[Bug 268246] crash and panic using pfsync on 13.1-RELEASE

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: <bugzilla-noreply_at_freebsd.org>
Date: Wed, 15 Feb 2023 13:08:05 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=268246

--- Comment #83 from jjasen@gmail.com ---
BT:

#0  __curthread () at /root/usr/src/sys/amd64/include/pcpu_aux.h:55
#1  dump_savectx () at /root/usr/src/sys/kern/kern_shutdown.c:394
#2  0xffffffff80c38ae8 in dumpsys (di=0x0) at
/root/usr/src/sys/x86/include/dump.h:87
#3  doadump (textdump=<optimized out>) at
/root/usr/src/sys/kern/kern_shutdown.c:423
#4  kern_reboot (howto=260) at /root/usr/src/sys/kern/kern_shutdown.c:497
#5  0xffffffff80c38f6e in vpanic (fmt=<optimized out>,
ap=ap@entry=0xfffffe017cbed940)
    at /root/usr/src/sys/kern/kern_shutdown.c:930
#6  0xffffffff80c38da3 in panic (fmt=<unavailable>) at
/root/usr/src/sys/kern/kern_shutdown.c:854
#7  0xffffffff81101c95 in trap_fatal (frame=0xfffffe017cbeda30, eva=24)
    at /root/usr/src/sys/amd64/amd64/trap.c:942
#8  0xffffffff81101cef in trap_pfault (frame=0xfffffe017cbeda30,
usermode=false,
    signo=<optimized out>, ucode=<optimized out>) at
/root/usr/src/sys/amd64/amd64/trap.c:761
#9  <signal handler called>
#10 0xffffffff80cd15d0 in m_copym (m=0x0, m@entry=0xfffff80115340200,
off0=8268, len=8192,
    wait=wait@entry=1) at /root/usr/src/sys/kern/uipc_mbuf.c:510
#11 0xffffffff80dfe81f in ip_fragment (ip=<optimized out>,
ip@entry=0xfffff80115340268,
    m_frag=m_frag@entry=0xfffffe017cbedcb0, mtu=mtu@entry=9000,
if_hwassist_flags=<optimized out>)
    at /root/usr/src/sys/netinet/ip_output.c:992
#12 0xffffffff80dfe1d2 in ip_output (m=m@entry=0xfffff80115340200,
opt=<optimized out>,
    opt@entry=0x0, ro=<optimized out>, ro@entry=0x0, flags=flags@entry=0,
imo=<optimized out>,
    imo@entry=0x0, inp=<optimized out>, inp@entry=0x0) at
/root/usr/src/sys/netinet/ip_output.c:816
#13 0xffffffff823516dc in pfsync_defer_tmo (arg=0xfffff806ea395280)
    at /root/usr/src/sys/netpfil/pf/if_pfsync.c:1838
#14 0xffffffff80c57263 in softclock_call_cc (c=<optimized out>,
    cc=cc@entry=0xffffffff81ebac00 <cc_cpu>, direct=direct@entry=0)
    at /root/usr/src/sys/kern/kern_timeout.c:692
#15 0xffffffff80c576c9 in softclock (arg=0xffffffff81ebac00 <cc_cpu>)
    at /root/usr/src/sys/kern/kern_timeout.c:812
#16 0xffffffff80bf6eea in intr_event_execute_handlers (ie=0xfffff80104901300,
p=<optimized out>)
    at /root/usr/src/sys/kern/kern_intr.c:1169
#17 ithread_execute_handlers (ie=<optimized out>, p=<optimized out>)
    at /root/usr/src/sys/kern/kern_intr.c:1182
#18 ithread_loop (arg=arg@entry=0xfffff801048949c0) at
/root/usr/src/sys/kern/kern_intr.c:1270
#19 0xffffffff80bf38de in fork_exit (callout=0xffffffff80bf6c90 <ithread_loop>,
    arg=0xfffff801048949c0, frame=0xfffffe017cbedf40) at
/root/usr/src/sys/kern/kern_fork.c:1093
#20 <signal handler called>
#21 mi_startup () at /root/usr/src/sys/kern/init_main.c:322
Backtrace stopped: Cannot access memory at address 0x8

