[Bug 236356] Kernel panic after disconnect pptp client...

bugzilla-noreply at freebsd.org bugzilla-noreply at freebsd.org
Thu Mar 7 10:10:21 UTC 2019


            Bug ID: 236356
           Summary: Kernel panic after disconnect pptp client...
           Product: Base System
           Version: 12.0-STABLE
          Hardware: amd64
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: kern
          Assignee: bugs at FreeBSD.org
          Reporter: admin at 5034.ru

Hi All,

FreeBSD version:
FreeBSD server.5034.ru 12.0-STABLE FreeBSD 12.0-STABLE #2 r343904M:

Kernel panic after disconnect pptp client (client was connected via mpd5):

# kgdb /boot/kernel/kernel /var/crash/vmcore.last
GNU gdb (GDB) 8.2.1 [GDB v8.2.1 for FreeBSD]
Copyright (C) 2018 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-portbld-freebsd12.0".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
Find the GDB manual and other documentation resources online at:

For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from /boot/kernel/kernel...Reading symbols from

Unread portion of the kernel message buffer:
frame pointer           = 0x28:0xfffffe0050180600
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 985 (mpd5)
trap number             = 12
panic: page fault
cpuid = 2
time = 1551948804
KDB: stack backtrace:
#0 0xffffffff80c531c7 at kdb_backtrace+0x67
#1 0xffffffff80c07143 at vpanic+0x1a3
#2 0xffffffff80c06f93 at panic+0x43
#3 0xffffffff8118d9ff at trap_fatal+0x35f
#4 0xffffffff8118da59 at trap_pfault+0x49
#5 0xffffffff8118d07e at trap+0x29e
#6 0xffffffff81168af5 at calltrap+0x8
#7 0xffffffff80dafecf at in_ifdetach+0x6f
#8 0xffffffff80d0af5d at if_detach_internal+0x8ed
#9 0xffffffff80d0a65e at if_detach+0x2e
#10 0xffffffff80d8e1f3 at ng_iface_shutdown+0x43
#11 0xffffffff80d87255 at ng_rmnode+0x1e5
#12 0xffffffff80d89581 at ng_apply_item+0x421
#13 0xffffffff80d88f10 at ng_snd_item+0x130
#14 0xffffffff80da248c at ngc_send+0x19c
#15 0xffffffff80c9de16 at sosend_generic+0x586
#16 0xffffffff80c9e120 at sosend+0x50
#17 0xffffffff80ca4f17 at kern_sendit+0x237
Uptime: 1d14h48m43s
Dumping 1005 out of 8077 MB:..2%..12%..21%..31%..42%..51%..61%..71%..82%..91%

__curthread () at ./machine/pcpu.h:230
230             __asm("movq %%gs:%P1,%0" : "=r" (td) : "n"
(kgdb) bt
#0  __curthread () at ./machine/pcpu.h:230
#1  doadump (textdump=<optimized out>) at /usr/src/sys/kern/kern_shutdown.c:366
#2  0xffffffff80c06d2b in kern_reboot (howto=260) at
#3  0xffffffff80c071a3 in vpanic (fmt=<optimized out>, ap=0xfffffe0050180310)
at /usr/src/sys/kern/kern_shutdown.c:872
#4  0xffffffff80c06f93 in panic (fmt=<unavailable>) at
#5  0xffffffff8118d9ff in trap_fatal (frame=0xfffffe0050180500, eva=24) at
#6  0xffffffff8118da59 in trap_pfault (frame=0xfffffe0050180500, usermode=0) at
#7  0xffffffff8118d07e in trap (frame=0xfffffe0050180500) at
#8  <signal handler called>
#9  0xffffffff80dbb7c8 in in_pcbpurgeif0 (pcbinfo=<optimized out>,
ifp=0xfffff80165986800) at /usr/src/sys/netinet/in_pcb.c:1804
#10 0xffffffff80dafecf in in_ifdetach (ifp=0xfffff80165986800) at
#11 0xffffffff80d0af5d in if_detach_internal (ifp=<optimized out>, vmove=0,
ifcp=0x0) at /usr/src/sys/net/if.c:1160
#12 0xffffffff80d0a65e in if_detach (ifp=0x0) at /usr/src/sys/net/if.c:1039
#13 0xffffffff80d8e1f3 in ng_iface_shutdown (node=0xfffff80124360d00) at
#14 0xffffffff80d87255 in ng_rmnode (node=0xfffff80124360d00, dummy1=<optimized
out>, dummy2=<optimized out>, dummy3=<optimized out>)
    at /usr/src/sys/netgraph/ng_base.c:757
#15 0xffffffff80d89581 in ng_generic_msg (here=0xfffff80124360d00,
item=<optimized out>, lasthook=<optimized out>) at
#16 ng_apply_item (node=0xfffff80124360d00, item=0xfffff80228799c80, rw=1) at
#17 0xffffffff80d88f10 in ng_snd_item (item=0xfffff80228799c80, flags=0) at
#18 0xffffffff80da248c in ngc_send (so=<optimized out>, flags=<optimized out>,
m=0xfffff801cac0f000, addr=<optimized out>, control=<optimized out>,
td=<optimized out>)
    at /usr/src/sys/netgraph/ng_socket.c:338
#19 0xffffffff80c9de16 in sosend_generic (so=0xfffff8002b8bf6d0,
addr=0xfffff8017d9d5f70, uio=0xfffffe0050180988, top=0xfffff801cac0f000,
control=0x2363, flags=0,
    td=0xfffff8002bc14580) at /usr/src/sys/kern/uipc_socket.c:1582
#20 0xffffffff80c9e120 in sosend (so=0x0, addr=0xfffff80165986800,
uio=0xfffff8002bc14580, top=0x1, control=0x0, flags=-2008371993,
    at /usr/src/sys/kern/uipc_socket.c:1628
#21 0xffffffff80ca4f17 in kern_sendit (td=0xfffff8002bc14580, s=5,
mp=<optimized out>, flags=0, control=0x0, segflg=UIO_USERSPACE)
    at /usr/src/sys/kern/uipc_syscalls.c:796
#22 0xffffffff80ca528e in sendit (td=0xfffff8002bc14580, s=5,
mp=0xfffffe0050180a70, flags=0) at /usr/src/sys/kern/uipc_syscalls.c:721
#23 0xffffffff80ca50dd in sys_sendto (td=0x0, uap=<optimized out>) at
#24 0xffffffff8118e592 in syscallenter (td=<optimized out>) at
#25 amd64_syscall (td=0xfffff8002bc14580, traced=0) at
#26 <signal handler called>
#27 0x000000080091a64a in ?? ()
Backtrace stopped: Cannot access memory at address 0x7fffdfffd6f8
(kgdb) frame 8
#8  <signal handler called>
(kgdb) frame 9
#9  0xffffffff80dbb7c8 in in_pcbpurgeif0 (pcbinfo=<optimized out>,
ifp=0xfffff80165986800) at /usr/src/sys/netinet/in_pcb.c:1804
1804                                    if (imo->imo_membership[i]->inm_ifp ==
ifp) {
(kgdb) frame 10
#10 0xffffffff80dafecf in in_ifdetach (ifp=0xfffff80165986800) at
1002            in_pcbpurgeif0(&V_udbinfo, ifp);
(kgdb) frame 11
#11 0xffffffff80d0af5d in if_detach_internal (ifp=<optimized out>, vmove=0,
ifcp=0x0) at /usr/src/sys/net/if.c:1160
1160            in_ifdetach(ifp);

You are receiving this mail because:
You are the assignee for the bug.

More information about the freebsd-bugs mailing list