From owner-freebsd-bugs@freebsd.org Thu Jun 27 04:35:02 2019 Return-Path: Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 4905415DA91D for ; Thu, 27 Jun 2019 04:35:02 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id CFBD26E19E for ; Thu, 27 Jun 2019 04:35:01 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.ysv.freebsd.org (Postfix) id 9087A15DA91C; Thu, 27 Jun 2019 04:35:01 +0000 (UTC) Delivered-To: bugs@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 4FFCD15DA91B for ; Thu, 27 Jun 2019 04:35:01 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.ysv.freebsd.org (mxrelay.ysv.freebsd.org [IPv6:2001:1900:2254:206a::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.ysv.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id D62056E19D for ; Thu, 27 Jun 2019 04:35:00 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.ysv.freebsd.org (Postfix) with ESMTPS id 084DE21DF for ; Thu, 27 Jun 2019 04:35:00 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id x5R4Yxuf030135 for ; Thu, 27 Jun 2019 04:34:59 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id x5R4YxtP030134 for bugs@FreeBSD.org; Thu, 27 Jun 2019 04:34:59 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 238839] ipfilter: kernel panic in function ipf_check_wrapper Date: Thu, 27 Jun 2019 04:34:59 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 12.0-STABLE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: msl0000023508@gmail.com X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: bugs@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform op_sys bug_status bug_severity priority component assigned_to reporter Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 27 Jun 2019 04:35:02 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D238839 Bug ID: 238839 Summary: ipfilter: kernel panic in function ipf_check_wrapper Product: Base System Version: 12.0-STABLE Hardware: amd64 OS: Any Status: New Severity: Affects Only Me Priority: --- Component: kern Assignee: bugs@FreeBSD.org Reporter: msl0000023508@gmail.com Kernel version: 12.0-STABLE r349024 Architecture: amd64 The IP Filter module is custom built that been applied patches from bug #23= 8796 and https://sourceforge.net/p/hacking-freebsd/freebsd-patches/ci/master/tree/10= .3/ipfilter-local-output-tcp-checksum.diff This panic seems triggered from a tun(4) interface that used by ppp(8) for a PPP over SSH tunnel. May also be related to bug #230498, as all other panics occurred at this ho= st are surely due to that. kgdb(8) output: [root@x ~]# kgdb -c /var/crash/vmcore.6 /boot/kernel/kernel GNU gdb (GDB) 8.3 [GDB v8.3 for FreeBSD] Copyright (C) 2019 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-portbld-freebsd12.0". Type "show configuration" for configuration details. For bug reporting instructions, please see: . Find the GDB manual and other documentation resources online at: . For help, type "help". Type "apropos word" to search for commands related to "word"... Reading symbols from /boot/kernel/kernel... Reading symbols from /usr/lib/debug//boot/kernel/kernel.debug... Unread portion of the kernel message buffer: Fatal trap 12: page fault while in kernel mode cpuid =3D 2; apic id =3D 04 fault virtual address =3D 0x28 fault code =3D supervisor read data, page not present instruction pointer =3D 0x20:0xffffffff8295deab stack pointer =3D 0x28:0xfffffe00005dd490 frame pointer =3D 0x28:0xfffffe00005dd4a0 code segment =3D base 0x0, limit 0xfffff, type 0x1b =3D DPL 0, pres 1, long 1, def32 0, gran 1 processor eflags =3D interrupt enabled, resume, IOPL =3D 0 current process =3D 11229 (ppp) trap number =3D 12 panic: page fault cpuid =3D 2 time =3D 1561606371 KDB: stack backtrace: #0 0xffffffff80c16e77 at kdb_backtrace+0x67 #1 0xffffffff80bcad3d at vpanic+0x19d #2 0xffffffff80bcab93 at panic+0x43 #3 0xffffffff810a84b5 at trap_fatal+0x395 #4 0xffffffff810a8519 at trap_pfault+0x49 #5 0xffffffff810a7aff at trap+0x29f #6 0xffffffff81082cf5 at calltrap+0x8 #7 0xffffffff80cee252 at pfil_run_hooks+0xb2 #8 0xffffffff80d5ba79 at ip_output+0xd59 #9 0xffffffff80d569e7 at icmp_reflect+0x7d7 #10 0xffffffff80d573b2 at icmp_input+0x932 #11 0xffffffff80d57f93 at ip_input+0x143 #12 0xffffffff80ced3df at netisr_dispatch_src+0xcf #13 0xffffffff80cd878c at tunwrite+0x24c #14 0xffffffff80a816da at devfs_write_f+0xda #15 0xffffffff80c345a0 at dofilewrite+0xb0 #16 0xffffffff80c34101 at sys_write+0xc1 #17 0xffffffff810a9084 at amd64_syscall+0x364 Uptime: 1d20h44m30s (ada0:ahcich1:0:0:0): spin-down Dumping 616 out of 3952 MB: (CTRL-C to abort) ..3%..11%..21%..32%..42%..52%..63%..71%..81%..91% __curthread () at /usr/src/sys/amd64/include/pcpu.h:234 234 __asm("movq %%gs:%P1,%0" : "=3Dr" (td) : "n" (OFFSETOF_CURTHREAD)); (kgdb) bt #0 __curthread () at /usr/src/sys/amd64/include/pcpu.h:234 #1 doadump (textdump=3D) at /usr/src/sys/kern/kern_shutdown= .c:371 #2 0xffffffff80bca938 in kern_reboot (howto=3D260) at /usr/src/sys/kern/kern_shutdown.c:451 #3 0xffffffff80bcad99 in vpanic (fmt=3D, ap=3D) at /usr/src/sys/kern/kern_shutdown.c:877 #4 0xffffffff80bcab93 in panic (fmt=3D) at /usr/src/sys/kern/kern_shutdown.c:804 #5 0xffffffff810a84b5 in trap_fatal (frame=3D0xfffffe00005dd3d0, eva=3D40) at /usr/src/sys/amd64/amd64/trap.c:948 #6 0xffffffff810a8519 in trap_pfault (frame=3D0xfffffe00005dd3d0, usermode= =3D0) at /usr/src/sys/amd64/amd64/trap.c:767 #7 0xffffffff810a7aff in trap (frame=3D0xfffffe00005dd3d0) at /usr/src/sys/amd64/amd64/trap.c:443 #8 #9 0xffffffff8295deab in ipf_check_wrapper (arg=3D, mp=3D0xfffff80004370e5c,=20 ifp=3D0xfffff80042563000, dir=3D1112944640) at /usr/src/sys/contrib/ipfilter/netinet/ip_fil_freebsd.c:132 #10 0xffffffff80cee252 in pfil_run_hooks (ph=3D, mp=3D,=20 ifp=3D0xfffff80042563000, dir=3D2, flags=3D0, inp=3D0x0) at /usr/src/sys/net/pfil.c:117 #11 0xffffffff80d5ba79 in ip_output_pfil (mp=3D0xfffff80004370e00, ifp=3D0xfffff80042563000,=20 inp=3D, dst=3D0xfffffe00005dd640, fibnum=3D, error=3D) at /usr/src/sys/netinet/ip_output.c:124 #12 ip_output (m=3D0xfffff80004370e00, opt=3D, ro=3D, flags=3D0, imo=3D0x0,=20 inp=3D) at /usr/src/sys/netinet/ip_output.c:571 #13 0xffffffff80d569e7 in icmp_send (m=3D, opts=3D0x0) at /usr/src/sys/netinet/ip_icmp.c:947 #14 icmp_reflect (m=3D0xfffff80004370e00) at /usr/src/sys/netinet/ip_icmp.c= :911 #15 0xffffffff80d573b2 in icmp_input (mp=3D0xfffffe00005dd8c0, offp=3D0xfffffe00005dd8bc, proto=3D1) at /usr/src/sys/netinet/ip_icmp.c:640 #16 0xffffffff80d57f93 in ip_input (m=3D0x0) at /usr/src/sys/netinet/ip_input.c:828 #17 0xffffffff80ced3df in netisr_dispatch_src (proto=3D1, source=3D,=20 m=3D0xfffff80042563000) at /usr/src/sys/net/netisr.c:1122 #18 0xffffffff80cd878c in tunwrite (dev=3D, uio=3D, flag=3D) at /usr/src/sys/net/if_tun.c:996 #19 0xffffffff80a816da in devfs_write_f (fp=3D0xfffff8002cb44370, uio=3D0xfffffe00005dda50,=20 cred=3D0xfffff800541e9700, flags=3D0, td=3D0xfffff80003938000) at /usr/src/sys/fs/devfs/devfs_vnops.c:1786 --Type for more, q to quit, c to continue without paging--c #20 0xffffffff80c345a0 in fo_write (fp=3D, uio=3D, active_cred=3D0xfffff80042563000, flags=3D, td=3D) at /usr/src/sys/sys/file.h:314 #21 dofilewrite (td=3D0x0, fd=3D6, fp=3D0xfffff8002cb44370, auio=3D0xfffffe= 00005dda50, offset=3D, flags=3D) at /usr/src/sys/kern/sys_generic.c:567 #22 0xffffffff80c34101 in kern_writev (td=3D, fd=3D6, auio=3D) at /usr/src/sys/kern/sys_generic.c:491 #23 sys_write (td=3D0xfffff80003938000, uap=3D) at /usr/src/sys/kern/sys_generic.c:406 #24 0xffffffff810a9084 in syscallenter (td=3D0xfffff80003938000) at /usr/src/sys/amd64/amd64/../../kern/subr_syscall.c:135 #25 amd64_syscall (td=3D0xfffff80003938000, traced=3D0) at /usr/src/sys/amd64/amd64/trap.c:1192 #26 #27 0x00000008007defda in ?? () Backtrace stopped: Cannot access memory at address 0x7fffffffd648 (kgdb) frame 9 #9 0xffffffff8295deab in ipf_check_wrapper (arg=3D, mp=3D0xfffff80004370e5c,=20 ifp=3D0xfffff80042563000, dir=3D1112944640) at /usr/src/sys/contrib/ipfilter/netinet/ip_fil_freebsd.c:132 132 struct ip *ip =3D mtod(*mp, struct ip *); (kgdb) p mp $1 =3D (struct mbuf **) 0xfffff80004370e5c (kgdb) p *mp $2 =3D (struct mbuf *) 0x40000054000045 (kgdb) p **mp Cannot access memory at address 0x40000054000045 --=20 You are receiving this mail because: You are the assignee for the bug.=