FreeBSD Mail Archives

Date:      Sat, 13 Jul 2024 12:27:32 +0000
From:      bugzilla-noreply@freebsd.org
To:        pf@FreeBSD.org
Subject:   [Bug 279899] pf_unlink_state mutex unlock page fault panic
Message-ID:  <bug-279899-16861-csmWYh7Z9A@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-279899-16861@https.bugs.freebsd.org/bugzilla/>
References:  <bug-279899-16861@https.bugs.freebsd.org/bugzilla/>

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D279899

Gyver Def <gdef@wp.pl> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |gdef@wp.pl

--- Comment #11 from Gyver Def <gdef@wp.pl> ---
Bug still presents in latest 14.1-STABLE branch:

Unread portion of the kernel message buffer:
[47842] kernel trap 12 with interrupts disabled
[47842]
[47842]
[47842] Fatal trap 12: page fault while in kernel mode
[47842] cpuid =3D 9; apic id =3D 09
[47842] fault virtual address   =3D 0x20
[47842] fault code              =3D supervisor read data, page not present
[47842] instruction pointer     =3D 0x20:0xffffffff806fbd70
[47842] stack pointer           =3D 0x28:0xfffffe02059f8df0
[47842] frame pointer           =3D 0x28:0xfffffe02059f8e00
[47842] code segment            =3D base 0x0, limit 0xfffff, type 0x1b
[47842]                         =3D DPL 0, pres 1, long 1, def32 0, gran 1
[47842] processor eflags        =3D resume, IOPL =3D 0
[47842] current process         =3D 6 (pf purge)
[47842] rdi: 0000000000000000 rsi: 0000000000000000 rdx: fffff801172f2740
[47842] rcx: fffff801172f2740  r8: 0000000000000050  r9: 0000000000000028
[47842] rax: 0000000000000000 rbx: 0000000000000000 rbp: fffffe02059f8e00
[47842] r10: fffff801d6fcc6e0 r11: 0000000082d0b062 r12: 0000000000000000
[47842] r13: fffff801172f2740 r14: 0000000000000000 r15: 00000000000190d4
[47842] trap number             =3D 12
[47842] panic: page fault
[47842] cpuid =3D 9
[47842] time =3D 1720796553
[47842] KDB: stack backtrace:
[47842] #0 0xffffffff806e25bd at kdb_backtrace+0x5d
[47842] #1 0xffffffff806976f1 at vpanic+0x131
[47842] #2 0xffffffff806975b3 at panic+0x43
[47842] #3 0xffffffff80a5f0fb at trap_fatal+0x40b
[47842] #4 0xffffffff80a5f146 at trap_pfault+0x46
[47842] #5 0xffffffff80a37598 at calltrap+0x8
[47842] #6 0xffffffff80674603 at __mtx_unlock_sleep+0x73
[47842] #7 0xffffffff80899ff8 at pf_unlink_state+0x338
[47842] #8 0xffffffff80899558 at pf_purge_expired_states+0x178
[47842] #9 0xffffffff8089937b at pf_purge_thread+0x13b
[47842] #10 0xffffffff8065211f at fork_exit+0x7f
[47842] #11 0xffffffff80a385fe at fork_trampoline+0xe
[47842] Uptime: 13h17m22s
[47842] Dumping 8074 out of 130174
MB:..1%..11%..21%..31%..41%..51%..61%..71%..81%..91%

Reading symbols from /boot/kernel/zfs.ko...
Reading symbols from /usr/lib/debug//boot/kernel/zfs.ko.debug...
Reading symbols from /boot/kernel/fdescfs.ko...
Reading symbols from /usr/lib/debug//boot/kernel/fdescfs.ko.debug...
__curthread () at /usr/src/sys/amd64/include/pcpu_aux.h:57
warning: Source file is more recent than executable.
57              __asm("movq %%gs:%P1,%0" : "=3Dr" (td) : "n" (offsetof(stru=
ct
pcpu,
(kgdb) bt
#0  __curthread () at /usr/src/sys/amd64/include/pcpu_aux.h:57
#1  doadump (textdump=3D<optimized out>) at /usr/src/sys/kern/kern_shutdown=
.c:405
#2  0xffffffff80697287 in kern_reboot (howto=3D260) at
/usr/src/sys/kern/kern_shutdown.c:523
#3  0xffffffff8069775e in vpanic (fmt=3D0xffffffff80acd933 "%s",
ap=3Dap@entry=3D0xfffffe02059f8c50)
    at /usr/src/sys/kern/kern_shutdown.c:967
#4  0xffffffff806975b3 in panic (fmt=3D<unavailable>) at
/usr/src/sys/kern/kern_shutdown.c:891
#5  0xffffffff80a5f0fb in trap_fatal (frame=3D0xfffffe02059f8d30, eva=3D32)=
 at
/usr/src/sys/amd64/amd64/trap.c:952
#6  0xffffffff80a5f146 in trap_pfault (frame=3D<unavailable>, usermode=3Dfa=
lse,
signo=3D<optimized out>, ucode=3D<optimized out>)
    at /usr/src/sys/amd64/amd64/trap.c:760
#7  <signal handler called>
#8  0xffffffff806fbd70 in turnstile_broadcast (ts=3D0x0, queue=3Dqueue@entr=
y=3D0) at
/usr/src/sys/kern/subr_turnstile.c:900
#9  0xffffffff80674603 in __mtx_unlock_sleep (c=3D<optimized out>, v=3D<opt=
imized
out>) at /usr/src/sys/kern/kern_mutex.c:1056
#10 0xffffffff80899ff8 in pf_unlink_state (s=3Ds@entry=3D0xfffff801d6fcc6e0=
) at
/usr/src/sys/netpfil/pf/pf.c:2147
#11 0xffffffff80899558 in pf_purge_expired_states (i=3D102589, maxcheck=3D9=
01) at
/usr/src/sys/netpfil/pf/pf.c:2207
#12 0xffffffff8089937b in pf_purge_thread (unused=3D<optimized out>) at
/usr/src/sys/netpfil/pf/pf.c:1950
#13 0xffffffff8065211f in fork_exit (callout=3D0xffffffff80899240
<pf_purge_thread>, arg=3D0x0, frame=3D0xfffffe02059f8f40)
    at /usr/src/sys/kern/kern_fork.c:1164
#14 <signal handler called>
#15 0x0a12d0230652d027 in ?? ()

--=20
You are receiving this mail because:
You are the assignee for the bug.=

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-279899-16861-csmWYh7Z9A>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation