Date: Thu, 10 Aug 2023 09:14:53 +0000 From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 272319] FreeBSD kernel crash on MPD5 restart with PPP configuration. Message-ID: <bug-272319-7501-2kYWEIYGBm@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-272319-7501@https.bugs.freebsd.org/bugzilla/> References: <bug-272319-7501@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D272319 --- Comment #31 from ny <ny2007ltd@gmail.com> --- FreeBSD 14 amd64 8a5c836b51ce kernel crash on MPD5 start. Here is kernel crash: FreeBSD fb 14.0-CURRENT FreeBSD 14.0-CURRENT amd64 1400093 #0 main-n264491-8a5c836b51ce: Thu Aug 3 08:15:15 UTC 2023=20=20=20 root@releng1.nyi.freebsd.org:/usr/obj/usr/src/amd64.amd64/sys/GENERIC am= d64 panic: page fault Fatal trap 12: page fault while in kernel mode cpuid =3D 0; apic id =3D 00 fault virtual address =3D 0x18 fault code =3D supervisor read data, page not present instruction pointer =3D 0x20:0xffffffff80b25b68 stack pointer =3D 0x28:0xfffffe00545f0d60 frame pointer =3D 0x28:0xfffffe00545f0da0 code segment =3D base 0x0, limit 0xfffff, type 0x1b =3D DPL 0, pres 1, long 1, def32 0, gran 1 processor eflags =3D interrupt enabled, resume, IOPL =3D 0 current process =3D 846 (ng_queue0) rdi: 0000000000000000 rsi: fffffe0054b71560 rdx: 0000000000000000 rcx: 00000000000003aa r8: 0000000000000000 r9: 0000000000010000 rax: fffff800074af3c0 rbx: 0000000000000018 rbp: fffffe00545f0da0 r10: 0000000000000001 r11: 0000000000010000 r12: 00000000000003aa r13: 0000000000000001 r14: fffff80003621800 r15: ffffffff82b396a5 trap number =3D 12 panic: page fault cpuid =3D 0 time =3D 1691665616 KDB: stack backtrace: db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe00545f0= b10 vpanic() at vpanic+0x149/frame 0xfffffe00545f0b60 panic() at panic+0x43/frame 0xfffffe00545f0bc0 trap_fatal() at trap_fatal+0x40c/frame 0xfffffe00545f0c20 trap_pfault() at trap_pfault+0xae/frame 0xfffffe00545f0c90 calltrap() at calltrap+0x8/frame 0xfffffe00545f0c90 --- trap 0xc, rip =3D 0xffffffff80b25b68, rsp =3D 0xfffffe00545f0d60, rbp = =3D 0xfffffe00545f0da0 --- __mtx_lock_flags() at __mtx_lock_flags+0x48/frame 0xfffffe00545f0da0 ng_ksocket_shutdown() at ng_ksocket_shutdown+0x39/frame 0xfffffe00545f0dc0 ng_rmnode() at ng_rmnode+0x188/frame 0xfffffe00545f0df0 ng_apply_item() at ng_apply_item+0x4fb/frame 0xfffffe00545f0e80 ngthread() at ngthread+0x291/frame 0xfffffe00545f0ef0 fork_exit() at fork_exit+0x82/frame 0xfffffe00545f0f30 fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe00545f0f30 --- trap 0xc, rip =3D 0xe344027ccba, rsp =3D 0xe343d35b558, rbp =3D 0xe343d= 35b650 --- KDB: enter: panic __curthread () at /usr/src/sys/amd64/include/pcpu_aux.h:59 59 __asm("movq %%gs:%P1,%0" : "=3Dr" (td) : "n" (offsetof(stru= ct pcpu, (kgdb) #0 __curthread () at /usr/src/sys/amd64/include/pcpu_aux.h:59 #1 doadump (textdump=3Dtextdump@entry=3D0) at /usr/src/sys/kern/kern_shutdown.c:407 #2 0xffffffff804a2f1a in db_dump (dummy=3D<optimized out>,=20 dummy2=3D<optimized out>, dummy3=3D<optimized out>, dummy4=3D<optimized= out>) at /usr/src/sys/ddb/db_command.c:593 #3 0xffffffff804a2d1d in db_command (last_cmdp=3D<optimized out>,=20 cmd_table=3D<optimized out>, dopager=3Dtrue) at /usr/src/sys/ddb/db_command.c:506 #4 0xffffffff804a29dd in db_command_loop () at /usr/src/sys/ddb/db_command.c:553 #5 0xffffffff804a60b6 in db_trap (type=3D<optimized out>, code=3D<optimize= d out>) at /usr/src/sys/ddb/db_main.c:270 #6 0xffffffff80b99d53 in kdb_trap (type=3Dtype@entry=3D3, code=3Dcode@entr= y=3D0,=20 tf=3Dtf@entry=3D0xfffffe00545f0a50) at /usr/src/sys/kern/subr_kdb.c:792 #7 0xffffffff81045db9 in trap (frame=3D0xfffffe00545f0a50) at /usr/src/sys/amd64/amd64/trap.c:610 #8 <signal handler called> #9 kdb_enter (why=3D<optimized out>, msg=3D<optimized out>) at /usr/src/sys/kern/subr_kdb.c:558 #10 0xffffffff80b4b86a in vpanic (fmt=3D0xffffffff81182bad "%s",=20 ap=3Dap@entry=3D0xfffffe00545f0ba0) at /usr/src/sys/kern/kern_shutdown.= c:960 #11 0xffffffff80b4b633 in panic ( fmt=3D0xffffffff8194fec0 <cnputs_mtx> "\257\346\023\201\377\377\377\377= ") at /usr/src/sys/kern/kern_shutdown.c:896 #12 0xffffffff8104624c in trap_fatal (frame=3D0xfffffe00545f0ca0, eva=3D24) at /usr/src/sys/amd64/amd64/trap.c:954 #13 0xffffffff810462fe in trap_pfault (frame=3D0xfffffe00545f0ca0,=20 usermode=3Dfalse, signo=3D<optimized out>, ucode=3D<optimized out>) at /usr/src/sys/amd64/amd64/trap.c:762 #14 <signal handler called> #15 __mtx_lock_flags (c=3D0x18, opts=3Dopts@entry=3D0,=20 file=3D0xffffffff82b396a5 "/usr/src/sys/netgraph/ng_ksocket.c",=20 line=3Dline@entry=3D938) at /usr/src/sys/kern/kern_mutex.c:273 #16 0xffffffff82b37559 in ng_ksocket_shutdown (node=3D0xfffff80003621800) at /usr/src/sys/netgraph/ng_ksocket.c:938 #17 0xffffffff82b23a48 in ng_rmnode (node=3Dnode@entry=3D0xfffff80003621800= ,=20 dummy1=3D<optimized out>, dummy2=3D<optimized out>, dummy3=3D<optimized= out>) at /usr/src/sys/netgraph/ng_base.c:760 #18 0xffffffff82b25ddb in ng_generic_msg (here=3D0xfffff80003621800,=20 item=3D<optimized out>, lasthook=3D0xfffff800030b6580) at /usr/src/sys/netgraph/ng_base.c:2528 #19 ng_apply_item (node=3Dnode@entry=3D0xfffff80003621800,=20 item=3Ditem@entry=3D0xfffff80007ee1d80, rw=3Drw@entry=3D1) at /usr/src/sys/netgraph/ng_base.c:2442 #20 0xffffffff82b28d11 in ngthread (arg=3D<optimized out>) at /usr/src/sys/netgraph/ng_base.c:3451 #21 0xffffffff80b01b92 in fork_exit (callout=3D0xffffffff82b28a80 <ngthread= >,=20 arg=3D0x0, frame=3D0xfffffe00545f0f40) at /usr/src/sys/kern/kern_fork.c= :1162 #22 <signal handler called> #23 0x00000e344027ccba in ?? () Backtrace stopped: Cannot access memory at address 0xe343d35b558 (kgdb) --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-272319-7501-2kYWEIYGBm>