[Bug 271991] Crash on some network packets with fresh stable

Reply: bugzilla-noreply_a_freebsd.org: "[Bug 271991] Crash on some network packets with fresh stable"
Reply: bugzilla-noreply_a_freebsd.org: "[Bug 271991] Crash on some network packets with fresh stable"
Reply: bugzilla-noreply_a_freebsd.org: "[Bug 271991] Crash on some network packets with fresh stable"
Reply: bugzilla-noreply_a_freebsd.org: "[Bug 271991] Crash on some network packets with fresh stable"
Reply: bugzilla-noreply_a_freebsd.org: "[Bug 271991] Crash on some network packets with fresh stable"
Reply: bugzilla-noreply_a_freebsd.org: "[Bug 271991] Crash on some network packets with fresh stable"
Reply: bugzilla-noreply_a_freebsd.org: "[Bug 271991] Crash on some network packets with fresh stable"
Reply: bugzilla-noreply_a_freebsd.org: "[Bug 271991] Crash on some network packets with fresh stable"
Reply: bugzilla-noreply_a_freebsd.org: "[Bug 271991] Crash on some network packets with fresh stable"
Reply: bugzilla-noreply_a_freebsd.org: "[Bug 271991] Crash on some network packets with fresh stable"
Reply: bugzilla-noreply_a_freebsd.org: "[Bug 271991] Crash on some network packets with fresh stable"
Reply: bugzilla-noreply_a_freebsd.org: "[Bug 271991] Crash on some network packets with fresh stable"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Wed, 14 Jun 2023 11:44:34 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=271991

            Bug ID: 271991
           Summary: Crash on some network packets with fresh stable
           Product: Base System
           Version: 13.2-STABLE
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Some People
          Priority: ---
         Component: kern
          Assignee: bugs@FreeBSD.org
          Reporter: rozhuk.im@gmail.com

System was run with uptime few month before first crash, then after few crashes
it was updated to stable/13-n255603-6621273c100 (less than 1 day ago).
Now it continue crash time to time.


Unread portion of the kernel message buffer:
[3032]
[3032]
[3032] Fatal trap 12: page fault while in kernel mode
[3032] cpuid = 10; apic id = 0a
[3032] fault virtual address    = 0x1b96
[3032] fault code               = supervisor read data, page not present
[3032] instruction pointer      = 0x20:0xffffffff808f2120
[3032] stack pointer            = 0x28:0xfffffe0154f37620
[3032] frame pointer            = 0x28:0xfffffe0154f37620
[3032] code segment             = base 0x0, limit 0xfffff, type 0x1b
[3032]                  = DPL 0, pres 1, long 1, def32 0, gran 1
[3032] processor eflags = interrupt enabled, resume, IOPL = 0
[3032] current process          = 11 (swi1: netisr 10)
[3032] trap number              = 12
[3032] panic: page fault
[3032] cpuid = 10
[3032] time = 1686742015
[3032] KDB: stack backtrace:
[3032] #0 0xffffffff8062e65b at kdb_backtrace+0x6b
[3032] #1 0xffffffff805e5282 at vpanic+0x152
[3032] #2 0xffffffff805e5123 at panic+0x43
[3032] #3 0xffffffff808f68b7 at trap_fatal+0x387
[3032] #4 0xffffffff808f690f at trap_pfault+0x4f
[3032] #5 0xffffffff808cdbae at calltrap+0x8
[3032] #6 0xffffffff806682a5 at m_pullup+0x1b5
[3032] #7 0xffffffff817424df at ng_bpf_rcvdata+0x4f
[3032] #8 0xffffffff81739777 at ng_apply_item+0x207
[3032] #9 0xffffffff8173925c at ng_snd_item+0x1cc
[3032] #10 0xffffffff81733bdd at ng_ether_output+0x5d
[3032] #11 0xffffffff807039b7 at ether_output+0x6c7
[3032] #12 0xffffffff80759cc6 at ip_output_send+0xe6
[3032] #13 0xffffffff807599f3 at ip_output+0xff3
[3032] #14 0xffffffff8076e688 at tcp_output+0x1cf8
[3032] #15 0xffffffff80764f08 at tcp_do_segment+0x2258
[3032] #16 0xffffffff807622d4 at tcp_input_with_port+0xa54
[3032] #17 0xffffffff80762c2b at tcp_input+0xb
[3032] Uptime: 50m32s
[3032] Dumping 2895 out of 65450
MB:..1%..11%..21%..31%..41%..51%..61%..71%..81%..91%



