreeBSD.org, vvv@lucky.net
Cc:  
Subject: Re: kern/149097: [panic] cdpd causes kernel panic
Date: Tue, 3 Aug 2010 10:24:58 +0300

 The same problem, 8.1-RELEASE. Data from kernel core file:
 
 kgdb report:
 
 This GDB was configured as "i386-marcel-freebsd"...(no debugging symbols found).
 ..
 Attempt to extract a component of a value that is not a structure pointer.
 Attempt to extract a component of a value that is not a structure pointer.
 Attempt to extract a component of a value that is not a structure pointer.
 Attempt to extract a component of a value that is not a structure pointer.
 #0  0xc05a247c in doadump ()
 (kgdb) bt
 #0  0xc05a247c in doadump ()
 #1  0xc05a2b63 in boot ()
 #2  0xc05a2e05 in panic ()
 #3  0xc0844893 in trap_fatal ()
 #4  0xc0844af0 in trap_pfault ()
 #5  0xc0845473 in trap ()
 #6  0xc082792b in calltrap ()
 #7  0xc0842c24 in bcmp ()
 #8  0x000000be in ?? ()
 #9  0x00000000 in ?? ()
 #10 0x00000000 in ?? ()
 #11 0x00000000 in ?? ()
 #12 0x00000001 in ?? ()
 #13 0xc635d280 in ?? ()
 #14 0xbfbfe5c5 in ?? ()
 #15 0x00000000 in ?? ()
 #16 0xe7a9fd2c in ?? ()
 #17 0xc0844de3 in syscall ()
 Previous frame inner to this frame (corrupt stack?)
 
 Strings from core file:
 
 Fatal trap 12: page fault while in kernel mode
 cpuid = 0; apic id = 00
 fault virtual address   = 0x0
 fault code              = supervisor read, page not present
 instruction pointer     = 0x20:0xc0842c24
 stack pointer           = 0x28:0xe7a9fb54
 frame pointer           = 0x28:0xe7a9fbb8
 code segment            = base 0x0, limit 0xfffff, type 0x1b
                         = DPL 0, pres 1, def32 1, gran 1
 processor eflags        = interrupt enabled, resume, IOPL = 0
 current process         = 4533 (cdpd)
 trap number             = 12
 panic: page fault
 cpuid = 0
 KDB: stack backtrace:
 db_trace_self_wrapper(c089ba2e,e7a9f9f4,c05a2dc9,c08bcf13,0,...) at db_trace_sel
 f_wrapper+0x26
 kdb_backtrace(c08bcf13,0,c08853c6,e7a9fa00,0,...) at kdb_backtrace+0x29
 panic(c08853c6,c08be2b9,c635d3e8,1,1,...) at panic+0x119
 trap_fatal(c5156cb0,0,1,0,0,...) at trap_fatal+0x333
 trap_pfault(0,0,0,0,c637c7f8,...) at trap_pfault+0x250
 trap(e7a9fb14) at trap+0x453
 calltrap() at calltrap+0x6
 --- trap 0xc, eip = 0xc0842c24, esp = 0xe7a9fb54, ebp = 0xe7a9fbb8 ---
 bcmp(c5191c00,e7a9fc58,0,0,0,...) at bcmp+0x14
 devfs_write_f(c5b98770,e7a9fc58,c608fd00,0,c635d280,...) at devfs_write_f+0x7c
 dofilewrite(e7a9fc58,ffffffff,ffffffff,0,c5b98770,...) at dofilewrite+0x97
 kern_writev(c635d280,5,e7a9fc58,e7a9fc78,1,...) at kern_writev+0x58
 write(c635d280,e7a9fcf8,e7a9fcbc,c05ab716,c635d280,...) at write+0x4f
 syscall(e7a9fd38) at syscall+0x2d3
 Xint0x80_syscall() at Xint0x80_syscall+0x20
 --- syscall (4, FreeBSD ELF32, write), eip = 0x281b50d3, esp = 0xbfbfe36c, ebp =
  0xbfbfe398 ---
 Uptime: 11m3s
 Physical memory: 2006 MB
 Dumping 128 MB:
 
 Seems devfs is crash place?
 
