[Bug 185633] [pf] scrubbing bug in transparent mode bug with bigger than MTU UDP packet
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Thu Sep 1 05:29:13 UTC 2016
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=185633
--- Comment #11 from Olivier Cochard <olivier at freebsd.org> ---
I've generated a core dump (with a DEBUG kernel) and looked into it:
Unread portion of the kernel message buffer:
panic: vtnet_txq_encap: no mbuf packet header!
cpuid = 0
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe00003ab530
vpanic() at vpanic+0x182/frame 0xfffffe00003ab5b0
kassert_panic() at kassert_panic+0x126/frame 0xfffffe00003ab620
vtnet_txq_mq_start_locked() at vtnet_txq_mq_start_locked+0x635/frame
0xfffffe00003ab6e0
vtnet_txq_mq_start() at vtnet_txq_mq_start+0x6f/frame 0xfffffe00003ab720
bridge_enqueue() at bridge_enqueue+0x9a/frame 0xfffffe00003ab760
bridge_forward() at bridge_forward+0x322/frame 0xfffffe00003ab7c0
bridge_input() at bridge_input+0x5f4/frame 0xfffffe00003ab830
ether_nh_input() at ether_nh_input+0x2ab/frame 0xfffffe00003ab870
netisr_dispatch_src() at netisr_dispatch_src+0x80/frame 0xfffffe00003ab8d0
ether_input() at ether_input+0x62/frame 0xfffffe00003ab900
vtnet_rxq_eof() at vtnet_rxq_eof+0x835/frame 0xfffffe00003ab9b0
vtnet_rx_vq_intr() at vtnet_rx_vq_intr+0x4e/frame 0xfffffe00003ab9e0
intr_event_execute_handlers() at intr_event_execute_handlers+0x96/frame
0xfffffe00003aba20
ithread_loop() at ithread_loop+0xa6/frame 0xfffffe00003aba70
fork_exit() at fork_exit+0x84/frame 0xfffffe00003abab0
fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe00003abab0
--- trap 0, rip = 0, rsp = 0, rbp = 0 ---
KDB: enter: panic
Reading symbols from /data/debug/boot/kernel/if_bridge.ko.debug...done.
Loaded symbols for /data/debug/boot/kernel/if_bridge.ko.debug
Reading symbols from /boot/kernel/bridgestp.ko...done.
Loaded symbols for /boot/kernel/bridgestp.ko
Reading symbols from /boot/kernel/pf.ko...done.
Loaded symbols for /boot/kernel/pf.ko
#0 doadump (textdump=0) at pcpu.h:221
221 pcpu.h: No such file or directory.
in pcpu.h
(kgdb) bt
#0 doadump (textdump=0) at pcpu.h:221
#1 0xffffffff8035512b in db_dump (dummy=<value optimized out>, dummy2=false,
dummy3=0, dummy4=0x0)
at /usr/local/BSDRP/BSDRP12/FreeBSD/src/sys/ddb/db_command.c:546
#2 0xffffffff80354f29 in db_command (cmd_table=<value optimized out>)
at /usr/local/BSDRP/BSDRP12/FreeBSD/src/sys/ddb/db_command.c:453
#3 0xffffffff80354c84 in db_command_loop ()
at /usr/local/BSDRP/BSDRP12/FreeBSD/src/sys/ddb/db_command.c:506
#4 0xffffffff80357d2b in db_trap (type=<value optimized out>,
code=<value optimized out>)
at /usr/local/BSDRP/BSDRP12/FreeBSD/src/sys/ddb/db_main.c:251
#5 0xffffffff808fe593 in kdb_trap (type=<value optimized out>,
code=<value optimized out>, tf=<value optimized out>)
at /usr/local/BSDRP/BSDRP12/FreeBSD/src/sys/kern/subr_kdb.c:654
#6 0xffffffff80c9993d in trap (frame=0xfffffe00003ab460)
at /usr/local/BSDRP/BSDRP12/FreeBSD/src/sys/amd64/amd64/trap.c:556
