[Bug 281268] stable/13: ng_ksocket_shutdown reproducable kernel panic

bugzilla-noreply Wed, 04 Sep 2024 08:09:14 -0700

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=281268


            Bug ID: 281268
           Summary: stable/13: ng_ksocket_shutdown reproducable kernel
                    panic
           Product: Base System
           Version: 13.4-STABLE
          Hardware: Any
                OS: Any
            Status: New
          Keywords: crash
          Severity: Affects Only Me
          Priority: ---
         Component: kern
          Assignee: [email protected]
          Reporter: [email protected]

13.4-STABLE/amd64 6bde10b63 panices reproducably with same backtrace and good
crashdump when I stop net/mpd5 daemon that runs as L2TP server.

Kernel config file:

include         GENERIC
ident           HZ

options         IPSEC

options         KDB
options         KDB_UNATTENDED
options         KDB_TRACE

options         NETGRAPH
options         NETGRAPH_SOCKET
options         NETGRAPH_KSOCKET
options         NETGRAPH_IFACE
options         NETGRAPH_PPP
options         NETGRAPH_L2TP
options         NETGRAPH_TEE
options         NETGRAPH_VJC
options         NETGRAPH_TCPMSS

options         LIBALIAS
options         IPFIREWALL
options         IPFIREWALL_NAT
# EOF

kgdb output follows.

Fatal trap 12: page fault while in kernel mode
cpuid = 0; apic id = 00
fault virtual address   = 0x18
fault code              = supervisor write data, page not present
instruction pointer     = 0x20:0xffffffff80bd5c1f
stack pointer           = 0x28:0xfffffe0003724c40
frame pointer           = 0x28:0xfffffe0003724c50
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags        = resume, IOPL = 0
current process         = 13 (ng_queue0)
trap number             = 12
panic: page fault
cpuid = 0
time = 1725461186
KDB: stack backtrace:

#0 0xffffffff80c44bc5 at kdb_backtrace+0x65
#1 0xffffffff80bf87d2 at vpanic+0x152
#2 0xffffffff80bf8673 at panic+0x43
#3 0xffffffff81101069 at trap_fatal+0x389
#4 0xffffffff811010b6 at trap_pfault+0x46
#5 0xffffffff810d8bf8 at calltrap+0x8
#6 0xffffffff80c5c778 at propagate_priority+0x58
#7 0xffffffff80c5d4f1 at turnstile_wait+0x301
#8 0xffffffff80bd52f3 at __mtx_lock_sleep+0x173
#9 0xffffffff80d9c454 at ng_ksocket_shutdown+0x1e4
#10 0xffffffff80d95f6c at ng_rmnode+0x1dc
#11 0xffffffff80d97edf at ng_apply_item+0x7f
#12 0xffffffff80d9af00 at ngthread+0x1f0
#13 0xffffffff80bb41dd at fork_exit+0x7d
#14 0xffffffff810d9c6e at fork_trampoline+0xe
Uptime: 3d8h18m51s
Dumping 323 out of 1954 MB:..5%..15%..25%..35%..45%..55%..65%..75%..84%..94%

