[Bug 254478] Panic when using ipfw and divert sockets

bugzilla-noreply at freebsd.org bugzilla-noreply at freebsd.org
Wed Mar 24 15:42:50 UTC 2021 

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=254478

--- Comment #3 from Daniel Kempkens <daniel+freebsd at kempkens.io> ---
(In reply to Andrey V. Elsukov from comment #1)

> I think such problem can be reproduced if you will do open/close divert socket in a loop. Is it possible that your application sometimes does that?

We were not able to confirm that this actually happens (yet), but we're fairly
certain that under the right conditions what you described can indeed happen.

We have added some logging to confirm our suspicions.

Sadly no ETA on when we can try this in production again. We're still working
on a setup to reproduce this in our development environment.

> Can you show what contains inp in the last kgdb command?

Sure!

(kgdb) print *inp
$6 = {inp_hash = {cle_next = 0xfffff804bfdd5b70, cle_prev =
0xfffff8012784ae20}, inp_pcbgrouphash = {cle_next = 0x0, cle_prev = 0x0},
inp_lock = {lock_object = {
      lo_name = 0xffffffff82515931 "divinp", lo_flags = 90898432, lo_data = 0,
lo_witness = 0x0}, rw_lock = 33}, inp_hpts = {tqe_next = 0x0, tqe_prev = 0x0},
  inp_hpts_request = 0, inp_in_hpts = 0 '____preserved_4____00', inp_in_input =
0 '____preserved_4____00', inp_hpts_cpu = 0, inp_refcount = 1, inp_flags =
8388616, inp_flags2 = 16, inp_input_cpu = 0,
  inp_hpts_cpu_set = 0 '____preserved_4____00', inp_input_cpu_set = 0
'____preserved_4____00', inp_hpts_calls = 0 '____preserved_4____00',
inp_input_calls = 0 '____preserved_4____00', inp_spare_bits2 = 0
'____preserved_4____00', inp_spare_byte = 0 '____preserved_4____00',
  inp_ppcb = 0x0, inp_socket = 0x0, inp_hptsslot = 0, inp_hpts_drop_reas = 0,
inp_input = {tqe_next = 0x0, tqe_prev = 0x0}, inp_pcbinfo = 0xfffffe00006f4538,
  inp_pcbgroup = 0x0, inp_pcbgroup_wild = {cle_next = 0x0, cle_prev = 0x0},
inp_cred = 0xfffff801318fa200, inp_flow = 0, inp_vflag = 1
'____preserved_4____01', inp_ip_ttl = 0 '____preserved_4____00',
  inp_ip_p = 2 '____preserved_4____02', inp_ip_minttl = 0
'____preserved_4____00', inp_flowid = 0, inp_snd_tag = 0x0, inp_flowtype = 0,
inp_rss_listen_bucket = 0, inp_inc = {inc_flags = 0 '____preserved_4____00',
    inc_len = 0 '____preserved_4____00', inc_fibnum = 0, inc_ie = {ie_fport =
0, ie_lport = 10787, ie_dependfaddr = {id46_addr = {ia46_pad32 = {0, 0, 0},
ia46_addr4 = {s_addr = 0}}, id6_addr = {
          __u6_addr = {__u6_addr8 = '____preserved_4____00' <repeats 15 times>,
__u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0}, __u6_addr32 = {0, 0, 0, 0}}}},
ie_dependladdr = {id46_addr = {
          ia46_pad32 = {0, 0, 0}, ia46_addr4 = {s_addr = 0}}, id6_addr =
{__u6_addr = {__u6_addr8 = '____preserved_4____00' <repeats 15 times>,
__u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0},
            __u6_addr32 = {0, 0, 0, 0}}}}, ie6_zoneid = 0}}, inp_label = 0x0,
inp_sp = 0xfffff80127913ee0, {inp_ip_tos = 0 '____preserved_4____00',
inp_options = 0x0, inp_moptions = 0x0}, {
    in6p_options = 0x0, in6p_outputopts = 0x0, in6p_moptions = 0x0,
in6p_icmp6filt = 0x0, in6p_cksum = 0, in6p_hops = 0}, inp_portlist = {cle_next
= 0x0,
    cle_prev = 0xfffff80127c450a0}, inp_phd = 0xfffff80127c45080, inp_gencnt =
74, spare_ptr = 0x0, inp_rt_cookie = 0, {inp_route = {ro_rt = 0x0, ro_lle =
0x0,
      ro_prepend = 0x0, ro_plen = 0, ro_flags = 256, ro_mtu = 0, spare = 0,
ro_dst = {sa_len = 0 '____preserved_4____00', sa_family = 0
'____preserved_4____00', sa_data = '____preserved_4____00' <repeats 13
times>}},
    inp_route6 = {ro_rt = 0x0, ro_lle = 0x0, ro_prepend = 0x0, ro_plen = 0,
ro_flags = 256, ro_mtu = 0, spare = 0, ro_dst = {sin6_len = 0
'____preserved_4____00', sin6_family = 0 '____preserved_4____00',
        sin6_port = 0, sin6_flowinfo = 0, sin6_addr = {__u6_addr = {__u6_addr8
= '____preserved_4____00' <repeats 15 times>, __u6_addr16 = {0, 0, 0, 0, 0, 0,
0, 0}, __u6_addr32 = {0, 0, 0,
              0}}}, sin6_scope_id = 0}}}, inp_list = {cle_next =
0xfffff804bfdd5b70, cle_prev = 0xfffffe00006f4530}, inp_epoch_ctx = {data = {
      0xffffffff80d43b00 <in_pcbfree_deferred>, 0xfffff80127c45088}}}

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are the assignee for the bug.

More information about the freebsd-net mailing list