From nobody Mon Jun 19 03:39:16 2023
X-Original-To: bugs@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4QkwVY3b5kz4dtPg
	for <bugs@mlmmj.nyi.freebsd.org>; Mon, 19 Jun 2023 03:39:17 +0000 (UTC)
	(envelope-from bugzilla-noreply@freebsd.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4QkwVY25h2z4R5m
	for <bugs@FreeBSD.org>; Mon, 19 Jun 2023 03:39:17 +0000 (UTC)
	(envelope-from bugzilla-noreply@freebsd.org)
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1687145957;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=brwucZsC5IYv+GL9JevFvfKzpS4s7j4FBvhIPjMSf9s=;
	b=OrkFl9bP2fqwgOqbrxI3ERs4tm/DdAHppya8niZ7LzTcxi3COuZe4MZszkUk4Ea/0PPKBK
	nUWxb3nsVeQ/wK2xRTtdA4lLdIqFA/yZ7CkzbbdmVIEFc+IiFVNbl2JFUtAPHiiSgomy+X
	uTAOzvogGjCM5j0IApg7wWodUItzX1s2Jbpz8GrwM/x1rd/og7R9iR5vpvF1ucByBAMYWK
	xOz78kp5Wwuvp/6/bpB/PFutBiIKL7i09t1MH97MtsWrNbMgyO2xFGRmjyWhrbixg8zf2L
	vlyekMtdcZtQPce7rDI8UdZMzznI2uz+T0EnyawWihNXN4VmrqnCUdx2ZcC65A==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1687145957; a=rsa-sha256; cv=none;
	b=xj6qhPELJjm0MMokilCtXytFCszS6wXEFMlJRrki6wNC6iWSXXuUT08ED2H1JiLUio1Bve
	GvNHxHUEjJKn4Zd1vB0Qul078LdG3S4GxCGqM08PuUxygvsRY0LQlQZfBmxWHUSgnc7k2T
	cZwi1DBu2WcorjtwW61dexEmduNk817xEmn6yvJyajHbobaMqW4Y7jja07ndY4E/EjLQzS
	nvAiLpX+9qVDtii7Rl6o0VGqAsmjVjkn6d7vFHkja1hYvVKK3VG5rEe8du1kIe6DDV8X7Z
	9QF2OaThlMp/j8nP84+lp1L3fIbMMr8BfmiDzYALDB93isYlL7y27gf6riE4Tg==
Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4QkwVY15TDz11d2
	for <bugs@FreeBSD.org>; Mon, 19 Jun 2023 03:39:17 +0000 (UTC)
	(envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org ([127.0.1.5])
	by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 35J3dH7X030982
	for <bugs@FreeBSD.org>; Mon, 19 Jun 2023 03:39:17 GMT
	(envelope-from bugzilla-noreply@freebsd.org)
Received: (from www@localhost)
	by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 35J3dHee030981
	for bugs@FreeBSD.org; Mon, 19 Jun 2023 03:39:17 GMT
	(envelope-from bugzilla-noreply@freebsd.org)
X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f
From: bugzilla-noreply@freebsd.org
To: bugs@FreeBSD.org
Subject: [Bug 271991] Crash on some network packets with fresh stable
Date: Mon, 19 Jun 2023 03:39:16 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 13.2-STABLE
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Some People
X-Bugzilla-Who: rozhuk.im@gmail.com
X-Bugzilla-Status: Open
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: 
Message-ID: <bug-271991-227-ifCpeO0NxD@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-271991-227@https.bugs.freebsd.org/bugzilla/>
References: <bug-271991-227@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-bugs
List-Help: <mailto:freebsd-bugs+help@freebsd.org>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Subscribe: <mailto:freebsd-bugs+subscribe@freebsd.org>
List-Unsubscribe: <mailto:freebsd-bugs+unsubscribe@freebsd.org>
Sender: owner-freebsd-bugs@freebsd.org
MIME-Version: 1.0
X-ThisMailContainsUnwantedMimeParts: N