(kgdb) bt full
#0  __curthread () at /usr/src/sys/amd64/include/pcpu_aux.h:53
        td = <optimized out>
#1  doadump (textdump=<optimized out>) at /usr/src/sys/kern/kern_shutdown.c:394
        error = 0
        coredump = <optimized out>
#2  0xffffffff80bf839e in kern_reboot (howto=260) at
/usr/src/sys/kern/kern_shutdown.c:482
        once = 0
#3  0xffffffff80bf883f in vpanic (fmt=0xffffffff812605a9 "%s",
ap=ap@entry=0xfffffe0003724aa0)
    at /usr/src/sys/kern/kern_shutdown.c:921
        buf = "page fault", '\000' <repeats 245 times>
        other_cpus = {__bits = {0, 0, 0, 0}}
        td = 0xfffff8000347c740
        bootopt = <unavailable>
        newpanic = <optimized out>
#4  0xffffffff80bf8673 in panic (fmt=<unavailable>) at
/usr/src/sys/kern/kern_shutdown.c:845
        ap = {{gp_offset = 16, fp_offset = 48, overflow_arg_area =
0xfffffe0003724ad0,
            reg_save_area = 0xfffffe0003724a70}}
#5  0xffffffff81101069 in trap_fatal (frame=0xfffffe0003724b80, eva=24)
    at /usr/src/sys/amd64/amd64/trap.c:940
        softseg = {ssd_base = 0, ssd_limit = 1048575, ssd_type = 27, ssd_dpl =
0, ssd_p = 1,
          ssd_long = 1, ssd_def32 = 0, ssd_gran = 1}
        code = 2
        gdt = <optimized out>
        ss = 40
        type = <optimized out>
        handled = <optimized out>
#6  0xffffffff811010b6 in trap_pfault (frame=<unavailable>, usermode=false,
    signo=<optimized out>, ucode=<optimized out>) at
/usr/src/sys/amd64/amd64/trap.c:759
        td = 0xfffff8000347c740
        p = <optimized out>
        eva = <unavailable>
        map = <optimized out>
        ftype = <optimized out>
        rv = <optimized out>
#7  <signal handler called>
No locals.
#8  0xffffffff80bd5c1f in atomic_cmpset_long (expect=0,
src=18446735277671565120,
    dst=<optimized out>) at /usr/src/sys/amd64/include/atomic.h:215
        res = <optimized out>
#9  _thread_lock (td=td@entry=0xfffff8000941c8b8) at
/usr/src/sys/kern/kern_mutex.c:843
        tid = 18446735277671565120
        m = 0x0
#10 0xffffffff80c5c778 in propagate_priority (td=0xfffff8000941c8b8,
td@entry=0xfffff8000347c740)
    at /usr/src/sys/kern/subr_turnstile.c:232
        pri = 84
        ts = 0xfffff8000308c900
        top = 0xfffff8000308c900
#11 0xffffffff80c5d4f1 in turnstile_wait (ts=ts@entry=0xfffff8000308c900,
    owner=owner@entry=0xfffff8000941c8b8, queue=queue@entry=0)
    at /usr/src/sys/kern/subr_turnstile.c:806
        td = 0xfffff8000347c740
        tc = <optimized out>
        td1 = <optimized out>
        lock = <optimized out>
#12 0xffffffff80bd52f3 in __mtx_lock_sleep (c=0xfffff8000941c8c0, v=<optimized
out>)
    at /usr/src/sys/kern/kern_mutex.c:666
        lda = {config = 0xffffffff81c00018 <locks_delay>, delay = 1, spin_cnt =
1}
        sleep_cnt = 0
        sleep_time = 0
        all_time = 0
        doing_lockprof = <optimized out>
        td = 0xfffff8000347c740
        tid = 18446735277671565120
        m = 0xfffff8000941c8a8
        owner = 0xfffff8000941c8b8
        ts = 0xfffff8000308c900
#13 0xffffffff80d9c454 in ng_ksocket_shutdown (node=0xfffff8000b745b00)
    at /usr/src/sys/netgraph/ng_ksocket.c:937
        _tid = 18446735277671565120
        _v = 0
        priv = 0xfffff8004ef67600
        embryo = <optimized out>
#14 0xffffffff80d95f6c in ng_rmnode (node=node@entry=0xfffff8000b745b00,
dummy1=<optimized out>,
    dummy2=<optimized out>, dummy3=<optimized out>) at
/usr/src/sys/netgraph/ng_base.c:756
        hook = <optimized out>
#15 0xffffffff80d97edf in ng_apply_item (node=node@entry=0xfffff8000b745b00,
    item=0xfffff800403e2d80, rw=1) at /usr/src/sys/netgraph/ng_base.c:2475
        error = 0
        hook = 0x0
        apply = 0x0
        depth = 1
        rcvdata = <optimized out>
        rcvmsg = <optimized out>
#16 0xffffffff80d9af00 in ngthread (arg=<optimized out>) at
/usr/src/sys/netgraph/ng_base.c:3442
        item = <optimized out>
        rw = <optimized out>
        et = {et_link = {tqe_next = 0x0, tqe_prev = 0xfffff80003484bd8},
          et_td = 0xfffff8000347c740, et_section = {bucket = 1},
et_old_priority = 84 'T'}
        node = 0xfffff8000b745b00
        saved_vnet = 0x0
#17 0xffffffff80bb41dd in fork_exit (callout=0xffffffff80d9ad10 <ngthread>,
arg=0x0,
    frame=0xfffffe0003724f40) at /usr/src/sys/kern/kern_fork.c:1151
        td = 0xfffff8000347c740
        p = 0xfffffe0003e52ab0
        dtd = <optimized out>
#18 <signal handler called>
No locals.
(kgdb)

-- 
You are receiving this mail because:
You are the assignee for the bug.

[Bug 281268] stable/13: ng_ksocket_shutdown reproducable kernel panic

Reply via email to