Date: Thu, 18 Feb 2021 08:42:18 +0000 From: bugzilla-noreply@freebsd.org To: pf@FreeBSD.org Subject: [Bug 253587] pf: page fault in pf_pull_hdr Message-ID: <bug-253587-16861-CmeFXuSHMH@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-253587-16861@https.bugs.freebsd.org/bugzilla/> References: <bug-253587-16861@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D253587 --- Comment #3 from Kamigishi Rei <spambox@haruhiism.net> --- It does not seem like pf specifically is at fault here. Got two more faults over the past 12 hours and both were with mbufs being 0x0 in different code paths: Important note:=20 net.isr.maxthreads: -1 net.isr.bindthreads: 1 The CPU is a quad core AMD GX-412TC SoC. I will now test with these set to defaults (1 and 0, correspondingly). net.isr.dispatch is "direct" and was not touched. #1: (kgdb) bt #0 __curthread () at /usr/src/sys/amd64/include/pcpu_aux.h:55 #1 doadump (textdump=3D<optimized out>) at /usr/src/sys/kern/kern_shutdown= .c:399 #2 0xffffffff80c08e56 in kern_reboot (howto=3D260) at /usr/src/sys/kern/kern_shutdown.c:486 #3 0xffffffff80c092d0 in vpanic (fmt=3D<optimized out>, ap=3D<optimized ou= t>) at /usr/src/sys/kern/kern_shutdown.c:919 #4 0xffffffff80c090d3 in panic (fmt=3D<unavailable>) at /usr/src/sys/kern/kern_shutdown.c:843 #5 0xffffffff810891a7 in trap_fatal (frame=3D0xfffffe0007f86710, eva=3D28)= at /usr/src/sys/amd64/amd64/trap.c:915 #6 0xffffffff810891ff in trap_pfault (frame=3Dframe@entry=3D0xfffffe0007f8= 6710, usermode=3Dfalse, signo=3D<optimized out>, signo@entry=3D0x0, ucode=3D<opti= mized out>, ucode@entry=3D0x0) at /usr/src/sys/amd64/amd64/trap.c:732 #7 0xffffffff8108885d in trap (frame=3D0xfffffe0007f86710) at /usr/src/sys/amd64/amd64/trap.c:398 #8 <signal handler called> #9 0xffffffff80c9ac8a in m_dup (m=3D0x0, m@entry=3D0xfffff80119f1b800, how=3D<optimized out>, how@entry=3D1) at /usr/src/sys/kern/uipc_mbuf.c:686 #10 0xffffffff8297e8e8 in bridge_input (ifp=3D0xfffff800036d1800, m=3D0xfffff80119f1b800) at /usr/src/sys/net/if_bridge.c:2415 #11 0xffffffff80d23c78 in ether_input_internal (ifp=3D0xfffff800036d1800, m=3D0xfffff80104ebf100) at /usr/src/sys/net/if_ethersubr.c:673 #12 ether_nh_input (m=3D<optimized out>) at /usr/src/sys/net/if_ethersubr.c= :739 #13 0xffffffff80d3e26a in netisr_dispatch_src (proto=3Dproto@entry=3D5, source=3D<optimized out>, source@entry=3D0, m=3D0xfffff80104ebf100, m@entry=3D0xfffff80119f1b800) at /usr/src/sys/net/netisr.c:1143 #14 0xffffffff80d3e55f in netisr_dispatch (proto=3D83019968, proto@entry=3D= 5, m=3D0x1, m@entry=3D0xfffff80119f1b800) at /usr/src/sys/net/netisr.c:1234 #15 0xffffffff80d22e79 in ether_input (ifp=3D<optimized out>, m=3D0xfffff80119f1b800) at /usr/src/sys/net/if_ethersubr.c:830 #16 0xffffffff80d3a9a8 in iflib_rxeof (rxq=3D<optimized out>, rxq@entry=3D0xfffff800036d1000, budget=3D<optimized out>) at /usr/src/sys/net/iflib.c:3008 #17 0xffffffff80d34d02 in _task_fn_rx (context=3D0xfffff800036d1000) at /usr/src/sys/net/iflib.c:3951 #18 0xffffffff80c550fd in gtaskqueue_run_locked (queue=3Dqueue@entry=3D0xfffff8000342ea00) at /usr/src/sys/kern/subr_gtaskqueue.c:371 #19 0xffffffff80c54d9c in gtaskqueue_thread_loop (arg=3D<optimized out>, arg@entry=3D0xfffffe0008d4f038) at /usr/src/sys/kern/subr_gtaskqueue.c:547 #20 0xffffffff80bc735e in fork_exit (callout=3D0xffffffff80c54cf0 <gtaskqueue_thread_loop>, arg=3D0xfffffe0008d4f038, frame=3D0xfffffe0007f86= c00) at /usr/src/sys/kern/kern_fork.c:1069 #21 <signal handler called> #2: Here m_nextpkt is 0x0, len is 1307, and m_nextpkt is assigned to next and g= ets dereferenced: (kgdb) bt #0 __curthread () at /usr/src/sys/amd64/include/pcpu_aux.h:55 #1 doadump (textdump=3D<optimized out>) at /usr/src/sys/kern/kern_shutdown= .c:399 #2 0xffffffff80c08e56 in kern_reboot (howto=3D260) at /usr/src/sys/kern/kern_shutdown.c:486 #3 0xffffffff80c092d0 in vpanic (fmt=3D<optimized out>, ap=3D<optimized ou= t>) at /usr/src/sys/kern/kern_shutdown.c:919 #4 0xffffffff80c090d3 in panic (fmt=3D<unavailable>) at /usr/src/sys/kern/kern_shutdown.c:843 #5 0xffffffff810891a7 in trap_fatal (frame=3D0xfffffe0062c6e700, eva=3D8) = at /usr/src/sys/amd64/amd64/trap.c:915 #6 0xffffffff810891ff in trap_pfault (frame=3Dframe@entry=3D0xfffffe0062c6= e700, usermode=3Dfalse, signo=3D<optimized out>, signo@entry=3D0x0, ucode=3D<opti= mized out>, ucode@entry=3D0x0) at /usr/src/sys/amd64/amd64/trap.c:732 #7 0xffffffff8108885d in trap (frame=3D0xfffffe0062c6e700) at /usr/src/sys/amd64/amd64/trap.c:398 #8 <signal handler called> #9 sbcut_internal (sb=3D0xfffff800a75649c0, len=3D1307, len@entry=3D1475) = at /usr/src/sys/kern/uipc_sockbuf.c:1491 #10 0xffffffff80ca4eca in sbcut_locked (sb=3D0xfffff800a75649c0, len=3D-139= 0745600, len@entry=3D1475) at /usr/src/sys/kern/uipc_sockbuf.c:1591 #11 0xffffffff80dbda2e in tcp_do_segment (m=3D0xfffff80042a5d800, th=3D<opt= imized out>, so=3D<optimized out>, tp=3D<optimized out>, drop_hdrlen=3D52, tlen=3D= <optimized out>, iptos=3D0 '\000') at /usr/src/sys/netinet/tcp_input.c:2924 #12 0xffffffff80dbbb9e in tcp_input (mp=3D<optimized out>, offp=3D<optimize= d out>, proto=3D<optimized out>) at /usr/src/sys/netinet/tcp_input.c:1381 #13 0xffffffff80dae555 in ip_input (m=3D0x0) at /usr/src/sys/netinet/ip_input.c:833 #14 0xffffffff80d3ea0b in netisr_process_workstream_proto (nwsp=3D<optimized out>, proto=3D1) at /usr/src/sys/net/netisr.c:919 #15 swi_net (arg=3D<optimized out>) at /usr/src/sys/net/netisr.c:966 #16 0xffffffff80bca53d in intr_event_execute_handlers (p=3D<optimized out>, ie=3D0xfffff80003418d00) at /usr/src/sys/kern/kern_intr.c:1168 #17 ithread_execute_handlers (p=3D<optimized out>, ie=3D0xfffff80003418d00)= at /usr/src/sys/kern/kern_intr.c:1181 #18 ithread_loop (arg=3Darg@entry=3D0xfffff8000341ed60) at /usr/src/sys/kern/kern_intr.c:1269 #19 0xffffffff80bc735e in fork_exit (callout=3D0xffffffff80bca2f0 <ithread_= loop>, arg=3D0xfffff8000341ed60, frame=3D0xfffffe0062c6ec00) at /usr/src/sys/kern/kern_fork.c:1069 #20 <signal handler called> --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-253587-16861-CmeFXuSHMH>