Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 14 May 2023 12:34:15 +0000
From:      bugzilla-noreply@freebsd.org
To:        bugs@FreeBSD.org
Subject:   [Bug 271409] kernel panic triggered by iscsi via IPSec
Message-ID:  <bug-271409-227@https.bugs.freebsd.org/bugzilla/>

next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D271409

            Bug ID: 271409
           Summary: kernel panic triggered by iscsi via IPSec
           Product: Base System
           Version: 13.2-RELEASE
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: kern
          Assignee: bugs@FreeBSD.org
          Reporter: noah.bergbauer@tum.de

When upgrading from 13.1 to 13.2, I'm running into the panic below.
The panic is triggered by running "fsck_ffs -p" on a filesystem via iSCSI w=
here
the iSCSI is protedted using IPSec (strongswan ESP:AES_GCM_16-128).


Fatal trap 12: page fault while in kernel mode
cpuid =3D 7; apic id =3D 07
fault virtual address   =3D 0x0
fault code              =3D supervisor read data, page not present
instruction pointer     =3D 0x20:0xffffffff810adf16
stack pointer           =3D 0x28:0xfffffe0568cba730
frame pointer           =3D 0x28:0xfffffe0568cba730
code segment            =3D base 0x0, limit 0xfffff, type 0x1b
                        =3D DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags        =3D interrupt enabled, resume, IOPL =3D 0
current process         =3D 0 (iscsitx)
trap number             =3D 12
panic: page fault
cpuid =3D 7
time =3D 1684066170
KDB: stack backtrace:
#0 0xffffffff80c53dc5 at kdb_backtrace+0x65
#1 0xffffffff80c06741 at vpanic+0x151
#2 0xffffffff80c065e3 at panic+0x43
#3 0xffffffff810b1fa7 at trap_fatal+0x387
#4 0xffffffff810b1fff at trap_pfault+0x4f
#5 0xffffffff81088e78 at calltrap+0x8
#6 0xffffffff80c9cb87 at m_unshare+0x297
#7 0xffffffff8288e4b3 at esp_output+0x183
#8 0xffffffff8288af13 at ipsec4_perform_request+0x3b3
#9 0xffffffff8288b063 at ipsec4_common_output+0x83
#10 0xffffffff80e3970c at ipsec_kmod_output+0x2c
#11 0xffffffff80dbcf84 at ip_output+0xb64
#12 0xffffffff80dd43af at tcp_output+0x1dbf
#13 0xffffffff80de638d at tcp_usr_send+0x17d
#14 0xffffffff80ca7807 at sosend_generic+0x617
#15 0xffffffff80ca7d20 at sosend+0x50
#16 0xffffffff828a0899 at icl_send_thread+0x499
#17 0xffffffff80bc2fce at fork_exit+0x7e
Uptime: 7m7s
Dumping 5022 out of 130720 MB:..1%..11%..21%..31%..41%..51%..61%..71%..81%.=
.91%