__curthread () at /usr/src/sys/amd64/include/pcpu_aux.h:55
55              __asm("movq %%gs:%P1,%0" : "=r" (td) : "n" (offsetof(struct
pcpu,
(kgdb) #0  __curthread () at /usr/src/sys/amd64/include/pcpu_aux.h:55
#1  doadump (textdump=<optimized out>)
    at ../../../sys/kern/kern_shutdown.c:396
#2  0xffffffff805e4e78 in kern_reboot (howto=260)
    at ../../../sys/kern/kern_shutdown.c:484
#3  0xffffffff805e52ef in vpanic (fmt=<optimized out>,
    ap=ap@entry=0xfffffe0154f37470) at ../../../sys/kern/kern_shutdown.c:923
#4  0xffffffff805e5123 in panic (fmt=<unavailable>)
    at ../../../sys/kern/kern_shutdown.c:847
#5  0xffffffff808f68b7 in trap_fatal (frame=0xfffffe0154f37560, eva=7062)
    at ../../../sys/amd64/amd64/trap.c:942
#6  0xffffffff808f690f in trap_pfault (frame=0xfffffe0154f37560,
    usermode=false, signo=<optimized out>, ucode=<optimized out>)
    at ../../../sys/amd64/amd64/trap.c:761
#7  <signal handler called>
#8  memmove_std () at /usr/src/sys/amd64/amd64/support.S:535
#9  0xffffffff806682a5 in m_pullup (n=0xfffff80043a37e00,
    n@entry=0xfffff8027c962b00, len=101, len@entry=167)
    at ../../../sys/kern/uipc_mbuf.c:926
#10 0xffffffff817424df in ng_bpf_rcvdata (hook=<optimized out>,
    item=0xfffff800949d3680)
    at ../../../../../../../../../../sys/netgraph/ng_bpf.c:457
#11 0xffffffff81739777 in ng_apply_item (node=node@entry=0xfffff800021a1600,
    item=item@entry=0xfffff800949d3680, rw=101)
    at ../../../../../../../../../../sys/netgraph/ng_base.c:2406
#12 0xffffffff8173925c in ng_snd_item (item=item@entry=0xfffff800949d3680,
    flags=flags@entry=0)
    at ../../../../../../../../../../sys/netgraph/ng_base.c:2323
#13 0xffffffff81733bdd in ng_ether_output (ifp=<optimized out>,
    mp=0xfffffe0154f377d8)
    at ../../../../../../../../../../sys/netgraph/ng_ether.c:294
#14 0xffffffff807039b7 in ether_output (ifp=<optimized out>,
    m=0xfffff8027c962b00, dst=<optimized out>, ro=<optimized out>)
    at ../../../sys/net/if_ethersubr.c:431
#15 0xffffffff80759cc6 in ip_output_send (inp=inp@entry=0xfffff80043e9dba0,
    ifp=0xfffff8024fc0e89a, m=0x1b96, gw=0x65, gw@entry=0xfffff80023a91d04,
    ro=0xfffff8024fc0cd04, ro@entry=0xfffff80043e9dd30,
    stamp_tag=<optimized out>) at ../../../sys/netinet/ip_output.c:277
#16 0xffffffff807599f3 in ip_output (m=<optimized out>,
    m@entry=0xfffff8027c962b00, opt=<optimized out>, ro=<optimized out>,
    flags=0, imo=imo@entry=0x0, inp=0xfffff80043e9dba0)
    at ../../../sys/netinet/ip_output.c:799
#17 0xffffffff8076e688 in tcp_output (tp=0xfffffe01664e3950)
    at ../../../sys/netinet/tcp_output.c:1541
#18 0xffffffff80764f08 in tcp_do_segment (m=0xfffff80320b4b100,
    th=<optimized out>, so=<optimized out>, tp=0xfffffe01664e3950,
    drop_hdrlen=52, tlen=<optimized out>, iptos=32 ' ')
    at ../../../sys/netinet/tcp_input.c:3339
#19 0xffffffff807622d4 in tcp_input_with_port (mp=<optimized out>,
    offp=<optimized out>, proto=<optimized out>, port=port@entry=0)
    at ../../../sys/netinet/tcp_input.c:1179
#20 0xffffffff80762c2b in tcp_input (mp=0xfffff8024fc0e89a, offp=0x1b96,
    proto=101) at ../../../sys/netinet/tcp_input.c:1517
#21 0xffffffff80756325 in ip_input (m=0x0)
    at ../../../sys/netinet/ip_input.c:845
#22 0xffffffff80728948 in netisr_process_workstream_proto (
    nwsp=0xfffffe006ce416c0, proto=1) at ../../../sys/net/netisr.c:919
#23 swi_net (arg=0xfffffe006ce416c0) at ../../../sys/net/netisr.c:966
#24 0xffffffff805b1101 in intr_event_execute_handlers (ie=0xfffff80001c8dc00,
    p=<optimized out>) at ../../../sys/kern/kern_intr.c:1169
#25 ithread_execute_handlers (ie=0xfffff80001c8dc00, p=<optimized out>)
    at ../../../sys/kern/kern_intr.c:1182
#26 ithread_loop (arg=0xfffff80001cee340)
    at ../../../sys/kern/kern_intr.c:1270
#27 0xffffffff805ade66 in fork_exit (
    callout=0xffffffff805b0ec0 <ithread_loop>, arg=0xfffff80001cee340,
    frame=0xfffffe0154f37f40) at ../../../sys/kern/kern_fork.c:1094
#28 <signal handler called>
(kgdb)



Netgraph:
https://reviews.freebsd.org/D30175
ng_bpf_enable="YES"
ng_bpf_profiles="vlan886"
ng_bpf_vlan886_in="ip and tcp and ip[6] & 64 = 0 and ip[8]>128 and
tcp[tcpflags] == tcp-rst"

-- 
You are receiving this mail because:
You are the assignee for the bug.