From owner-freebsd-net@freebsd.org  Tue Jun 25 02:49:39 2019
Return-Path: <owner-freebsd-net@freebsd.org>
Delivered-To: freebsd-net@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 4CD2715B8D14
 for <freebsd-net@mailman.ysv.freebsd.org>;
 Tue, 25 Jun 2019 02:49:39 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org
 [IPv6:2001:1900:2254:206a::50:5])
 by mx1.freebsd.org (Postfix) with ESMTP id C4F2F6CE5D
 for <freebsd-net@freebsd.org>; Tue, 25 Jun 2019 02:49:38 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: by mailman.ysv.freebsd.org (Postfix)
 id 852ED15B8D0E; Tue, 25 Jun 2019 02:49:38 +0000 (UTC)
Delivered-To: net@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 4A8BE15B8D0D
 for <net@mailman.ysv.freebsd.org>; Tue, 25 Jun 2019 02:49:38 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from mxrelay.ysv.freebsd.org (mxrelay.ysv.freebsd.org
 [IPv6:2001:1900:2254:206a::19:3])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 server-signature RSA-PSS (4096 bits)
 client-signature RSA-PSS (4096 bits) client-digest SHA256)
 (Client CN "mxrelay.ysv.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id DDEBA6CE54
 for <net@FreeBSD.org>; Tue, 25 Jun 2019 02:49:37 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mxrelay.ysv.freebsd.org (Postfix) with ESMTPS id F15E175FD
 for <net@FreeBSD.org>; Tue, 25 Jun 2019 02:49:36 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id x5P2naq6091423
 for <net@FreeBSD.org>; Tue, 25 Jun 2019 02:49:36 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
Received: (from www@localhost)
 by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id x5P2na3k091419
 for net@FreeBSD.org; Tue, 25 Jun 2019 02:49:36 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
X-Authentication-Warning: kenobi.freebsd.org: www set sender to
 bugzilla-noreply@freebsd.org using -f
From: bugzilla-noreply@freebsd.org
To: net@FreeBSD.org
Subject: [Bug 230498] Fatal trap 12: page fault while in kernel mode in
 sysctl_dumpentry from sysctl NET_RT_DUMP
Date: Tue, 25 Jun 2019 02:49:36 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 11.2-STABLE
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Some People
X-Bugzilla-Who: msl0000023508@gmail.com
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: net@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: 
Message-ID: <bug-230498-7501-W3v4xFDG6S@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-230498-7501@https.bugs.freebsd.org/bugzilla/>
References: <bug-230498-7501@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net/>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 25 Jun 2019 02:49:39 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D230498

--- Comment #23 from WHR <msl0000023508@gmail.com> ---
I'm running a 12.0-STABLE r349024 amd64 system; 2 PPP over SSH tunnels (as a
server) with the user space ppp(8) implementation running on it.

I later noticed the fix has already been MFCed into 12-STABLE branch via
r341677.

This kernel panic is still happening when I trying to restart those PPP
instances (using 'killall ppp', for example).

# kgdb -c vmcore.3 /boot/kernel/kernel=20
GNU gdb (GDB) 8.3 [GDB v8.3 for FreeBSD]
Copyright (C) 2019 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.htm=
l>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-portbld-freebsd12.0".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
    <http://www.gnu.org/software/gdb/documentation/>.

For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from /boot/kernel/kernel...
Reading symbols from /usr/lib/debug//boot/kernel/kernel.debug...

Unread portion of the kernel message buffer:
cpuid =3D 3; apic id =3D 06
fault virtual address   =3D 0x0
fault code              =3D supervisor read data, page not present
instruction pointer     =3D 0x20:0xffffffff80cf66a3
stack pointer           =3D 0x28:0xfffffe002cd084f0
frame pointer           =3D 0x28:0xfffffe002cd08630
code segment            =3D base 0x0, limit 0xfffff, type 0x1b
                        =3D DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags        =3D interrupt enabled, resume, IOPL =3D 0
current process         =3D 1926 (ppp)
trap number             =3D 12
panic: page fault
cpuid =3D 3
time =3D 1561396369
KDB: stack backtrace:
#0 0xffffffff80c16e77 at kdb_backtrace+0x67
#1 0xffffffff80bcad3d at vpanic+0x19d
#2 0xffffffff80bcab93 at panic+0x43
#3 0xffffffff810a84b5 at trap_fatal+0x395
#4 0xffffffff810a8519 at trap_pfault+0x49
#5 0xffffffff810a7aff at trap+0x29f
#6 0xffffffff81082cf5 at calltrap+0x8
#7 0xffffffff80cf0110 at rn_walktree+0x80
#8 0xffffffff80cf5b4b at sysctl_rtsock+0x2db
#9 0xffffffff80bd9b4b at sysctl_root_handler_locked+0x8b
#10 0xffffffff80bd91ed at sysctl_root+0x24d
#11 0xffffffff80bd986a at userland_sysctl+0x17a
#12 0xffffffff80bd96af at sys___sysctl+0x5f
#13 0xffffffff810a9084 at amd64_syscall+0x364
#14 0xffffffff810835dd at fast_syscall_common+0x101
Uptime: 2h0m31s
(ada0:ahcich1:0:0:0): spin-down
Dumping 289 out of 3952 MB: (CTRL-C to abort)
..6%..12%..23%..34%..45%..56%..61%..72%..83%..94%

