From rfg@monkeys.com  Sun Mar 14 01:03:28 2004
Return-Path: <rfg@monkeys.com>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 4FC9B16A4CE
	for <FreeBSD-gnats-submit@freebsd.org>; Sun, 14 Mar 2004 01:03:28 -0800 (PST)
Received: from segfault.monkeys.com (segfault.monkeys.com [66.60.159.24])
	by mx1.FreeBSD.org (Postfix) with ESMTP id CB3D343D39
	for <FreeBSD-gnats-submit@freebsd.org>; Sun, 14 Mar 2004 01:03:25 -0800 (PST)
	(envelope-from rfg@monkeys.com)
Received: by segfault.monkeys.com (Postfix, from userid 1237)
	id 7A2D4F4E0; Sun, 14 Mar 2004 01:03:25 -0800 (PST)
Message-Id: <20040314090325.7A2D4F4E0@segfault.monkeys.com>
Date: Sun, 14 Mar 2004 01:03:25 -0800 (PST)
From: Ronald F.Guilmette <rfg@monkeys.com>
Reply-To: Ronald F.Guilmette <rfg@monkeys.com>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: 5.2.1 kernel panics on ifconfig when kernel has no INET6 stuff
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         64250
>Category:       kern
>Synopsis:       [panic] panic: 5.2.1 kernel panics on ifconfig when kernel has no INET6 stuff
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Mar 14 01:10:11 PST 2004
>Closed-Date:    Fri Oct 28 21:54:35 GMT 2005
>Last-Modified:  Fri Oct 28 21:54:35 GMT 2005
>Originator:     Ronald F. Guilmette
>Release:        FreeBSD 5.2.1-RELEASE i386
>Organization:
Infinite Monkeys & Co.
>Environment:
System: FreeBSD segfault.monkeys.com 5.2.1-RELEASE FreeBSD 5.2.1-RELEASE #0: Sat Mar 13 19:19:29 PST 2004 root@segfault.monkeys.com:/usr/src/sys/i386/compile/rfg20040313-4 i386

>Description:

I configured a 5.2.1 kernel, using the config file attached below, and
when I installed that and then rebooted, the kernel started up ok and
started to run processes, but then, when `ifconfig' was executed (as
a result of the various /etc/rc* files) the kernel panic'd with a
page fault.

This was fully reproducable (3 times).

By process of elimination, I determined that the problem was directly
tide to the fact that I can commented out the INET6 option in the
kernel configuration file.  When that option was uncommented again,
the new kernel gen'd from that worked just fine.

>How-To-Repeat:

On an i686 platform, configure a kernel using the config file below, then
build, install, and boot it, and then do an `ifconfig', or else allow one
to be done as part of the normal /etc/rc* startup scripts.

The kernel will panic with a page fault.  The process running at the time
this occurs will always be `ifconfig'.

cut here for kernel config file
------------------------------------------------------------------------
machine		i386
#cpu		I486_CPU
#cpu		I586_CPU
cpu		I686_CPU
ident		"rfg20040313-3"

#To statically compile in device wiring instead of /boot/device.hints
#hints		"GENERIC.hints"		#Default places to look for devices.

#makeoptions	DEBUG=-g		#Build kernel with gdb(1) debug symbols

#options		NMBCLUSTERS=4096
#options		IPFIREWALL
#options		IPFIREWALL_VERBOSE
#options		IPDIVERT
#options		EXT2FS

options 	SCHED_4BSD		#4BSD scheduler
options 	INET			#InterNETworking
#options 	INET6			#IPv6 communications protocols
options 	FFS			#Berkeley Fast Filesystem
options 	SOFTUPDATES		#Enable FFS soft updates support
options 	UFS_ACL			#Support for access control lists
options 	UFS_DIRHASH		#Improve performance on big directories
#options 	MD_ROOT			#MD is a potential root device
options 	NFSCLIENT		#Network Filesystem Client
options 	NFSSERVER		#Network Filesystem Server
#options 	NFS_ROOT		#NFS usable as /, requires NFSCLIENT
options 	MSDOSFS			#MSDOS Filesystem
options 	CD9660			#ISO 9660 Filesystem
options 	PROCFS			#Process filesystem (requires PSEUDOFS)
options 	PSEUDOFS		#Pseudo-filesystem framework
options 	COMPAT_43		#Compatible with BSD 4.3 [KEEP THIS!]
options 	COMPAT_FREEBSD4		#Compatible with FreeBSD4
options 	SCSI_DELAY=5000		#Delay (in ms) before probing SCSI
options 	KTRACE			#ktrace(1) support
options 	SYSVSHM			#SYSV-style shared memory
options 	SYSVMSG			#SYSV-style message queues
options 	SYSVSEM			#SYSV-style semaphores
options 	_KPOSIX_PRIORITY_SCHEDULING #Posix P1003_1B real-time extensions
options 	KBD_INSTALL_CDEV	# install a CDEV entry in /dev
options 	AHC_REG_PRETTY_PRINT	# Print register bitfields in debug
					# output.  Adds ~128k to driver.
options 	AHD_REG_PRETTY_PRINT	# Print register bitfields in debug
					# output.  Adds ~215k to driver.
options 	PFIL_HOOKS		# pfil(9) framework

