From owner-freebsd-current  Tue Jul 16 17:40:06 1996
Return-Path: owner-current
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id RAA24679
          for current-outgoing; Tue, 16 Jul 1996 17:40:06 -0700 (PDT)
Received: from godzilla.zeta.org.au (godzilla.zeta.org.au [203.2.228.19])
          by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id RAA24658
          for <freebsd-current@FreeBSD.ORG>; Tue, 16 Jul 1996 17:40:02 -0700 (PDT)
Received: (from bde@localhost) by godzilla.zeta.org.au (8.6.12/8.6.9) id KAA16445; Wed, 17 Jul 1996 10:32:33 +1000
Date: Wed, 17 Jul 1996 10:32:33 +1000
From: Bruce Evans <bde@zeta.org.au>
Message-Id: <199607170032.KAA16445@godzilla.zeta.org.au>
To: dev@fgate.flevel.co.uk, freebsd-current@FreeBSD.ORG
Subject: Re: Nasty Bug in PPP :(
Sender: owner-current@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

>While using freebsd-current V2.2 I found a nasty bug:(

>If you do: ifconfig ppp0 mtu 576

>The kernel crashes with a page fault:(

It calls a null function pointer (sc->sc_setmtu) if the PPP line discipline
has never been opened and uses a deallocated softc if the PPP line discipline
isn't open.

Another bug suite: ddb crashes early in the stack trace so the stack
trace gives no useful information; calling printf for trap messages
may destroy reentrancy.  ddb crashes late for `show registers' while
attempting to disassemble the instruction at address 0 and the trap
message scrolls some of the registers off the screen; scrollback doesn't
work while ddb is running.

Bruce