Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 25 Jun 2019 02:49:36 +0000
From:      bugzilla-noreply@freebsd.org
To:        net@FreeBSD.org
Subject:   [Bug 230498] Fatal trap 12: page fault while in kernel mode in sysctl_dumpentry from sysctl NET_RT_DUMP
Message-ID:  <bug-230498-7501-W3v4xFDG6S@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-230498-7501@https.bugs.freebsd.org/bugzilla/>
References:  <bug-230498-7501@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D230498

--- Comment #23 from WHR <msl0000023508@gmail.com> ---
I'm running a 12.0-STABLE r349024 amd64 system; 2 PPP over SSH tunnels (as a
server) with the user space ppp(8) implementation running on it.

I later noticed the fix has already been MFCed into 12-STABLE branch via
r341677.

This kernel panic is still happening when I trying to restart those PPP
instances (using 'killall ppp', for example).

# kgdb -c vmcore.3 /boot/kernel/kernel=20
GNU gdb (GDB) 8.3 [GDB v8.3 for FreeBSD]
Copyright (C) 2019 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.htm=
l>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-portbld-freebsd12.0".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
    <http://www.gnu.org/software/gdb/documentation/>.

For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from /boot/kernel/kernel...
Reading symbols from /usr/lib/debug//boot/kernel/kernel.debug...

Unread portion of the kernel message buffer:
cpuid =3D 3; apic id =3D 06
fault virtual address   =3D 0x0
fault code              =3D supervisor read data, page not present
instruction pointer     =3D 0x20:0xffffffff80cf66a3
stack pointer           =3D 0x28:0xfffffe002cd084f0
frame pointer           =3D 0x28:0xfffffe002cd08630
code segment            =3D base 0x0, limit 0xfffff, type 0x1b
                        =3D DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags        =3D interrupt enabled, resume, IOPL =3D 0
current process         =3D 1926 (ppp)
trap number             =3D 12
panic: page fault
cpuid =3D 3
time =3D 1561396369
KDB: stack backtrace:
#0 0xffffffff80c16e77 at kdb_backtrace+0x67
#1 0xffffffff80bcad3d at vpanic+0x19d
#2 0xffffffff80bcab93 at panic+0x43
#3 0xffffffff810a84b5 at trap_fatal+0x395
#4 0xffffffff810a8519 at trap_pfault+0x49
#5 0xffffffff810a7aff at trap+0x29f
#6 0xffffffff81082cf5 at calltrap+0x8
#7 0xffffffff80cf0110 at rn_walktree+0x80
#8 0xffffffff80cf5b4b at sysctl_rtsock+0x2db
#9 0xffffffff80bd9b4b at sysctl_root_handler_locked+0x8b
#10 0xffffffff80bd91ed at sysctl_root+0x24d
#11 0xffffffff80bd986a at userland_sysctl+0x17a
#12 0xffffffff80bd96af at sys___sysctl+0x5f
#13 0xffffffff810a9084 at amd64_syscall+0x364
#14 0xffffffff810835dd at fast_syscall_common+0x101
Uptime: 2h0m31s
(ada0:ahcich1:0:0:0): spin-down
Dumping 289 out of 3952 MB: (CTRL-C to abort)
..6%..12%..23%..34%..45%..56%..61%..72%..83%..94%

