From owner-freebsd-current@freebsd.org Wed Jan 6 02:13:21 2016 Return-Path: Delivered-To: freebsd-current@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 05612A6399F for ; Wed, 6 Jan 2016 02:13:21 +0000 (UTC) (envelope-from shawn.webb@hardenedbsd.org) Received: from mail-qk0-x229.google.com (mail-qk0-x229.google.com [IPv6:2607:f8b0:400d:c09::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id AD9E41CA1 for ; Wed, 6 Jan 2016 02:13:20 +0000 (UTC) (envelope-from shawn.webb@hardenedbsd.org) Received: by mail-qk0-x229.google.com with SMTP id n135so148120499qka.2 for ; Tue, 05 Jan 2016 18:13:20 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hardenedbsd-org.20150623.gappssmtp.com; s=20150623; h=date:from:to:cc:subject:message-id:references:mime-version :content-type:content-disposition:in-reply-to:user-agent; bh=BGt5M78n3e0KYkYvwxfuLQpuOLdZ0+CPSSqVQwwe2EA=; b=tcw0KJEke3yxsBOCZsA3+yYuJa1CyzwB3nWMn/bDJadiE3h9l/0tvgmyR+RXjb0FyC vVY05EbQ7iu0g1qyF0leQlg5cWTS04uDW2IqPGvoBFl9aBUkbCRgEAb0OTKBAWZ8NBjk FGtXSdnOCNVYFVisa97ybLlsYlRIen7Bh5HBWLJhWVwmo9MJh2j8Y5yARSVIEY7XF/lH rqUGZhFYD+ffTLe/ubilsf1c09qQVXUrj2MsaXdKqls3Gc96LSIOKtRLN/6Jmb6DGPSd VOVAuifBH30aNH4yc+7F02KAHHW5aamcHbLFsEzHFDgBRpSQyqpFofqV2BvH2dgiIqhw 5QZw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-type:content-disposition:in-reply-to :user-agent; bh=BGt5M78n3e0KYkYvwxfuLQpuOLdZ0+CPSSqVQwwe2EA=; b=GGuxQVLIDxpfQNLoStVbvuTmfJDcepdTQutHqiGjlp7MlnvVA+hk4g+DJ3asHmfR90 RX2H9Bq1OSbzFOuWsfPoyq8c4KF9ivnlGOJAx9JNdUjJsSwkzg9v+WJNZGRFRmUJAZpc 2zujNgV1p0hShbWWn1gLXcR+0V9PKOiMw3kjMbtPci/TyUQxasX2B6OjP5p+K8YBp1F5 2l2OFYRMueUzbyLLJqWY8ZYGHcGexnROCW+pG4CMrOTA+JfxCxLGvEg6BRifid4r8ob8 tqTNLmDaSFmj4X2oGC9BY5nC1Dy7+GNUGAN7AqMt7Sn2g3SDh2f3ZBnKubmfL08EO24w RKsw== X-Gm-Message-State: ALoCoQk3+HK0p5vZiAY+dbar2ra8dep75S+d2lCgGW2ryplzvfULAfKT4DBL/QjWr5Wkg+PzKXba6hK0HxEmEJmus2u6zchtvg== X-Received: by 10.55.22.29 with SMTP id g29mr127048221qkh.100.1452046399864; Tue, 05 Jan 2016 18:13:19 -0800 (PST) Received: from mutt-hardenedbsd (c-73-135-80-144.hsd1.md.comcast.net. [73.135.80.144]) by smtp.gmail.com with ESMTPSA id w16sm43522712qka.35.2016.01.05.18.13.18 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 05 Jan 2016 18:13:18 -0800 (PST) Date: Tue, 5 Jan 2016 21:13:16 -0500 From: Shawn Webb To: Adrian Chadd Cc: freebsd-current Subject: Re: kernel panic by enabling net.inet.ip.random_id Message-ID: <20160106021316.GB8405@mutt-hardenedbsd> References: <20160106015742.GA8405@mutt-hardenedbsd> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="hQiwHBbRI9kgIhsi" Content-Disposition: inline In-Reply-To: X-Operating-System: FreeBSD mutt-hardenedbsd 11.0-CURRENT-HBSD FreeBSD 11.0-CURRENT-HBSD X-PGP-Key: http://pgp.mit.edu/pks/lookup?op=vindex&search=0x6A84658F52456EEE User-Agent: Mutt/1.5.24 (2015-08-30) X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Jan 2016 02:13:21 -0000 --hQiwHBbRI9kgIhsi Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Thanks for the quick reply! Here's some more debugging output: =3D=3D=3D Begin Log =3D=3D=3D (kgdb) bt #0 doadump (textdump=3D0) at pcpu.h:221 #1 0xffffffff8037c78b