 This isn't security issue because root is needed to start cdpd.
 
 - - - -
 
 While I have enough resources to debug and test, please prompt
 how to deal with it when stack is destroyed.
 
 
 -netch-

From: Valentin Nechayev <netch@netch.kiev.ua>
To: bug-followup@FreeBSD.org, vvv@lucky.net
Cc:  
Subject: Re: kern/149097: [panic] cdpd causes kernel panic
Date: Tue, 3 Aug 2010 12:46:43 +0300

 It tries to inject CDP packet into ipfw0:
 
 Breakpoint 1, main (argc=4, argv=0xbfbfea80) at cdpd.c:844
 844                                     if(pcap_inject(cifa->pcap,buffer,offset)!=offset){
 (gdb) p *cifa
 $3 = {next = 0x0, name = 0x28206088 "ipfw0", address = {sin_len = 0 '\0', 
     sin_family = 0 '\0', sin_port = 0, sin_addr = {s_addr = 0}, 
     sin_zero = "\000\000\000\000\000\000\000"}, ipv6address = {
     sin6_len = 0 '\0', sin6_family = 0 '\0', sin6_port = 0, sin6_flowinfo = 0, 
     sin6_addr = {__u6_addr = {__u6_addr8 = '\0' <repeats 15 times>, 
         __u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0}, __u6_addr32 = {0, 0, 0, 0}}}, 
     sin6_scope_id = 0}, eaddr = "\000\000\000\000\000", pcap = 0x2820c900, 
   errbuf = '\0' <repeats 255 times>}
 (gdb) n
 
 [here it has hung]
 
 
 -netch-
State-Changed-From-To: feedback->open 
State-Changed-By: linimon 
State-Changed-When: Wed Aug 4 02:28:13 UTC 2010 
State-Changed-Why:  
Feedback received. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=149097 

From: Maxim Konovalov <maxim.konovalov@gmail.com>
To: Vsevolod Volkov <vvv@lucky.net>
Cc: bug-followup@freebsd.org
Subject: Re: kern/149097: [panic] [cdpd] cdpd causes kernel panic
Date: Thu, 19 Aug 2010 20:46:30 +0400 (MSD)

 Hi Vsevolod,
 
 Could you please try a patch in kern/149807
 
 http://www.freebsd.org/cgi/query-pr.cgi?pr=149807
 
 and report me back the result?  Thanks in advance.
 
 -- 
 Maxim Konovalov

From: Vsevolod Volkov <vvv@lucky.net>
To: Maxim Konovalov <maxim.konovalov@gmail.com>
Cc: bug-followup@freebsd.org
Subject: Re: kern/149097: [panic] [cdpd] cdpd causes kernel panic
Date: Fri, 20 Aug 2010 11:26:08 +0300

 Hi Maxim,
 
 On Thu, Aug 19, 2010 at 08:46:30PM +0400, Maxim Konovalov wrote:
 MK> Could you please try a patch in kern/149807
 
 MK> http://www.freebsd.org/cgi/query-pr.cgi?pr=149807
 
 MK> and report me back the result?  Thanks in advance.
 
 Now cdpd works fine with patched kernel. Thanks!
 
 MK> -- 
 MK> Maxim Konovalov
 -- 
 Vsevolod Volkov (VVV-UANIC)               System administrator
 mailto:vvv@lucky.net                      Lucky Net Ltd
Responsible-Changed-From-To: freebsd-bugs->maxim 
Responsible-Changed-By: vwe 
Responsible-Changed-When: Fri Aug 20 08:53:58 UTC 2010 
Responsible-Changed-Why:  
Maxim will do the magic... ;) 

http://www.freebsd.org/cgi/query-pr.cgi?pr=149097 
State-Changed-From-To: open->closed 
State-Changed-By: maxim 
State-Changed-When: Fri Aug 20 10:50:16 UTC 2010 
State-Changed-Why:  
Duplicate of kern/149807. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=149097 
>Unformatted:
