Date: Sat, 09 Jul 2016 13:29:36 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-bugs@FreeBSD.org Subject: [Bug 210943] Page fault in ip6_setpktopts when syncthing is started with pflog loaded Message-ID: <bug-210943-8@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D210943 Bug ID: 210943 Summary: Page fault in ip6_setpktopts when syncthing is started with pflog loaded Product: Base System Version: CURRENT Hardware: Any OS: Any Status: New Severity: Affects Some People Priority: --- Component: kern Assignee: freebsd-bugs@FreeBSD.org Reporter: dim@FreeBSD.org I recently tried upgrading a machine to 11-STABLE, but got a "Fatal trap 12: page fault while in kernel mode" after going multi-user, when it started syncthing 0.13.4: Fatal trap 12: page fault while in kernel mode cpuid =3D 2; apic id =3D 02 fault virtual address =3D 0x10 fault code =3D supervisor read data, page not present instruction pointer =3D 0x20:0xffffffff80d3cd3d stack pointer =3D 0x28:0xfffffe04538ef560 frame pointer =3D 0x28:0xfffffe04538ef5a0 code segment =3D base 0x0, limit 0xfffff, type 0x1b =3D DPL 0, pres 1, long 1, def32 0, gran 1 processor eflags =3D interrupt enabled, resume, IOPL =3D 0 current process =3D 958 (syncthing) trap number =3D 12 panic: page fault cpuid =3D 2 KDB: stack backtrace: #0 0xffffffff80b2f917 at kdb_backtrace+0x67 #1 0xffffffff80ae6bb2 at vpanic+0x182 #2 0xffffffff80ae6a23 at panic+0x43 #3 0xffffffff80fb3020 at trap_fatal+0x350 #4 0xffffffff80fb3213 at trap_pfault+0x1e3 #5 0xffffffff80fb27bd at trap+0x26d #6 0xffffffff80f95311 at calltrap+0x8 #7 0xffffffff80d3c6ea at ip6_setpktopts+0x10a #8 0xffffffff80d54aa4 at udp6_send+0x364 #9 0xffffffff80b80672 at sosend_dgram+0x4d2 #10 0xffffffff80b88b7b at kern_sendit+0x22b #11 0xffffffff80b88f7f at sendit+0x19f #12 0xffffffff80b89031 at sys_sendmsg+0x61 #13 0xffffffff80fb397e at amd64_syscall+0x4ce #14 0xffffffff80f955fb at Xfast_syscall+0xfb Backtrace from kgdb: #0 __curthread () at ./machine/pcpu.h:221 #1 doadump (textdump=3D<optimized out>) at /home/dim/stable-11/sys/kern/kern_shutdown.c:298 #2 0xffffffff80ae663a in kern_reboot (howto=3D260) at /home/dim/stable-11/sys/kern/kern_shutdown.c:366 #3 0xffffffff80ae6beb in vpanic (fmt=3D<optimized out>, ap=3D0xfffffe04538= ef1b0) at /home/dim/stable-11/sys/kern/kern_shutdown.c:759 #4 0xffffffff80ae6a23 in panic (fmt=3D<unavailable>) at /home/dim/stable-11/sys/kern/kern_shutdown.c:690 #5 0xffffffff80fb3020 in trap_fatal (frame=3D0xfffffe04538ef4b0, eva=3D16)= at /home/dim/stable-11/sys/amd64/amd64/trap.c:841 #6 0xffffffff80fb3213 in trap_pfault (frame=3D0xfffffe04538ef4b0, usermode= =3D0) at /home/dim/stable-11/sys/amd64/amd64/trap.c:691 #7 0xffffffff80fb27bd in trap (frame=3D0xfffffe04538ef4b0) at /home/dim/stable-11/sys/amd64/amd64/trap.c:442 #8 <signal handler called> #9 0xffffffff80d3cd3d in ip6_setpktopt (optname=3D<optimized out>, buf=3D0xfffff8000ff1f548 "", len=3D20, opt=3D0xfffffe04538ef698, cred=3D0xfffff800aa61b800, sticky=3D0, cmsg=3D<optimized