# Debugging for use in -current
#options 	DDB			#Enable the kernel debugger
#options 	INVARIANTS		#Enable calls of extra sanity checking
options 	INVARIANT_SUPPORT	#Extra sanity checks of internal structures, required by INVARIANTS
#options 	WITNESS			#Enable checks to detect deadlocks and cycles
#options 	WITNESS_SKIPSPIN	#Don't run witness on spinlocks for speed

# To make an SMP kernel, the next two are needed
#options 	SMP			# Symmetric MultiProcessor Kernel
device		apic			# I/O APIC

device		isa
#device		eisa
device		pci

# Floppy drives
device		fdc

# ATA and ATAPI devices
device		ata
device		atadisk			# ATA disk drives
#device		ataraid			# ATA RAID drives
device		atapicd			# ATAPI CDROM drives
#device		atapifd			# ATAPI floppy drives
#device		atapist			# ATAPI tape drives
options 	ATA_STATIC_ID		#Static device numbering

# SCSI Controllers
#device		ahb		# EISA AHA1742 family
device		ahc		# AHA2940 and onboard AIC7xxx devices
#device		ahd		# AHA39320/29320 and onboard AIC79xx devices
#device		amd		# AMD 53C974 (Tekram DC-390(T))
#device		isp		# Qlogic family
#device		mpt		# LSI-Logic MPT-Fusion
##device		ncr		# NCR/Symbios Logic
#device		sym		# NCR/Symbios Logic (newer chipsets + those of `ncr')
#device		trm		# Tekram DC395U/UW/F DC315U adapters
#
#device		adv		# Advansys SCSI adapters
#device		adw		# Advansys wide SCSI adapters
#device		aha		# Adaptec 154x SCSI adapters
#device		aic		# Adaptec 15[012]x SCSI adapters, AIC-6[23]60.
#device		bt		# Buslogic/Mylex MultiMaster SCSI adapters
#
#device		ncv		# NCR 53C500
#device		nsp		# Workbit Ninja SCSI-3
#device		stg		# TMC 18C30/18C50

# SCSI peripherals
device		scbus		# SCSI bus (required for SCSI)
#device		ch		# SCSI media changers
device		da		# Direct Access (disks)
#device		sa		# Sequential Access (tape etc)
#device		cd		# CD
#device		pass		# Passthrough device (direct SCSI access)
#device		ses		# SCSI Environmental Services (and SAF-TE)

# RAID controllers interfaced to the SCSI subsystem
#device		amr		# AMI MegaRAID
#device		asr		# DPT SmartRAID V, VI and Adaptec SCSI RAID
#device		ciss		# Compaq Smart RAID 5*
#device		dpt		# DPT Smartcache III, IV - See NOTES for options
#device		iir		# Intel Integrated RAID
#device		ips		# IBM (Adaptec) ServeRAID
#device		mly		# Mylex AcceleRAID/eXtremeRAID

# RAID controllers
#device		aac		# Adaptec FSA RAID
#device		aacp		# SCSI passthrough for aac (requires CAM)
#device		ida		# Compaq Smart RAID
#device		mlx		# Mylex DAC960 family
#device		pst		# Promise Supertrak SX6000
#device		twe		# 3ware ATA RAID

# atkbdc0 controls both the keyboard and the PS/2 mouse
device		atkbdc		# AT keyboard controller
device		atkbd		# AT keyboard
device		psm		# PS/2 mouse

device		vga		# VGA video card driver

device		splash		# Splash screen and screen saver support

# syscons is the default console driver, resembling an SCO console
device		sc

# Enable this for the pcvt (VT220 compatible) console driver
#device		vt
#options 	XSERVER			# support for X server on a vt console
#options 	FAT_CURSOR		# start with block cursor

device		agp		# support several AGP chipsets

# Floating point support - do not disable.
device		npx

# Power management support (see NOTES for more options)
#device		apm
# Add suspend/resume support for the i8254.
device		pmtimer

