[Bug 278389] kernel panic, kernel core generated from ipfw_chk() function, patch given was not working

From: <bugzilla-noreply_at_freebsd.org>
Date: Tue, 16 Apr 2024 13:36:22 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=278389

            Bug ID: 278389
           Summary: kernel panic, kernel core generated from ipfw_chk()
                    function, patch given was not working
           Product: Base System
           Version: Unspecified
          Hardware: amd64
                OS: Any
            Status: New
          Severity: Affects Some People
          Priority: ---
         Component: kern
          Assignee: bugs@FreeBSD.org
          Reporter: bkeertha@cisco.com

We have observed kernel crash from ipfw_chk() function.

Given patch https://reviews.freebsd.org/D31484, is not working in 11.2 freebsd,
we are still seeing the kernel panic.

Environment :
===================
hw.model: Intel(R) Xeon(R) Gold 5118 CPU @ 2.30GHz
hw.machine: amd64
hw.ncpu: 24
FreeBSD 11.2-RELEASE

Here is the BT :
===========================
(kgdb) bt
#0  __curthread () at ./machine/pcpu.h:229
#1  doadump (textdump=1) at ../../../kern/kern_shutdown.c:327
#2  0xffffffff80614a9b in kern_reboot (howto=260) at
../../../kern/kern_shutdown.c:395
#3  0xffffffff80614f99 in vpanic (fmt=<optimized out>, ap=<optimized out>) at
../../../kern/kern_shutdown.c:799
#4  0xffffffff80614cd3 in panic (fmt=<unavailable>) at
../../../kern/kern_shutdown.c:719
#5  0xffffffff808997df in trap_fatal (frame=0xfffffe103e2f4b00, eva=4) at
../../../amd64/amd64/trap.c:875
#6  0xffffffff80899839 in trap_pfault (frame=0xfffffe103e2f4b00, usermode=0) at
../../../amd64/amd64/trap.c:712
#7  0xffffffff80899028 in trap (frame=0xfffffe103e2f4b00) at
../../../amd64/amd64/trap.c:415
#8  <signal handler called>
#9  ipfw_find_rule (chain=<optimized out>, key=2000, id=0) at
../../../netpfil/ipfw/ip_fw_sockopt.c:236
#10 0xffffffff807a8403 in jump_lookup_pos (chain=<optimized out>, f=<optimized
out>, num=<optimized out>,
    tablearg=<optimized out>, jump_backwards=<optimized out>) at
../../../netpfil/ipfw/ip_fw2.c:1284
#11 jump_cached (chain=<optimized out>, f=<optimized out>, num=<optimized out>,
tablearg=<optimized out>,
    jump_backwards=<optimized out>) at ../../../netpfil/ipfw/ip_fw2.c:1323
#12 ipfw_chk (args=<optimized out>) at ../../../netpfil/ipfw/ip_fw2.c:2773
#13 0xffffffff807afd9f in ipfw_check_packet (arg=<optimized out>,
m0=0xfffffe103e2f4f90, ifp=<optimized out>, dir=1,
    inp=0x0) at ../../../netpfil/ipfw/ip_fw_pfil.c:151
#14 0xffffffff80723514 in pfil_run_hooks (ph=0xffffffff8101bdf8
<inet_pfil_hook>, mp=<optimized out>,
    ifp=0xfffff8000a288800, dir=1, flags=0, inp=0x0) at ../../../net/pfil.c:116
#15 0xffffffff807465d9 in ip_input (m=0xfffff80253911300) at
../../../netinet/ip_input.c:601
#16 0xffffffff80722561 in netisr_dispatch_src (proto=1, source=<optimized out>,
m=0x4a) at ../../../net/netisr.c:1120
#17 0xffffffff8070ac72 in ether_demux (ifp=0xfffff8000a288800, m=0x7d0) at
../../../net/if_ethersubr.c:884
#18 0xffffffff8070bd77 in ether_input_internal (ifp=0xfffff8000a288800,
m=0x7d0) at ../../../net/if_ethersubr.c:660
#19 ether_nh_input (m=<optimized out>) at ../../../net/if_ethersubr.c:690
#20 0xffffffff80722561 in netisr_dispatch_src (proto=5, source=<optimized out>,
m=0x4a) at ../../../net/netisr.c:1120
#21 0xffffffff8070aff6 in ether_input (ifp=<optimized out>, m=0x0) at
../../../net/if_ethersubr.c:780
#22 0xffffffff808c3d3c in ixl_rx_input (ptype=0 '\000', rxr=<optimized out>,
ifp=<optimized out>, m=<optimized out>)
    at ../../../dev/ixl/ixl_txrx.c:1579
#23 ixl_rxeof (que=0xfffffe0002880e38, count=512) at
../../../dev/ixl/ixl_txrx.c:1910
#24 0xffffffff808b0ddf in ixl_msix_que (arg=0xfffffe0002880e38) at
../../../dev/ixl/ixl_pf_main.c:751
#25 0xffffffff805e585f in intr_event_execute_handlers (p=<optimized out>,
ie=0xfffff80016814d00)
    at ../../../kern/kern_intr.c:1336
#26 0xffffffff805e5ef7 in ithread_execute_handlers (ie=<optimized out>,
p=<optimized out>)
    at ../../../kern/kern_intr.c:1349
#27 ithread_loop (arg=0xfffff80010cf4d00) at ../../../kern/kern_intr.c:1430
---Type <return> to continue, or q <return> to quit---
#28 0xffffffff805e2ed6 in fork_exit (callout=0xffffffff805e5e40 <ithread_loop>,
arg=0xfffff80010cf4d00,
    frame=0xfffffe103e2f5340) at ../../../kern/kern_fork.c:1054
#29 <signal handler called>


We observed the crash was still happening from same code which was given by
aadhya in https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=263078, Is there
any proper fix available for this issue? Is this core obseverd in latest
FreeBSD releases?

-- 
You are receiving this mail because:
You are the assignee for the bug.