I’ve run into a reproducible panic on a VIMAGE kernel with ‘sysctl -a’.

Relevant backtrace bits:
#8  0xffffffff80e7dd28 in trap (frame=0xfffffe01f16b26a0)
    at /usr/src/sys/amd64/amd64/trap.c:426
#9  0xffffffff80e5e6a2 in calltrap ()
    at /usr/src/sys/amd64/amd64/exception.S:235
#10 0xffffffff80cea67d in uma_zone_get_cur (zone=0x0)
    at /usr/src/sys/vm/uma_core.c:3006
#11 0xffffffff80cec029 in sysctl_handle_uma_zone_cur (
    oidp=0xffffffff818a7c90, arg1=0xfffffe00010c0438, arg2=0,
    req=0xfffffe01f16b2868) at /usr/src/sys/vm/uma_core.c:3580
#12 0xffffffff80a28614 in sysctl_root_handler_locked (oid=0xffffffff818a7c90,
    arg1=0xfffffe00010c0438, arg2=0, req=0xfffffe01f16b2868)
    at /usr/src/sys/kern/kern_sysctl.c:183
#13 0xffffffff80a27d70 in sysctl_root (arg1=<value optimized out>,
    arg2=<value optimized out>) at /usr/src/sys/kern/kern_sysctl.c:1694
#14 0xffffffff80a28372 in userland_sysctl (td=0x0, name=0xfffffe01f16b2930,
    namelen=<value optimized out>, old=<value optimized out>,
    oldlenp=<value optimized out>, inkernel=<value optimized out>,
    new=<value optimized out>, newlen=<value optimized out>,
    retval=<value optimized out>, flags=0)
    at /usr/src/sys/kern/kern_sysctl.c:1798
#15 0xffffffff80a28144 in sys___sysctl (td=0xfffff8000b1e49a0,
    uap=0xfffffe01f16b2a40) at /usr/src/sys/kern/kern_sysctl.c:1724

In essence, what happens is that we end up in sysctl_handle_uma_zone_cur() and 
arg1 is a pointer to NULL, 
so we call uma_zone_get_cur(zone); with zone == NULL.

There’s been a bit of churn around tcp_reass_zone, and I think the latest 
version is wrong.
It marks the sysctl as CTLFLAG_VNET, but the exposed variable is not 

The following fixes it for me:

diff --git a/sys/netinet/tcp_reass.c b/sys/netinet/tcp_reass.c
index 77d8940..3913ef3 100644
--- a/sys/netinet/tcp_reass.c
+++ b/sys/netinet/tcp_reass.c
@@ -84,7 +84,7 @@ SYSCTL_INT(_net_inet_tcp_reass, OID_AUTO, maxsegments, 
     "Global maximum number of TCP Segments in Reassembly Queue");

 static uma_zone_t tcp_reass_zone;
-SYSCTL_UMA_CUR(_net_inet_tcp_reass, OID_AUTO, cursegments, CTLFLAG_VNET,
+SYSCTL_UMA_CUR(_net_inet_tcp_reass, OID_AUTO, cursegments, 0,
     "Global number of TCP Segments currently in Reassembly Queue”);

freebsd-current@freebsd.org mailing list
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"

Reply via email to