# PCCARD (PCMCIA) support
# Pcmcia and cardbus bridge support
#device		cbb			# cardbus (yenta) bridge
#device		pcic			# ExCA ISA and PCI bridges
#device		pccard			# PC Card (16-bit) bus
#device		cardbus			# CardBus (32-bit) bus

# Serial (COM) ports
device		sio		# 8250, 16[45]50 based serial ports

# Parallel port
device		ppc
device		ppbus		# Parallel port bus (required)
device		lpt		# Printer
#device		plip		# TCP/IP over parallel
device		ppi		# Parallel port interface device
#device		vpo		# Requires scbus and da

# If you've got a "dumb" serial or parallel PCI card that is
# supported by the puc(4) glue driver, uncomment the following
# line to enable it (connects to the sio and/or ppc drivers):
#device         puc

# PCI Ethernet NICs.
device		de		# DEC/Intel DC21x4x (``Tulip'')
device		em		# Intel PRO/1000 adapter Gigabit Ethernet Card
device		txp		# 3Com 3cR990 (``Typhoon'')
device		vx		# 3Com 3c590, 3c595 (``Vortex'')

# PCI Ethernet NICs that use the common MII bus controller code.
# NOTE: Be sure to keep the 'device miibus' line in order to use these NICs!
device		miibus		# MII bus support
#device		bfe		# Broadcom BCM440x 10/100 ethernet
#device		bge		# Broadcom BCM570xx Gigabit Ethernet
#device		dc		# DEC/Intel 21143 and various workalikes
#device		fxp		# Intel EtherExpress PRO/100B (82557, 82558)
#device		pcn		# AMD Am79C97x PCI 10/100 (precedence over 'lnc')
#device		re		# RealTek 8139C+/8169/8169S/8110S
device		rl		# RealTek 8129/8139
#device		sf		# Adaptec AIC-6915 (``Starfire'')
#device		sis		# Silicon Integrated Systems SiS 900/SiS 7016
#device		sk		# SysKonnect SK-984x and SK-982x gigabit ethernet
#device		ste		# Sundance ST201 (D-Link DFE-550TX)
#device		ti		# Alteon Networks Tigon I/II gigabit ethernet
#device		tl		# Texas Instruments ThunderLAN
#device		tx		# SMC EtherPower II (83c170 ``EPIC'')
#device		vr		# VIA Rhine, Rhine II
#device		wb		# Winbond W89C840F
device		xl		# 3Com 3c90x (``Boomerang'', ``Cyclone'')

# ISA Ethernet NICs.  pccard nics included.
#device		cs		# Crystal Semiconductor CS89x0 NIC
## 'device ed' requires 'device miibus'
#device		ed		# NE[12]000, SMC Ultra, 3c503, DS8390 cards
#device		ex		# Intel EtherExpress Pro/10 and Pro/10+
#device		ep		# Etherlink III based cards
#device		fe		# Fujitsu MB8696x based cards
#device		ie		# EtherExpress 8/16, 3C507, StarLAN 10 etc.
#device		lnc		# NE2100, NE32-VL Lance Ethernet cards
#device		sn		# SMC's 9000 series of ethernet chips
#device		xe		# Xircom pccard ethernet
#
## ISA devices that use the old ISA shims
##device		le
#
## Wireless NIC cards
#device		wlan		# 802.11 support
#device		an		# Aironet 4500/4800 802.11 wireless NICs. 
#device		awi		# BayStack 660 and others
#device		wi		# WaveLAN/Intersil/Symbol 802.11 wireless NICs.
##device		wl		# Older non 802.11 Wavelan wireless NIC.

# Pseudo devices - the number indicates how many units to allocate.
device		random		# Entropy device
device		loop		# Network loopback
device		ether		# Ethernet support
#device		sl		# Kernel SLIP
#device		ppp		# Kernel PPP
device		tun		# Packet tunnel.
device		pty		# Pseudo-ttys (telnet etc)
device		md		# Memory "disks"
#device		gif		# IPv6 and IPv4 tunneling
#device		faith		# IPv6-to-IPv4 relaying (translation)

# The `bpf' device enables the Berkeley Packet Filter.
# Be aware of the administrative consequences of enabling this!
device		bpf		# Berkeley packet filter

