[Bug 271991] Crash on some network packets with fresh stable

In reply to: bugzilla-noreply_a_freebsd.org: "[Bug 271991] Crash on some network packets with fresh stable"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Mon, 19 Jun 2023 03:39:16 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=271991

--- Comment #8 from Ivan Rozhuk <rozhuk.im@gmail.com> ---
I found a way to reproduce:
tcpdump -n -vvvvv -i lan0 "ip and tcp and tcp[1024] != 0"


[252409] #0 0xffffffff80665e1b at kdb_backtrace+0x6b
[252409] #1 0xffffffff8061bff2 at vpanic+0x152
[252409] #2 0xffffffff8061be93 at panic+0x43
[252409] #3 0xffffffff8093b2a7 at trap_fatal+0x387
[252409] #4 0xffffffff8093b2ff at trap_pfault+0x4f
[252409] #5 0xffffffff809121ce at calltrap+0x8
[252409] #6 0xffffffff8071fdba at bpf_mtap+0x10a
[252409] #7 0xffffffff807511d4 at iflib_txq_drain+0x3c4
[252409] #8 0xffffffff80756303 at drain_ring_lockless+0x63
[252409] #9 0xffffffff807561ea at ifmp_ring_enqueue+0x29a
[252409] #10 0xffffffff80754409 at iflib_if_transmit+0x239
[252409] #11 0xffffffff80737b0b at ether_output_frame+0x9b
[252409] #12 0xffffffff818ee777 at ng_apply_item+0x207
[252409] #13 0xffffffff818ee25c at ng_snd_item+0x1cc
[252409] #14 0xffffffff818ee777 at ng_apply_item+0x207
[252409] #15 0xffffffff818ee25c at ng_snd_item+0x1cc
[252409] #16 0xffffffff818e8bdd at ng_ether_output+0x5d
[252409] #17 0xffffffff80737957 at ether_output+0x6c7


and without netgraph:
[155] Fatal trap 12: page fault while in kernel mode
[155] cpuid = 1; apic id = 01
[155] fault virtual address     = 0x2dd
[155] fault code                = supervisor read data, page not present
[155] instruction pointer       = 0x20:0xffffffff807246d3
[155] stack pointer             = 0x28:0xfffffe015c814250
[155] frame pointer             = 0x28:0xfffffe015c8142c0
[155] code segment              = base 0x0, limit 0xfffff, type 0x1b
[155]                   = DPL 0, pres 1, long 1, def32 0, gran 1
[155] processor eflags  = interrupt enabled, resume, IOPL = 0
[155] current process           = 54569 (nginx)
[155] trap number               = 12
[155] panic: page fault
[155] cpuid = 1
[155] time = 1687145826
[155] KDB: stack backtrace:
[155] #0 0xffffffff80665e1b at kdb_backtrace+0x6b
[155] #1 0xffffffff8061bff2 at vpanic+0x152
[155] #2 0xffffffff8061be93 at panic+0x43
[155] #3 0xffffffff8093b2a7 at trap_fatal+0x387
[155] #4 0xffffffff8093b2ff at trap_pfault+0x4f
[155] #5 0xffffffff809121ce at calltrap+0x8
[155] #6 0xffffffff8071fdba at bpf_mtap+0x10a
[155] #7 0xffffffff807511d4 at iflib_txq_drain+0x3c4
[155] #8 0xffffffff80756303 at drain_ring_lockless+0x63
[155] #9 0xffffffff807561ea at ifmp_ring_enqueue+0x29a
[155] #10 0xffffffff80754409 at iflib_if_transmit+0x239
[155] #11 0xffffffff80737b0b at ether_output_frame+0x9b
[155] #12 0xffffffff8073797d at ether_output+0x6ed
[155] #13 0xffffffff80785106 at ip_output_send+0xe6
[155] #14 0xffffffff80784e33 at ip_output+0xff3
[155] #15 0xffffffff811ac339 at rack_output+0x3ee9
[155] #16 0xffffffff807aeb3f at tcp_usr_send+0x2af
[155] #17 0xffffffff80619902 at vn_sendfile+0x1222
[155] Uptime: 2m35s

-- 
You are receiving this mail because:
You are the assignee for the bug.