From owner-freebsd-bugs@freebsd.org Sat Jul 9 13:29:36 2016 Return-Path: Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id B8A6DB82778 for ; Sat, 9 Jul 2016 13:29:36 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id A84BF1C32 for ; Sat, 9 Jul 2016 13:29:36 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u69DTaGs024540 for ; Sat, 9 Jul 2016 13:29:36 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-bugs@FreeBSD.org Subject: [Bug 210943] Page fault in ip6_setpktopts when syncthing is started with pflog loaded Date: Sat, 09 Jul 2016 13:29:36 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: CURRENT X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: dim@FreeBSD.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform op_sys bug_status bug_severity priority component assigned_to reporter Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 09 Jul 2016 13:29:36 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D210943 Bug ID: 210943 Summary: Page fault in ip6_setpktopts when syncthing is started with pflog loaded Product: Base System Version: CURRENT Hardware: Any OS: Any Status: New Severity: Affects Some People Priority: --- Component: kern Assignee: freebsd-bugs@FreeBSD.org Reporter: dim@FreeBSD.org I recently tried upgrading a machine to 11-STABLE, but got a "Fatal trap 12: page fault while in kernel mode" after going multi-user, when it started syncthing 0.13.4: Fatal trap 12: page fault while in kernel mode cpuid =3D 2; apic id =3D 02 fault virtual address =3D 0x10 fault code =3D supervisor read data, page not present instruction pointer =3D 0x20:0xffffffff80d3cd3d stack pointer =3D 0x28:0xfffffe04538ef560 frame pointer =3D 0x28:0xfffffe04538ef5a0 code segment =3D base 0x0, limit 0xfffff, type 0x1b =3D DPL 0, pres 1, long 1, def32 0, gran 1 processor eflags =3D interrupt enabled, resume, IOPL =3D 0 current process =3D 958 (syncthing) trap number =3D 12 panic: page fault cpuid =3D 2 KDB: stack backtrace: #0 0xffffffff80b2f917 at kdb_backtrace+0x67 #1 0xffffffff80ae6bb2 at vpanic+0x182 #2 0xffffffff80ae6a23 at panic+0x43 #3 0xffffffff80fb3020 at trap_fatal+0x350 #4 0xffffffff80fb3213 at trap_pfault+0x1e3 #5 0xffffffff80fb27bd at trap+0x26d #6 0xffffffff80f95311 at calltrap+0x8 #7 0xffffffff80d3c6ea at ip6_setpktopts+0x10a #8 0xffffffff80d54aa4 at udp6_send+0x364 #9 0xffffffff80b80672 at sosend_dgram+0x4d2 #10 0xffffffff80b88b7b at kern_sendit+0x22b #11 0xffffffff80b88f7f at sendit+0x19f #12 0xffffffff80b89031 at sys_sendmsg+0x61 #13 0xffffffff80fb397e at amd64_syscall+0x4ce #14 0xffffffff80f955fb at Xfast_syscall+0xfb Backtrace from kgdb: #0 __curthread () at ./machine/pcpu.h:221 #1 doadump (textdump=3D) at /home/dim/stable-11/sys/kern/kern_shutdown.c:298 #2 0xffffffff80ae663a in kern_reboot (howto=3D260) at /home/dim/stable-11/sys/kern/kern_shutdown.c:366 #3 0xffffffff80ae6beb in vpanic (fmt=3D, ap=3D0xfffffe04538= ef1b0) at /home/dim/stable-11/sys/kern/kern_shutdown.c:759 #4 0xffffffff80ae6a23 in panic (fmt=3D) at /home/dim/stable-11/sys/kern/kern_shutdown.c:690 #5 0xffffffff80fb3020 in trap_fatal (frame=3D0xfffffe04538ef4b0, eva=3D16)= at /home/dim/stable-11/sys/amd64/amd64/trap.c:841 #6 0xffffffff80fb3213 in trap_pfault (frame=3D0xfffffe04538ef4b0, usermode= =3D0) at /home/dim/stable-11/sys/amd64/amd64/trap.c:691 #7 0xffffffff80fb27bd in trap (frame=3D0xfffffe04538ef4b0) at /home/dim/stable-11/sys/amd64/amd64/trap.c:442 #8 #9 0xffffffff80d3cd3d in ip6_setpktopt (optname=3D, buf=3D0xfffff8000ff1f548 "", len=3D20, opt=3D0xfffffe04538ef698, cred=3D0xfffff800aa61b800, sticky=3D0, cmsg=3D, uproto=3D) at /home/dim/stable-11/sys/netinet6/ip6_output.c:2663 #10 0xffffffff80d3c6ea in ip6_setpktopts (control=3D, opt=3D, stickyopt=3D, cred=3D, uproto=3D) at /home/dim/stable-11/sys/netinet6/ip6_output.c:= 2557 #11 0xffffffff80d54aa4 in udp6_output (inp=3D0xfffff8002336fae0, m=3D, addr6=3D, control=3D0x0, td=3D) at /home/dim/stable-11/sys/netinet6/udp6_usrreq.c:695 #12 udp6_send (so=3D, flags=3D-2116399792, m=3D, addr=3D, control=3D, td=3D0xfffff800230f7a00)= at /home/dim/stable-11/sys/netinet6/udp6_usrreq.c:1274 #13 0xffffffff80b80672 in sosend_dgram (so=3D0xfffff800aa24ea20, addr=3D, uio=3D, top=3D, control=3D, flags=3D, td=3D) at /home/dim/stable-11/sys/kern/uipc_socket.c:1174 #14 0xffffffff80b88b7b in kern_sendit (td=3D, s=3D, mp=3D, flags=3D0, control=3D0xfffff8000ff1f500, segflg=3DUIO= _USERSPACE) at /home/dim/stable-11/sys/kern/uipc_syscalls.c:848 #15 0xffffffff80b88f7f in sendit (td=3D0xfffff800230f7a00, s=3D, mp=3D0xfffffe04538ef948, flags=3D) at /home/dim/stable-11/sys/kern/uipc_syscalls.c:775 #16 0xffffffff80b89031 in sys_sendmsg (td=3D0xfffff800230f7a00, uap=3D0xfffffe04538efa40) at /home/dim/stable-11/sys/kern/uipc_syscalls.c:9= 77 #17 0xffffffff80fb397e in syscallenter (td=3D, sa=3D) at /home/dim/stable-11/sys/amd64/amd64/../../kern/subr_syscall.c:135 #18 amd64_syscall (td=3D, traced=3D0) at /home/dim/stable-11/sys/amd64/amd64/trap.c:942 #19 #20 0x00000000004f9494 in ?? () In frame 9, ifp->if_afdata[AF_INET6] is NULL, which is the cause of the cra= sh: (kgdb) frame 9 #9 0xffffffff80d3cd3d in ip6_setpktopt (optname=3D, buf=3D0xfffff8000ff1f548 "", len=3D20, opt=3D0xfffffe04538ef698, cred=3D0xfffff800aa61b800, sticky=3D0, cmsg=3D, uproto=3D) at /home/dim/stable-11/sys/netinet6/ip6_output.c:2663 2663 /home/dim/stable-11/sys/netinet6/ip6_output.c: No such file or directory. (kgdb) print ifp->if_afdata[28] $1 =3D (void *) 0x0 In fact, all if_afdata[] members except for AF_INET seem to be NULL: (kgdb) print ifp->if_afdata $4 =3D {0x0, 0x0, 0xfffff80008614c20, 0x0 } It looks like syncthing is doing some sort of UDPv6 sending over all interfaces, or something. The Go is rather hard for me to digest, so what = it exactly calls I don't know. In any case, the problem is also reproducible very easily on -CURRENT, simp= ly by installing the syncthing port, then: kldload pflog syncthing and waiting for syncthing's initial startup to complete. It will panic alm= ost immediately. --=20 You are receiving this mail because: You are the assignee for the bug.=