out>, uproto=3D<op= timized out>) at /home/dim/stable-11/sys/netinet6/ip6_output.c:2663 #10 0xffffffff80d3c6ea in ip6_setpktopts (control=3D<optimized out>, opt=3D<optimized out>, stickyopt=3D<optimized out>, cred=3D<optimized out>, uproto=3D<optimized out>) at /home/dim/stable-11/sys/netinet6/ip6_output.c:= 2557 #11 0xffffffff80d54aa4 in udp6_output (inp=3D0xfffff8002336fae0, m=3D<optim= ized out>, addr6=3D<optimized out>, control=3D0x0, td=3D<optimized out>) at /home/dim/stable-11/sys/netinet6/udp6_usrreq.c:695 #12 udp6_send (so=3D<optimized out>, flags=3D-2116399792, m=3D<optimized ou= t>, addr=3D<optimized out>, control=3D<optimized out>, td=3D0xfffff800230f7a00)= at /home/dim/stable-11/sys/netinet6/udp6_usrreq.c:1274 #13 0xffffffff80b80672 in sosend_dgram (so=3D0xfffff800aa24ea20, addr=3D<op= timized out>, uio=3D<optimized out>, top=3D<optimized out>, control=3D<optimized ou= t>, flags=3D<optimized out>, td=3D<optimized out>) at /home/dim/stable-11/sys/kern/uipc_socket.c:1174 #14 0xffffffff80b88b7b in kern_sendit (td=3D<optimized out>, s=3D<optimized= out>, mp=3D<optimized out>, flags=3D0, control=3D0xfffff8000ff1f500, segflg=3DUIO= _USERSPACE) at /home/dim/stable-11/sys/kern/uipc_syscalls.c:848 #15 0xffffffff80b88f7f in sendit (td=3D0xfffff800230f7a00, s=3D<optimized o= ut>, mp=3D0xfffffe04538ef948, flags=3D<optimized out>) at /home/dim/stable-11/sys/kern/uipc_syscalls.c:775 #16 0xffffffff80b89031 in sys_sendmsg (td=3D0xfffff800230f7a00, uap=3D0xfffffe04538efa40) at /home/dim/stable-11/sys/kern/uipc_syscalls.c:9= 77 #17 0xffffffff80fb397e in syscallenter (td=3D<optimized out>, sa=3D<optimiz= ed out>) at /home/dim/stable-11/sys/amd64/amd64/../../kern/subr_syscall.c:135 #18 amd64_syscall (td=3D<optimized out>, traced=3D0) at /home/dim/stable-11/sys/amd64/amd64/trap.c:942 #19 <signal handler called> #20 0x00000000004f9494 in ?? () In frame 9, ifp->if_afdata[AF_INET6] is NULL, which is the cause of the cra= sh: (kgdb) frame 9 #9 0xffffffff80d3cd3d in ip6_setpktopt (optname=3D<optimized out>, buf=3D0xfffff8000ff1f548 "", len=3D20, opt=3D0xfffffe04538ef698, cred=3D0xfffff800aa61b800, sticky=3D0, cmsg=3D<optimized out>, uproto=3D<op= timized out>) at /home/dim/stable-11/sys/netinet6/ip6_output.c:2663 2663 /home/dim/stable-11/sys/netinet6/ip6_output.c: No such file or directory. (kgdb) print ifp->if_afdata[28] $1 =3D (void *) 0x0 In fact, all if_afdata[] members except for AF_INET seem to be NULL: (kgdb) print ifp->if_afdata $4 =3D {0x0, 0x0, 0xfffff80008614c20, 0x0 <repeats 39 times>} It looks like syncthing is doing some sort of UDPv6 sending over all interfaces, or something. The Go is rather hard for me to digest, so what = it exactly calls I don't know. In any case, the problem is also reproducible very easily on -CURRENT, simp= ly by installing the syncthing port, then: kldload pflog syncthing and waiting for syncthing's initial startup to complete. It will panic alm= ost immediately. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-210943-8>