Project

General

Profile

Actions

Bug #13417

open

Kernel panic: pf_purge

Added by Marcos M about 2 years ago. Updated about 2 years ago.

Status:
Feedback
Priority:
Normal
Assignee:
-
Category:
Operating System
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Default
Affected Version:
Affected Architecture:

Description

On a 7100 with 22.05:

When we came into the office this morning, the pfSense was down, with no internet access to any devices. The USB cable hooked to the console was also non-responsive. A reboot fixed the issue.

db:0:kdb.enter.default>  show registers
cs                        0x20
ds                        0x3b  ll+0x1a
es                        0x3b  ll+0x1a
fs                        0x13
gs                        0x1b
ss                        0x28  ll+0x7
rax                       0x12
rcx                        0x1
rdx         0xfffffe00005fa6c0
rbx         0xffffffff816654e6
rsp         0xfffffe00005fa7c0
rbp         0xfffffe00005fa7d0
rsi             0x11dd99f902aa
rdi                        0x4
r8                         0x1
r9          0xfffffe00005fa6c0
r10                       0x12
r11                          0
r12         0xffffffff815829bc
r13         0xfffffe00005fa950
r14                      0x100  ll+0xdf
r15         0xfffff800059fb740
rip         0xffffffff80dd2247  kdb_enter+0x37
rflags                    0x82  ll+0x61
kdb_enter+0x37: movq    $0,0x28feec6(%rip)
db:0:kdb.enter.default>  run lockinfo
db:1:lockinfo> show locks
No such command; use "help" to list available commands
db:1:lockinfo>  show alllocks
No such command; use "help" to list available commands
db:1:lockinfo>  show lockedvnods
Locked vnodes
db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe00005fa060
kdb_reenter() at kdb_reenter+0x2c/frame 0xfffffe00005fa070
calltrap() at calltrap+0x8/frame 0xfffffe00005fa070
--- trap 0x9, rip = 0xffffffff81545570, rsp = 0xfffffe00005fa140, rbp = 0xfffffe00005fa160 ---
VOP_ISLOCKED_APV() at VOP_ISLOCKED_APV+0x20/frame 0xfffffe00005fa160
lockedvnodes() at lockedvnodes+0x6a/frame 0xfffffe00005fa1a0
db_command() at db_command+0x380/frame 0xfffffe00005fa270
db_script_exec() at db_script_exec+0x1b8/frame 0xfffffe00005fa320
db_command() at db_command+0x380/frame 0xfffffe00005fa3f0
db_script_exec() at db_script_exec+0x1b8/frame 0xfffffe00005fa4a0
db_script_kdbenter() at db_script_kdbenter+0x55/frame 0xfffffe00005fa4e0
db_trap() at db_trap+0xe1/frame 0xfffffe00005fa570
kdb_trap() at kdb_trap+0x13c/frame 0xfffffe00005fa5e0
trap() at trap+0x77e/frame 0xfffffe00005fa6f0
calltrap() at calltrap+0x8/frame 0xfffffe00005fa6f0
--- trap 0x3, rip = 0xffffffff80dd2247, rsp = 0xfffffe00005fa7c0, rbp = 0xfffffe00005fa7d0 ---
kdb_enter() at kdb_enter+0x37/frame 0xfffffe00005fa7d0
vpanic() at vpanic+0x194/frame 0xfffffe00005fa820
panic() at panic+0x43/frame 0xfffffe00005fa880
trap_fatal() at trap_fatal+0x38f/frame 0xfffffe00005fa8e0
trap_pfault() at trap_pfault+0x4f/frame 0xfffffe00005fa940
calltrap() at calltrap+0x8/frame 0xfffffe00005fa940
--- trap 0xc, rip = 0xffffffff8107909b, rsp = 0xfffffe00005faa10, rbp = 0xfffffe00005faa30 ---
pf_state_expires() at pf_state_expires+0xb/frame 0xfffffe00005faa30
pf_purge_expired_states() at pf_purge_expired_states+0xf5/frame 0xfffffe00005faa80
pf_purge_thread() at pf_purge_thread+0x13b/frame 0xfffffe00005faab0
fork_exit() at fork_exit+0x7e/frame 0xfffffe00005faaf0
fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe00005faaf0
--- trap 0, rip = 0, rsp = 0, rbp = 0 ---
Script command 'show lockedvnods' returned error
db:0:kdb.enter.default>  show pcpu
cpuid        = 2
dynamic pcpu = 0xfffffe0080e38140
curthread    = 0xfffff800059fb740: pid 22 tid 100117 "pf purge" 
curpcb       = 0xfffff800059fbce0
fpcurthread  = none
idlethread   = 0xfffff80005659000: tid 100005 "idle: cpu2" 
curpmap      = 0xffffffff83690da8
tssp         = 0xffffffff8371af70
commontssp   = 0xffffffff8371af70
rsp0         = 0xfffffe00005fabc0
kcr3         = 0xffffffffffffffff
ucr3         = 0xffffffffffffffff
scr3         = 0x0
gs32p        = 0xffffffff83721788
ldt          = 0xffffffff837217c8
tss          = 0xffffffff837217b8
tlb gen      = 72813
curvnet      = 0xfffff8000508fc80
db:0:kdb.enter.default>  bt
Tracing pid 22 tid 100117 td 0xfffff800059fb740
kdb_enter() at kdb_enter+0x37/frame 0xfffffe00005fa7d0
vpanic() at vpanic+0x194/frame 0xfffffe00005fa820
panic() at panic+0x43/frame 0xfffffe00005fa880
trap_fatal() at trap_fatal+0x38f/frame 0xfffffe00005fa8e0
trap_pfault() at trap_pfault+0x4f/frame 0xfffffe00005fa940
calltrap() at calltrap+0x8/frame 0xfffffe00005fa940
--- trap 0xc, rip = 0xffffffff8107909b, rsp = 0xfffffe00005faa10, rbp = 0xfffffe00005faa30 ---
pf_state_expires() at pf_state_expires+0xb/frame 0xfffffe00005faa30
pf_purge_expired_states() at pf_purge_expired_states+0xf5/frame 0xfffffe00005faa80
pf_purge_thread() at pf_purge_thread+0x13b/frame 0xfffffe00005faab0
fork_exit() at fork_exit+0x7e/frame 0xfffffe00005faaf0
fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe00005faaf0
--- trap 0, rip = 0, rsp = 0, rbp = 0 ---
Actions #1

Updated by Mateusz Guzik about 2 years ago

Fatal trap 12: page fault while in kernel mode
cpuid = 1; apic id = 0c
fault virtual address   = 0x15
fault code              = supervisor read data, page not present
instruction pointer     = 0x20:0xffffffff8107909b

The panicking instruction is:

   0xffffffff8107909b <pf_state_expires+11>:    movzbl 0x11(%rdi),%ecx

While there is no untainted register dump saved from the crash itself, the rdi register survived entering the debugger and it's value:

rdi                        0x4

lines up with the crash pretty nicely: 0x4 + 0x11 = 0x15.

As is the crash looks like a bitflip. May be a hardware problem, may be just a very bad luck.

I would recommend just continuing as is and reporting again should the crash reoccur.

Actions #2

Updated by Marcos M about 2 years ago

  • Status changed from New to Feedback
Actions

Also available in: Atom PDF