## USB support
#device		uhci		# UHCI PCI->USB interface
#device		ohci		# OHCI PCI->USB interface
#device		usb		# USB Bus (required)
##device		udbp		# USB Double Bulk Pipe devices
#device		ugen		# Generic
#device		uhid		# "Human Interface Devices"
#device		ukbd		# Keyboard
#device		ulpt		# Printer
#device		umass		# Disks/Mass storage - Requires scbus and da
#device		ums		# Mouse
#device		urio		# Diamond Rio 500 MP3 player
#device		uscanner	# Scanners
## USB Ethernet, requires mii
#device		aue		# ADMtek USB ethernet
#device		axe		# ASIX Electronics USB ethernet
#device		cue		# CATC USB ethernet
#device		kue		# Kawasaki LSI USB ethernet
#
## FireWire support
#device		firewire	# FireWire bus code
#device		sbp		# SCSI over FireWire (Requires scbus and da)
#device		fwe		# Ethernet over FireWire (non-standard!)
------------------------------------------------------------------------

>Fix:

As far as a _real_ fix... well... beats me!  I just work here.

The workaround is just to never disable the INET6 option in your kernel,
it seems.  (But that is a rather non-optimal solution I think.  What good
is an option if you can never exercise it?)
>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->feedback 
State-Changed-By: kris 
State-Changed-When: Wed Mar 17 15:11:17 PST 2004 
State-Changed-Why:  
Feedback requested 

http://www.freebsd.org/cgi/query-pr.cgi?pr=64250 

From: Kris Kennaway <kris@obsecurity.org>
To: "Ronald F.Guilmette" <rfg@monkeys.com>
Cc: FreeBSD-gnats-submit@FreeBSD.org
Subject: Re: kern/64250: 5.2.1 kernel panics on ifconfig when kernel has no INET6 stuff
Date: Wed, 17 Mar 2004 15:11:14 -0800

 On Sun, Mar 14, 2004 at 01:03:25AM -0800, Ronald F.Guilmette wrote:
 
 > I configured a 5.2.1 kernel, using the config file attached below, and
 > when I installed that and then rebooted, the kernel started up ok and
 > started to run processes, but then, when `ifconfig' was executed (as
 > a result of the various /etc/rc* files) the kernel panic'd with a
 > page fault.
 > 
 > This was fully reproducable (3 times).
 
 Please obtain a debugging traceback as described in
 
   http://www.freebsd.org/doc/en_US.ISO8859-1/books/developers-handbook/kerneldebug.html
 
 Kris

From: "Ronald F. Guilmette" <rfg@monkeys.com>
To: Kris Kennaway <kris@obsecurity.org>
Cc: FreeBSD-gnats-submit@FreeBSD.org
Subject: Re: kern/64250: 5.2.1 kernel panics on ifconfig when kernel has no INET6 stuff 
Date: Wed, 17 Mar 2004 23:19:36 -0800

 In message <20040317231114.GC70724@xor.obsecurity.org>, you wrote:
 
 >Please obtain a debugging traceback as described in
 >
 >  http://www.freebsd.org/doc/en_US.ISO8859-1/books/developers-handbook/kerneldebug.html
 
 OK.  I have done my best to comply with your request, but I am not entirely
 familiar with the proper procedure here.
 
 I hope that I haven't left anything out.
 
 Here is the info that gdb gave me when I re-compiled the crashing kernel
 with -g and when I ran `gdb -k' on the kernel (with symbols) and the
 generated kernel dump file, after it had crashed again.
 
 Please let me know if you need anything else.  I am eager to assist in
 resolving this kernel crash.
 
 
 =====================================================================
 gdb -k /usr/src/sys/i386/compile/rfg20040313-3/kernel.debug vmcore.0
 GNU gdb 5.2.1 (FreeBSD)
 Copyright 2002 Free Software Foundation, Inc.
 GDB is free software, covered by the GNU General Public License, and you are
 welcome to change it and/or distribute copies of it under certain conditions.
 Type "show copying" to see the conditions.
 There is absolutely no warranty for GDB.  Type "show warranty" for details.
 This GDB was configured as "i386-unknown-freebsd"...
 panic: page fault
 panic messages:
 ---
 Fatal trap 12: page fault while in kernel mode
 fault virtual address   = 0xffffffff
 fault code              = supervisor read, page not present
 instruction pointer     = 0x8:0xc0557769
 stack pointer           = 0x10:0xce570b04
 frame pointer           = 0x10:0xce570b28
 code segment            = base 0x0, limit 0xfffff, type 0x1b
                         = DPL 0, pres 1, def32 1, gran 1
 processor eflags        = interrupt enabled, resume, IOPL = 0
 current process         = 195 (ifconfig)
 trap number             = 12
 panic: page fault
 
