Date: Sat, 01 Jul 2023 17:21:11 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 272319] FreeBSD kernel crash on MPD5 restart with PPP configuration. Message-ID: <bug-272319-227@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D272319 Bug ID: 272319 Summary: FreeBSD kernel crash on MPD5 restart with PPP configuration. Product: Base System Version: 13.2-RELEASE Hardware: Any OS: Any Status: New Severity: Affects Many People Priority: --- Component: kern Assignee: bugs@FreeBSD.org Reporter: ny2007ltd@gmail.com FreeBSD 12.0-13.2 (both amd64 and i386) have kernel crash on MPD5 daemon restart or OS reboot with PPP configuration. How to reproduce:. 1. Install FreeBSD 13.2 (sample amd64) with default kernel 2. install mpd5 from ports 3. configure mpd5 with PPP over TCP/IP. 4. start MPD5 daemon 5. restart MPD5 or reboot OS 6. kernel crashed. Sample of mpd5 configuration (/usr/local/etc/mpd5/mpd.conf): =3D=3D=3D=3D=3D=3D=3D=3D startup: # set log +all default: load ppp_server ppp_server: set ippool add pool2 10.0.0.0 10.0.255.255 create bundle template B2 set ipcp ranges 10.0.1.1/16 ippool pool2 set iface enable proxy-arp set iface enable tcpmssfix set iface idle 0 create link template L2 tcp set link enable multilink set link enable shortseq set link yes acfcomp protocomp set link action bundle B2 set link disable chap pap eap set link enable chap chap-msv1 chap-msv2 chap-md5 set tcp self 127.0.0.1 57 set link enable incoming =3D=3D=3D=3D=3D=3D Trace: Fatal trap 12: page fault while in kernel mode cpuid =3D 0; apic id =3D 00 fault virtual address =3D 0x18 fault code =3D supervisor write data, page not present instruction pointer =3D 0x20:0xffffffff80be3cc2 stack pointer =3D 0x28:0xfffffe00939e6c70 frame pointer =3D 0x28:0xfffffe00939e6c80 code segment =3D base 0x0, limit 0xfffff, type 0x1b =3D DPL 0, pres 1, long 1, def32 0, gran 1 processor eflags =3D resume, IOPL =3D 0 current process =3D 475 (ng_queue0) trap number =3D 12 panic: page fault cpuid =3D 0 time =3D 1688225854 KDB: stack backtrace: #0 0xffffffff80c53dc5 at kdb_backtrace+0x65 #1 0xffffffff80c06741 at vpanic+0x151 #2 0xffffffff80c065e3 at panic+0x43 #3 0xffffffff810b1fa7 at trap_fatal+0x387 #4 0xffffffff810b1fff at trap_pfault+0x4f #5 0xffffffff81088e78 at calltrap+0x8 #6 0xffffffff80c6bef8 at propagate_priority+0x58 #7 0xffffffff80c6cce3 at turnstile_wait+0x323 #8 0xffffffff80be33a0 at __mtx_lock_sleep+0x180 #9 0xffffffff82b366fb at ng_ksocket_shutdown+0x1ab #10 0xffffffff82b23923 at ng_rmnode+0x1c3 #11 0xffffffff82b258b5 at ng_apply_item+0x85 #12 0xffffffff82b287b8 at ngthread+0x1e8 #13 0xffffffff80bc2fce at fork_exit+0x7e #14 0xffffffff81089eee at fork_trampoline+0xe Uptime: 1m52s Dumping 161 out of 2006 MB:..10%..20%..30%..40%..50%..60%..70%..80%..90%..1= 00% __curthread () at /usr/src/sys/amd64/include/pcpu_aux.h:55 55 __asm("movq %%gs:%P1,%0" : "=3Dr" (td) : "n" (offsetof(stru= ct pcpu, (kgdb) #0 __curthread () at /usr/src/sys/amd64/include/pcpu_aux.h:55 #1 doadump (textdump=3D<optimized out>) at /usr/src/sys/kern/kern_shutdown.c:396 #2 0xffffffff80c0630a in kern_reboot (howto=3D260) at /usr/src/sys/kern/kern_shutdown.c:484 #3 0xffffffff80c067ae in vpanic (fmt=3D<optimized out>,=20 ap=3Dap@entry=3D0xfffffe00939e6ac0) at /usr/src/sys/kern/kern_shutdown.= c:923 #4 0xffffffff80c065e3 in panic (fmt=3D<unavailable>) at /usr/src/sys/kern/kern_shutdown.c:847 #5 0xffffffff810b1fa7 in trap_fatal (frame=3D0xfffffe00939e6bb0, eva=3D24) at /usr/src/sys/amd64/amd64/trap.c:942 #6 0xffffffff810b1fff in trap_pfault (frame=3D0xfffffe00939e6bb0,=20 usermode=3Dfalse, signo=3D<optimized out>, ucode=3D<optimized out>) at /usr/src/sys/amd64/amd64/trap.c:761 #7 <signal handler called> #8 0xffffffff80be3cc2 in atomic_cmpset_long (expect=3D0,=20 src=3D18446741876100055968, dst=3D<optimized out>) at /usr/src/sys/amd64/include/atomic.h:217 #9 _thread_lock (td=3D0xfffff800210a4158) at /usr/src/sys/kern/kern_mutex.= c:845 #10 0xffffffff80c6bef8 in propagate_priority (td=3D0xfffff800210a4158,=20 td@entry=3D0xfffffe00544443a0) at /usr/src/sys/kern/subr_turnstile.c:234 #11 0xffffffff80c6cce3 in turnstile_wait (ts=3Dts@entry=3D0xfffff800104ff24= 0,=20 owner=3Downer@entry=3D0xfffff800210a4158, queue=3Dqueue@entry=3D0) at /usr/src/sys/kern/subr_turnstile.c:808 #12 0xffffffff80be33a0 in __mtx_lock_sleep (c=3D0xfffff800210a4160,=20 v=3D<optimized out>) at /usr/src/sys/kern/kern_mutex.c:668 #13 0xffffffff82b366fb in ng_ksocket_shutdown (node=3D0xfffff80021ae7800) at /usr/src/sys/netgraph/ng_ksocket.c:939 #14 0xffffffff82b23923 in ng_rmnode (node=3D0xfffff80021ae7800,=20 dummy1=3D<optimized out>, dummy2=3D<optimized out>, dummy3=3D<optimized= out>) at /usr/src/sys/netgraph/ng_base.c:758 #15 0xffffffff82b258b5 in ng_apply_item (node=3Dnode@entry=3D0xfffff80021ae= 7800,=20 item=3Ditem@entry=3D0xfffff80021659d80, rw=3Drw@entry=3D1) at /usr/src/sys/netgraph/ng_base.c:2477 #16 0xffffffff82b287b8 in ngthread (arg=3Darg@entry=3D0x0) at /usr/src/sys/netgraph/ng_base.c:3444 #17 0xffffffff80bc2fce in fork_exit (callout=3D0xffffffff82b285d0 <ngthread= >,=20 arg=3D0x0, frame=3D0xfffffe00939e6f40) at /usr/src/sys/kern/kern_fork.c= :1093 #18 <signal handler called> #19 0x000004c708f40bfa in ?? () Backtrace stopped: Cannot access memory at address 0x4c700446b68 (kgdb)=20 =3D=3D=3D=3D=3D=3D=3D=3D=3D Reproduced in stable way. Visibility only with PPP over TCP/IP,=20 PPTP or L2TP not have such question. FreeBSD 11 kernel work good=20 and not have such problem. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-272319-227>