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D271991

--- Comment #8 from Ivan Rozhuk <rozhuk.im@gmail.com> ---
I found a way to reproduce:
tcpdump -n -vvvvv -i lan0 "ip and tcp and tcp[1024] !=3D 0"


[252409] #0 0xffffffff80665e1b at kdb_backtrace+0x6b
[252409] #1 0xffffffff8061bff2 at vpanic+0x152
[252409] #2 0xffffffff8061be93 at panic+0x43
[252409] #3 0xffffffff8093b2a7 at trap_fatal+0x387
[252409] #4 0xffffffff8093b2ff at trap_pfault+0x4f
[252409] #5 0xffffffff809121ce at calltrap+0x8
[252409] #6 0xffffffff8071fdba at bpf_mtap+0x10a
[252409] #7 0xffffffff807511d4 at iflib_txq_drain+0x3c4
[252409] #8 0xffffffff80756303 at drain_ring_lockless+0x63
[252409] #9 0xffffffff807561ea at ifmp_ring_enqueue+0x29a
[252409] #10 0xffffffff80754409 at iflib_if_transmit+0x239
[252409] #11 0xffffffff80737b0b at ether_output_frame+0x9b
[252409] #12 0xffffffff818ee777 at ng_apply_item+0x207
[252409] #13 0xffffffff818ee25c at ng_snd_item+0x1cc
[252409] #14 0xffffffff818ee777 at ng_apply_item+0x207
[252409] #15 0xffffffff818ee25c at ng_snd_item+0x1cc
[252409] #16 0xffffffff818e8bdd at ng_ether_output+0x5d
[252409] #17 0xffffffff80737957 at ether_output+0x6c7


and without netgraph:
[155] Fatal trap 12: page fault while in kernel mode
[155] cpuid =3D 1; apic id =3D 01
[155] fault virtual address     =3D 0x2dd
[155] fault code                =3D supervisor read data, page not present
[155] instruction pointer       =3D 0x20:0xffffffff807246d3
[155] stack pointer             =3D 0x28:0xfffffe015c814250
[155] frame pointer             =3D 0x28:0xfffffe015c8142c0
[155] code segment              =3D base 0x0, limit 0xfffff, type 0x1b
[155]                   =3D DPL 0, pres 1, long 1, def32 0, gran 1
[155] processor eflags  =3D interrupt enabled, resume, IOPL =3D 0
[155] current process           =3D 54569 (nginx)
[155] trap number               =3D 12
[155] panic: page fault
[155] cpuid =3D 1
[155] time =3D 1687145826
[155] KDB: stack backtrace:
[155] #0 0xffffffff80665e1b at kdb_backtrace+0x6b
[155] #1 0xffffffff8061bff2 at vpanic+0x152
[155] #2 0xffffffff8061be93 at panic+0x43
[155] #3 0xffffffff8093b2a7 at trap_fatal+0x387
[155] #4 0xffffffff8093b2ff at trap_pfault+0x4f
[155] #5 0xffffffff809121ce at calltrap+0x8
[155] #6 0xffffffff8071fdba at bpf_mtap+0x10a
[155] #7 0xffffffff807511d4 at iflib_txq_drain+0x3c4
[155] #8 0xffffffff80756303 at drain_ring_lockless+0x63
[155] #9 0xffffffff807561ea at ifmp_ring_enqueue+0x29a
[155] #10 0xffffffff80754409 at iflib_if_transmit+0x239
[155] #11 0xffffffff80737b0b at ether_output_frame+0x9b
[155] #12 0xffffffff8073797d at ether_output+0x6ed
[155] #13 0xffffffff80785106 at ip_output_send+0xe6
[155] #14 0xffffffff80784e33 at ip_output+0xff3
[155] #15 0xffffffff811ac339 at rack_output+0x3ee9
[155] #16 0xffffffff807aeb3f at tcp_usr_send+0x2af
[155] #17 0xffffffff80619902 at vn_sendfile+0x1222
[155] Uptime: 2m35s

--=20
You are receiving this mail because:
You are the assignee for the bug.=