[Bug 238839] ipfilter: kernel panic in function ipf_check_wrapper

bugzilla-noreply Wed, 26 Jun 2019 21:36:11 -0700

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=238839


            Bug ID: 238839
           Summary: ipfilter: kernel panic in function ipf_check_wrapper
           Product: Base System
           Version: 12.0-STABLE
          Hardware: amd64
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: kern
          Assignee: b...@freebsd.org
          Reporter: msl0000023...@gmail.com

Kernel version: 12.0-STABLE r349024
Architecture: amd64

The IP Filter module is custom built that been applied patches from bug #238796
and
https://sourceforge.net/p/hacking-freebsd/freebsd-patches/ci/master/tree/10.3/ipfilter-local-output-tcp-checksum.diff

This panic seems triggered from a tun(4) interface that used by ppp(8) for a
PPP over SSH tunnel.

May also be related to bug #230498, as all other panics occurred at this host
are surely due to that.

kgdb(8) output:

[root@x ~]# kgdb -c /var/crash/vmcore.6 /boot/kernel/kernel
GNU gdb (GDB) 8.3 [GDB v8.3 for FreeBSD]
Copyright (C) 2019 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-portbld-freebsd12.0".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
    <http://www.gnu.org/software/gdb/documentation/>.

For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from /boot/kernel/kernel...
Reading symbols from /usr/lib/debug//boot/kernel/kernel.debug...

Unread portion of the kernel message buffer:


Fatal trap 12: page fault while in kernel mode
cpuid = 2; apic id = 04
fault virtual address   = 0x28
fault code              = supervisor read data, page not present
instruction pointer     = 0x20:0xffffffff8295deab
stack pointer           = 0x28:0xfffffe00005dd490
frame pointer           = 0x28:0xfffffe00005dd4a0
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 11229 (ppp)
trap number             = 12
panic: page fault
cpuid = 2
time = 1561606371
KDB: stack backtrace:
#0 0xffffffff80c16e77 at kdb_backtrace+0x67
#1 0xffffffff80bcad3d at vpanic+0x19d
#2 0xffffffff80bcab93 at panic+0x43
#3 0xffffffff810a84b5 at trap_fatal+0x395
#4 0xffffffff810a8519 at trap_pfault+0x49
#5 0xffffffff810a7aff at trap+0x29f
#6 0xffffffff81082cf5 at calltrap+0x8
#7 0xffffffff80cee252 at pfil_run_hooks+0xb2
#8 0xffffffff80d5ba79 at ip_output+0xd59
#9 0xffffffff80d569e7 at icmp_reflect+0x7d7
#10 0xffffffff80d573b2 at icmp_input+0x932
#11 0xffffffff80d57f93 at ip_input+0x143
#12 0xffffffff80ced3df at netisr_dispatch_src+0xcf
#13 0xffffffff80cd878c at tunwrite+0x24c
#14 0xffffffff80a816da at devfs_write_f+0xda
#15 0xffffffff80c345a0 at dofilewrite+0xb0
#16 0xffffffff80c34101 at sys_write+0xc1
#17 0xffffffff810a9084 at amd64_syscall+0x364
Uptime: 1d20h44m30s
(ada0:ahcich1:0:0:0): spin-down
Dumping 616 out of 3952 MB: (CTRL-C to abort)
..3%..11%..21%..32%..42%..52%..63%..71%..81%..91%

