[Bug 205678] [panic] Fatal trap 12: page fault while in kernel mode (in function rtsock_addrmsg)

2015-12-28 Thread bugzilla-noreply 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=205678

Bug ID: 205678
   Summary: [panic] Fatal trap 12: page fault while in kernel mode
(in function rtsock_addrmsg)
   Product: Base System
   Version: 10.2-RELEASE
  Hardware: amd64
OS: Any
Status: New
  Severity: Affects Only Me
  Priority: ---
 Component: kern
  Assignee: freebsd-b...@freebsd.org
  Reporter: aga...@rail.net.ru
CC: freebsd-amd64@FreeBSD.org
CC: freebsd-amd64@FreeBSD.org

I've used an openconnect to connect to my work via vpn.

tun1: flags=8051 metric 0 mtu 1406
options=8
inet 10.21.9.162 --> 10.21.9.162 netmask 0x
nd6 options=29
Opened by PID 42635

every 30 minutes this connection disconnecting (for security reasons by
server), and reinstalling again by cron.
Every 24 hours disconnecting this tunnel causes page fault in kernel in
function: rtsock_addrmsg
/usr/src/sys/net/rtsock.c:line1345> info.rti_info[RTAX_IFP] =
ifp->if_addr->ifa_addr;

logs contains:
Dec 29 03:43:36 rail devd: Processing event '!system=IFNET subsystem=tun1
type=DETACH'
Dec 29 03:43:36 rail kernel:
Dec 29 03:43:36 rail kernel:
Dec 29 03:43:36 rail kernel: Fatal trap 12: page fault while in kernel mode
Dec 29 03:43:36 rail devd: Pushing table
Dec 29 03:43:36 rail devd: Processing notify event
Dec 29 03:43:36 rail devd: Popping table
Dec 29 03:45:14 rail syslogd: restart

in core.txt:
Unread portion of the kernel message buffer:
processor eflags= interrupt enabled, resume, IOPL = 0
current process = 2593 (openconnect)
trap number = 12
panic: page fault
cpuid = 0
KDB: stack backtrace:
#0 0x809960c0 at kdb_backtrace+0x60
#1 0x80959306 at vpanic+0x126
#2 0x809591d3 at panic+0x43
#3 0x80d8096b at trap_fatal+0x36b
#4 0x80d80c6d at trap_pfault+0x2ed
#5 0x80d8030a at trap+0x47a
#6 0x80d66682 at calltrap+0x8
#7 0x80a31767 at rtinit+0x5a7
#8 0x80a27e88 at tunclose+0x1c8
#9 0x80838403 at devfs_close+0x313
#10 0x80ea8861 at VOP_CLOSE_APV+0xa1
#11 0x80a0bcc3 at vn_close+0x133
#12 0x80a0ab08 at vn_closefile+0x48
#13 0x80839cfc at devfs_close_f+0x2c
#14 0x8090e749 at _fdrop+0x29
#15 0x80910fee at closef+0x21e
#16 0x8090eaf8 at closefp+0x98
#17 0x80d81287 at amd64_syscall+0x357
Uptime: 23h53m32s

my temporary patch:
-- info.rti_info[RTAX_IFP] = ifp->if_addr->ifa_addr;
++if ( !sa )
++return (EFAULT);
++
++info.rti_info[RTAX_IFP] = ifp->if_addr->ifa_addr;


here is the backtrace:
(kgdb) bt
#0  doadump (textdump=) at pcpu.h:219
#1  0x80958f62 in kern_reboot (howto=260)
at /usr/src/sys/kern/kern_shutdown.c:451
#2  0x80959345 in vpanic (fmt=,
ap=) at /usr/src/sys/kern/kern_shutdown.c:758
#3  0x809591d3 in panic (fmt=0x0)
at /usr/src/sys/kern/kern_shutdown.c:687
#4  0x80d8096b in trap_fatal (frame=,
eva=) at /usr/src/sys/amd64/amd64/trap.c:851
#5  0x80d80c6d in trap_pfault (frame=0xfe0072a68500,
usermode=) at /usr/src/sys/amd64/amd64/trap.c:674
#6  0x80d8030a in trap (frame=0xfe0072a68500)
at /usr/src/sys/amd64/amd64/trap.c:440
#7  0x80d66682 in calltrap ()
at /usr/src/sys/amd64/amd64/exception.S:236
#8  0x80a32085 in rtsock_addrmsg (cmd=,
ifa=0xf800493bc400, fibnum=3) at /usr/src/sys/net/rtsock.c:1345
#9  0x80a31767 in rtinit (ifa=0xf800493bc400, cmd=2, flags=0)
at /usr/src/sys/net/route.c:1701
#10 0x80a27e88 in tunclose (dev=, foo=96, bar=3,
td=0x0) at /usr/src/sys/net/if_tun.c:478
#11 0x80838403 in devfs_close (ap=0xfe0072a688e0)
at /usr/src/sys/fs/devfs/devfs_vnops.c:618
---Type  to continue, or q  to quit---
#12 0x80ea8861 in VOP_CLOSE_APV (vop=,
a=) at vnode_if.c:535
#13 0x80a0bcc3 in vn_close (vp=0xf8005c97c938, flags=7,
file_cred=0xf800504b3c00, td=0xf80012e9e4a0) at vnode_if.h:225
#14 0x80a0ab08 in vn_closefile (fp=0xf8004cbf0370,
td=0xf80012e9e4a0) at /usr/src/sys/kern/vfs_vnops.c:1566
#15 0x80839cfc in devfs_close_f (fp=0xf8004cbf0370, td=0x60)
at /usr/src/sys/fs/devfs/devfs_vnops.c:637
#16 0x8090e749 in _fdrop (fp=0xf8004cbf0370, td=0x60) at file.h:343
#17 0x80910fee in closef (fp=,
td=) at /usr/src/sys/kern/kern_descrip.c:2338
#18 0x8090eaf8 in closefp (fdp=0xf80012eff000,
fd=, fp=0xf8004cbf0370, td=0xf80012e9e4a0,
holdleaders=) at /usr/src/sys/kern/kern_descrip.c:1194
#19 0x80d81287 in amd64_syscall (td=0xf80012e9e4a0, traced=0)
at subr_syscall.c:134
#20 0x80d6696b in Xfast_syscall ()
at

[Bug 205684] putc function coredump

2015-12-28 Thread bugzilla-noreply 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=205684

Bug ID: 205684
   Summary: putc function coredump
   Product: Base System
   Version: 10.2-STABLE
  Hardware: amd64
OS: Any
Status: New
  Severity: Affects Only Me
  Priority: ---
 Component: gnu
  Assignee: freebsd-b...@freebsd.org
  Reporter: snrt...@126.com
CC: freebsd-amd64@FreeBSD.org
CC: freebsd-amd64@FreeBSD.org

Created attachment 164798
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=164798=edit
code, coredump files

mine system infomation as below:

FreeBSD y2ghost.bsd 10.2-RELEASE FreeBSD 10.2-RELEASE #0 r28: Wed Aug 12
15:26:37 UTC 2015 r...@releng1.nyi.freebsd.org:/usr/obj/usr/src/sys/GENERIC
 amd64



mine code as beblow:
=
#include 

int main(int ac, char *av[])
{
int c = 0;
while (1) {
c = getc(stdin);
if (EOF == c) {
break;
}

c = putc(c, stdout);
if (EOF == c) {
break;
}
}

if (0 != ferror(stdin)) {
printf("%s\n", "input error");
}

return 0;
}
===
then   cc -g xx.c
./a.out 
asdfkaasdfds^\[1]1485 quit (core dumped)  ./a.out

I press ctrl+\, then a.out coredump, the frame infomation as beblow

Loaded symbols for /libexec/ld-elf.so.1
#0  0x000800964f08 in _read () from /lib/libc.so.7
(gdb) bt
#0  0x000800964f08 in _read () from /lib/libc.so.7
#1  0x000800964840 in memmove () from /lib/libc.so.7
#2  0x00080094be47 in __srget () from /lib/libc.so.7
#3  0x00080094bcfe in __srget () from /lib/libc.so.7
#4  0x004009db in main (ac=1, av=0x7fffeb68) at y.c:7
(gdb) l
7   c = getc(stdin);
8   if (EOF == c) {
9   break;
10  }
11  
12  c = putc(c, stdout);
13  if (EOF == c) {
14  break;
15  }
16  }

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
freebsd-amd64@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-amd64
To unsubscribe, send any mail to "freebsd-amd64-unsubscr...@freebsd.org"