Date: Wed, 5 May 2021 18:35:32 +0200 From: Michael Schmiedgen <schmiedgen@gmx.net> To: Mark Johnston <markj@freebsd.org> Cc: freebsd-net@freebsd.org Subject: Re: page fault while in kernel mode - after upgrade from 12.2 to 13.0 Message-ID: <51a3abc5-76b9-df09-acbe-895b62ec87b3@gmx.net> In-Reply-To: <YJGaUnWCPVXRC4NC@nuc> References: <d7c3bfbd-2e54-c0f4-ec23-5dab08287ea3@gmx.net> <YJBS8YMZFkMtWPEu@nuc> <d37716a3-927d-b200-c805-b31d7b36383d@gmx.net> <YJGaUnWCPVXRC4NC@nuc>
next in thread | previous in thread | raw e-mail | index | archive | help
On 04.05.2021 21:02, Mark Johnston wrote:
> This looks like fairly random kernel memory corruption. Are you able to
> build an INVARIANTS kernel and test that? Assuming you're using 13.0,
> you'd grab the 13.0 sources, add "options INVARIANT_SUPPORT" and
> "options INVARIANTS" to the GENERIC kernel configuration in
> sys/amd64/conf, and do a "make buildkernel installkernel".
Below some info with an INVARIANTS kernel. Please let me know if I can pro=
vide
further information. Thank you!
=2D-- kgdb backtrace
(kgdb) backtrace
#0 __curthread () at /usr/src/sys/amd64/include/pcpu_aux.h:55
#1 doadump (textdump=3D<optimized out>) at /usr/src/sys/kern/kern_shutdow=
n.c:399
#2 0xffffffff80bf580b in kern_reboot (howto=3D260) at /usr/src/sys/kern/k=
ern_shutdown.c:486
#3 0xffffffff80bf5c50 in vpanic (fmt=3D<optimized out>, ap=3D<optimized o=
ut>) at /usr/src/sys/kern/kern_shutdown.c:919
#4 0xffffffff80bf59b3 in panic (fmt=3D<unavailable>) at /usr/src/sys/kern=
/kern_shutdown.c:843
#5 0xffffffff80f1ae71 in uma_dbg_free (zone=3D0xfffffe006e3e3c00, slab=3D=
0xfffff8053b159fd8, item=3D0xfffff8053b159300) at /usr/src/sys/vm/uma_core=
.c:5437
#6 0xffffffff80f13a64 in item_dtor (zone=3D0xfffffe006e3e3c00, item=3D0xf=
ffff8053b159300, size=3D256, udata=3D0x0, skip=3DSKIP_NONE) at
/usr/src/sys/vm/uma_core.c:3220
#7 uma_zfree_arg (zone=3D0xfffffe006e3e3c00, item=3Ditem@entry=3D0xfffff8=
053b159300, udata=3Dudata@entry=3D0x0) at /usr/src/sys/vm/uma_core.c:4165
#8 0xffffffff80bcefcf in mb_free_ext (m=3Dm@entry=3D0xfffff8053b159300) a=
t /usr/src/sys/kern/kern_mbuf.c:1200
#9 0xffffffff80bcda68 in m_free (m=3Dm@entry=3D0xfffff8053b159300) at /us=
r/src/sys/sys/mbuf.h:1441
#10 0xffffffff80bceda8 in m_freem (mb=3Dmb@entry=3D0xfffff8053b159300) at =
/usr/src/sys/kern/kern_mbuf.c:1525
#11 0xffffffff82c4d79a in div_output (so=3D<optimized out>, m=3D0xfffff805=
3b159300, sin=3D<optimized out>, control=3D<optimized out>) at
/usr/src/sys/netinet/ip_divert.c:396
#12 div_send (so=3D<optimized out>, so@entry=3D<error reading variable: va=
lue is not available>, flags=3D<optimized out>, flags@entry=3D<error readi=
ng
variable: value is not available>, m=3D0xfffff8053b159300, m@entry=3D<erro=
r reading variable: value is not available>, nam=3D<optimized out>,
nam@entry=3D<error reading variable: value is not available>, control=
=3D<optimized out>, control@entry=3D<error reading variable: value is not
available>, td=3D<optimized out>, td@entry=3D<error reading variable: valu=
e is not available>) at /usr/src/sys/netinet/ip_divert.c:659
#13 0xffffffff80c92f97 in sosend_generic (so=3D0xfffff800468d5760, so@entr=
y=3D<error reading variable: value is not available>, addr=3D0xfffff800120=
c72e0,
addr@entry=3D<error reading variable: value is not available>, uio=3D<opti=
mized out>, uio@entry=3D<error reading variable: value is not available>,
top=3D0xfffff8053b159300,
top@entry=3D<error reading variable: value is not available>, control=
=3D<optimized out>, control@entry=3D<error reading variable: value is not
available>, flags=3D0, flags@entry=3D<error reading variable: value is not=
available>, td=3D0xfffffe019cdc2300, td@entry=3D<error reading variable: =
value is
not available>)
at /usr/src/sys/kern/uipc_socket.c:1755
#14 0xffffffff80c93286 in sosend (so=3D<unavailable>, so@entry=3D0xfffff80=
0468d5760, addr=3D<unavailable>, uio=3D<unavailable>, uio@entry=3D0xfffffe=
0199b338a8,
top=3D<unavailable>, top@entry=3D0x0, control=3Dcontrol@entry=3D0x0, flags=
=3D<unavailable>, flags@entry=3D0, td=3D0xfffffe019cdc2300) at
/usr/src/sys/kern/uipc_socket.c:1810
#15 0xffffffff80c99ffc in kern_sendit (td=3D<optimized out>, td@entry=3D0x=
fffffe019cdc2300, s=3D3, mp=3D<optimized out>, mp@entry=3D0xfffffe0199b339=
80, flags=3D0,
control=3D0x0, segflg=3Dsegflg@entry=3DUIO_USERSPACE) at /usr/src/sys/kern=
/uipc_syscalls.c:798
#16 0xffffffff80c9a39b in sendit (td=3D0xfffffe019cdc2300, td@entry=3D<una=
vailable>, s=3D<unavailable>, mp=3Dmp@entry=3D0xfffffe0199b33980, flags=3D=
<unavailable>)
at /usr/src/sys/kern/uipc_syscalls.c:723
#17 0xffffffff80c9a1ad in sys_sendto (td=3D<unavailable>, td@entry=3D<erro=
r reading variable: value is not available>, uap=3D<unavailable>, uap@entr=
y=3D<error
reading variable: value is not available>) at /usr/src/sys/kern/uipc_sysca=
lls.c:841
#18 0xffffffff8108824e in syscallenter (td=3D<optimized out>) at /usr/src/=
sys/amd64/amd64/../../kern/subr_syscall.c:189
#19 amd64_syscall (td=3D0xfffffe019cdc2300, traced=3D0) at /usr/src/sys/am=
d64/amd64/trap.c:1156
#20 <signal handler called>
=2D-- core.txt
panic: Duplicate free of 0xfffff8053b159300 from zone 0xfffffe006e3e3c00(m=
buf_packet) slab 0xfffff8053b159fd8(3)
Unread portion of the kernel message buffer:
<110>ipfw: 4500 Deny UDP 192.168.10.100:137 192.168.10.255:137 out via bge=
0
panic: Duplicate free of 0xfffff8053b159300 from zone 0xfffffe006e3e3c00(m=
buf_packet) slab 0xfffff8053b159fd8(3)
cpuid =3D 6
time =3D 1620231385
KDB: stack backtrace:
#0 0xffffffff80c400e5 at kdb_backtrace+0x65
#1 0xffffffff80bf5be1 at vpanic+0x181
#2 0xffffffff80bf59b3 at panic+0x43
#3 0xffffffff80f1ae71 at uma_dbg_free+0x1e1
#4 0xffffffff80f13a64 at uma_zfree_arg+0x144
#5 0xffffffff80bcefcf at mb_free_ext+0x11f
#6 0xffffffff80bcda68 at m_free+0xd8
#7 0xffffffff80bceda8 at m_freem+0x28
#8 0xffffffff82c4d79a at div_send+0x43a
#9 0xffffffff80c92f97 at sosend_generic+0x5f7
#10 0xffffffff80c93286 at sosend+0x66
#11 0xffffffff80c99ffc at kern_sendit+0x1ec
#12 0xffffffff80c9a39b at sendit+0x1db
#13 0xffffffff80c9a1ad at sys_sendto+0x4d
#14 0xffffffff8108824e at amd64_syscall+0x12e
#15 0xffffffff8105bf4e at fast_syscall_common+0xf8
Uptime: 5m17s
Dumping 2609 out of 65454 MB:..1%..11%..21%..31%..41%..51%..61%..71%..81%.=
.91%
__curthread () at /usr/src/sys/amd64/include/pcpu_aux.h:55
55 __asm("movq %%gs:%P1,%0" : "=3Dr" (td) : "n" (offsetof(str=
uct pcpu,
(kgdb) #0 __curthread () at /usr/src/sys/amd64/include/pcpu_aux.h:55
#1 doadump (textdump=3D<optimized out>)
at /usr/src/sys/kern/kern_shutdown.c:399
#2 0xffffffff80bf580b in kern_reboot (howto=3D260)
at /usr/src/sys/kern/kern_shutdown.c:486
#3 0xffffffff80bf5c50 in vpanic (fmt=3D<optimized out>, ap=3D<optimized o=
ut>)
at /usr/src/sys/kern/kern_shutdown.c:919
#4 0xffffffff80bf59b3 in panic (fmt=3D<unavailable>)
at /usr/src/sys/kern/kern_shutdown.c:843
#5 0xffffffff80f1ae71 in uma_dbg_free (zone=3D0xfffffe006e3e3c00,
slab=3D0xfffff8053b159fd8, item=3D0xfffff8053b159300)
at /usr/src/sys/vm/uma_core.c:5437
#6 0xffffffff80f13a64 in item_dtor (zone=3D0xfffffe006e3e3c00,
item=3D0xfffff8053b159300, size=3D256, udata=3D0x0, skip=3DSKIP_NONE)
at /usr/src/sys/vm/uma_core.c:3220
#7 uma_zfree_arg (zone=3D0xfffffe006e3e3c00,
item=3Ditem@entry=3D0xfffff8053b159300, udata=3Dudata@entry=3D0x0)
at /usr/src/sys/vm/uma_core.c:4165
#8 0xffffffff80bcefcf in mb_free_ext (m=3Dm@entry=3D0xfffff8053b159300)
at /usr/src/sys/kern/kern_mbuf.c:1200
#9 0xffffffff80bcda68 in m_free (m=3Dm@entry=3D0xfffff8053b159300)
at /usr/src/sys/sys/mbuf.h:1441
#10 0xffffffff80bceda8 in m_freem (mb=3Dmb@entry=3D0xfffff8053b159300)
at /usr/src/sys/kern/kern_mbuf.c:1525
#11 0xffffffff82c4d79a in div_output (so=3D<optimized out>,
m=3D0xfffff8053b159300, sin=3D<optimized out>, control=3D<optimized o=
ut>)
at /usr/src/sys/netinet/ip_divert.c:396
#12 div_send (so=3D<optimized out>,
so@entry=3D<error reading variable: value is not available>,
flags=3D<optimized out>,
flags@entry=3D<error reading variable: value is not available>,
m=3D0xfffff8053b159300,
m@entry=3D<error reading variable: value is not available>,
nam=3D<optimized out>,
nam@entry=3D<error reading variable: value is not available>,
control=3D<optimized out>,
control@entry=3D<error reading variable: value is not available>,
td=3D<optimized out>,
td@entry=3D<error reading variable: value is not available>)
at /usr/src/sys/netinet/ip_divert.c:659
#13 0xffffffff80c92f97 in sosend_generic (so=3D0xfffff800468d5760,
so@entry=3D<error reading variable: value is not available>,
addr=3D0xfffff800120c72e0,
addr@entry=3D<error reading variable: value is not available>,
uio=3D<optimized out>,
uio@entry=3D<error reading variable: value is not available>,
top=3D0xfffff8053b159300,
top@entry=3D<error reading variable: value is not available>,
control=3D<optimized out>,
control@entry=3D<error reading variable: value is not available>, fla=
gs=3D0,
flags@entry=3D<error reading variable: value is not available>,
td=3D0xfffffe019cdc2300,
td@entry=3D<error reading variable: value is not available>)
at /usr/src/sys/kern/uipc_socket.c:1755
#14 0xffffffff80c93286 in sosend (so=3D<unavailable>,
so@entry=3D0xfffff800468d5760, addr=3D<unavailable>, uio=3D<unavailab=
le>,
uio@entry=3D0xfffffe0199b338a8, top=3D<unavailable>, top@entry=3D0x0,
control=3Dcontrol@entry=3D0x0, flags=3D<unavailable>, flags@entry=3D0=
,
td=3D0xfffffe019cdc2300) at /usr/src/sys/kern/uipc_socket.c:1810
#15 0xffffffff80c99ffc in kern_sendit (td=3D<optimized out>,
td@entry=3D0xfffffe019cdc2300, s=3D3, mp=3D<optimized out>,
mp@entry=3D0xfffffe0199b33980, flags=3D0, control=3D0x0,
segflg=3Dsegflg@entry=3DUIO_USERSPACE)
at /usr/src/sys/kern/uipc_syscalls.c:798
#16 0xffffffff80c9a39b in sendit (td=3D0xfffffe019cdc2300,
td@entry=3D<unavailable>, s=3D<unavailable>, mp=3Dmp@entry=3D0xfffffe=
0199b33980,
flags=3D<unavailable>) at /usr/src/sys/kern/uipc_syscalls.c:723
#17 0xffffffff80c9a1ad in sys_sendto (td=3D<unavailable>,
td@entry=3D<error reading variable: value is not available>,
uap=3D<unavailable>,
uap@entry=3D<error reading variable: value is not available>)
at /usr/src/sys/kern/uipc_syscalls.c:841
#18 0xffffffff8108824e in syscallenter (td=3D<optimized out>)
at /usr/src/sys/amd64/amd64/../../kern/subr_syscall.c:189
#19 amd64_syscall (td=3D0xfffffe019cdc2300, traced=3D0)
at /usr/src/sys/amd64/amd64/trap.c:1156
#20 <signal handler called>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?51a3abc5-76b9-df09-acbe-895b62ec87b3>