__curthread () at /usr/src/sys/amd64/include/pcpu.h:234
234             __asm("movq %%gs:%P1,%0" : "=r" (td) : "n"
(OFFSETOF_CURTHREAD));
(kgdb) bt
#0  __curthread () at /usr/src/sys/amd64/include/pcpu.h:234
#1  doadump (textdump=<optimized out>) at /usr/src/sys/kern/kern_shutdown.c:371
#2  0xffffffff80bca938 in kern_reboot (howto=260) at
/usr/src/sys/kern/kern_shutdown.c:451
#3  0xffffffff80bcad99 in vpanic (fmt=<optimized out>, ap=<optimized out>)
    at /usr/src/sys/kern/kern_shutdown.c:877
#4  0xffffffff80bcab93 in panic (fmt=<unavailable>) at
/usr/src/sys/kern/kern_shutdown.c:804
#5  0xffffffff810a84b5 in trap_fatal (frame=0xfffffe00005dd3d0, eva=40)
    at /usr/src/sys/amd64/amd64/trap.c:948
#6  0xffffffff810a8519 in trap_pfault (frame=0xfffffe00005dd3d0, usermode=0)
    at /usr/src/sys/amd64/amd64/trap.c:767
#7  0xffffffff810a7aff in trap (frame=0xfffffe00005dd3d0) at
/usr/src/sys/amd64/amd64/trap.c:443
#8  <signal handler called>
#9  0xffffffff8295deab in ipf_check_wrapper (arg=<optimized out>,
mp=0xfffff80004370e5c, 
    ifp=0xfffff80042563000, dir=1112944640)
    at /usr/src/sys/contrib/ipfilter/netinet/ip_fil_freebsd.c:132
#10 0xffffffff80cee252 in pfil_run_hooks (ph=<optimized out>, mp=<optimized
out>, 
    ifp=0xfffff80042563000, dir=2, flags=0, inp=0x0) at
/usr/src/sys/net/pfil.c:117
#11 0xffffffff80d5ba79 in ip_output_pfil (mp=0xfffff80004370e00,
ifp=0xfffff80042563000, 
    inp=<optimized out>, dst=0xfffffe00005dd640, fibnum=<optimized out>,
error=<optimized out>)
    at /usr/src/sys/netinet/ip_output.c:124
#12 ip_output (m=0xfffff80004370e00, opt=<optimized out>, ro=<optimized out>,
flags=0, imo=0x0, 
    inp=<optimized out>) at /usr/src/sys/netinet/ip_output.c:571
#13 0xffffffff80d569e7 in icmp_send (m=<optimized out>, opts=0x0)
    at /usr/src/sys/netinet/ip_icmp.c:947
#14 icmp_reflect (m=0xfffff80004370e00) at /usr/src/sys/netinet/ip_icmp.c:911
#15 0xffffffff80d573b2 in icmp_input (mp=0xfffffe00005dd8c0,
offp=0xfffffe00005dd8bc, proto=1)
    at /usr/src/sys/netinet/ip_icmp.c:640
#16 0xffffffff80d57f93 in ip_input (m=0x0) at
/usr/src/sys/netinet/ip_input.c:828
#17 0xffffffff80ced3df in netisr_dispatch_src (proto=1, source=<optimized out>, 
    m=0xfffff80042563000) at /usr/src/sys/net/netisr.c:1122
#18 0xffffffff80cd878c in tunwrite (dev=<optimized out>, uio=<optimized out>,
flag=<optimized out>)
    at /usr/src/sys/net/if_tun.c:996
#19 0xffffffff80a816da in devfs_write_f (fp=0xfffff8002cb44370,
uio=0xfffffe00005dda50, 
    cred=0xfffff800541e9700, flags=0, td=0xfffff80003938000)
    at /usr/src/sys/fs/devfs/devfs_vnops.c:1786
--Type <RET> for more, q to quit, c to continue without paging--c
#20 0xffffffff80c345a0 in fo_write (fp=<optimized out>, uio=<optimized out>,
active_cred=0xfffff80042563000, flags=<optimized out>, td=<optimized out>) at
/usr/src/sys/sys/file.h:314
#21 dofilewrite (td=0x0, fd=6, fp=0xfffff8002cb44370, auio=0xfffffe00005dda50,
offset=<optimized out>, flags=<optimized out>) at
/usr/src/sys/kern/sys_generic.c:567
#22 0xffffffff80c34101 in kern_writev (td=<optimized out>, fd=6,
auio=<optimized out>) at /usr/src/sys/kern/sys_generic.c:491
#23 sys_write (td=0xfffff80003938000, uap=<optimized out>) at
/usr/src/sys/kern/sys_generic.c:406
#24 0xffffffff810a9084 in syscallenter (td=0xfffff80003938000) at
/usr/src/sys/amd64/amd64/../../kern/subr_syscall.c:135
#25 amd64_syscall (td=0xfffff80003938000, traced=0) at
/usr/src/sys/amd64/amd64/trap.c:1192
#26 <signal handler called>
#27 0x00000008007defda in ?? ()
Backtrace stopped: Cannot access memory at address 0x7fffffffd648
(kgdb) frame 9
#9  0xffffffff8295deab in ipf_check_wrapper (arg=<optimized out>,
mp=0xfffff80004370e5c, 
    ifp=0xfffff80042563000, dir=1112944640)
    at /usr/src/sys/contrib/ipfilter/netinet/ip_fil_freebsd.c:132
132             struct ip *ip = mtod(*mp, struct ip *);
(kgdb) p mp
$1 = (struct mbuf **) 0xfffff80004370e5c
(kgdb) p *mp
$2 = (struct mbuf *) 0x40000054000045
(kgdb) p **mp
Cannot access memory at address 0x40000054000045

-- 
You are receiving this mail because:
You are the assignee for the bug.
_______________________________________________
freebsd-bugs@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-bugs
To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"

[Bug 238839] ipfilter: kernel panic in function ipf_check_wrapper

Reply via email to