 syncing disks, buffers remaining... 219 219 218 218 218 218 218 218 218 218 218 218 218 218 218 218 218 218 218 218 218 218 
 giving up on 203 buffers
 Uptime: 35s
 Dumping 255 MB
  16 32 48 64 80 96 112 128 144 160 176 192 208 224 240
 ---
 Reading symbols from /usr/src/sys/i386/compile/rfg20040313-3/modules/usr/src/sys/modules/acpi/acpi.ko.debug...done.
 Loaded symbols for /usr/src/sys/i386/compile/rfg20040313-3/modules/usr/src/sys/modules/acpi/acpi.ko.debug
 #0  doadump () at ../../../kern/kern_shutdown.c:240
 240             dumping++;
 (kgdb) where
 #0  doadump () at ../../../kern/kern_shutdown.c:240
 #1  0xc04e6848 in boot (howto=256) at ../../../kern/kern_shutdown.c:372
 #2  0xc04e6b38 in panic () at ../../../kern/kern_shutdown.c:550
 #3  0xc062dd8c in trap_fatal (frame=0xce570ac4, eva=0)
     at ../../../i386/i386/trap.c:821
 #4  0xc062da52 in trap_pfault (frame=0xce570ac4, usermode=0, eva=4294967295)
     at ../../../i386/i386/trap.c:735
 #5  0xc062d67d in trap (frame=
       {tf_fs = 24, tf_es = 16, tf_ds = 16, tf_edi = 0, tf_esi = 4, tf_ebp = -833156312, tf_isp = -833156368, tf_ebx = -1030130688, tf_edx = -1, tf_ecx = -833156280, tf_eax = 16, tf_trapno = 12, tf_err = 0, tf_eip = -1068140695, tf_cs = 8, tf_eflags = 66050, tf_esp = -1060916652, tf_ss = 0})
     at ../../../i386/i386/trap.c:420
 #6  0xc061d448 in calltrap () at {standard input}:94
 #7  0xc0557e06 in sysctl_iflist (af=2, w=0xce570b9c)
     at ../../../net/rtsock.c:981
 #8  0xc055825e in sysctl_rtsock (oidp=0xc069eaa0, arg1=0xce570cb4, arg2=4, 
     req=0xce570c10) at ../../../net/rtsock.c:1132
 #9  0xc04efbca in sysctl_root (oidp=0x0, arg1=0x16, arg2=-833156080, 
     req=0xce570cb8) at ../../../kern/kern_sysctl.c:1179
 #10 0xc04efe7d in userland_sysctl (td=0x0, name=0xce570cac, namelen=6, 
     old=0xce570c10, oldlenp=0xce570cb8, inkernel=0, new=0x16, newlen=0, 
     retval=0xce570ca8) at ../../../kern/kern_sysctl.c:1286
 #11 0xc04efcb0 in __sysctl (td=0x0, uap=0xce570d14)
     at ../../../kern/kern_sysctl.c:1216
 #12 0xc062e0a0 in syscall (frame=
       {tf_fs = 47, tf_es = 47, tf_ds = 47, tf_edi = 0, tf_esi = -1077940692, tf_ebp = -1077940776, tf_isp = -833155724, tf_ebx = 672416032, tf_edx = 0, tf_ecx = -1077940688, tf_eax = 202, tf_trapno = 12, tf_err = 2, tf_eip = 671908719, tf_cs = 31, tf_eflags = 663, tf_esp = -1077940820, tf_ss = 47})
     at ../../../i386/i386/trap.c:1010
 #13 0xc061d49d in Xint0x80_syscall () at {standard input}:136
 ---Can't read userspace from dump, or kernel process---
 
 (kgdb)

From: Bruce M Simpson <bms@spc.org>
To: "Ronald F. Guilmette" <rfg@monkeys.com>
Cc: freebsd-gnats-submit@FreeBSD.org
Subject: Re: kern/64250: 5.2.1 kernel panics on ifconfig when kernel has no INET6 stuff
Date: Sat, 3 Jul 2004 08:17:37 +0100

 I think we also need dmesg output on a single-user boot to pin down
 exactly what's going on here and which driver(s) could be responsible.
State-Changed-From-To: feedback->closed 
State-Changed-By: linimon 
State-Changed-When: Fri Oct 28 21:53:34 GMT 2005 
State-Changed-Why:  
Feedback timeout (>1 year) waiting for dmesg information.  To submitter: 
if this is still a current problem, just follow up to this PR and we can 
re-open it. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=64250 
>Unformatted:
