This bug is introduce between March 2015 and November 2016: How to reproduce: setfib 1 ppp -quiet -ddial abcd //everything OK killall -9 ppp setfib 1 ppp -quiet -ddial abcd //kernel panic Here is backtrace: (kgdb) bt #0 doadump (textdump=1) at pcpu.h:222 #1 0xffffffff80a3be25 in kern_reboot (howto=<value optimized out>) at /var/src/sys/kern/kern_shutdown.c:366 #2 0xffffffff80a3c400 in vpanic (fmt=<value optimized out>, ap=<value optimized out>) at /var/src/sys/kern/kern_shutdown.c:759 #3 0xffffffff80a3c236 in kassert_panic (fmt=<value optimized out>) at /var/src/sys/kern/kern_shutdown.c:649 #4 0xffffffff80a38622 in __rw_rlock (c=0xfffff80003dfeaf8, file=0xffffffff8141c14a "/var/src/sys/net/route.c", line=457) at /var/src/sys/kern/kern_rwlock.c:411 #5 0xffffffff80b46e66 in rtalloc1_fib (dst=0xfffff800046b78b8, report=0, ignflags=<value optimized out>, fibnum=1) at /var/src/sys/net/route.c:457 #6 0xffffffff80b481b3 in ifa_ifwithroute (flags=<value optimized out>, dst=0xfffff800046b7898, gateway=0xfffff800046b78b8, fibnum=1) at /var/src/sys/net/route.c:752 #7 0xffffffff80b48be4 in rt_getifa_fib (info=0xfffffe00f61bf560, fibnum=1) at /var/src/sys/net/route.c:1298 #8 0xffffffff80b478af in rtrequest1_fib (req=<value optimized out>, info=0xfffffe00f61bf560, ret_nrt=<value optimized out>, fibnum=Cannot access memory at address 0x0 ) at /var/src/sys/net/route.c:1843 #9 0xffffffff80b4bc69 in route_output (m=<value optimized out>, so=<value optimized out>) at /var/src/sys/net/rtsock.c:683 #10 0xffffffff80aca485 in sosend_generic (so=<value optimized out>, addr=0x0, uio=0xfffffe00f61bf8f0, top=<value optimized out>, control=<value optimized out>, flags=<value optimized out>, td=<value optimized out>) at /var/src/sys/kern/uipc_socket.c:1359 #11 0xffffffff80aa8542 in soo_write (fp=<value optimized out>, uio=0xfffffe00f61bf8f0, active_cred=<value optimized out>, flags=<value optimized out>, td=<value optimized out>) at /var/src/sys/kern/sys_socket.c:146 #12 0xffffffff80a9fa44 in dofilewrite (td=0xfffff80004e0f000, fd=2, fp=0xfffff80004763f00, auio=0xfffffe00f61bf8f0, offset=<value optimized out>, flags=0) at file.h:311 #13 0xffffffff80a9f6e8 in kern_writev (td=0xfffff80004e0f000, fd=2, auio=0xfffffe00f61bf8f0) at /var/src/sys/kern/sys_generic.c:508 #14 0xffffffff80a9f674 in sys_write (td=<value optimized out>, uap=<value optimized out>) at /var/src/sys/kern/sys_generic.c:421 #15 0xffffffff80ea7b19 in amd64_syscall (td=0xfffff80004e0f000, traced=0) at subr_syscall.c:135 #16 0xffffffff80e86efb in Xfast_syscall () at /var/src/sys/amd64/amd64/exception.S:396 #17 0x0000000801dd9d9a in ?? () Previous frame inner to this frame (corrupt stack?) Current language: auto; currently minimal
A commit references this bug: Author: ae Date: Tue Jun 13 10:52:31 UTC 2017 New revision: 319895 URL: https://svnweb.freebsd.org/changeset/base/319895 Log: Resurrect RTF_RNH_LOCKED flag and restore ability to call rtalloc1_fib() with acquired RIB lock. This fixes a possible panic due to trying to acquire RIB rlock when it is already exclusive locked. PR: 215963, 215122 MFC after: 1 week Sponsored by: Yandex LLC Changes: head/sys/net/route.c head/sys/net/route.h
A commit references this bug: Author: ae Date: Tue Jun 20 05:57:28 UTC 2017 New revision: 320134 URL: https://svnweb.freebsd.org/changeset/base/320134 Log: MFC r319895: Resurrect RTF_RNH_LOCKED flag and restore ability to call rtalloc1_fib() with acquired RIB lock. This fixes a possible panic due to trying to acquire RIB rlock when it is already exclusive locked. PR: 215963, 215122 Sponsored by: Yandex LLC Approved by: re (delphij) Changes: _U stable/11/ stable/11/sys/net/route.c stable/11/sys/net/route.h