Date: Tue, 15 Jul 2014 16:42:25 +0400 From: "Alexander V. Chernikov" <melifaro@yandex-team.ru> To: chk <chk.jxcn@gmail.com>, freebsd-net <freebsd-net@freebsd.org> Subject: Re: tincd and mpd5 make kernel panic Message-ID: <53C521B1.5050605@yandex-team.ru> In-Reply-To: <tencent_66CDE1C06B59A6B02B09CA2B@qq.com> References: <tencent_66CDE1C06B59A6B02B09CA2B@qq.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 15.07.2014 14:36, chk wrote:
> Hi, everyone,
> Help....
> I have a tincd vpn running in freebsd box FreeBSD 10.0-RELEASE-p2 #0 r265318M.
> below is ifconfig outut:
> [chk@NUC ~]$ ifconfig
> em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
> options=4219b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4,WOL_MAGIC,VLAN_HWTSO>
> ether ec:a8:6b:f3:76:6a
> inet 192.168.2.202 netmask 0xffffff00 broadcast 255.255.255.255
> nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
> media: Ethernet autoselect (100baseTX <full-duplex>)
> status: active
> lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
> options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
> inet6 ::1 prefixlen 128
> inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2
> inet 127.0.0.1 netmask 0xff000000
> nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
> run0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 2290
> ether c8:3a:35:c0:b8:2f
> nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
> media: IEEE 802.11 Wireless Ethernet autoselect mode 11g
> status: associated
> em0.3: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
> options=103<RXCSUM,TXCSUM,TSO4>
> ether ec:a8:6b:f3:76:6a
> inet 192.168.3.1 netmask 0xffffff00 broadcast 255.255.255.0
> inet6 fe80::eea8:6bff:fef3:766a%em0.3 prefixlen 64 scopeid 0x4
> nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
> media: Ethernet autoselect (100baseTX <full-duplex>)
> status: active
> vlan: 3 parent interface: em0
> wlan0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
> ether c8:3a:35:c0:b8:2f
> inet 192.168.30.222 netmask 0xffffff00 broadcast 255.255.255.0
> inet6 fe80::ca3a:35ff:fec0:b82f%wlan0 prefixlen 64 scopeid 0x5
> nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
> media: IEEE 802.11 Wireless Ethernet autoselect (autoselect)
> status: no carrier
> ssid "" channel 10 (2457 MHz 11g)
> country US authmode WPA1+WPA2/802.11i privacy MIXED deftxkey UNDEF
> txpower 0 bmiss 7 scanvalid 60 protmode CTS wme roaming MANUAL
> tun0: flags=8043<UP,BROADCAST,RUNNING,MULTICAST> metric 0 mtu 1500
> options=80000<LINKSTATE>
> inet 192.168.30.254 netmask 0xffffff00 broadcast 192.168.30.255
> inet6 fe80::eea8:6bff:fef3:766a%tun0 prefixlen 64 scopeid 0x6
> nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
> Opened by PID 1015
> =========================
> Convenient for connect to vpn, I add a pppoe_server to mpd5, but when client dialing up, kernel panic.
Is it reproducible?
Can you issue "route -n monitor" and share its output before the panic?
>
> here is information of core dump:
> [root@NUC /var/log]# kgdb -c ../crash/vmcore.1 /boot/kernel/kernel
> GNU gdb 6.1.1 [FreeBSD]
> Copyright 2004 Free Software Foundation, Inc.
> GDB is free software, covered by the GNU General Public License, and you are
> welcome to change it and/or distribute copies of it under certain conditions.
> Type "show copying" to see the conditions.
> There is absolutely no warranty for GDB. Type "show warranty" for details.
> This GDB was configured as "amd64-marcel-freebsd"...