in db_dump (dummy=3D, dummy2=3D= false, dummy3=3D0, dummy4=3D0x0) at /usr/src/sys/ddb/db_command.c:533 #2 0xffffffff8037c57e in db_command (cmd_table=3D0x0) at /usr/src/sys/ddb/= db_command.c:440 #3 0xffffffff8037c314 in db_command_loop () at /usr/src/sys/ddb/db_command= =2Ec:493 #4 0xffffffff8037edab in db_trap (type=3D, code=3D0) = at /usr/src/sys/ddb/db_main.c:251 #5 0xffffffff80a5c563 in kdb_trap (type=3D12, code=3D0, tf=3D) at /usr/src/sys/kern/subr_kdb.c:654 #6 0xffffffff80e6b7e1 in trap_fatal (frame=3D0xfffffe02c33894d0, eva=3D) at /usr/src/sys/amd64/amd64/trap.c:829 #7 0xffffffff80e6ba2d in trap_pfault (frame=3D0xfffffe02c33894d0, usermode= =3D) at /usr/src/sys/amd64/amd64/trap.c:684 #8 0xffffffff80e6b15f in trap (frame=3D0xfffffe02c33894d0) at /usr/src/sys= /amd64/amd64/trap.c:435 #9 0xffffffff80e4af97 in calltrap () at /usr/src/sys/amd64/amd64/exception= =2ES:234 #10 0xffffffff80b5de9e in ip_fillid (ip=3D0xfffff8000ef8cb88) at /usr/src/s= ys/netinet/ip_id.c:237 #11 0xffffffff80b6c41b in ip_output (m=3D, opt=3D, ro=3D, flags=3D0, imo=3D0x0, inp=3D0= xfffff8000e66e960) at /usr/src/sys/netinet/ip_output.c:268 #12 0xffffffff80bf0612 in udp_send (so=3D, flags=3D, m=3D, addr=3D0x0, control=3D, td=3D0xfffff8000ef8cb88) at /usr/src/sys/netinet/udp_usrre= q.c:1517 #13 0xffffffff80aa3872 in sosend_dgram (so=3D0xfffff8000e6422e8, addr=3D0x0= , uio=3D, top=3D0xfffff8000ef8cb00, control=3D0x0, fla= gs=3D, td=3D0xffffffff81bef2ec) at /usr/src/sys/kern/u= ipc_socket.c:1164 #13 0xffffffff80aa3872 in sosend_dgram (so=3D0xfffff8000e6422e8, addr=3D0x0= , uio=3D, top=3D0xfffff8000ef8cb00, control=3D0x0, fla= gs=3D, td=3D0xffffffff81bef2ec) at /usr/src/sys/kern/u= ipc_socket.c:1164 #14 0xffffffff80aaa03b in kern_sendit (td=3D0xfffff8000e4cd9c0, s=3D6, mp= =3D, flags=3D0, control=3D0x0, segflg=3DUIO_USERSPACE)= at /usr/src/sys/kern/uipc_syscalls.c:906 #15 0xffffffff80aaa336 in sendit (td=3D0xfffff8000e4cd9c0, s=3D, mp=3D0xfffffe02c3389970, flags=3D3980) at /usr/src/sys/kern/uipc= _syscalls.c:833 #16 0xffffffff80aaa1fd in sys_sendto (td=3D0x0, uap=3D= ) at /usr/src/sys/kern/uipc_syscalls.c:957 #17 0xffffffff80e6bfdb in amd64_syscall (td=3D0xfffff8000e4cd9c0, traced=3D= 0) at subr_syscall.c:135 #18 0xffffffff80e4b27b in Xfast_syscall () at /usr/src/sys/amd64/amd64/exce= ption.S:394 #19 0x000003e339782e8a in ?? () (kgdb) x/i 0xffffffff80b5de9e 0xffffffff80b5de9e : movzbl (%rax,%rcx,1),%esi (kgdb) info reg rax 0x0 0 rbx 0x0 0 rcx 0x0 0 rdx 0x0 0 rsi 0x0 0 rdi 0x0 0 rbp 0xfffffe02c3388fe0 0xfffffe02c3388fe0 rsp 0xfffffe02c3388fc8 0xfffffe02c3388fc8 r8 0x0 0 r9 0x0 0 r10 0x0 0 r11 0x0 0 r12 0xffffffff817c0b80 -2122577024 r13 0xffffffff817c1470 -2122574736 r14 0x1 1 r15 0x4 4 rip 0xffffffff80a1fae3 0xffffffff80a1fae3 eflags 0x0 0 cs 0x0 0 ss 0x0 0 ds 0x0 0 es 0x0 0 fs 0x0 0 gs 0x0 0 =3D=3D=3D End Log =3D=3D=3D Thanks, Shawn On Tue, Jan 05, 2016 at 06:06:41PM -0800, Adrian Chadd wrote: > looks like a null pointer deference. What's kgdb show at that IP? >=20 >=20 > -a >=20 >=20 > On 5 January 2016 at 17:57, Shawn Webb wrote: > > Hey All, > > > > Here's a