#7 0xffffffff80c7a2d1 in calltrap ()
at /usr/local/BSDRP/BSDRP12/FreeBSD/src/sys/amd64/amd64/exception.S:236
#8 0xffffffff808fdc3b in kdb_enter (why=0xffffffff8118cc44 "panic",
msg=0x80 <Address 0x80 out of bounds>) at cpufunc.h:63
#9 0xffffffff808c05ff in vpanic (fmt=<value optimized out>,
ap=0xfffffe00003ab5f0)
at /usr/local/BSDRP/BSDRP12/FreeBSD/src/sys/kern/kern_shutdown.c:752
#10 0xffffffff808c0456 in kassert_panic (fmt=<value optimized out>)
at /usr/local/BSDRP/BSDRP12/FreeBSD/src/sys/kern/kern_shutdown.c:649
#11 0xffffffff807bc0d5 in vtnet_txq_mq_start_locked (txq=0xfffff80003698b00,
m=0xfffff80003e25700)
at
/usr/local/BSDRP/BSDRP12/FreeBSD/src/sys/dev/virtio/network/if_vtnet.c:2185
#12 0xffffffff807bce3f in vtnet_txq_mq_start (ifp=0xfffff800036d3800,
m=0xfffff80003e25700)
at
/usr/local/BSDRP/BSDRP12/FreeBSD/src/sys/dev/virtio/network/if_vtnet.c:2381
#13 0xffffffff8221b72a in bridge_enqueue (sc=0xfffff8000369d200,
dst_ifp=<value optimized out>, m=<value optimized out>)
at
/usr/local/BSDRP/BSDRP12/FreeBSD/src/sys/modules/if_bridge/../../net/if_bridge.c:1920
#14 0xffffffff8221e2c2 in bridge_forward (sc=<value optimized out>,
sbif=<value optimized out>, m=0xfffffe00003ab410)
at
/usr/local/BSDRP/BSDRP12/FreeBSD/src/sys/modules/if_bridge/../../net/if_bridge.c:2271
#15 0xffffffff8221d564 in bridge_input (ifp=<value optimized out>,
m=<value optimized out>)
at
/usr/local/BSDRP/BSDRP12/FreeBSD/src/sys/modules/if_bridge/../../net/if_bridge.c:2475
#16 0xffffffff809afc4b in ether_nh_input (m=<value optimized out>)
at /usr/local/BSDRP/BSDRP12/FreeBSD/src/sys/net/if_ethersubr.c:602
#17 0xffffffff809c4cb0 in netisr_dispatch_src (proto=5, source=0,
m=0xfffff80003e25600)
at /usr/local/BSDRP/BSDRP12/FreeBSD/src/sys/net/netisr.c:1120
#18 0xffffffff809af252 in ether_input (ifp=<value optimized out>, m=0x0)
at /usr/local/BSDRP/BSDRP12/FreeBSD/src/sys/net/if_ethersubr.c:757
#19 0xffffffff807bb675 in vtnet_rxq_eof (rxq=<value optimized out>)
at
/usr/local/BSDRP/BSDRP12/FreeBSD/src/sys/dev/virtio/network/if_vtnet.c:1745
#20 0xffffffff807bc69e in vtnet_rx_vq_intr (xrxq=0xfffff80003698e00)
at
/usr/local/BSDRP/BSDRP12/FreeBSD/src/sys/dev/virtio/network/if_vtnet.c:1876
#21 0xffffffff8088dde6 in intr_event_execute_handlers (
p=<value optimized out>, ie=<value optimized out>)
at /usr/local/BSDRP/BSDRP12/FreeBSD/src/sys/kern/kern_intr.c:1262
#22 0xffffffff8088e466 in ithread_loop (arg=<value optimized out>)
at /usr/local/BSDRP/BSDRP12/FreeBSD/src/sys/kern/kern_intr.c:1275
#23 0xffffffff8088b4f4 in fork_exit (
callout=0xffffffff8088e3c0 <ithread_loop>, arg=0xfffff800034c1ee0,
frame=0xfffffe00003abac0)
at /usr/local/BSDRP/BSDRP12/FreeBSD/src/sys/kern/kern_fork.c:1038
#24 0xffffffff80c7a80e in fork_trampoline ()
at /usr/local/BSDRP/BSDRP12/FreeBSD/src/sys/amd64/amd64/exception.S:611
#25 0x0000000000000000 in ?? ()
Current language: auto; currently minimal
=> It seems that bridge_enqueue() is sending a bad/unexisting mbuf to the
interface.
