[Bug 272616] [panic] Reproducible kernel panic related to sendfile and IPSec

Reply: bugzilla-noreply_a_freebsd.org: "[Bug 272616] [panic] Reproducible kernel panic related to sendfile and IPSec"
Reply: bugzilla-noreply_a_freebsd.org: "[Bug 272616] [panic] Reproducible kernel panic related to sendfile and IPSec"
Reply: bugzilla-noreply_a_freebsd.org: "[Bug 272616] [panic] Reproducible kernel panic related to sendfile and IPSec"
Reply: bugzilla-noreply_a_freebsd.org: "[Bug 272616] [panic] Reproducible kernel panic related to sendfile and IPSec"
Reply: bugzilla-noreply_a_freebsd.org: "[Bug 272616] [panic] Reproducible kernel panic related to sendfile and IPSec"
Reply: bugzilla-noreply_a_freebsd.org: "[Bug 272616] [panic] Reproducible kernel panic related to sendfile and IPSec"
Reply: bugzilla-noreply_a_freebsd.org: "[Bug 272616] [panic] Reproducible kernel panic related to sendfile and IPSec"
Reply: bugzilla-noreply_a_freebsd.org: "[Bug 272616] [panic] Reproducible kernel panic related to sendfile and IPSec"
Reply: bugzilla-noreply_a_freebsd.org: "[Bug 272616] [panic] Reproducible kernel panic related to sendfile and IPSec"
Reply: bugzilla-noreply_a_freebsd.org: "[Bug 272616] [panic] Reproducible kernel panic related to sendfile and IPSec"
Reply: bugzilla-noreply_a_freebsd.org: "[Bug 272616] [panic] Reproducible kernel panic related to sendfile and IPSec"
Reply: bugzilla-noreply_a_freebsd.org: "[Bug 272616] [panic] Reproducible kernel panic related to sendfile and IPSec"
Reply: bugzilla-noreply_a_freebsd.org: "[Bug 272616] [panic] Reproducible kernel panic related to sendfile and IPSec"
Reply: bugzilla-noreply_a_freebsd.org: "[Bug 272616] [panic] Reproducible kernel panic related to sendfile and IPSec"
Reply: bugzilla-noreply_a_freebsd.org: "[Bug 272616] [panic] Reproducible kernel panic related to sendfile and IPSec"
Reply: bugzilla-noreply_a_freebsd.org: "[Bug 272616] [panic] Reproducible kernel panic related to sendfile and IPSec"
Reply: bugzilla-noreply_a_freebsd.org: "[Bug 272616] [panic] Reproducible kernel panic related to sendfile and IPSec"
Reply: bugzilla-noreply_a_freebsd.org: "[Bug 272616] [panic] Reproducible kernel panic related to sendfile and IPSec"
Reply: bugzilla-noreply_a_freebsd.org: "[Bug 272616] [panic] Reproducible kernel panic related to sendfile and IPSec"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Thu, 20 Jul 2023 11:19:33 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=272616

            Bug ID: 272616
           Summary: [panic] Reproducible kernel panic related to sendfile
                    and IPSec
           Product: Base System
           Version: 13.2-STABLE
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Some People
          Priority: ---
         Component: kern
          Assignee: net@FreeBSD.org
          Reporter: eugen@freebsd.org
                CC: ae@FreeBSD.org, glebius@FreeBSD.org, kib@FreeBSD.org

This PR is similar to https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=254419
except of pf(4) not in use.

I can reproduce the panic every attempt by fetching small plain text file
(residing on ZFS) over HTTP/1.1 from my Apache httpd server using sendfile().

The traffic in question goes through gif(4) interface with mtu=1500 over ixl0
10Gbps interface with mtu=1500, so some IP fragmentation should occur.

First time it happened, the kernel generated crashdump just fine, rebooted and
the crashdump was saved. Next my attempt reproduced same panic but kernel hang
after printing "Uptime: 22m27s". I can experiment with this machine freely as
it is my workstation not in service. And I have iKVM plus IPMI SOL working
(serial console).

Unread portion of the kernel message buffer:



Fatal trap 12: page fault while in kernel mode
cpuid = 2; apic id = 04
fault virtual address   = 0x0
fault code              = supervisor read data, page not present
instruction pointer     = 0x20:0xffffffff810bad5a
stack pointer           = 0x28:0xfffffe011dd8f4b0
frame pointer           = 0x28:0xfffffe011dd8f4b0
code segment            = base 0x0, limit 0xfffff, type 0x1b

Fatal trap 12: page fault while in kernel mode
cpuid = 1; apic id = 02
fault virtual address   = 0x0
fault code              = supervisor read data, page not present
instruction pointer     = 0x20:0xffffffff810bad5a
stack pointer           = 0x28:0xfffffe01771db4e0
frame pointer           = 0x28:0xfffffe01771db4e0
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags        = interrupt enabled,                    = DPL 0, pres
1, long 1, def32 0, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 81478 (httpd)
trap number             = 12
panic: page fault
cpuid = 2
time = 1689822623
KDB: stack backtrace:
#0 0xffffffff80c53f15 at kdb_backtrace+0x65
#1 0xffffffff80c07852 at vpanic+0x152
#2 0xffffffff80c076f3 at panic+0x43
#3 0xffffffff810bede7 at trap_fatal+0x387
#4 0xffffffff810bee3f at trap_pfault+0x4f
#5 0xffffffff81096a78 at calltrap+0x8
#6 0xffffffff80c9c999 at m_unshare+0x3a9
#7 0xffffffff82d19534 at esp_output+0x184
#8 0xffffffff82d15fc6 at ipsec4_perform_request+0x3b6
#9 0xffffffff82d16113 at ipsec4_common_output+0x83
#10 0xffffffff80e3894c at ipsec_kmod_output+0x2c
#11 0xffffffff80dbc6df at ip_output+0xb8f
#12 0xffffffff80dd3a54 at tcp_output+0x1d74
#13 0xffffffff80de599f at tcp_usr_send+0x17f
#14 0xffffffff80c04ff1 at vn_sendfile+0x1251
#15 0xffffffff80c05fa7 at sendfile+0x117
#16 0xffffffff810bf6dc at amd64_syscall+0x10c
#17 0xffffffff8109738b at fast_syscall_common+0xf8
Uptime: 4d5h15m40s
Dumping 2283 out of 16249 MB:..1%..11%..21%..31%..41%..51%..61%..71%..81%..91%

