Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 21 Jun 2024 20:20:16 +0000
From:      bugzilla-noreply@freebsd.org
To:        bugs@FreeBSD.org
Subject:   [Bug 279899] pf_unlink_state mutex unlock page fault panic
Message-ID:  <bug-279899-227@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D279899

            Bug ID: 279899
           Summary: pf_unlink_state mutex unlock page fault panic
           Product: Base System
           Version: 14.1-STABLE
          Hardware: amd64
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: kern
          Assignee: bugs@FreeBSD.org
          Reporter: amigan@gmail.com

14-STABLE 935c5a5554e9. Issue was not present as of ff27c3872300. The crash
happens pretty reliably within a couple minutes of boot.

#0  __curthread () at /usr/src/sys/amd64/include/pcpu_aux.h:57
        td =3D <optimized out>
#1  doadump (textdump=3D<optimized out>) at /usr/src/sys/kern/kern_shutdown=
.c:405
        error =3D 0
        coredump =3D <optimized out>
#2  0xffffffff8086b987 in kern_reboot (howto=3D260)
    at /usr/src/sys/kern/kern_shutdown.c:523
        once =3D 0
#3  0xffffffff8086be5e in vpanic (fmt=3D0xffffffff80e7a878 "%s",
    ap=3Dap@entry=3D0xfffffe0090e36c50) at /usr/src/sys/kern/kern_shutdown.=
c:967
        buf =3D "page fault", '\000' <repeats 245 times>
        __pc =3D 0x0
        __pc =3D 0x0
        __pc =3D 0x0
        other_cpus =3D {__bits =3D {14, 0 <repeats 15 times>}}
        td =3D 0xfffff800079d6000
        bootopt =3D <unavailable>
        newpanic =3D <optimized out>
#4  0xffffffff8086bcb3 in panic (fmt=3D<unavailable>)
    at /usr/src/sys/kern/kern_shutdown.c:891
        ap =3D {{gp_offset =3D 16, fp_offset =3D 48,
            overflow_arg_area =3D 0xfffffe0090e36c80,
            reg_save_area =3D 0xfffffe0090e36c20}}
#5  0xffffffff80d63e2b in trap_fatal (frame=3D0xfffffe0090e36d30, eva=3D32)
    at /usr/src/sys/amd64/amd64/trap.c:952
        __pc =3D 0x0
        __pc =3D 0x0
        __pc =3D 0x0
        softseg =3D {ssd_base =3D 0, ssd_limit =3D 1048575, ssd_type =3D 27,
          ssd_dpl =3D 0, ssd_p =3D 1, ssd_long =3D 1, ssd_def32 =3D 0, ssd_=
gran =3D 1}
        code =3D 0
        ss =3D 40
        type =3D <optimized out>
        gdt =3D <optimized out>
        handled =3D <optimized out>
#6  0xffffffff80d63e76 in trap_pfault (frame=3D<unavailable>, usermode=3Dfa=
lse,
    signo=3D<optimized out>, ucode=3D<optimized out>)
    at /usr/src/sys/amd64/amd64/trap.c:760
        __pc =3D 0x0
        __pc =3D 0x0
        __pc =3D 0x0
        td =3D 0xfffff800079d6000
        p =3D <optimized out>
        eva =3D <unavailable>
        map =3D <optimized out>
        ftype =3D <optimized out>
        rv =3D <optimized out>
#7  <signal handler called>
No locals.
#8  0xffffffff808d28c0 in turnstile_broadcast (ts=3D0x0, queue=3Dqueue@entr=
y=3D0)
    at /usr/src/sys/kern/subr_turnstile.c:900
        td =3D <optimized out>
        ts1 =3D <optimized out>
        tc =3D <optimized out>
#9  0xffffffff80848c63 in __mtx_unlock_sleep (c=3D<optimized out>,
    v=3D<optimized out>) at /usr/src/sys/kern/kern_mutex.c:1056
        tid =3D <optimized out>
        m =3D 0xfffffe0091b89548
        ts =3D 0x0
#10 0xffffffff80b6c268 in pf_unlink_state (s=3Ds@entry=3D0xfffff801c6a56840)
    at /usr/src/sys/netpfil/pf/pf.c:2146
        _v =3D 0
        ih =3D 0xfffffe0091b89540
#11 0xffffffff80b6b7b8 in pf_purge_expired_states (i=3D103382, maxcheck=3D1=
08)
    at /usr/src/sys/netpfil/pf/pf.c:2206
        count =3D 0
        ih =3D 0xfffffe0091af1970
        s =3D 0xfffff801c6a56840
        mrm =3D <optimized out>
#12 0xffffffff80b6b5db in pf_purge_thread (unused=3D<optimized out>)
    at /usr/src/sys/netpfil/pf/pf.c:1949
        saved_vnet =3D 0x0
        vnet_iter =3D 0xfffff800010af9c0
#13 0xffffffff8082677f in fork_exit (
    callout=3D0xffffffff80b6b4a0 <pf_purge_thread>, arg=3D0x0,
    frame=3D0xfffffe0090e36f40) at /usr/src/sys/kern/kern_fork.c:1164
        __pc =3D 0x0
        __pc =3D 0x0
        td =3D 0xfffff800079d6000
        p =3D 0xfffffe0010def5a0
        dtd =3D <optimized out>
#14 <signal handler called>

--=20
You are receiving this mail because:
You are the assignee for the bug.=

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-279899-227>