(kgdb) frame 13
#13 0xffffffff823516dc in pfsync_defer_tmo (arg=0xfffff806ea395280)
    at /root/usr/src/sys/netpfil/pf/if_pfsync.c:1838
1838            ip_output(m, NULL, NULL, 0, NULL, NULL);

 p ip_output
$1 = {int (struct mbuf *, struct mbuf *, struct route *, int, struct
ip_moptions *,
    struct inpcb *)} 0xffffffff80dfd080 <ip_output>


kgdb) print m
$4 = (struct mbuf *) 0xfffff80115340200
(kgdb) print *m
$5 = {{m_next = 0x0, m_slist = {sle_next = 0x0}, m_stailq = {stqe_next = 0x0}},
{
    m_nextpkt = 0xfffff802ff9f1d00, m_slistpkt = {sle_next =
0xfffff802ff9f1d00}, m_stailqpkt = {
      stqe_next = 0xfffff802ff9f1d00}}, m_data = 0xfffff80115340268 "E", m_len
= 80, m_type = 1,
  m_flags = 32770, {{{m_pkthdr = {{snd_tag = 0x0, rcvif = 0x0}, tags =
{slh_first = 0x0},
          len = 80, flowid = 0, csum_flags = 1025, fibnum = 0, numa_domain =
255 '\377',
          rsstype = 0 '\000', {rcv_tstmp = 0, {l2hlen = 0 '\000', l3hlen = 0
'\000',
              l4hlen = 0 '\000', l5hlen = 0 '\000', inner_l2hlen = 0 '\000',
              inner_l3hlen = 0 '\000', inner_l4hlen = 0 '\000', inner_l5hlen =
0 '\000'}},
          PH_per = {eight = "\000\000\000\000\020\000\000", sixteen = {0, 0,
16, 0}, thirtytwo = {
              0, 16}, sixtyfour = {68719476736}, unintptr = {68719476736}, ptr
= 0x1000000000},
          PH_loc = {eight = "\000\000\000\000\000\000\000", sixteen = {0, 0, 0,
0}, thirtytwo = {
              0, 0}, sixtyfour = {0}, unintptr = {0}, ptr = 0x0}}, {m_epg_npgs
= 0 '\000',
          m_epg_nrdy = 0 '\000', m_epg_hdrlen = 0 '\000', m_epg_trllen = 0
'\000',
          m_epg_1st_off = 0, m_epg_last_len = 0, m_epg_flags = 0 '\000',
          m_epg_record_type = 0 '\000', __spare = "\000", m_epg_enc_cnt = 0,
m_epg_tls = 0x50,
          m_epg_so = 0xff000000000401, m_epg_seqno = 0, m_epg_stailq = {
            stqe_next = 0x1000000000}}}, {m_ext = {{ext_count = 742590208,
            ext_cnt = 0x70050a62c430700}, ext_size = 2954964035, ext_type = 8,
ext_flags = 17664, {
            {
              ext_buf = 0x400646585e8d0045 <error: Cannot access memory at
address 0x400646585e8d0045>, ext_arg2 = 0x69011824d0040120}, {extpg_pa =
{4613452213645017157, 7566355395346956576,
                720575940379279360, 11029316931009191974, 216172782113797907},
              extpg_trail =
"͡\000P\002;.\373\000\000\000\000\240\002\377\377\345\232\000\000\002\004\"\354\001\003\003\016\004\002\b\n\257<3\346\000\000\000\000\001\034P\001\020\231\023\067\000\000\000\000\000\003\000\000\000\000\000\000\000\000\000",
extpg_hdr = '\000' <repeats 22 times>}},
          ext_free = 0xffffffff82f67210 <rxb_free>, ext_arg1 =
0xfffff802ef19bfc0},
        m_pktdat = 0xfffff80115340258 ""}}, m_dat = 0xfffff80115340220 ""}}

-- 
You are receiving this mail because:
You are the assignee for the bug.