__curthread () at /usr/src/sys/amd64/include/pcpu.h:234
234             __asm("movq %%gs:%P1,%0" : "=3Dr" (td) : "n"
(OFFSETOF_CURTHREAD));
(kgdb) bt
#0  __curthread () at /usr/src/sys/amd64/include/pcpu.h:234
#1  doadump (textdump=3D<optimized out>) at /usr/src/sys/kern/kern_shutdown=
.c:371
#2  0xffffffff80bca938 in kern_reboot (howto=3D260) at
/usr/src/sys/kern/kern_shutdown.c:451
#3  0xffffffff80bcad99 in vpanic (fmt=3D<optimized out>, ap=3D<optimized ou=
t>)
    at /usr/src/sys/kern/kern_shutdown.c:877
#4  0xffffffff80bcab93 in panic (fmt=3D<unavailable>) at
/usr/src/sys/kern/kern_shutdown.c:804
#5  0xffffffff810a84b5 in trap_fatal (frame=3D0xfffffe002cd08430, eva=3D0)
    at /usr/src/sys/amd64/amd64/trap.c:948
#6  0xffffffff810a8519 in trap_pfault (frame=3D0xfffffe002cd08430, usermode=
=3D0)
    at /usr/src/sys/amd64/amd64/trap.c:767
#7  0xffffffff810a7aff in trap (frame=3D0xfffffe002cd08430) at
/usr/src/sys/amd64/amd64/trap.c:443
#8  <signal handler called>
#9  0xffffffff80cf66a3 in sysctl_dumpentry (rn=3D0xfffff80004901680,
vw=3D0xfffffe002cd087b8)
    at /usr/src/sys/net/rtsock.c:1579
#10 0xffffffff80cf0110 in rn_walktree (h=3D<optimized out>, f=3D0xffffffff8=
0cf6500
<sysctl_dumpentry>,=20
    w=3D0xfffffe002cd087b8) at /usr/src/sys/net/radix.c:1096
#11 0xffffffff80cf5b4b in sysctl_rtsock (oidp=3D<optimized out>, arg1=3D<op=
timized
out>,=20
    arg2=3D<optimized out>, req=3D<optimized out>) at
/usr/src/sys/net/rtsock.c:1942
#12 0xffffffff80bd9b4b in sysctl_root_handler_locked (
    oid=3D0xffffffff81b2c960 <sysctl___net_routetable>, arg1=3D0xfffffe002c=
d08a38,
arg2=3D4,=20
    req=3D0xfffffe002cd08970, tracker=3D0xfffffe002cd088e8) at
/usr/src/sys/kern/kern_sysctl.c:166
#13 0xffffffff80bd91ed in sysctl_root (oidp=3D<optimized out>,
arg1=3D0xfffffe002cd08a38, arg2=3D4,=20
    req=3D0xfffffe002cd08970) at /usr/src/sys/kern/kern_sysctl.c:2033
#14 0xffffffff80bd986a in userland_sysctl (td=3D0xfffff8006a5e2000,
name=3D0xfffffe002cd08a30,=20
    namelen=3D6, old=3D<optimized out>, oldlenp=3D<optimized out>,
inkernel=3D<optimized out>, new=3D0x0,=20
    newlen=3D0, retval=3D0xfffffe002cd08a98, flags=3D0) at
/usr/src/sys/kern/kern_sysctl.c:2128
#15 0xffffffff80bd96af in sys___sysctl (td=3D0xfffff8006a5e2000,
uap=3D0xfffff8006a5e23c0)
    at /usr/src/sys/kern/kern_sysctl.c:2063
#16 0xffffffff810a9084 in syscallenter (td=3D0xfffff8006a5e2000)
    at /usr/src/sys/amd64/amd64/../../kern/subr_syscall.c:135
#17 amd64_syscall (td=3D0xfffff8006a5e2000, traced=3D0) at
/usr/src/sys/amd64/amd64/trap.c:1192
#18 <signal handler called>
#19 0x00000008007df91a in ?? ()
Backtrace stopped: Cannot access memory at address 0x7fffffffdc98
(kgdb) frame 9
#9  0xffffffff80cf66a3 in sysctl_dumpentry (rn=3D0xfffff80004901680,
vw=3D0xfffffe002cd087b8)
    at /usr/src/sys/net/rtsock.c:1579
1579                    info.rti_info[RTAX_IFP] =3D
rt->rt_ifp->if_addr->ifa_addr;
(kgdb) p rt
$2 =3D (struct rtentry *) 0xfffff80004901680
(kgdb) p rt->rt_ifp=20
$3 =3D (struct ifnet *) 0xfffff80004f9f800
(kgdb) p rt->rt_ifp->if_addr
$4 =3D (struct ifaddr *) 0x0

--=20
You are receiving this mail because:
You are the assignee for the bug.=

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-230498-7501-W3v4xFDG6S>