Actions
Bug #13417
openKernel panic: pf_purge
Status:
Feedback
Priority:
Normal
Assignee:
-
Category:
Operating System
Target version:
-
Start date:
Due date:
% Done:
0%
Estimated time:
Plus Target Version:
Release Notes:
Default
Affected Version:
Affected Architecture:
Description
On a 7100 with 22.05:
When we came into the office this morning, the pfSense was down, with no internet access to any devices. The USB cable hooked to the console was also non-responsive. A reboot fixed the issue.
db:0:kdb.enter.default> show registers cs 0x20 ds 0x3b ll+0x1a es 0x3b ll+0x1a fs 0x13 gs 0x1b ss 0x28 ll+0x7 rax 0x12 rcx 0x1 rdx 0xfffffe00005fa6c0 rbx 0xffffffff816654e6 rsp 0xfffffe00005fa7c0 rbp 0xfffffe00005fa7d0 rsi 0x11dd99f902aa rdi 0x4 r8 0x1 r9 0xfffffe00005fa6c0 r10 0x12 r11 0 r12 0xffffffff815829bc r13 0xfffffe00005fa950 r14 0x100 ll+0xdf r15 0xfffff800059fb740 rip 0xffffffff80dd2247 kdb_enter+0x37 rflags 0x82 ll+0x61 kdb_enter+0x37: movq $0,0x28feec6(%rip) db:0:kdb.enter.default> run lockinfo db:1:lockinfo> show locks No such command; use "help" to list available commands db:1:lockinfo> show alllocks No such command; use "help" to list available commands db:1:lockinfo> show lockedvnods Locked vnodes db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe00005fa060 kdb_reenter() at kdb_reenter+0x2c/frame 0xfffffe00005fa070 calltrap() at calltrap+0x8/frame 0xfffffe00005fa070 --- trap 0x9, rip = 0xffffffff81545570, rsp = 0xfffffe00005fa140, rbp = 0xfffffe00005fa160 --- VOP_ISLOCKED_APV() at VOP_ISLOCKED_APV+0x20/frame 0xfffffe00005fa160 lockedvnodes() at lockedvnodes+0x6a/frame 0xfffffe00005fa1a0 db_command() at db_command+0x380/frame 0xfffffe00005fa270 db_script_exec() at db_script_exec+0x1b8/frame 0xfffffe00005fa320 db_command() at db_command+0x380/frame 0xfffffe00005fa3f0 db_script_exec() at db_script_exec+0x1b8/frame 0xfffffe00005fa4a0 db_script_kdbenter() at db_script_kdbenter+0x55/frame 0xfffffe00005fa4e0 db_trap() at db_trap+0xe1/frame 0xfffffe00005fa570 kdb_trap() at kdb_trap+0x13c/frame 0xfffffe00005fa5e0 trap() at trap+0x77e/frame 0xfffffe00005fa6f0 calltrap() at calltrap+0x8/frame 0xfffffe00005fa6f0 --- trap 0x3, rip = 0xffffffff80dd2247, rsp = 0xfffffe00005fa7c0, rbp = 0xfffffe00005fa7d0 --- kdb_enter() at kdb_enter+0x37/frame 0xfffffe00005fa7d0 vpanic() at vpanic+0x194/frame 0xfffffe00005fa820 panic() at panic+0x43/frame 0xfffffe00005fa880 trap_fatal() at trap_fatal+0x38f/frame 0xfffffe00005fa8e0 trap_pfault() at trap_pfault+0x4f/frame 0xfffffe00005fa940 calltrap() at calltrap+0x8/frame 0xfffffe00005fa940 --- trap 0xc, rip = 0xffffffff8107909b, rsp = 0xfffffe00005faa10, rbp = 0xfffffe00005faa30 --- pf_state_expires() at pf_state_expires+0xb/frame 0xfffffe00005faa30 pf_purge_expired_states() at pf_purge_expired_states+0xf5/frame 0xfffffe00005faa80 pf_purge_thread() at pf_purge_thread+0x13b/frame 0xfffffe00005faab0 fork_exit() at fork_exit+0x7e/frame 0xfffffe00005faaf0 fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe00005faaf0 --- trap 0, rip = 0, rsp = 0, rbp = 0 --- Script command 'show lockedvnods' returned error db:0:kdb.enter.default> show pcpu cpuid = 2 dynamic pcpu = 0xfffffe0080e38140 curthread = 0xfffff800059fb740: pid 22 tid 100117 "pf purge" curpcb = 0xfffff800059fbce0 fpcurthread = none idlethread = 0xfffff80005659000: tid 100005 "idle: cpu2" curpmap = 0xffffffff83690da8 tssp = 0xffffffff8371af70 commontssp = 0xffffffff8371af70 rsp0 = 0xfffffe00005fabc0 kcr3 = 0xffffffffffffffff ucr3 = 0xffffffffffffffff scr3 = 0x0 gs32p = 0xffffffff83721788 ldt = 0xffffffff837217c8 tss = 0xffffffff837217b8 tlb gen = 72813 curvnet = 0xfffff8000508fc80 db:0:kdb.enter.default> bt Tracing pid 22 tid 100117 td 0xfffff800059fb740 kdb_enter() at kdb_enter+0x37/frame 0xfffffe00005fa7d0 vpanic() at vpanic+0x194/frame 0xfffffe00005fa820 panic() at panic+0x43/frame 0xfffffe00005fa880 trap_fatal() at trap_fatal+0x38f/frame 0xfffffe00005fa8e0 trap_pfault() at trap_pfault+0x4f/frame 0xfffffe00005fa940 calltrap() at calltrap+0x8/frame 0xfffffe00005fa940 --- trap 0xc, rip = 0xffffffff8107909b, rsp = 0xfffffe00005faa10, rbp = 0xfffffe00005faa30 --- pf_state_expires() at pf_state_expires+0xb/frame 0xfffffe00005faa30 pf_purge_expired_states() at pf_purge_expired_states+0xf5/frame 0xfffffe00005faa80 pf_purge_thread() at pf_purge_thread+0x13b/frame 0xfffffe00005faab0 fork_exit() at fork_exit+0x7e/frame 0xfffffe00005faaf0 fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe00005faaf0 --- trap 0, rip = 0, rsp = 0, rbp = 0 ---
Updated by Mateusz Guzik about 2 years ago
Fatal trap 12: page fault while in kernel mode cpuid = 1; apic id = 0c fault virtual address = 0x15 fault code = supervisor read data, page not present instruction pointer = 0x20:0xffffffff8107909b
The panicking instruction is:
0xffffffff8107909b <pf_state_expires+11>: movzbl 0x11(%rdi),%ecx
While there is no untainted register dump saved from the crash itself, the rdi register survived entering the debugger and it's value:
rdi 0x4
lines up with the crash pretty nicely: 0x4 + 0x11 = 0x15.
As is the crash looks like a bitflip. May be a hardware problem, may be just a very bad luck.
I would recommend just continuing as is and reporting again should the crash reoccur.
Actions