Date: Fri, 30 Nov 2018 09:48:35 +0000 From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 227720] Kernel panic in ppp server Message-ID: <bug-227720-7501-OXjlHF6cl7@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-227720-7501@https.bugs.freebsd.org/bugzilla/> References: <bug-227720-7501@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D227720 --- Comment #43 from Franck Rousseau <Franck.Rousseau@imag.fr> --- (In reply to Andrey V. Elsukov from comment #42) This is what I report in bug #230498 at comment #20 and at comment #37 in t= his thread. I did it again from a clean SVN repo as you asked to be sure of the conclusion. How to crash : - boot with the new kernel - ifconfig bge0 192.168.0.2 - ppp server then term, wait for ppp open from client, with local server address set to the same 192.168.0.2 - connection ok, it pings, then quit - restart ppp server then term, wait for ppp open from client, after getting PPp at the prompt, IP config is starting I guess, I get the crash, trying to access a NULL pointer In the dump: (kgdb) bt #0 doadump (textdump=3D1) at pcpu.h:229 #1 0xffffffff80b072a0 in kern_reboot (howto=3D260) at /usr/src/sys/kern/kern_shutdown.c:383 #2 0xffffffff80b076e1 in vpanic (fmt=3D<value optimized out>, ap=3D<value optimized out>) at /usr/src/sys/kern/kern_shutdown.c:776 #3 0xffffffff80b07523 in panic (fmt=3D<value optimized out>) at /usr/src/sys/kern/kern_shutdown.c:707 #4 0xffffffff803aefc7 in db_panic (addr=3D<value optimized out>, have_addr=3D<value optimized out>,=20 count=3D<value optimized out>, modif=3D<value optimized out>) at /usr/src/sys/ddb/db_command.c:499 #5 0xffffffff803ae539 in db_command (cmd_table=3D<value optimized out>) at /usr/src/sys/ddb/db_command.c:466 #6 0xffffffff803ae2b4 in db_command_loop () at /usr/src/sys/ddb/db_command.c:519 #7 0xffffffff803b14ff in db_trap (type=3D<value optimized out>, code=3D<va= lue optimized out>) at /usr/src/sys/ddb/db_main.c:248 #8 0xffffffff80b4ed63 in kdb_trap (type=3D12, code=3D0, tf=3D<value optimi= zed out>) at /usr/src/sys/kern/subr_kdb.c:689 #9 0xffffffff80f99501 in trap_fatal (frame=3D0xfffffe0467edd320, eva=3D0) = at /usr/src/sys/amd64/amd64/trap.c:867 #10 0xffffffff80f99609 in trap_pfault (frame=3D0xfffffe0467edd320, usermode= =3D0) at pcpu.h:229 #11 0xffffffff80f98dd7 in trap (frame=3D0xfffffe0467edd320) at /usr/src/sys/amd64/amd64/trap.c:415 #12 0xffffffff80f78e6c in calltrap () at /usr/src/sys/amd64/amd64/exception.S:231 #13 0xffffffff80c24da4 in sysctl_dumpentry (rn=3D0xfffff80008954410, vw=3D0xfffffe0467edd690) at /usr/src/sys/net/rtsock.c:1559 #14 0xffffffff80c1f990 in rn_walktree (h=3D<value optimized out>, f=3D<value optimized out>, w=3D<value optimized out>) at /usr/src/sys/net/radix.c:1094 #15 0xffffffff80c246fb in sysctl_rtsock (oidp=3D<value optimized