__curthread () at /usr/src/sys/amd64/include/pcpu.h:234
234             __asm("movq %%gs:%P1,%0" : "=3Dr" (td) : "n"
(OFFSETOF_CURTHREAD));
(kgdb) bt
#0  __curthread () at /usr/src/sys/amd64/include/pcpu.h:234
#1  doadump (textdump=3D<optimized out>) at /usr/src/sys/kern/kern_shutdown=
.c:371
#2  0xffffffff80bca938 in kern_reboot (howto=3D260) at
/usr/src/sys/kern/kern_shutdown.c:451
#3  0xffffffff80bcad99 in vpanic (fmt=3D<optimized out>, ap=3D<optimized ou=
t>)
    at /usr/src/sys/kern/kern_shutdown.c:877
#4  0xffffffff80bcab93 in panic (fmt=3D<unavailable>) at
/usr/src/sys/kern/kern_shutdown.c:804
#5  0xffffffff810a84b5 in trap_fatal (frame=3D0xfffffe002cd08430, eva=3D0)
    at /usr/src/sys/amd64/amd64/trap.c:948
#6  0xffffffff810a8519 in trap_pfault (frame=3D0xfffffe002cd08430, usermode=
=3D0)
    at /usr/src/sys/amd64/amd64/trap.c:767
#7  0xffffffff810a7aff in trap (frame=3D0xfffffe002cd08430) at
/usr/src/sys/amd64/amd64/trap.c:443
#8  <signal handler called>
#9  0xffffffff80cf66a3 in sysctl_dumpentry (rn=3D0xfffff80004901680,
vw=3D0xfffffe002cd087b8)
    at /usr/src/sys/net/rtsock.c:1579
#10 0xffffffff80cf0110 in rn_walktree (h=3D<optimized out>, f=3D0xffffffff8=
0cf6500
<sysctl_dumpentry>,=20
    w=3D0xfffffe002cd087b8) at /usr/src/sys/net/radix.c:1096
#11 0xffffffff80cf5b4b in sysctl_rtsock (oidp=3D<optimized out>, arg1=3D<op=
timized
out>,=20
    arg2=3D<optimized out>, req=3D<optimized out>) at
/usr/src/sys/net/rtsock.c:1942
#12 0xffffffff80bd9b4b in sysctl_root_handler_locked (
    oid=3D0xffffffff81b2c960 <sysctl___net_routetable>, arg1=3D0xfffffe002c=
d08a38,
arg2=3D4,=20
    req=3D0xfffffe002cd08970, tracker=3D0xfffffe002cd088e8) at
/usr/src/sys/kern/kern_sysctl.c:166
#13 0xffffffff80bd91ed in sysctl_root (oidp=3D<optimized out>,
arg1=3D0xfffffe002cd08a38, arg2=3D4,=20
    req=3D0xfffffe002cd08970) at /usr/src/sys/kern/kern_sysctl.c:2033
#14 0xffffffff80bd986a in userland_sysctl (td=3D0xfffff8006a5e2000,
name=3D0xfffffe002cd08a30,=20
    namelen=3D6, old=3D<optimized out>, oldlenp=3D<optimized out>,
inkernel=3D<optimized out>, new=3D0x0,=20
    newlen=3D0, retval=3D0xfffffe002cd08a98, flags=3D0) at
/usr/src/sys/kern/kern_sysctl.c:2128
#15 0xffffffff80bd96af in sys___sysctl (td=3D0xfffff8006a5e2000,
uap=3D0xfffff8006a5e23c0)
    at /usr/src/sys/kern/kern_sysctl.c:2063
#16 0xffffffff810a9084 in syscallenter (td=3D0xfffff8006a5e2000)
    at /usr/src/sys/amd64/amd64/../../kern/subr_syscall.c:135
#17 amd64_syscall (td=3D0xfffff8006a5e2000, traced=3D0) at
/usr/src/sys/amd64/amd64/trap.c:1192
#18 <signal handler called>
#19 0x00000008007df91a in ?? ()
Backtrace stopped: Cannot access memory at address 0x7fffffffdc98
(kgdb) frame 9
#9  0xffffffff80cf66a3 in sysctl_dumpentry (rn=3D0xfffff80004901680,
vw=3D0xfffffe002cd087b8)
    at /usr/src/sys/net/rtsock.c:1579
1579                    info.rti_info[RTAX_IFP] =3D
rt->rt_ifp->if_addr->ifa_addr;
(kgdb) p rt
$2 =3D (struct rtentry *) 0xfffff80004901680
(kgdb) p rt->rt_ifp=20
$3 =3D (struct ifnet *) 0xfffff80004f9f800
(kgdb) p rt->rt_ifp->if_addr
$4 =3D (struct ifaddr *) 0x0

--=20
You are receiving this mail because:
You are the assignee for the bug.=