From nobody Sat Jun 12 17:59:50 2021 X-Original-To: net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id B8E3A11CA24A for ; Sat, 12 Jun 2021 17:59:53 +0000 (UTC) (envelope-from avg@FreeBSD.org) Received: from smtp.freebsd.org (smtp.freebsd.org [IPv6:2610:1c1:1:606c::24b:4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4G2QTj4wJGz3NW0 for ; Sat, 12 Jun 2021 17:59:53 +0000 (UTC) (envelope-from avg@FreeBSD.org) Received: from [192.168.0.88] (unknown [195.64.148.76]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client did not present a certificate) (Authenticated sender: avg/mail) by smtp.freebsd.org (Postfix) with ESMTPSA id 56C3827E66 for ; Sat, 12 Jun 2021 17:59:53 +0000 (UTC) (envelope-from avg@FreeBSD.org) To: "net@FreeBSD.org" From: Andriy Gapon Subject: page fault in pfioctl Message-ID: Date: Sat, 12 Jun 2021 20:59:50 +0300 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:78.0) Gecko/20100101 Firefox/78.0 Thunderbird/78.11.0 List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 8bit X-ThisMailContainsUnwantedMimeParts: N Not sure if this has been reported, or maybe even fixed, yet. The crash happened with stable/13 as of 92f49c769b4 (June 3). Judging from the time I think that it happened when running a periodic report (likely 520.pfdenied). I have the vmcore, can take a look into it on Monday. Ah, and I must add that this is a custom kernel configuration with INVARIANTS. Kernel page fault with the following non-sleepable locks held: exclusive rm pf rulesets (pf rulesets) r = 0 (0xffffffff85558e58) locked @ /usr/devel/git/trant/sys/netpfil/pf/pf_ioctl.c:2459 stack backtrace: #0 0xffffffff808a77bd at witness_debugger+0x6d #1 0xffffffff808a860b at witness_warn+0x21b #2 0xffffffff80b30171 at trap_pfault+0x71 #3 0xffffffff80b2f729 at trap+0x289 #4 0xffffffff80b304d9 at trap_check+0x29 #5 0xffffffff80b0bb28 at calltrap+0x8 #6 0xffffffff85540358 at pfioctl+0x4d28 #7 0xffffffff807176cf at devfs_ioctl+0xcf #8 0xffffffff80bb26e2 at VOP_IOCTL_APV+0x92 #9 0xffffffff80928014 at VOP_IOCTL+0x34 #10 0xffffffff80923330 at vn_ioctl+0xc0 #11 0xffffffff80717bbe at devfs_ioctl_f+0x1e #12 0xffffffff808abc6b at fo_ioctl+0xb #13 0xffffffff808abc01 at kern_ioctl+0x1d1 #14 0xffffffff808ab982 at sys_ioctl+0x132 #15 0xffffffff80b30cc9 at syscallenter+0x159 #16 0xffffffff80b309a5 at amd64_syscall+0x15 #17 0xffffffff80b0c44e at fast_syscall_common+0xf8 Fatal trap 12: page fault while in kernel mode cpuid = 5; apic id = 05 fault virtual address = 0x800a22000 fault code = supervisor write data, page not present instruction pointer = 0x20:0xffffffff80b2c7ca stack pointer = 0x28:0xfffffe01cb072480 frame pointer = 0x28:0xfffffe01cb072480 code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, long 1, def32 0, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 12208 (pfctl) trap number = 12 panic: page fault cpuid = 5 time = 1623456453 KDB: stack backtrace: db_trace_self_wrapper() at 0xffffffff805c1e8b = db_trace_self_wrapper+0x2b/frame 0xfffffe01cb072040 kdb_backtrace() at 0xffffffff808874b7 = kdb_backtrace+0x37/frame 0xfffffe01cb0720f0 vpanic() at 0xffffffff808449d8 = vpanic+0x188/frame 0xfffffe01cb072150 panic() at 0xffffffff808445f3 = panic+0x43/frame 0xfffffe01cb0721b0 trap_fatal() at 0xffffffff80b300a5 = trap_fatal+0x375/frame 0xfffffe01cb072210 trap_pfault() at 0xffffffff80b30180 = trap_pfault+0x80/frame 0xfffffe01cb072280 trap() at 0xffffffff80b2f729 = trap+0x289/frame 0xfffffe01cb072390 trap_check() at 0xffffffff80b304d9 = trap_check+0x29/frame 0xfffffe01cb0723b0 calltrap() at 0xffffffff80b0bb28 = calltrap+0x8/frame 0xfffffe01cb0723b0 --- trap 0xc, rip = 0xffffffff80b2c7ca, rsp = 0xfffffe01cb072480, rbp = 0xfffffe01cb072480 --- copyout_nosmap_std() at 0xffffffff80b2c7ca = copyout_nosmap_std+0x15a/frame 0xfffffe01cb072480 pfioctl() at 0xffffffff85540358 = pfioctl+0x4d28/frame 0xfffffe01cb072940 devfs_ioctl() at 0xffffffff807176cf = devfs_ioctl+0xcf/frame 0xfffffe01cb0729a0 VOP_IOCTL_APV() at 0xffffffff80bb26e2 = VOP_IOCTL_APV+0x92/frame 0xfffffe01cb0729c0 VOP_IOCTL() at 0xffffffff80928014 = VOP_IOCTL+0x34/frame 0xfffffe01cb072a10 vn_ioctl() at 0xffffffff80923330 = vn_ioctl+0xc0/frame 0xfffffe01cb072b00 devfs_ioctl_f() at 0xffffffff80717bbe = devfs_ioctl_f+0x1e/frame 0xfffffe01cb072b20 fo_ioctl() at 0xffffffff808abc6b = fo_ioctl+0xb/frame 0xfffffe01cb072b30 kern_ioctl() at 0xffffffff808abc01 = kern_ioctl+0x1d1/frame 0xfffffe01cb072b80 sys_ioctl() at 0xffffffff808ab982 = sys_ioctl+0x132/frame 0xfffffe01cb072c50 syscallenter() at 0xffffffff80b30cc9 = syscallenter+0x159/frame 0xfffffe01cb072ca0 -- Andriy Gapon