Ok, I found the culprit in ppp. I'm committing a change now.
Thanks for the report !
> Hi folks,
>
> It seems that in some specific conditions user level ppp (PPP Version
> 2.22 - $Date: 1999/06/23 16:48:19 $) trying to incorrectly write to the
> tun device causing a panic if revision prior to 1.61 (current) or
> 1.51.2.1 (stable) of if_tun.c is used. In this tun revisions some belts
> against this undesirable behavior has been introduced, but all oldest
> kernels are potentially affected. In my conditions this was a 100%
> reproducible crash (now it is less harmful - just a message like "Error:
> ip_Input: deflink: wrote 0, got Input/output error" in the ppp log) but
> someone using oldest kernel with this revision of ppp can got his
> machine crashed. Following our last mailing related to this bug (it was
> in the -stable list because I discovered this panic on my -stable box).
> For more info look for the subject in the -stable list or contact me by
> e-mail.
>
> -Maxim
>
> Alfred Perlstein wrote:
>
> > On Fri, 23 Jul 1999, Maxim Sobolev wrote:
> >
> > > Alfred Perlstein wrote:
> > >
> > > > [Piece of debug print skipped....]
> > > > oops, ok, I wasn't clear, I need to know the contents of the structs
> > > > that those pointers point to, try this:
> > > >
> > > > print *uio
> > > > print *top
> > > > print **mp
> > > >
> > > > in, the meanwhile, try this patch:
> > > >
> > > > cvs diff: Diffing .
> > > > Index: if_tun.c
> > > > ===================================================================
> > > > RCS file: /home/ncvs/src/sys/net/if_tun.c,v
> > > > retrieving revision 1.51
> > > > diff -u -r1.51 if_tun.c
> > > > --- if_tun.c 1999/01/17 20:53:47 1.51
> > > > +++ if_tun.c 1999/07/23 20:42:34
> > > > @@ -521,7 +521,7 @@
> > > >
> > > > TUNDEBUG("%s%d: tunwrite\n", ifp->if_name, ifp->if_unit);
> > > >
> > > > - if (uio->uio_resid < 0 || uio->uio_resid > TUNMRU) {
> > > > + if (uio->uio_resid <= 0 || uio->uio_resid > TUNMRU) {
> > > > TUNDEBUG("%s%d: len=%d!\n", ifp->if_name, ifp->if_unit,
> > > > uio->uio_resid);
> > > > return EIO;
> > > >
> > > > please please tell me if it works for you so I can file a proper PR.
> > >
> > > Yeah! It works! It seems that I'm the one who have detected this problem because
> > > I'm using latest ppp snapshot instead of standard one. I just tested ppp from
> > > -stable and discovered that it doesn't make this panic (version of libalias
>doesn't
> > > matter though). However it would be great if you can commit this patch because
>new
> > > version of ppp have some really nice features on which I rely hardly. This also
> > > rising a question to the Brian Somers or any other who can look and find what is
> > > wrong with the current ppp (PPP Version 2.22 - $Date: 1999/06/23 16:48:19 $).
> > > Anyway, to have some belts in the kernel should not make any harm. Following is
>the
> > > ppp output which probably before your patch would kill my box (I never seen this
> > > message before - so to speak..):
> > >
> > > TCP/IP: IN UDP: 208.147.89.229:18422 ---> 192.168.1.1:7070
> > > Error: ip_Input: deflink: wrote 0, got Input/output error
> >
> > I don't work on ppp, you should be sure Brian is notified of this problem.
> > I appreciate your help in tracking this down, the patch has been put into
> > -stable and -current for it.
> >
> > >
> > > If you still want to see prints, you can see it at the end of this message.
> > > (kgdb) up
> > > #5 0xc01630f9 in tunwrite (dev=13312, uio=0xc2d15f14, flag=1)
> > > at ../../net/if_tun.c:559
> > > 559 top->m_pkthdr.len = tlen;
> > > (kgdb) print *uio
> > > $1 = {uio_iov = 0xc2d15f0c, uio_iovcnt = 1, uio_offset = 38962, uio_resid = 0,
> > > uio_segflg = UIO_USERSPACE, uio_rw = UIO_WRITE, uio_procp = 0xc2cc32e0}
> > > (kgdb) print *top
> > > Cannot access memory at address 0x0.
> > > (kgdb) print **mp
> >
> > perfect, they were extremely helpful in tracking down this problem, I
> > assumed that uio->res_id was zero ( it was the only thing that made sense)
> > however I just needed to verify.
> >
> > >
> > > In the case if my assistance in debugging ppp will be necessary please let me
>know.
> >
> > Talk to Brian.
> >
> > hrm, also can you fix your mailer to wrap at 70 chars?
> >
> > -Alfred
--
Brian <[EMAIL PROTECTED]> <[EMAIL PROTECTED]>
<http://www.Awfulhak.org> <[EMAIL PROTECTED]>
Don't _EVER_ lose your sense of humour ! <[EMAIL PROTECTED]>
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message
