https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=281268
Bug ID: 281268
Summary: stable/13: ng_ksocket_shutdown reproducable kernel
panic
Product: Base System
Version: 13.4-STABLE
Hardware: Any
OS: Any
Status: New
Keywords: crash
Severity: Affects Only Me
Priority: ---
Component: kern
Assignee: b...@freebsd.org
Reporter: eu...@freebsd.org
13.4-STABLE/amd64 6bde10b63 panices reproducably with same backtrace and good
crashdump when I stop net/mpd5 daemon that runs as L2TP server.
Kernel config file:
include GENERIC
ident HZ
options IPSEC
options KDB
options KDB_UNATTENDED
options KDB_TRACE
options NETGRAPH
options NETGRAPH_SOCKET
options NETGRAPH_KSOCKET
options NETGRAPH_IFACE
options NETGRAPH_PPP
options NETGRAPH_L2TP
options NETGRAPH_TEE
options NETGRAPH_VJC
options NETGRAPH_TCPMSS
options LIBALIAS
options IPFIREWALL
options IPFIREWALL_NAT
# EOF
kgdb output follows.
Fatal trap 12: page fault while in kernel mode
cpuid = 0; apic id = 00
fault virtual address = 0x18
fault code = supervisor write data, page not present
instruction pointer = 0x20:0xffffffff80bd5c1f
stack pointer = 0x28:0xfffffe0003724c40
frame pointer = 0x28:0xfffffe0003724c50
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags = resume, IOPL = 0
current process = 13 (ng_queue0)
trap number = 12
panic: page fault
cpuid = 0
time = 1725461186
KDB: stack backtrace:
#0 0xffffffff80c44bc5 at kdb_backtrace+0x65
#1 0xffffffff80bf87d2 at vpanic+0x152
#2 0xffffffff80bf8673 at panic+0x43
#3 0xffffffff81101069 at trap_fatal+0x389
#4 0xffffffff811010b6 at trap_pfault+0x46
#5 0xffffffff810d8bf8 at calltrap+0x8
#6 0xffffffff80c5c778 at propagate_priority+0x58
#7 0xffffffff80c5d4f1 at turnstile_wait+0x301
#8 0xffffffff80bd52f3 at __mtx_lock_sleep+0x173
#9 0xffffffff80d9c454 at ng_ksocket_shutdown+0x1e4
#10 0xffffffff80d95f6c at ng_rmnode+0x1dc
#11 0xffffffff80d97edf at ng_apply_item+0x7f
#12 0xffffffff80d9af00 at ngthread+0x1f0
#13 0xffffffff80bb41dd at fork_exit+0x7d
#14 0xffffffff810d9c6e at fork_trampoline+0xe
Uptime: 3d8h18m51s
Dumping 323 out of 1954 MB:..5%..15%..25%..35%..45%..55%..65%..75%..84%..94%
(kgdb) bt full
#0 __curthread () at /usr/src/sys/amd64/include/pcpu_aux.h:53
td = <optimized out>
#1 doadump (textdump=<optimized out>) at /usr/src/sys/kern/kern_shutdown.c:394
error = 0
coredump = <optimized out>
#2 0xffffffff80bf839e in kern_reboot (howto=260) at
/usr/src/sys/kern/kern_shutdown.c:482
once = 0
#3 0xffffffff80bf883f in vpanic (fmt=0xffffffff812605a9 "%s",
ap=ap@entry=0xfffffe0003724aa0)
at /usr/src/sys/kern/kern_shutdown.c:921
buf = "page fault", '\000' <repeats 245 times>
other_cpus = {__bits = {0, 0, 0, 0}}
td = 0xfffff8000347c740
bootopt = <unavailable>
newpanic = <optimized out>
#4 0xffffffff80bf8673 in panic (fmt=<unavailable>) at
/usr/src/sys/kern/kern_shutdown.c:845
ap = {{gp_offset = 16, fp_offset = 48, overflow_arg_area =
0xfffffe0003724ad0,
reg_save_area = 0xfffffe0003724a70}}
#5 0xffffffff81101069 in trap_fatal (frame=0xfffffe0003724b80, eva=24)
at /usr/src/sys/amd64/amd64/trap.c:940
softseg = {ssd_base = 0, ssd_limit = 1048575, ssd_type = 27, ssd_dpl =
0, ssd_p = 1,
ssd_long = 1, ssd_def32 = 0, ssd_gran = 1}
code = 2
gdt = <optimized out>
ss = 40
type = <optimized out>
handled = <optimized out>
#6 0xffffffff811010b6 in trap_pfault (frame=<unavailable>, usermode=false,
signo=<optimized out>, ucode=<optimized out>) at
/usr/src/sys/amd64/amd64/trap.c:759
td = 0xfffff8000347c740
p = <optimized out>
eva = <unavailable>
map = <optimized out>
ftype = <optimized out>
rv = <optimized out>
#7 <signal handler called>
No locals.