>
> Unread portion of the kernel message buffer:
>
>
> Fatal trap 12: page fault while in kernel mode
> cpuid = 0; apic id = 00
> fault virtual address = 0x0
> fault code = supervisor read data, page not present
> instruction pointer = 0x20:0xffffffff8098ae09
> stack pointer = 0x28:0xfffffe0234584660
> frame pointer = 0x28:0xfffffe02345846f0
> code segment = base 0x0, limit 0xfffff, type 0x1b
> = DPL 0, pres 1, long 1, def32 0, gran 1
> processor eflags = interrupt enabled, resume, IOPL = 0
> current process = 780 (wpa_supplicant)
> trap number = 12
> panic: page fault
> cpuid = 0
> KDB: stack backtrace:
> #0 0xffffffff808f5910 at kdb_backtrace+0x60
> #1 0xffffffff808bd3f5 at panic+0x155
> #2 0xffffffff80c9c1e2 at trap_fatal+0x3a2
> #3 0xffffffff80c9c4b9 at trap_pfault+0x2c9
> #4 0xffffffff80c9bc46 at trap+0x5e6
> #5 0xffffffff80c82ee2 at calltrap+0x8
> #6 0xffffffff809852f0 at rn_walktree+0x70
> #7 0xffffffff8098a470 at sysctl_rtsock+0x1a0
> #8 0xffffffff808c894f at sysctl_root+0x24f
> #9 0xffffffff808c8f08 at userland_sysctl+0x1d8
> #10 0xffffffff808c8cf4 at sys___sysctl+0x74
> #11 0xffffffff80c9cad7 at amd64_syscall+0x357
> #12 0xffffffff80c831cb at Xfast_syscall+0xfb
> Uptime: 10m24s
> (ada0:ahcich0:0:0:0): STANDBY_IMMEDIATE. ACB: e0 00 00 00 00 40 00 00 00 00 00 00
> (ada0:ahcich0:0:0:0): CAM status: CCB request is in progress
> (ada0:ahcich0:0:0:0): Error 5, Retries exhausted
> (ada0:ahcich0:0:0:0): Spin-down disk failed
> Dumping 439 out of 8067 MB:..4%..11%..22%..33%..41%..51%..62%..73%..81%..92%
> (kgdb) f 7
> #7 0xffffffff8098ae09 in sysctl_dumpentry (rn=0xfffff800110eae10, vw=0xfffffe0234584748)
> at /usr/src/sys/net/rtsock.c:1592
> 1592 info.rti_info[RTAX_IFP] = rt->rt_ifp->if_addr->ifa_addr;
> Current language: auto; currently minimal
> (kgdb) l
> 1587 info.rti_info[RTAX_DST] = rt_key(rt);
> 1588 info.rti_info[RTAX_GATEWAY] = rt->rt_gateway;
> 1589 info.rti_info[RTAX_NETMASK] = rt_mask(rt);
> 1590 info.rti_info[RTAX_GENMASK] = 0;
> 1591 if (rt->rt_ifp) {
> 1592 info.rti_info[RTAX_IFP] = rt->rt_ifp->if_addr->ifa_addr;
This one looks strange. There is a check on added routes that rt_ifp is
not NULL.
> 1593 info.rti_info[RTAX_IFA] = rt->rt_ifa->ifa_addr;
> 1594 if (rt->rt_ifp->if_flags & IFF_POINTOPOINT)
> 1595 info.rti_info[RTAX_BRD] = rt->rt_ifa->ifa_dstaddr;
> 1596 }
> (kgdb) i loc
> info = {rti_addrs = 0, rti_info = {0xfffff80005dace00, 0xfffff80005dace10, 0x0, 0x0, 0x0, 0x0,
> 0x0, 0x0}, rti_flags = 0, rti_ifa = 0x0, rti_ifp = 0x0}
> error = Cannot access memory at address 0x0
> (kgdb) p *rt
> No symbol "rt" in current context.
> (kgdb) p rt
> No symbol "rt" in current context.
> (kgdb) p info
> $1 = {rti_addrs = 0, rti_info = {0xfffff80005dace00, 0xfffff80005dace10, 0x0, 0x0, 0x0, 0x0, 0x0,
> 0x0}, rti_flags = 0, rti_ifa = 0x0, rti_ifp = 0x0}
Can you decode which prefix it is?
e.g.
p (struct sockaddr_in *)info.rti_info[RTAX_DST]
p (struct sockaddr_in *)info.rti_info[RTAX_NETMASK]
and what is ifp (and others):
p (struct rtentry *)0xfffff800110eae10
p *$1
p $1->rt_ip->if_addrs
> _______________________________________________
> freebsd-net@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?53C521B1.5050605>