warning: Could not load shared library symbols for nvidia.ko.
Do you need "set solib-search-path" or "set sysroot"?
__curthread () at /usr/src/sys/amd64/include/pcpu_aux.h:55
55              __asm("movq %%gs:%P1,%0" : "=r" (td) : "n" (offsetof(struct
pcpu,
ESC[?2004h(kgdb) bt
ESC[?2004l#0  __curthread () at /usr/src/sys/amd64/include/pcpu_aux.h:55
#1  doadump (textdump=<optimized out>) at /usr/src/sys/kern/kern_shutdown.c:396
#2  0xffffffff80c07419 in kern_reboot (howto=260) at
/usr/src/sys/kern/kern_shutdown.c:484
#3  0xffffffff80c078bf in vpanic (fmt=<optimized out>,
ap=ap@entry=0xfffffe011dd8f300)
    at /usr/src/sys/kern/kern_shutdown.c:923
#4  0xffffffff80c076f3 in panic (fmt=<unavailable>) at
/usr/src/sys/kern/kern_shutdown.c:847
#5  0xffffffff810bede7 in trap_fatal (frame=0xfffffe011dd8f3f0, eva=0)
    at /usr/src/sys/amd64/amd64/trap.c:942
#6  0xffffffff810bee3f in trap_pfault (frame=0xfffffe011dd8f3f0,
usermode=false,
    signo=<optimized out>, ucode=<optimized out>) at
/usr/src/sys/amd64/amd64/trap.c:761
#7  <signal handler called>
#8  memcpy_erms () at /usr/src/sys/amd64/amd64/support.S:553
#9  0xffffffff80c9c999 in m_unshare (m0=0xfffff80146cc8200, how=1)
    at /usr/src/sys/kern/uipc_mbuf.c:2047
#10 0xffffffff82d19534 in esp_output () from /boot/kernel/ipsec.ko
#11 0xffffffff82d15fc6 in ipsec4_perform_request () from /boot/kernel/ipsec.ko
#12 0xffffffff82d16113 in ipsec4_common_output () from /boot/kernel/ipsec.ko
#13 0xffffffff80e3894c in ipsec_kmod_output (sc=0xfffff8001828ea00,
sc@entry=0x18,
    m=0xfffff8002a388925, inp=0x3f8, inp@entry=0xfffff80133df99b0)
    at /usr/src/sys/netipsec/subr_ipsec.c:369
#14 0xffffffff80dbc6df in ip_output (m=0x0, m@entry=0xfffff80146cc8200,
opt=<optimized out>,
    ro=<optimized out>, flags=0, imo=0x10, imo@entry=0x0,
inp=0xfffff80133df99b0)
    at /usr/src/sys/netinet/ip_output.c:680
#15 0xffffffff80dd3a54 in tcp_output (tp=0xfffffe011d38d518)
    at /usr/src/sys/netinet/tcp_output.c:1541
#16 0xffffffff80de599f in tcp_usr_send (so=0xfffff8002a50cb10, flags=0, m=0x0,
nam=0x0,
    control=<optimized out>, td=0xfffffe0176dcb720) at
/usr/src/sys/netinet/tcp_usrreq.c:1178
#17 0xffffffff80c04ff1 in vn_sendfile (fp=<optimized out>, sockfd=22,
hdr_uio=0x0, trl_uio=0x0,
    offset=<optimized out>, nbytes=1038, sent=0xfffffe011dd8fdc8, flags=0,
td=0xfffffe0176dcb720)
    at /usr/src/sys/kern/kern_sendfile.c:1188
#18 0xffffffff80c05fa7 in fo_sendfile (fp=0xfffff8002a388925, sockfd=0,
hdr_uio=0x3f8,
    trl_uio=0x3f8, offset=-2194227530512, nbytes=9, sent=0xfffffe011dd8fdc8,
flags=708348197,
    td=0xfffffe0176dcb720) at /usr/src/sys/sys/file.h:416
#19 sendfile (td=0xfffffe0176dcb720, uap=0xfffffe0176dcbb08, compat=<optimized
out>)
    at /usr/src/sys/kern/kern_sendfile.c:1326
#20 0xffffffff810bf6dc in syscallenter (td=0xfffffe0176dcb720)
    at /usr/src/sys/amd64/amd64/../../kern/subr_syscall.c:190
#21 amd64_syscall (td=0xfffffe0176dcb720, traced=0) at
/usr/src/sys/amd64/amd64/trap.c:1183
#22 <signal handler called>
#23 0x0000000828695a5a in ?? ()
Backtrace stopped: Cannot access memory at address 0x82077d418

-- 
You are receiving this mail because:
You are the assignee for the bug.