Date: Sun, 14 May 2023 12:34:15 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 271409] kernel panic triggered by iscsi via IPSec Message-ID: <bug-271409-227@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D271409 Bug ID: 271409 Summary: kernel panic triggered by iscsi via IPSec Product: Base System Version: 13.2-RELEASE Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: kern Assignee: bugs@FreeBSD.org Reporter: noah.bergbauer@tum.de When upgrading from 13.1 to 13.2, I'm running into the panic below. The panic is triggered by running "fsck_ffs -p" on a filesystem via iSCSI w= here the iSCSI is protedted using IPSec (strongswan ESP:AES_GCM_16-128). Fatal trap 12: page fault while in kernel mode cpuid =3D 7; apic id =3D 07 fault virtual address =3D 0x0 fault code =3D supervisor read data, page not present instruction pointer =3D 0x20:0xffffffff810adf16 stack pointer =3D 0x28:0xfffffe0568cba730 frame pointer =3D 0x28:0xfffffe0568cba730 code segment =3D base 0x0, limit 0xfffff, type 0x1b =3D DPL 0, pres 1, long 1, def32 0, gran 1 processor eflags =3D interrupt enabled, resume, IOPL =3D 0 current process =3D 0 (iscsitx) trap number =3D 12 panic: page fault cpuid =3D 7 time =3D 1684066170 KDB: stack backtrace: #0 0xffffffff80c53dc5 at kdb_backtrace+0x65 #1 0xffffffff80c06741 at vpanic+0x151 #2 0xffffffff80c065e3 at panic+0x43 #3 0xffffffff810b1fa7 at trap_fatal+0x387 #4 0xffffffff810b1fff at trap_pfault+0x4f #5 0xffffffff81088e78 at calltrap+0x8 #6 0xffffffff80c9cb87 at m_unshare+0x297 #7 0xffffffff8288e4b3 at esp_output+0x183 #8 0xffffffff8288af13 at ipsec4_perform_request+0x3b3 #9 0xffffffff8288b063 at ipsec4_common_output+0x83 #10 0xffffffff80e3970c at ipsec_kmod_output+0x2c #11 0xffffffff80dbcf84 at ip_output+0xb64 #12 0xffffffff80dd43af at tcp_output+0x1dbf #13 0xffffffff80de638d at tcp_usr_send+0x17d #14 0xffffffff80ca7807 at sosend_generic+0x617 #15 0xffffffff80ca7d20 at sosend+0x50 #16 0xffffffff828a0899 at icl_send_thread+0x499 #17 0xffffffff80bc2fce at fork_exit+0x7e Uptime: 7m7s Dumping 5022 out of 130720 MB:..1%..11%..21%..31%..41%..51%..61%..71%..81%.= .91% __curthread () at /usr/src/sys/amd64/include/pcpu_aux.h:55 55 __asm("movq %%gs:%P1,%0" : "=3Dr" (td) : "n" (offsetof(stru= ct pcpu, (kgdb) bt #0 __curthread () at /usr/src/sys/amd64/include/pcpu_aux.h:55 #1 doadump (textdump=3D<optimized out>) at /usr/src/sys/kern/kern_shutdown= .c:396 #2 0xffffffff80c0630a in kern_reboot (howto=3D260) at /usr/src/sys/kern/kern_shutdown.c:484 #3 0xffffffff80c067ae in vpanic (fmt=3D<optimized out>, ap=3Dap@entry=3D0xfffffe0568cba580) at /usr/src/sys/kern/kern_shutdown.c:923 #4 0xffffffff80c065e3 in panic (fmt=3D<unavailable>) at /usr/src/sys/kern/kern_shutdown.c:847 #5 0xffffffff810b1fa7 in trap_fatal (frame=3D0xfffffe0568cba670, eva=3D0) = at /usr/src/sys/amd64/amd64/trap.c:942 #6 0xffffffff810b1fff in trap_pfault (frame=3D0xfffffe0568cba670, usermode=3Dfalse, signo=3D<optimized out>, ucode=3D<optimized out>) at /usr/src/sys/amd64/amd64/trap.c:761 #7 <signal handler called> #8 memcpy_erms () at /usr/src/sys/amd64/amd64/support.S:553 #9 0xffffffff80c9cb87 in m_unshare (m0=3Dm0@entry=3D0xfffff8028a647b00, how=3Dhow@entry=3D1) at /usr/src/sys/kern/uipc_mbuf.c:2082 #10 0xffffffff8288e4b3 in esp_output (m=3D0xfffff801ea078800, sp=3D<optimiz= ed out>, sav=3D0xfffff801ea8d8c00, idx=3D0, skip=3D20, protoff=3D9) at /usr/src/sys/netipsec/xform_esp.c:770 #11 0xffffffff8288af13 in ipsec4_perform_request (m=3D0xfffff801ea078800, m@entry=3D0xfffff8028a647b00, sp=3D0x0, sp@entry=3D0xfffff801ea8d8800, inp=3Dinp@entry=3D0xfffff8037760b5d0, idx=3Didx@entry=3D0) at /usr/src/sys/netipsec/ipsec_output.c:275 #12 0xffffffff8288b063 in ipsec4_process_packet (m=3D0xfffff8028a647b00, sp=3D0xfffff801ea8d8800, inp=3D0xfffff8037760b5d0) at /usr/src/sys/netipsec/ipsec_output.c:292 #13 ipsec4_common_output (m=3D0xfffff8028a647b00, inp=3D0xfffff8037760b5d0, forwarding=3D<optimized out>) at /usr/src/sys/netipsec/ipsec_output.c:340 #14 0xffffffff80e3970c in ipsec_kmod_output (sc=3Dsc@entry=3D0xffffffff81d1= 72a8 <ipv4_ipsec>, m=3D0xfffff801ea078800, inp=3D0x517, inp@entry=3D0xfffff80377= 60b5d0) at /usr/src/sys/netipsec/subr_ipsec.c:369 #15 0xffffffff80dbcf84 in ip_output (m=3D0x0, m@entry=3D0xfffff8028a647b00, opt=3D<optimized out>, ro=3D0xfffff8037760b760, flags=3D0, imo=3Dimo@entry= =3D0x0, inp=3D0x517) at /usr/src/sys/netinet/ip_output.c:680 #16 0xffffffff80dd43af in tcp_output (tp=3D0xfffffe0568a0f000) at /usr/src/sys/netinet/tcp_output.c:1553 #17 0xffffffff80de638d in tcp_usr_send (so=3D0xfffff8017674f760, flags=3D0,= m=3D0x0, nam=3D0x0, control=3D<optimized out>, td=3D0xfffffe020d66c020) at /usr/src/sys/netinet/tcp_usrreq.c:1178 #18 0xffffffff80ca7807 in sosend_generic (so=3D0xfffff8017674f760, addr=3D0= x517, uio=3D0x0, top=3D0x517, control=3D0xfffff80357919b00, flags=3D128, td=3D0xfffffe020d66c020) at /usr/src/sys/kern/uipc_socket.c:1759 #19 0xffffffff80ca7d20 in sosend (so=3D0xfffff801ea078800, so@entry=3D0xfffff8017674f760, addr=3Daddr@entry=3D0x0, uio=3D0x517, uio@en= try=3D0x0, top=3D0x517, control=3Dcontrol@entry=3D0x0, flags=3D1469161464, flags@entry=3D128, td=3D0xfffffe020d66c020) at /usr/src/sys/kern/uipc_socket.c:1809 #20 0xffffffff828a0899 in icl_conn_send_pdus (isc=3D0xfffff8039b839500, queue=3D0xfffffe0568cbaeb8) at /usr/src/sys/dev/iscsi/icl_soft.c:989 #21 icl_send_thread (arg=3Darg@entry=3D0xfffff8039b839500) at /usr/src/sys/dev/iscsi/icl_soft.c:1027 #22 0xffffffff80bc2fce in fork_exit (callout=3D0xffffffff828a0400 <icl_send_thread>, arg=3D0xfffff8039b839500, frame=3D0xfffffe0568cbaf40) at /usr/src/sys/kern/kern_fork.c:1093 #23 <signal handler called> #24 0x000000082f05ad2c in ?? () Backtrace stopped: Cannot access memory at address 0x84c4f4e08 (kgdb) frame 9 #9 0xffffffff80c9cb87 in m_unshare (m0=3Dm0@entry=3D0xfffff8028a647b00, how=3Dhow@entry=3D1) at /usr/src/sys/kern/uipc_mbuf.c:2082 2082 memcpy(mtod(n, caddr_t), mtod(m, caddr_t) + off, cc); (kgdb) q --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-271409-227>