Date: Thu, 20 Jul 2023 11:19:33 +0000 From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 272616] [panic] Reproducible kernel panic related to sendfile and IPSec Message-ID: <bug-272616-7501@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D272616 Bug ID: 272616 Summary: [panic] Reproducible kernel panic related to sendfile and IPSec Product: Base System Version: 13.2-STABLE Hardware: Any OS: Any Status: New Severity: Affects Some People Priority: --- Component: kern Assignee: net@FreeBSD.org Reporter: eugen@freebsd.org CC: ae@FreeBSD.org, glebius@FreeBSD.org, kib@FreeBSD.org This PR is similar to https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D2= 54419 except of pf(4) not in use. I can reproduce the panic every attempt by fetching small plain text file (residing on ZFS) over HTTP/1.1 from my Apache httpd server using sendfile(= ). The traffic in question goes through gif(4) interface with mtu=3D1500 over = ixl0 10Gbps interface with mtu=3D1500, so some IP fragmentation should occur. First time it happened, the kernel generated crashdump just fine, rebooted = and the crashdump was saved. Next my attempt reproduced same panic but kernel h= ang after printing "Uptime: 22m27s". I can experiment with this machine freely = as it is my workstation not in service. And I have iKVM plus IPMI SOL working (serial console). Unread portion of the kernel message buffer: Fatal trap 12: page fault while in kernel mode cpuid =3D 2; apic id =3D 04 fault virtual address =3D 0x0 fault code =3D supervisor read data, page not present instruction pointer =3D 0x20:0xffffffff810bad5a stack pointer =3D 0x28:0xfffffe011dd8f4b0 frame pointer =3D 0x28:0xfffffe011dd8f4b0 code segment =3D base 0x0, limit 0xfffff, type 0x1b Fatal trap 12: page fault while in kernel mode cpuid =3D 1; apic id =3D 02 fault virtual address =3D 0x0 fault code =3D supervisor read data, page not present instruction pointer =3D 0x20:0xffffffff810bad5a stack pointer =3D 0x28:0xfffffe01771db4e0 frame pointer =3D 0x28:0xfffffe01771db4e0 code segment =3D base 0x0, limit 0xfffff, type 0x1b =3D DPL 0, pres 1, long 1, def32 0, gran 1 processor eflags =3D interrupt enabled, =3D DPL 0= , pres 1, long 1, def32 0, gran 1 processor eflags =3D interrupt enabled, resume, IOPL =3D 0 current process =3D 81478 (httpd) trap number =3D 12 panic: page fault cpuid =3D 2 time =3D 1689822623 KDB: stack backtrace: #0 0xffffffff80c53f15 at kdb_backtrace+0x65 #1 0xffffffff80c07852 at vpanic+0x152 #2 0xffffffff80c076f3 at panic+0x43 #3 0xffffffff810bede7 at trap_fatal+0x387 #4 0xffffffff810bee3f at trap_pfault+0x4f #5 0xffffffff81096a78 at calltrap+0x8 #6 0xffffffff80c9c999 at m_unshare+0x3a9 #7 0xffffffff82d19534 at esp_output+0x184 #8 0xffffffff82d15fc6 at ipsec4_perform_request+0x3b6 #9 0xffffffff82d16113 at ipsec4_common_output+0x83 #10 0xffffffff80e3894c at ipsec_kmod_output+0x2c #11 0xffffffff80dbc6df at ip_output+0xb8f #12 0xffffffff80dd3a54 at tcp_output+0x1d74 #13 0xffffffff80de599f at tcp_usr_send+0x17f #14 0xffffffff80c04ff1 at vn_sendfile+0x1251 #15 0xffffffff80c05fa7 at sendfile+0x117 #16 0xffffffff810bf6dc at amd64_syscall+0x10c #17 0xffffffff8109738b at fast_syscall_common+0xf8 Uptime: 4d5h15m40s Dumping 2283 out of 16249 MB:..1%..11%..21%..31%..41%..51%..61%..71%..81%..