out>, arg1=3D<value optimized out>,=20 arg2=3D<value optimized out>, req=3D<value optimized out>) at /usr/src/sys/net/rtsock.c:1917 #16 0xffffffff80b14a6b in sysctl_root_handler_locked (oid=3D0xffffffff81a69= 0d8, arg1=3D0xfffffe0467edd908, arg2=3D4,=20 req=3D0xfffffe0467edd840, tracker=3D0xfffffe0467edd7b8) at /usr/src/sys/kern/kern_sysctl.c:165 #17 0xffffffff80b142c1 in sysctl_root (arg1=3D0xfffffe0467edd908, arg2=3D4)= at /usr/src/sys/kern/kern_sysctl.c:1915 #18 0xffffffff80b147e6 in userland_sysctl (td=3D<value optimized out>, name=3D0xfffffe0467edd900, namelen=3D6, old=3D0x0,=20 oldlenp=3D<value optimized out>, inkernel=3D<value optimized out>, new= =3D0x0, newlen=3D0, retval=3D0xfffffe0467edd968,=20 flags=3D0) at /usr/src/sys/kern/kern_sysctl.c:2011 #19 0xffffffff80b1466f in sys___sysctl (td=3D0xfffff80008837000, uap=3D0xfffff80008837538) at /usr/src/sys/kern/kern_sysctl.c:1945 #20 0xffffffff80f9a638 in amd64_syscall (td=3D0xfffff80008837000, traced=3D= 0) at subr_syscall.c:132 #21 0xffffffff80f796bd in fast_syscall_common () at /usr/src/sys/amd64/amd64/exception.S:479 #22 0x0000000801de047a in ?? () Previous frame inner to this frame (corrupt stack?) Current language: auto; currently minimal (kgdb) f 13 #13 0xffffffff80c24da4 in sysctl_dumpentry (rn=3D0xfffff80008954410, vw=3D0xfffffe0467edd690) at /usr/src/sys/net/rtsock.c:1559 1559 info.rti_info[RTAX_IFP] =3D rt->rt_ifp->if_addr->ifa_addr; (kgdb) print rt->rt_ifp->if_addr=20 $1 =3D (struct ifaddr *) 0x0 (kgdb) print rt->rt_ifp->if_flags $2 =3D 0 (kgdb) print rt->rt_ifp->if_index $3 =3D 0 (kgdb) print rt->rt_ifp=20=20=20=20=20=20=20=20=20=20 $4 =3D (struct ifnet *) 0xfffff8002be6c800 (kgdb) print *rt->rt_ifp $5 =3D {if_link =3D {tqe_next =3D 0xfffff800b0cfe050, tqe_prev =3D 0xfffff8= 00b0cfe0a0}, if_clones =3D {le_next =3D 0x0,=20 le_prev =3D 0x0}, if_groups =3D {tqh_first =3D 0x0, tqh_last =3D 0x0}, = if_alloctype =3D 0 '\0', if_softc =3D 0x0,=20 if_llsoftc =3D 0x0, if_l2com =3D 0x0, if_dname =3D 0x0, if_dunit =3D 0, i= f_index =3D 0, if_index_reserved =3D 0,=20 if_xname =3D 0xfffff8002be6c860 "", if_description =3D 0x0, if_flags =3D = 0, if_drv_flags =3D 0,=20 if_capabilities =3D -1325336224, if_capenable =3D -2048, if_linkmib =3D 0xfffff800b100f9b0,=20 if_linkmiblen =3D 18446735280583750992, if_refcount =3D 2967221664, if_ty= pe =3D 0 '\0', if_addrlen =3D 248 '=EF=BF=BD',=20 if_hdrlen =3D 255 '=EF=BF=BD', if_link_state =3D 255 '=EF=BF=BD', if_mtu = =3D 2967221744, if_metric =3D 4294965248,=20 if_baudrate =3D 18446735280583751232, if_hwassist =3D 1844673528058294328= 0, if_epoch =3D -8793126608256, if_lastchange =3D { tv_sec =3D -8793126608176, tv_usec =3D 0}, if_snd =3D {ifq_head =3D 0x0= , ifq_tail =3D 0x0, ifq_len =3D 0, ifq_maxlen =3D 0,=20 ifq_mtx =3D {lock_object =3D {lo_name =3D 0x0, lo_flags =3D 503152064, = lo_data =3D 4294965252,=20 lo_witness =3D 0xfffff800053ee3c0}, mtx_lock =3D 184467352777045371= 04}, ifq_drv_head =3D 0xfffff800053ee460,=20 ifq_drv_tail =3D 0x0, ifq_drv_len =3D -1326900496, ifq_drv_maxlen =3D -= 2048, altq_type =3D -1326900416,=20 altq_flags =3D -2048, altq_disc =3D 0xfffff800b0cfe320, altq_ifp =3D 0xfffff800b0cfe370,=20 altq_enqueue =3D 0xfffff800b0cfe3c0, altq_dequeue =3D 0xfffff800b0cfe41= 0, altq_request =3D 0xfffff800b0dc3870,=20 altq_clfier =3D 0xfffff800b100f8c0, altq_classify =3D 0xfffff800b100f91= 0, altq_tbr =3D 0x0, altq_cdnr =3D 0x0},=20 if_linktask =3D {ta_link =3D {stqe_next =3D 0x0}, ta_pending =3D 0, ta_pr= iority =3D 0, ta_func =3D 0xfffff800b100fa00,=20 ta_context =3D 0x0}, if_addr_lock =3D {lock_object =3D {lo_name =3D 0xfffff800b0b8a1e0 "\200}=EF=BF=BD\035\004=EF=BF=BD=EF=BF=BD=EF=BF=BD\220= =EF=BF=BD=EF=BF=BD=EF=BF=BD",=20 lo_flags =3D 2964890160, lo_data =3D 4294965248, lo_witness =3D 0xfffff800b0b8a280}, rw_lock =3D 18446735280581419728},=20 if_addrhead =3D {tqh_first =3D 0x0, tqh_last =3D 0xfffff800b1044960}, if_= multiaddrs =3D {tqh_first =3D 0x0, tqh_last =3D 0x0},=20 if_amcount =3D 0, if_addr =3D 0x0, if_broadcastaddr =3D 0xfffff800b0e91d70 "\200}=EF=BF=BD\035\004=EF=BF=BD=EF=BF=BD=EF=BF=BD=EF=BF=BD\033=EF=BF=BD=EF= =BF=BD", if_afdata_lock =3D { lock_object =3D {lo_name =3D 0xfffff800b0e91dc0 "\200}=EF=BF=BD\035\004= =EF=BF=BD=EF=BF=BD=EF=BF=BDp\035=EF=BF=BD=EF=BF=BD", lo_flags =3D 2967222464,=20 lo_data =3D 4294965248, lo_witness =3D 0xfffff800b0dc3910}, rw_lock = =3D 18446735280583752032},=20 if_afdata =3D 0xfffff8002be6ca08, if_afdata_initialized =3D -1330076256, = if_fib =3D 4294965248,=20 if_vnet =3D 0xfffff800b0b8a5f0, if_home_vnet =3D 0xfffff800b0b8a640, if_v= lantrunk =3D 0xfffff800b100fe60,=20 if_bpf =3D 0xfffff800b100feb0, if_pcount =3D -1325334784, if_bridge =3D 0xfffff800b100ff50, if_lagg =3D 0x0,=20 if_pf_kif =3D 0xfffff800b1072000, if_carp =3D 0xfffff800b1072050, if_labe= l =3D 0xfffff800b10720a0,=20 if_netmap =3D 0xfffff800b0b8a690, if_output =3D 0xfffff800b0b8a6e0, if_in= put =3D 0xfffff800b0b8a730,=20 if_start =3D 0xfffff800b0f5c280, if_ioctl =3D 0xfffff800b0f5c2d0, if_init= =3D 0, if_resolvemulti =3D 0,=20 if_qflush =3D 0xfffff800b0cfea00, if_transmit =3D 0xfffff800b0cfea50, if_= reassign =3D 0xfffff800b0cfeaa0,=20 if_get_counter =3D 0xfffff800b0dc3f50, if_requestencap =3D 0xfffff800b107= 2320, if_counters =3D 0xfffff8002be6cc10,=20 if_hw_tsomax =3D 2968896528, if_hw_tsomaxsegcount =3D 4294965248, if_hw_tsomaxsegsize =3D 2970036096,=20 if_pspare =3D 0xfffff8002be6cc80, if_hw_addr =3D 0xfffff800b0cfebe0, if_p= cp =3D 160 '=EF=BF=BD',=20 if_bspare =3D 0xfffff8002be6cca1 "\020=EF=BF=BD=EF=BF=BD", if_ispare =3D = 0xfffff8002be6cca4} --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-227720-7501-OXjlHF6cl7>