Date: Wed, 04 Sep 2024 15:05:55 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 281268] stable/13: ng_ksocket_shutdown reproducable kernel panic Message-ID: <bug-281268-227@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D281268 Bug ID: 281268 Summary: stable/13: ng_ksocket_shutdown reproducable kernel panic Product: Base System Version: 13.4-STABLE Hardware: Any OS: Any Status: New Keywords: crash Severity: Affects Only Me Priority: --- Component: kern Assignee: bugs@FreeBSD.org Reporter: eugen@freebsd.org 13.4-STABLE/amd64 6bde10b63 panices reproducably with same backtrace and go= od crashdump when I stop net/mpd5 daemon that runs as L2TP server. Kernel config file: include GENERIC ident HZ options IPSEC options KDB options KDB_UNATTENDED options KDB_TRACE options NETGRAPH options NETGRAPH_SOCKET options NETGRAPH_KSOCKET options NETGRAPH_IFACE options NETGRAPH_PPP options NETGRAPH_L2TP options NETGRAPH_TEE options NETGRAPH_VJC options NETGRAPH_TCPMSS options LIBALIAS options IPFIREWALL options IPFIREWALL_NAT # EOF kgdb output follows. Fatal trap 12: page fault while in kernel mode cpuid =3D 0; apic id =3D 00 fault virtual address =3D 0x18 fault code =3D supervisor write data, page not present instruction pointer =3D 0x20:0xffffffff80bd5c1f stack pointer =3D 0x28:0xfffffe0003724c40 frame pointer =3D 0x28:0xfffffe0003724c50 code segment =3D base 0x0, limit 0xfffff, type 0x1b =3D DPL 0, pres 1, long 1, def32 0, gran 1 processor eflags =3D resume, IOPL =3D 0 current process =3D 13 (ng_queue0) trap number =3D 12 panic: page fault cpuid =3D 0 time =3D 1725461186 KDB: stack backtrace: #0 0xffffffff80c44bc5 at kdb_backtrace+0x65 #1 0xffffffff80bf87d2 at vpanic+0x152 #2 0xffffffff80bf8673 at panic+0x43 #3 0xffffffff81101069 at trap_fatal+0x389 #4 0xffffffff811010b6 at trap_pfault+0x46 #5 0xffffffff810d8bf8 at calltrap+0x8 #6 0xffffffff80c5c778 at propagate_priority+0x58 #7 0xffffffff80c5d4f1 at turnstile_wait+0x301 #8 0xffffffff80bd52f3 at __mtx_lock_sleep+0x173 #9 0xffffffff80d9c454 at ng_ksocket_shutdown+0x1e4 #10 0xffffffff80d95f6c at ng_rmnode+0x1dc #11 0xffffffff80d97edf at ng_apply_item+0x7f #12 0xffffffff80d9af00 at ngthread+0x1f0 #13 0xffffffff80bb41dd at fork_exit+0x7d #14 0xffffffff810d9c6e at fork_trampoline+0xe Uptime: 3d8h18m51s Dumping 323 out of 1954 MB:..5%..15%..25%..35%..45%..55%..65%..75%..84%..94% (kgdb) bt full #0 __curthread () at /usr/src/sys/amd64/include/pcpu_aux.h:53 td =3D <optimized out> #1 doadump (textdump=3D<optimized out>) at /usr/src/sys/kern/kern_shutdown= .c:394 error =3D 0 coredump =3D <optimized out> #2 0xffffffff80bf839e in kern_reboot (howto=3D260) at /usr/src/sys/kern/kern_shutdown.c:482 once =3D 0 #3 0xffffffff80bf883f in vpanic (fmt=3D0xffffffff812605a9 "%s", ap=3Dap@entry=3D0xfffffe0003724aa0) at /usr/src/sys/kern/kern_shutdown.c:921 buf =3D "page fault", '\000' <repeats 245 times> other_cpus =3D {__bits =3D {0, 0, 0, 0}} td =3D 0xfffff8000347c740 bootopt =3D <unavailable> newpanic =3D <optimized out> #4 0xffffffff80bf8673 in panic (fmt=3D<unavailable>) at /usr/src/sys/kern/kern_shutdown.c:845 ap =3D {{gp_offset =3D 16, fp_offset =3D 48, overflow_arg_area =3D 0xfffffe0003724ad0, reg_save_area =3D 0xfffffe0003724a70}} #5 0xffffffff81101069 in trap_fatal (frame=3D0xfffffe0003724b80, eva=3D24) at /usr/src/sys/amd64/amd64/trap.c:940 softseg =3D {ssd_base =3D 0, ssd_limit =3D 1048575, ssd_type =3D 27= , ssd_dpl =3D 0, ssd_p =3D 1, ssd_long =3D 1, ssd_def32 =3D 0, ssd_gran =3D 1} code =3D 2 gdt =3D <optimized out> ss =3D 40 type =3D <optimized out> handled =3D <optimized out> #6 0xffffffff811010b6 in trap_pfault (frame=3D<unavailable>, usermode=3Dfa= lse, signo=3D<optimized out>, ucode=3D<optimized out>) at /usr/src/sys/amd64/amd64/trap.c:759 td =3D 0xfffff8000347c740 p =3D <optimized out> eva =3D <unavailable> map =3D <optimized out> ftype =3D <optimized out> rv =3D <optimized out> #7 <signal handler called> No locals. #8 0xffffffff80bd5c1f in atomic_cmpset_long (expect=3D0, src=3D18446735277671565120, dst=3D<optimized out>) at /usr/src/sys/amd64/include/atomic.h:215 res =3D <optimized out> #9 _thread_lock (td=3Dtd@entry=3D0xfffff8000941c8b8) at /usr/src/sys/kern/kern_mutex.c:843 tid =3D 18446735277671565120 m =3D 0x0 #10 0xffffffff80c5c778 in propagate_priority (td=3D0xfffff8000941c8b8, td@entry=3D0xfffff8000347c740) at /usr/src/sys/kern/subr_turnstile.c:232 pri =3D 84 ts =3D 0xfffff8000308c900 top =3D 0xfffff8000308c900 #11 0xffffffff80c5d4f1 in turnstile_wait (ts=3Dts@entry=3D0xfffff8000308c90= 0, owner=3Downer@entry=3D0xfffff8000941c8b8, queue=3Dqueue@entry=3D0) at /usr/src/sys/kern/subr_turnstile.c:806 td =3D 0xfffff8000347c740 tc =3D <optimized out> td1 =3D <optimized out> lock =3D <optimized out> #12 0xffffffff80bd52f3 in __mtx_lock_sleep (c=3D0xfffff8000941c8c0, v=3D<op= timized out>) at /usr/src/sys/kern/kern_mutex.c:666 lda =3D {config =3D 0xffffffff81c00018 <locks_delay>, delay =3D 1, = spin_cnt =3D 1} sleep_cnt =3D 0 sleep_time =3D 0 all_time =3D 0 doing_lockprof =3D <optimized out> td =3D 0xfffff8000347c740 tid =3D 18446735277671565120 m =3D 0xfffff8000941c8a8 owner =3D 0xfffff8000941c8b8 ts =3D 0xfffff8000308c900 #13 0xffffffff80d9c454 in ng_ksocket_shutdown (node=3D0xfffff8000b745b00) at /usr/src/sys/netgraph/ng_ksocket.c:937 _tid =3D 18446735277671565120 _v =3D 0 priv =3D 0xfffff8004ef67600 embryo =3D <optimized out> #14 0xffffffff80d95f6c in ng_rmnode (node=3Dnode@entry=3D0xfffff8000b745b00, dummy1=3D<optimized out>, dummy2=3D<optimized out>, dummy3=3D<optimized out>) at /usr/src/sys/netgraph/ng_base.c:756 hook =3D <optimized out> #15 0xffffffff80d97edf in ng_apply_item (node=3Dnode@entry=3D0xfffff8000b74= 5b00, item=3D0xfffff800403e2d80, rw=3D1) at /usr/src/sys/netgraph/ng_base.c:2= 475 error =3D 0 hook =3D 0x0 apply =3D 0x0 depth =3D 1 rcvdata =3D <optimized out> rcvmsg =3D <optimized out> #16 0xffffffff80d9af00 in ngthread (arg=3D<optimized out>) at /usr/src/sys/netgraph/ng_base.c:3442 item =3D <optimized out> rw =3D <optimized out> et =3D {et_link =3D {tqe_next =3D 0x0, tqe_prev =3D 0xfffff80003484= bd8}, et_td =3D 0xfffff8000347c740, et_section =3D {bucket =3D 1}, et_old_priority =3D 84 'T'} node =3D 0xfffff8000b745b00 saved_vnet =3D 0x0 #17 0xffffffff80bb41dd in fork_exit (callout=3D0xffffffff80d9ad10 <ngthread= >, arg=3D0x0, frame=3D0xfffffe0003724f40) at /usr/src/sys/kern/kern_fork.c:1151 td =3D 0xfffff8000347c740 p =3D 0xfffffe0003e52ab0 dtd =3D <optimized out> #18 <signal handler called> No locals. (kgdb) --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-281268-227>