= 91% warning: Could not load shared library symbols for nvidia.ko. Do you need "set solib-search-path" or "set sysroot"? __curthread () at /usr/src/sys/amd64/include/pcpu_aux.h:55 55 __asm("movq %%gs:%P1,%0" : "=3Dr" (td) : "n" (offsetof(stru= ct pcpu, ESC[?2004h(kgdb) bt ESC[?2004l#0 __curthread () at /usr/src/sys/amd64/include/pcpu_aux.h:55 #1 doadump (textdump=3D<optimized out>) at /usr/src/sys/kern/kern_shutdown= .c:396 #2 0xffffffff80c07419 in kern_reboot (howto=3D260) at /usr/src/sys/kern/kern_shutdown.c:484 #3 0xffffffff80c078bf in vpanic (fmt=3D<optimized out>, ap=3Dap@entry=3D0xfffffe011dd8f300) at /usr/src/sys/kern/kern_shutdown.c:923 #4 0xffffffff80c076f3 in panic (fmt=3D<unavailable>) at /usr/src/sys/kern/kern_shutdown.c:847 #5 0xffffffff810bede7 in trap_fatal (frame=3D0xfffffe011dd8f3f0, eva=3D0) at /usr/src/sys/amd64/amd64/trap.c:942 #6 0xffffffff810bee3f in trap_pfault (frame=3D0xfffffe011dd8f3f0, usermode=3Dfalse, signo=3D<optimized out>, ucode=3D<optimized out>) at /usr/src/sys/amd64/amd64/trap.c:761 #7 <signal handler called> #8 memcpy_erms () at /usr/src/sys/amd64/amd64/support.S:553 #9 0xffffffff80c9c999 in m_unshare (m0=3D0xfffff80146cc8200, how=3D1) at /usr/src/sys/kern/uipc_mbuf.c:2047 #10 0xffffffff82d19534 in esp_output () from /boot/kernel/ipsec.ko #11 0xffffffff82d15fc6 in ipsec4_perform_request () from /boot/kernel/ipsec= .ko #12 0xffffffff82d16113 in ipsec4_common_output () from /boot/kernel/ipsec.ko #13 0xffffffff80e3894c in ipsec_kmod_output (sc=3D0xfffff8001828ea00, sc@entry=3D0x18, m=3D0xfffff8002a388925, inp=3D0x3f8, inp@entry=3D0xfffff80133df99b0) at /usr/src/sys/netipsec/subr_ipsec.c:369 #14 0xffffffff80dbc6df in ip_output (m=3D0x0, m@entry=3D0xfffff80146cc8200, opt=3D<optimized out>, ro=3D<optimized out>, flags=3D0, imo=3D0x10, imo@entry=3D0x0, inp=3D0xfffff80133df99b0) at /usr/src/sys/netinet/ip_output.c:680 #15 0xffffffff80dd3a54 in tcp_output (tp=3D0xfffffe011d38d518) at /usr/src/sys/netinet/tcp_output.c:1541 #16 0xffffffff80de599f in tcp_usr_send (so=3D0xfffff8002a50cb10, flags=3D0,= m=3D0x0, nam=3D0x0, control=3D<optimized out>, td=3D0xfffffe0176dcb720) at /usr/src/sys/netinet/tcp_usrreq.c:1178 #17 0xffffffff80c04ff1 in vn_sendfile (fp=3D<optimized out>, sockfd=3D22, hdr_uio=3D0x0, trl_uio=3D0x0, offset=3D<optimized out>, nbytes=3D1038, sent=3D0xfffffe011dd8fdc8, fla= gs=3D0, td=3D0xfffffe0176dcb720) at /usr/src/sys/kern/kern_sendfile.c:1188 #18 0xffffffff80c05fa7 in fo_sendfile (fp=3D0xfffff8002a388925, sockfd=3D0, hdr_uio=3D0x3f8, trl_uio=3D0x3f8, offset=3D-2194227530512, nbytes=3D9, sent=3D0xfffffe01= 1dd8fdc8, flags=3D708348197, td=3D0xfffffe0176dcb720) at /usr/src/sys/sys/file.h:416 #19 sendfile (td=3D0xfffffe0176dcb720, uap=3D0xfffffe0176dcbb08, compat=3D<= optimized out>) at /usr/src/sys/kern/kern_sendfile.c:1326 #20 0xffffffff810bf6dc in syscallenter (td=3D0xfffffe0176dcb720) at /usr/src/sys/amd64/amd64/../../kern/subr_syscall.c:190 #21 amd64_syscall (td=3D0xfffffe0176dcb720, traced=3D0) at /usr/src/sys/amd64/amd64/trap.c:1183 #22 <signal handler called> #23 0x0000000828695a5a in ?? () Backtrace stopped: Cannot access memory at address 0x82077d418 --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-272616-7501>