(kgdb) frame 13
#13 0xffffffff8221b72a in bridge_enqueue (sc=0xfffff8000369d200,
dst_ifp=<value optimized out>, m=<value optimized out>)
at
/usr/local/BSDRP/BSDRP12/FreeBSD/src/sys/modules/if_bridge/../../net/if_bridge.c:1920
1920 if ((err = dst_ifp->if_transmit(dst_ifp, m))) {
=> kgdb can't display m (mbuf pointer) value here, but at the previous frame it
can display it:
(kgdb) frame 14
#14 0xffffffff8221e2c2 in bridge_forward (sc=<value optimized out>,
sbif=<value optimized out>, m=0xfffffe00003ab410)
at
/usr/local/BSDRP/BSDRP12/FreeBSD/src/sys/modules/if_bridge/../../net/if_bridge.c:2271
2271 bridge_enqueue(sc, dst_if, m);
(kgdb) print m
$1 = (struct mbuf *) 0xfffffe00003ab410
On my VMs that are using vtnet interface, vtnet didn't have VLANTAG neither
VLAN_HWTAGGING:
[root at router]~# ifconfig vtnet1
vtnet1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu
1500
options=80028<VLAN_MTU,JUMBO_MTU,LINKSTATE>
Then bridge_enqueue() should trigger this code part:
/*
* If underlying interface can not do VLAN tag insertion itself
* then attach a packet tag that holds it.
*/
if ((m->m_flags & M_VLANTAG) &&
(dst_ifp->if_capenable & IFCAP_VLAN_HWTAGGING) == 0) {
I beleive there is something wrong here.
Then I've insered a : M_ASSERTPKTHDR(m);
just before line 1920: if ((err = dst_ifp->if_transmit(dst_ifp, m)))
and this new ASSERT is triggered :
[root at router]~# panic: bridge_enqueue: no mbuf packet header!
cpuid = 0
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe00003ab630
vpanic() at vpanic+0x182/frame 0xfffffe00003ab6b0
kassert_panic() at kassert_panic+0x126/frame 0xfffffe00003ab720
bridge_enqueue() at bridge_enqueue+0x11a/frame 0xfffffe00003ab760
bridge_forward() at bridge_forward+0x322/frame 0xfffffe00003ab7c0
bridge_input() at bridge_input+0x5f4/frame 0xfffffe00003ab830
ether_nh_input() at ether_nh_input+0x2ab/frame 0xfffffe00003ab870
netisr_dispatch_src() at netisr_dispatch_src+0x80/frame 0xfffffe00003ab8d0
ether_input() at ether_input+0x62/frame 0xfffffe00003ab900
vtnet_rxq_eof() at vtnet_rxq_eof+0x835/frame 0xfffffe00003ab9b0
vtnet_rx_vq_intr() at vtnet_rx_vq_intr+0x4e/frame 0xfffffe00003ab9e0
intr_event_execute_handlers() at intr_event_execute_handlers+0x96/frame
0xfffffe00003aba20
ithread_loop() at ithread_loop+0xa6/frame 0xfffffe00003aba70
fork_exit() at fork_exit+0x84/frame 0xfffffe00003abab0
fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe00003abab0
--- trap 0, rip = 0, rsp = 0, rbp = 0 ---
KDB: enter: panic
[ thread pid 11 tid 100025 ]
Stopped at kdb_enter+0x3b: movq $0,kdb_why
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-pf
mailing list