Date: Thu, 27 Jun 2019 04:34:59 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 238839] ipfilter: kernel panic in function ipf_check_wrapper Message-ID: <bug-238839-227@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D238839 Bug ID: 238839 Summary: ipfilter: kernel panic in function ipf_check_wrapper Product: Base System Version: 12.0-STABLE Hardware: amd64 OS: Any Status: New Severity: Affects Only Me Priority: --- Component: kern Assignee: bugs@FreeBSD.org Reporter: msl0000023508@gmail.com Kernel version: 12.0-STABLE r349024 Architecture: amd64 The IP Filter module is custom built that been applied patches from bug #23= 8796 and https://sourceforge.net/p/hacking-freebsd/freebsd-patches/ci/master/tree/10= .3/ipfilter-local-output-tcp-checksum.diff This panic seems triggered from a tun(4) interface that used by ppp(8) for a PPP over SSH tunnel. May also be related to bug #230498, as all other panics occurred at this ho= st are surely due to that. kgdb(8) output: [root@x ~]# kgdb -c /var/crash/vmcore.6 /boot/kernel/kernel GNU gdb (GDB) 8.3 [GDB v8.3 for FreeBSD] Copyright (C) 2019 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.htm= l> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-portbld-freebsd12.0". Type "show configuration" for configuration details. For bug reporting instructions, please see: <http://www.gnu.org/software/gdb/bugs/>. Find the GDB manual and other documentation resources online at: <http://www.gnu.org/software/gdb/documentation/>. For help, type "help". Type "apropos word" to search for commands related to "word"... Reading symbols from /boot/kernel/kernel... Reading symbols from /usr/lib/debug//boot/kernel/kernel.debug... Unread portion of the kernel message buffer: Fatal trap 12: page fault while in kernel mode cpuid =3D 2; apic id =3D 04 fault virtual address =3D 0x28 fault code =3D supervisor read data, page not present instruction pointer =3D 0x20:0xffffffff8295deab stack pointer =3D 0x28:0xfffffe00005dd490 frame pointer =3D 0x28:0xfffffe00005dd4a0 code segment =3D base 0x0, limit 0xfffff, type 0x1b =3D DPL 0, pres 1, long 1, def32 0, gran 1 processor eflags =3D interrupt enabled, resume, IOPL =3D 0 current process =3D 11229 (ppp) trap number =3D 12 panic: page fault cpuid =3D 2 time =3D 1561606371 KDB: stack backtrace: #0 0xffffffff80c16e77 at kdb_backtrace+0x67 #1 0xffffffff80bcad3d at vpanic+0x19d #2 0xffffffff80bcab93 at panic+0x43 #3 0xffffffff810a84b5 at trap_fatal+0x395 #4 0xffffffff810a8519 at trap_pfault+0x49 #5 0xffffffff810a7aff at trap+0x29f #6 0xffffffff81082cf5 at calltrap+0x8 #7 0xffffffff80cee252 at pfil_run_hooks+0xb2 #8 0xffffffff80d5ba79 at ip_output+0xd59 #9 0xffffffff80d569e7 at icmp_reflect+0x7d7 #10 0xffffffff80d573b2 at icmp_input+0x932 #11 0xffffffff80d57f93 at ip_input+0x143 #12 0xffffffff80ced3df at netisr_dispatch_src+0xcf #13 0xffffffff80cd878c at tunwrite+0x24c #14 0xffffffff80a816da at devfs_write_f+0xda #15 0xffffffff80c345a0 at dofilewrite+0xb0 #16 0xffffffff80c34101 at sys_write+0xc1 #17 0xffffffff810a9084 at amd64_syscall+0x364 Uptime: 1d20h44m30s (ada0:ahcich1:0:0:0): spin-down Dumping 616 out of 3952 MB: (CTRL-C to abort) ..3%..11%..21%..32%..42%..52%..63%..71%..81%..91% __curthread () at /usr/src/sys/amd64/include/pcpu.h:234 234 __asm("movq %%gs:%P1,%0" : "=3Dr" (td) : "n" (OFFSETOF_CURTHREAD)); (kgdb) bt #0 __curthread () at /usr/src/sys/amd64/include/pcpu.h:234 #1 doadump (textdump=3D<optimized out>) at /usr/src/sys/kern/kern_shutdown= .c:371 #2 0xffffffff80bca938 in kern_reboot (howto=3D260) at /usr/src/sys/kern/kern_shutdown.c:451 #3 0xffffffff80bcad99 in vpanic (fmt=3D<optimized out>, ap=3D<optimized ou= t>) at /usr/src/sys/kern/kern_shutdown.c:877 #4 0xffffffff80bcab93 in panic (fmt=3D<unavailable>) at /usr/src/sys/kern/kern_shutdown.c:804 #5 0xffffffff810a84b5 in trap_fatal (frame=3D0xfffffe00005dd3d0, eva=3D40) at /usr/src/sys/amd64/amd64/trap.c:948 #6 0xffffffff810a8519 in trap_pfault (frame=3D0xfffffe00005dd3d0, usermode= =3D0) at /usr/src/sys/amd64/amd64/trap.c:767 #7 0xffffffff810a7aff in trap (frame=3D0xfffffe00005dd3d0) at /usr/src/sys/amd64/amd64/trap.c:443 #8 <signal handler called> #9 0xffffffff8295deab in ipf_check_wrapper (arg=3D<optimized out>, mp=3D0xfffff80004370e5c,=20 ifp=3D0xfffff80042563000, dir=3D1112944640) at /usr/src/sys/contrib/ipfilter/netinet/ip_fil_freebsd.c:132 #10 0xffffffff80cee252 in pfil_run_hooks (ph=3D<optimized out>, mp=3D<optim= ized out>,=20 ifp=3D0xfffff80042563000, dir=3D2, flags=3D0, inp=3D0x0) at /usr/src/sys/net/pfil.c:117 #11 0xffffffff80d5ba79 in ip_output_pfil (mp=3D0xfffff80004370e00, ifp=3D0xfffff80042563000,=20 inp=3D<optimized out>, dst=3D0xfffffe00005dd640, fibnum=3D<optimized ou= t>, error=3D<optimized out>) at /usr/src/sys/netinet/ip_output.c:124 #12 ip_output (m=3D0xfffff80004370e00, opt=3D<optimized out>, ro=3D<optimiz= ed out>, flags=3D0, imo=3D0x0,=20 inp=3D<optimized out>) at /usr/src/sys/netinet/ip_output.c:571 #13 0xffffffff80d569e7 in icmp_send (m=3D<optimized out>, opts=3D0x0) at /usr/src/sys/netinet/ip_icmp.c:947 #14 icmp_reflect (m=3D0xfffff80004370e00) at /usr/src/sys/netinet/ip_icmp.c= :911 #15 0xffffffff80d573b2 in icmp_input (mp=3D0xfffffe00005dd8c0, offp=3D0xfffffe00005dd8bc, proto=3D1) at /usr/src/sys/netinet/ip_icmp.c:640 #16 0xffffffff80d57f93 in ip_input (m=3D0x0) at /usr/src/sys/netinet/ip_input.c:828 #17 0xffffffff80ced3df in netisr_dispatch_src (proto=3D1, source=3D<optimiz= ed out>,=20 m=3D0xfffff80042563000) at /usr/src/sys/net/netisr.c:1122 #18 0xffffffff80cd878c in tunwrite (dev=3D<optimized out>, uio=3D<optimized= out>, flag=3D<optimized out>) at /usr/src/sys/net/if_tun.c:996 #19 0xffffffff80a816da in devfs_write_f (fp=3D0xfffff8002cb44370, uio=3D0xfffffe00005dda50,=20 cred=3D0xfffff800541e9700, flags=3D0, td=3D0xfffff80003938000) at /usr/src/sys/fs/devfs/devfs_vnops.c:1786 --Type <RET> for more, q to quit, c to continue without paging--c #20 0xffffffff80c345a0 in fo_write (fp=3D<optimized out>, uio=3D<optimized = out>, active_cred=3D0xfffff80042563000, flags=3D<optimized out>, td=3D<optimized = out>) at /usr/src/sys/sys/file.h:314 #21 dofilewrite (td=3D0x0, fd=3D6, fp=3D0xfffff8002cb44370, auio=3D0xfffffe= 00005dda50, offset=3D<optimized out>, flags=3D<optimized out>) at /usr/src/sys/kern/sys_generic.c:567 #22 0xffffffff80c34101 in kern_writev (td=3D<optimized out>, fd=3D6, auio=3D<optimized out>) at /usr/src/sys/kern/sys_generic.c:491 #23 sys_write (td=3D0xfffff80003938000, uap=3D<optimized out>) at /usr/src/sys/kern/sys_generic.c:406 #24 0xffffffff810a9084 in syscallenter (td=3D0xfffff80003938000) at /usr/src/sys/amd64/amd64/../../kern/subr_syscall.c:135 #25 amd64_syscall (td=3D0xfffff80003938000, traced=3D0) at /usr/src/sys/amd64/amd64/trap.c:1192 #26 <signal handler called> #27 0x00000008007defda in ?? () Backtrace stopped: Cannot access memory at address 0x7fffffffd648 (kgdb) frame 9 #9 0xffffffff8295deab in ipf_check_wrapper (arg=3D<optimized out>, mp=3D0xfffff80004370e5c,=20 ifp=3D0xfffff80042563000, dir=3D1112944640) at /usr/src/sys/contrib/ipfilter/netinet/ip_fil_freebsd.c:132 132 struct ip *ip =3D mtod(*mp, struct ip *); (kgdb) p mp $1 =3D (struct mbuf **) 0xfffff80004370e5c (kgdb) p *mp $2 =3D (struct mbuf *) 0x40000054000045 (kgdb) p **mp Cannot access memory at address 0x40000054000045 --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-238839-227>