__curthread () at /usr/src/sys/amd64/include/pcpu_aux.h:55
55              __asm("movq %%gs:%P1,%0" : "=3Dr" (td) : "n" (offsetof(stru=
ct
pcpu,
(kgdb) bt
#0  __curthread () at /usr/src/sys/amd64/include/pcpu_aux.h:55
#1  doadump (textdump=3D<optimized out>) at /usr/src/sys/kern/kern_shutdown=
.c:396
#2  0xffffffff80c0630a in kern_reboot (howto=3D260) at
/usr/src/sys/kern/kern_shutdown.c:484
#3  0xffffffff80c067ae in vpanic (fmt=3D<optimized out>,
ap=3Dap@entry=3D0xfffffe0568cba580) at /usr/src/sys/kern/kern_shutdown.c:923
#4  0xffffffff80c065e3 in panic (fmt=3D<unavailable>) at
/usr/src/sys/kern/kern_shutdown.c:847
#5  0xffffffff810b1fa7 in trap_fatal (frame=3D0xfffffe0568cba670, eva=3D0) =
at
/usr/src/sys/amd64/amd64/trap.c:942
#6  0xffffffff810b1fff in trap_pfault (frame=3D0xfffffe0568cba670,
usermode=3Dfalse, signo=3D<optimized out>, ucode=3D<optimized out>) at
/usr/src/sys/amd64/amd64/trap.c:761
#7  <signal handler called>
#8  memcpy_erms () at /usr/src/sys/amd64/amd64/support.S:553
#9  0xffffffff80c9cb87 in m_unshare (m0=3Dm0@entry=3D0xfffff8028a647b00,
how=3Dhow@entry=3D1) at /usr/src/sys/kern/uipc_mbuf.c:2082
#10 0xffffffff8288e4b3 in esp_output (m=3D0xfffff801ea078800, sp=3D<optimiz=
ed out>,
sav=3D0xfffff801ea8d8c00, idx=3D0, skip=3D20, protoff=3D9)
    at /usr/src/sys/netipsec/xform_esp.c:770
#11 0xffffffff8288af13 in ipsec4_perform_request (m=3D0xfffff801ea078800,
m@entry=3D0xfffff8028a647b00, sp=3D0x0, sp@entry=3D0xfffff801ea8d8800,
    inp=3Dinp@entry=3D0xfffff8037760b5d0, idx=3Didx@entry=3D0) at
/usr/src/sys/netipsec/ipsec_output.c:275
#12 0xffffffff8288b063 in ipsec4_process_packet (m=3D0xfffff8028a647b00,
sp=3D0xfffff801ea8d8800, inp=3D0xfffff8037760b5d0) at
/usr/src/sys/netipsec/ipsec_output.c:292
#13 ipsec4_common_output (m=3D0xfffff8028a647b00, inp=3D0xfffff8037760b5d0,
forwarding=3D<optimized out>) at /usr/src/sys/netipsec/ipsec_output.c:340
#14 0xffffffff80e3970c in ipsec_kmod_output (sc=3Dsc@entry=3D0xffffffff81d1=
72a8
<ipv4_ipsec>, m=3D0xfffff801ea078800, inp=3D0x517, inp@entry=3D0xfffff80377=
60b5d0)
    at /usr/src/sys/netipsec/subr_ipsec.c:369
#15 0xffffffff80dbcf84 in ip_output (m=3D0x0, m@entry=3D0xfffff8028a647b00,
opt=3D<optimized out>, ro=3D0xfffff8037760b760, flags=3D0, imo=3Dimo@entry=
=3D0x0,
inp=3D0x517)
    at /usr/src/sys/netinet/ip_output.c:680
#16 0xffffffff80dd43af in tcp_output (tp=3D0xfffffe0568a0f000) at
/usr/src/sys/netinet/tcp_output.c:1553
#17 0xffffffff80de638d in tcp_usr_send (so=3D0xfffff8017674f760, flags=3D0,=
 m=3D0x0,
nam=3D0x0, control=3D<optimized out>, td=3D0xfffffe020d66c020)
    at /usr/src/sys/netinet/tcp_usrreq.c:1178
#18 0xffffffff80ca7807 in sosend_generic (so=3D0xfffff8017674f760, addr=3D0=
x517,
uio=3D0x0, top=3D0x517, control=3D0xfffff80357919b00, flags=3D128,
td=3D0xfffffe020d66c020)
    at /usr/src/sys/kern/uipc_socket.c:1759
#19 0xffffffff80ca7d20 in sosend (so=3D0xfffff801ea078800,
so@entry=3D0xfffff8017674f760, addr=3Daddr@entry=3D0x0, uio=3D0x517, uio@en=
try=3D0x0,
top=3D0x517,
    control=3Dcontrol@entry=3D0x0, flags=3D1469161464, flags@entry=3D128,
td=3D0xfffffe020d66c020) at /usr/src/sys/kern/uipc_socket.c:1809
#20 0xffffffff828a0899 in icl_conn_send_pdus (isc=3D0xfffff8039b839500,
queue=3D0xfffffe0568cbaeb8) at /usr/src/sys/dev/iscsi/icl_soft.c:989
#21 icl_send_thread (arg=3Darg@entry=3D0xfffff8039b839500) at
/usr/src/sys/dev/iscsi/icl_soft.c:1027
#22 0xffffffff80bc2fce in fork_exit (callout=3D0xffffffff828a0400
<icl_send_thread>, arg=3D0xfffff8039b839500, frame=3D0xfffffe0568cbaf40)
    at /usr/src/sys/kern/kern_fork.c:1093
#23 <signal handler called>
#24 0x000000082f05ad2c in ?? ()
Backtrace stopped: Cannot access memory at address 0x84c4f4e08
(kgdb) frame 9
#9  0xffffffff80c9cb87 in m_unshare (m0=3Dm0@entry=3D0xfffff8028a647b00,
how=3Dhow@entry=3D1) at /usr/src/sys/kern/uipc_mbuf.c:2082
2082                            memcpy(mtod(n, caddr_t), mtod(m, caddr_t) +
off, cc);
(kgdb) q

--=20
You are receiving this mail because:
You are the assignee for the bug.=



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-271409-227>