Date: Mon, 19 Jun 2023 03:39:16 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 271991] Crash on some network packets with fresh stable Message-ID: <bug-271991-227-ifCpeO0NxD@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-271991-227@https.bugs.freebsd.org/bugzilla/> References: <bug-271991-227@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D271991 --- Comment #8 from Ivan Rozhuk <rozhuk.im@gmail.com> --- I found a way to reproduce: tcpdump -n -vvvvv -i lan0 "ip and tcp and tcp[1024] !=3D 0" [252409] #0 0xffffffff80665e1b at kdb_backtrace+0x6b [252409] #1 0xffffffff8061bff2 at vpanic+0x152 [252409] #2 0xffffffff8061be93 at panic+0x43 [252409] #3 0xffffffff8093b2a7 at trap_fatal+0x387 [252409] #4 0xffffffff8093b2ff at trap_pfault+0x4f [252409] #5 0xffffffff809121ce at calltrap+0x8 [252409] #6 0xffffffff8071fdba at bpf_mtap+0x10a [252409] #7 0xffffffff807511d4 at iflib_txq_drain+0x3c4 [252409] #8 0xffffffff80756303 at drain_ring_lockless+0x63 [252409] #9 0xffffffff807561ea at ifmp_ring_enqueue+0x29a [252409] #10 0xffffffff80754409 at iflib_if_transmit+0x239 [252409] #11 0xffffffff80737b0b at ether_output_frame+0x9b [252409] #12 0xffffffff818ee777 at ng_apply_item+0x207 [252409] #13 0xffffffff818ee25c at ng_snd_item+0x1cc [252409] #14 0xffffffff818ee777 at ng_apply_item+0x207 [252409] #15 0xffffffff818ee25c at ng_snd_item+0x1cc [252409] #16 0xffffffff818e8bdd at ng_ether_output+0x5d [252409] #17 0xffffffff80737957 at ether_output+0x6c7 and without netgraph: [155] Fatal trap 12: page fault while in kernel mode [155] cpuid =3D 1; apic id =3D 01 [155] fault virtual address =3D 0x2dd [155] fault code =3D supervisor read data, page not present [155] instruction pointer =3D 0x20:0xffffffff807246d3 [155] stack pointer =3D 0x28:0xfffffe015c814250 [155] frame pointer =3D 0x28:0xfffffe015c8142c0 [155] code segment =3D base 0x0, limit 0xfffff, type 0x1b [155] =3D DPL 0, pres 1, long 1, def32 0, gran 1 [155] processor eflags =3D interrupt enabled, resume, IOPL =3D 0 [155] current process =3D 54569 (nginx) [155] trap number =3D 12 [155] panic: page fault [155] cpuid =3D 1 [155] time =3D 1687145826 [155] KDB: stack backtrace: [155] #0 0xffffffff80665e1b at kdb_backtrace+0x6b [155] #1 0xffffffff8061bff2 at vpanic+0x152 [155] #2 0xffffffff8061be93 at panic+0x43 [155] #3 0xffffffff8093b2a7 at trap_fatal+0x387 [155] #4 0xffffffff8093b2ff at trap_pfault+0x4f [155] #5 0xffffffff809121ce at calltrap+0x8 [155] #6 0xffffffff8071fdba at bpf_mtap+0x10a [155] #7 0xffffffff807511d4 at iflib_txq_drain+0x3c4 [155] #8 0xffffffff80756303 at drain_ring_lockless+0x63 [155] #9 0xffffffff807561ea at ifmp_ring_enqueue+0x29a [155] #10 0xffffffff80754409 at iflib_if_transmit+0x239 [155] #11 0xffffffff80737b0b at ether_output_frame+0x9b [155] #12 0xffffffff8073797d at ether_output+0x6ed [155] #13 0xffffffff80785106 at ip_output_send+0xe6 [155] #14 0xffffffff80784e33 at ip_output+0xff3 [155] #15 0xffffffff811ac339 at rack_output+0x3ee9 [155] #16 0xffffffff807aeb3f at tcp_usr_send+0x2af [155] #17 0xffffffff80619902 at vn_sendfile+0x1222 [155] Uptime: 2m35s --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-271991-227-ifCpeO0NxD>