Date: Thu, 16 Jan 1997 18:36:03 -0800 (PST) From: Dave Cornejo <dave@dogwood.com> To: FreeBSD-gnats-submit@freebsd.org Subject: kern/2513: pppd causes panic Message-ID: <199701170236.SAA23094@white.dogwood.com> Resent-Message-ID: <199701170240.SAA04721@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 2513
>Category: kern
>Synopsis: a PPP connection causes a page fault panic
>Confidential: no
>Severity: critical
>Priority: high
>Responsible: freebsd-bugs
>State: open
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Thu Jan 16 18:40:01 PST 1997
>Last-Modified:
>Originator: Dave Cornejo
>Organization:
Dogwood Media
>Release: FreeBSD 3.0-CURRENT i386
>Environment:
FreeBSD 3.0-CURRENT cvsupped Jan 16 07:11 PST
>Description:
When a PPP connection is established we get a panic due to a page fault.
The dump stack trace:
#0 boot (howto=256) at ../../kern/kern_shutdown.c:243
#1 0xf0111482 in panic (fmt=0xf01b72ff "page fault")
at ../../kern/kern_shutdown.c:367
#2 0xf01b7e66 in trap_fatal (frame=0xefbffcd8) at ../../i386/i386/trap.c:742
#3 0xf01b7954 in trap_pfault (frame=0xefbffcd8, usermode=0)
at ../../i386/i386/trap.c:653
#4 0xf01b762f in trap (frame={tf_es = 16, tf_ds = -229244912, tf_edi = 0,
tf_esi = 0, tf_ebp = -272630480, tf_isp = -272630528,
tf_ebx = -266443772, tf_edx = 0, tf_ecx = -2145359567,
tf_eax = -1073544038, tf_trapno = 12, tf_err = 0, tf_eip = -267108901,
tf_cs = 8, tf_eflags = 66118, tf_esp = -228623456, tf_ss = -1073610752})
at ../../i386/i386/trap.c:311
#5 0xf0143ddb in pppsioctl (ifp=0xf01e6404, cmd=-2145359567, data=0x0)
at ../../net/if_ppp.c:547
#6 0xf01425b1 in if_addmulti (ifp=0xf01e6404, sa=0xefbffd80,
retifma=0xefbffd7c) at ../../net/if.c:888
#7 0xf014e058 in in_addmulti (ap=0xefbffdb4, ifp=0xf01e6404)
at ../../netinet/in.c:535
#8 0xf014dfa4 in in_ifinit (ifp=0xf01e6404, ia=0xf25fe000, sin=0xefbffee4,
scrub=0) at ../../netinet/in.c:465
#9 0xf014dc64 in in_control (so=0xf2600500, cmd=2151704858,
data=0xefbffed4 "ppp0", ifp=0xf01e6404) at ../../netinet/in.c:336
#10 0xf01584d2 in udp_usrreq (so=0xf2600500, req=11, m=0x8040691a,
addr=0xefbffed4, control=0xf01e6404) at ../../netinet/udp_usrreq.c:479
#11 0xf012784a in old_control (so=0xf2600500, cmd=-2143262438,
data=0xefbffed4 "ppp0", ifp=0xf01e6404) at ../../kern/uipc_socket2.c:881
#12 0xf0142057 in ifioctl (so=0xf2600500, cmd=-2143262438,
data=0xefbffed4 "ppp0", p=0xf25eb800) at ../../net/if.c:642
#13 0xf011ad0a in soo_ioctl (fp=0xf2602bc0, cmd=-2143262438,
data=0xefbffed4 "ppp0", p=0xf25eb800) at ../../kern/sys_socket.c:138
#14 0xf0118a73 in ioctl (p=0xf25eb800, uap=0xefbfff94, retval=0xefbfff84)
at ../../kern/sys_generic.c:497
#15 0xf01b80ff in syscall (frame={tf_es = 39, tf_ds = 39, tf_edi = -251658241,
tf_esi = 302098624, tf_ebp = -272639028, tf_isp = -272629788,
tf_ebx = 285321408, tf_edx = 0, tf_ecx = 0, tf_eax = 54, tf_trapno = 7,
tf_err = 7, tf_eip = 134762129, tf_cs = 31, tf_eflags = 658,
tf_esp = -272639120, tf_ss = 39}) at ../../i386/i386/trap.c:892
#16 0x8084e91 in ?? ()
#17 0x698c in ?? ()
#18 0x35c0 in ?? ()
#19 0x3322 in ?? ()
#20 0x5971 in ?? ()
#21 0x22c4 in ?? ()
#22 0x2109 in ?? ()
#23 0x1095 in ?? ()
the fault occurs in line 547 of if_ppp.c - ifr == NULL at this point.
ifr is set in line 483 by casting data to (struct ifreq *). This is
called at line 888 of if.c in if_addmulti() which is pretty blatantly
wrong:
ifp->if_ioctl(ifp, SIOCADDMULTI, 0);
^^^
>How-To-Repeat:
run pppd
>Fix:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199701170236.SAA23094>