[Bug 280351] siftr.ko load/unload caused Fatal trap 12: page fault while in kernel mode

From: <bugzilla-noreply_at_freebsd.org>
Date: Thu, 18 Jul 2024 19:43:13 UTC 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=280351

            Bug ID: 280351
           Summary: siftr.ko load/unload caused Fatal trap 12: page fault
                    while in kernel mode
           Product: Base System
           Version: CURRENT
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: kern
          Assignee: bugs@FreeBSD.org
          Reporter: cc@FreeBSD.org

Can reliably hit this panic with the following reproduce method in a Virtual
Machine(VM) under Bhyve. I suspect it has something to do with commit
d79a9edb5ce1, so I add the Author: Mitchell Horne in this bug report.

root@n1fbsd:~ # kldload siftr

Statistical Information For TCP Research (SIFTR) 1.3.0
          http://caia.swin.edu.au/urp/newtcp

root@n1fbsd:~ # kldstat
Id Refs Address                Size Name
 1    5 0xffffffff80200000  1d66830 kernel
 2    1 0xffffffff82610000     3e70 siftr.ko
 3    1 0xffffffff82614000     3230 alq.ko
root@n1fbsd:~ # kldunload siftr
root@n1fbsd:~ # kldstat
Id Refs Address                Size Name
 1    1 0xffffffff80200000  1d66830 kernel
root@n1fbsd:~ # reboot
Connection to n1fbsd closed by remote host.
Connection to n1fbsd closed.

The kernel is rebuilt and is running on top of commit 9207f9d206a4. The panic
message from console is like below, and it keeps panicing in loop if reboot
from console.

login: Jul 18 15:33:15 n1fbsd reboot[874]: rebooted by root
Jul 18 15:33:15 n1fbsd syslogd: exiting on signal 15
Waiting (max 60 seconds) for system process `vnlru' to stop... done


Fatal trap 12: page fault while in kernel mode
cpuid = 0; apic id = 00
fault virtual address   = 0xffffffff82611680
fault code              = supervisor read instruction, page not present
instruction pointer     = 0x20:0xffffffff82611680
stack pointer           = 0x28:0xfffffe007db94d78
frame pointer           = 0x28:0xfffffe007db94db0
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 874 (reboot)
rdi: 0000000000000000 rsi: 0000000000000000 rdx: ffffffff81a4b3f8
rcx: 0000000000000000  r8: 0000000000000000  r9: 0000000000010000
rax: 0000000000000000 rbx: 0000000000000000 rbp: fffffe007db94db0
r10: 0000000000000001 r11: 0000000000010000 r12: fffff80007370240
r13: fffffe000d4f8000 r14: fffff800030ee4a8 r15: fffff800030ee480
trap number             = 12
panic: page fault
cpuid = 0
time = 1721331200
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe007db94a40
vpanic() at vpanic+0x13f/frame 0xfffffe007db94b70
panic() at panic+0x43/frame 0xfffffe007db94bd0
trap_fatal() at trap_fatal+0x40f/frame 0xfffffe007db94c30
trap_pfault() at trap_pfault+0xae/frame 0xfffffe007db94ca0
calltrap() at calltrap+0x8/frame 0xfffffe007db94ca0
--- trap 0xc, rip = 0xffffffff82611680, rsp = 0xfffffe007db94d78, rbp =
0xfffffe007db94db0 ---
_end() at 0xffffffff82611680/frame 0xfffffe007db94db0
sys_reboot() at sys_reboot+0x3a9/frame 0xfffffe007db94e00
amd64_syscall() at amd64_syscall+0x15c/frame 0xfffffe007db94f30
fast_syscall_common() at fast_syscall_common+0xf8/frame 0xfffffe007db94f30
--- syscall (55, FreeBSD ELF64, reboot), rip = 0x3c0f272a7d1a, rsp =
0x3c0f26819248, rbp = 0x3c0f26819c60 ---
KDB: enter: panic
[ thread pid 874 tid 100186 ]
Stopped at      kdb_enter+0x33: movq    $0,0xe4b992(%rip)
db>

-- 
You are receiving this mail because:
You are the assignee for the bug.