#8 0xffffffff80bd5c1f in atomic_cmpset_long (expect=0,
src=18446735277671565120,
dst=<optimized out>) at /usr/src/sys/amd64/include/atomic.h:215
res = <optimized out>
#9 _thread_lock (td=td@entry=0xfffff8000941c8b8) at
/usr/src/sys/kern/kern_mutex.c:843
tid = 18446735277671565120
m = 0x0
#10 0xffffffff80c5c778 in propagate_priority (td=0xfffff8000941c8b8,
td@entry=0xfffff8000347c740)
at /usr/src/sys/kern/subr_turnstile.c:232
pri = 84
ts = 0xfffff8000308c900
top = 0xfffff8000308c900
#11 0xffffffff80c5d4f1 in turnstile_wait (ts=ts@entry=0xfffff8000308c900,
owner=owner@entry=0xfffff8000941c8b8, queue=queue@entry=0)
at /usr/src/sys/kern/subr_turnstile.c:806
td = 0xfffff8000347c740
tc = <optimized out>
td1 = <optimized out>
lock = <optimized out>
#12 0xffffffff80bd52f3 in __mtx_lock_sleep (c=0xfffff8000941c8c0, v=<optimized
out>)
at /usr/src/sys/kern/kern_mutex.c:666
lda = {config = 0xffffffff81c00018 <locks_delay>, delay = 1, spin_cnt =
1}
sleep_cnt = 0
sleep_time = 0
all_time = 0
doing_lockprof = <optimized out>
td = 0xfffff8000347c740
tid = 18446735277671565120
m = 0xfffff8000941c8a8
owner = 0xfffff8000941c8b8
ts = 0xfffff8000308c900
#13 0xffffffff80d9c454 in ng_ksocket_shutdown (node=0xfffff8000b745b00)
at /usr/src/sys/netgraph/ng_ksocket.c:937
_tid = 18446735277671565120
_v = 0
priv = 0xfffff8004ef67600
embryo = <optimized out>
#14 0xffffffff80d95f6c in ng_rmnode (node=node@entry=0xfffff8000b745b00,
dummy1=<optimized out>,
dummy2=<optimized out>, dummy3=<optimized out>) at
/usr/src/sys/netgraph/ng_base.c:756
hook = <optimized out>
#15 0xffffffff80d97edf in ng_apply_item (node=node@entry=0xfffff8000b745b00,
item=0xfffff800403e2d80, rw=1) at /usr/src/sys/netgraph/ng_base.c:2475
error = 0
hook = 0x0
apply = 0x0
depth = 1
rcvdata = <optimized out>
rcvmsg = <optimized out>
#16 0xffffffff80d9af00 in ngthread (arg=<optimized out>) at
/usr/src/sys/netgraph/ng_base.c:3442
item = <optimized out>
rw = <optimized out>
et = {et_link = {tqe_next = 0x0, tqe_prev = 0xfffff80003484bd8},
et_td = 0xfffff8000347c740, et_section = {bucket = 1},
et_old_priority = 84 'T'}
node = 0xfffff8000b745b00
saved_vnet = 0x0
#17 0xffffffff80bb41dd in fork_exit (callout=0xffffffff80d9ad10 <ngthread>,
arg=0x0,
frame=0xfffffe0003724f40) at /usr/src/sys/kern/kern_fork.c:1151
td = 0xfffff8000347c740
p = 0xfffffe0003e52ab0
dtd = <optimized out>
#18 <signal handler called>
No locals.
(kgdb)
--
You are receiving this mail because:
You are the assignee for the bug.