kernel panic I'm experiencing by enabling net.inet.ip.random_id > > at boot. > > > > I'm on latest HEAD on amd64 in bhyve. I'll soon-ish be testing on native > > hardware with VIMAGE enabled. > > > > =3D=3D=3D Begin Log =3D=3D=3D > > Kernel page fault with the following non-sleepable locks held: > > exclusive sleep mutex ip_id_mtx (ip_id_mtx) r =3D 0 (0xffffffff81c54830= ) locked @ /usr/src/sys/netinet/ip_id.c:227 > > stack backtrace: > > #0 0xffffffff80a79620 at witness_debugger+0x70 > > #1 0xffffffff80a7a937 at witness_warn+0x3d7 > > #2 0xffffffff80e6b887 at trap_pfault+0x57 > > #3 0xffffffff80e6b15f at trap+0x4bf > > #4 0xffffffff80e4af97 at calltrap+0x8 > > #5 0xffffffff80b6c41b at ip_output+0x16b > > #6 0xffffffff80b68e82 at icmp_reflect+0x5b2 > > #7 0xffffffff80b6883f at icmp_error+0x46f > > #8 0xffffffff80beeb12 at udp_input+0x982 > > #9 0xffffffff80b69d1d at ip_input+0x17d > > #10 0xffffffff80b08ba1 at netisr_dispatch_src+0x81 > > #11 0xffffffff80afecce at ether_demux+0x15e > > #12 0xffffffff80affa14 at ether_nh_input+0x344 > > #13 0xffffffff80b08ba1 at netisr_dispatch_src+0x81 > > #14 0xffffffff80afefcf at ether_input+0x4f > > #15 0xffffffff8089a5c3 at vtnet_rxq_eof+0x823 > > #16 0xffffffff8089b2ce at vtnet_rx_vq_intr+0x4e > > #17 0xffffffff809e9ba6 at intr_event_execute_handlers+0x96 > > > > > > Fatal trap 12: page fault while in kernel mode > > cpuid =3D 6; apic id =3D 06 > > fault virtual address =3D 0x5bd > > fault code =3D supervisor read data, page not present > > instruction pointer =3D 0x20:0xffffffff80b5de9e > > stack pointer =3D 0x28:0xfffffe02b8d483e0 > > frame pointer =3D 0x28:0xfffffe02b8d48410 > > code segment =3D base 0x0, limit 0xfffff, type 0x1b > > =3D DPL 0, pres 1, long 1, def32 0, gran 1 > > processor eflags =3D interrupt enabled, resume, IOPL =3D 0 > > current process =3D 12 (irq265: virtio_pci0) > > [ thread pid 12 tid 100040 ] > > Stopped at ip_fillid+0x8e: movzbl (%rax,%rcx,1),%esi > > =3D=3D=3D End Log =3D=3D=3D > > > > Thanks, > > > > -- > > Shawn Webb > > HardenedBSD > > > > GPG Key ID: 0x6A84658F52456EEE > > GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE --=20 Shawn Webb HardenedBSD GPG Key ID: 0x6A84658F52456EEE GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE --hQiwHBbRI9kgIhsi Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJWjHgfAAoJEGqEZY9SRW7uh+kP/R5BBGGbQl+B/3lm//sNcptw pSRrQfSsFUYSI+lTANF1dlsmyoVLcMkG7X/tKinS3skBWqxmRVDN6ESPfl6SNYvp ZjI3snd93LjknKFcDYPAQUhJwUKDDgtoPr5IQzOup/VA9N5L+A4zB/b71coU+g7A 44Z3I6rZYF/5iz0NG32XRxb/knwNQ0CBDWdpRfQyeDBzNcBSr2pyA8209Sf3KwF4 zr6L1r/EuPrGaOAI87jyjjM1W9u5cKKiNI49IAPemyQehuzbp8xhqY0kQGtqfQDP oX0to1yPHFN3lmVVEMxuQldqAi5z2yQpyGRiRXEl2R/6J99la9bN37cfK+xCK1i5 I4sUEa4m7x/ZVnY9ECvLTwHlFRBA9mQpVZF1r/Lxa7yIgGwtMddu5jXYgw/VwzOr xRJdP8E82R1mKnGislPDA7E0qItQr/LoCFGkoijVJJidAXILY2sBtgXJHe5u4ukU Yi9ZMGZPw7Q7kuBMmifbQKn/VhNLj6DlXX+VJ4GLWrKBWjXycO29xwsi3ctPqlcv f05GbEBmLKGSEWqYaYlNpmUt7vOyfSi6KYvL6LBb/scft6kf0R3d69eQpfZVBF2E OgKj1jeia88V7+SR7HKq3GvmCJL5bIGdZx9FcVB9tgLRmW9yZFjGOZ9ijmcegz11 H5UkPB62ynEI6sqIpuFa =Bqe2 -----END PGP SIGNATURE----- --hQiwHBbRI9kgIhsi--