Date: Thu, 28 Mar 2019 05:26:01 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 236846] FreeBSD 12.0-STABLE-p3 r345567: panic: vm_fault_hold: fault on nofault entry Message-ID: <bug-236846-227@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=236846 Bug ID: 236846 Summary: FreeBSD 12.0-STABLE-p3 r345567: panic: vm_fault_hold: fault on nofault entry Product: Base System Version: 12.0-RELEASE Hardware: amd64 OS: Any Status: New Severity: Affects Only Me Priority: --- Component: kern Assignee: bugs@FreeBSD.org Reporter: ietf-dane@dukhovni.org CC: alex@inferiorhumanorgans.com, chernov_victor@list.ru, d8zNeCFG@aon.at, emaste@freebsd.org, girgen@FreeBSD.org, ietf-dane@dukhovni.org, langerruslan@gmail.com, mandrews@bit0.com, markj@FreeBSD.org, pascal.christen@hostpoint.ch, pi@FreeBSD.org, sbruno@FreeBSD.org, sdalu@sdalu.com After recompiling the 11.2 code that led to kevent crashes (<https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=234296#c31>) natively on 12.0-RELEASE-p3, after running for 30 minutes to an hour the code again triggered a kernel panic, but this time not in kevent: panic: vm_fault_hold: fault on nofault entry, addr: 0xfffffe00c9f87000 cpuid = 0 time = 1553747701 KDB: stack backtrace: #0 0xffffffff80be7977 at kdb_backtrace+0x67 #1 0xffffffff80b9b563 at vpanic+0x1a3 #2 0xffffffff80b9b3b3 at panic+0x43 #3 0xffffffff80edd120 at unlock_and_deallocate+0 #4 0xffffffff80eda970 at vm_fault+0x60 #5 0xffffffff81074ae3 at trap_pfault+0x163 #6 0xffffffff81073fee at trap+0x29e #7 0xffffffff8104f465 at calltrap+0x8 #8 0xffffffff80d26cdd at ip_input+0x45d #9 0xffffffff80cbc576 at netisr_dispatch_src+0xd6 #10 0xffffffff80ca0e63 at ether_demux+0x163 #11 0xffffffff80ca1fc6 at ether_nh_input+0x346 #12 0xffffffff80cbc576 at netisr_dispatch_src+0xd6 #13 0xffffffff80ca1264 at ether_input+0x54 #14 0xffffffff80cb8726 at iflib_rxeof+0xa16 #15 0xffffffff80cb3556 at _task_fn_rx+0x76 #16 0xffffffff80be6204 at gtaskqueue_run_locked+0x144 #17 0xffffffff80be5e68 at gtaskqueue_thread_loop+0x98 This time I have a crash dump. And, FWIW: $ addr2line -afi -e /usr/lib/debug/boot/kernel/kernel.debug 0xffffffff80d26cdd 0xffffffff80d26cdd ip_input /usr/src/sys/netinet/ip_input.c:605 >From kgdb: (kgdb) fr 28 #28 0xffffffff80d26cdd in ip_input (m=0xfffff80111e4ec00) at /usr/src/sys/netinet/ip_input.c:605 605 if (pfil_run_hooks(&V_inet_pfil_hook, &m, ifp, PFIL_IN, 0, NULL) != 0) (kgdb) p *m $2 = {{m_next = 0x0, m_slist = {sle_next = 0x0}, m_stailq = {stqe_next = 0x0}}, {m_nextpkt = 0x0, m_slistpkt = {sle_next = 0x0}, m_stailqpkt = {stqe_next = 0x0}}, m_data = 0xfffff8051f18900e "E", m_len = 420, m_type = 1, m_flags = 3, {{m_pkthdr = {{ snd_tag = 0xfffff80003d1e000, rcvif = 0xfffff80003d1e000}, tags = {slh_first = 0x0}, len = 420, flowid = 2776446732, csum_flags = 251658240, fibnum = 0, cosqos = 0 '\000', rsstype = 63 '?', {rcv_tstmp = 0, {l2hlen = 0 '\000', l3hlen = 0 '\000', l4hlen = 0 '\000', l5hlen = 0 '\000', spare = 0}}, PH_per = { eight = "\000\000\000\000\377\377\000", sixteen = {0, 0, 65535, 0}, thirtytwo = {0, 65535}, sixtyfour = { 281470681743360}, unintptr = {281470681743360}, ptr = 0xffff00000000}, PH_loc = { eight = "\000\000\000\000\000\000\000", sixteen = {0, 0, 0, 0}, thirtytwo = {0, 0}, sixtyfour = {0}, unintptr = {0}, ptr = 0x0}}, {m_ext = {{ext_count = 1, ext_cnt = 0x5443454c00000001}, ext_buf = 0xfffff8051f189000 "\f\304z\340H\250\\E'tD\306\b", ext_size = 2048, ext_type = 1, ext_flags = 1, ext_free = 0x0, ext_arg1 = 0x0, ext_arg2 = 0x0}, m_pktdat = 0xfffff80111e4ec58 "\001"}}, m_dat = 0xfffff80111e4ec20 ""}} (kgdb) p *ifp $3 = {if_link = {cstqe_next = 0xfffff80111e4ec00}, if_clones = {le_next = 0x1, le_prev = 0x38}, if_groups = {cstqh_first = 0x1, cstqh_last = 0xfffff80003792000}, if_alloctype = 0 '\000', if_softc = 0xfffffe0075df26b0, if_llsoftc = 0xffffffff80cbc576 <netisr_dispatch_src+214>, if_l2com = 0xe74d00, if_dname = 0xffffffff80e71134 <mac_ifnet_create_mbuf+292> "\200<%=\020\240\201", if_dunit = -2113854840, if_index = 65535, if_index_reserved = -1, if_xname = "\000\b\000\000\000\000\000\000\000 y\003", <incomplete sequence \370\377\377>, if_description = 0x8 <error: Cannot access memory at address 0x8>, if_flags = 64086016, if_drv_flags = -2048, if_capabilities = 64086016, if_capenable = -2048, if_linkmib = 0xfffffe0075df26e0, if_linkmiblen = 18446744071575309923, if_refcount = 58269696, if_type = 0 '\000', if_addrlen = 248 '\370', if_hdrlen = 255 '\377', if_link_state = 255 '\377', if_mtu = 300215296, if_metric = 4294965249, if_baudrate = 18446735282211712000, if_hwassist = 18446735299613069312, if_epoch = -2197045696704, if_lastchange = {tv_sec = -2134237242, tv_usec = 512}, if_snd = {ifq_head = 0x7, ifq_tail = 0xfffffe0075df27c0, ifq_len = 50907712, ifq_maxlen = -2048, ifq_mtx = {lock_object = { lo_name = 0xfffff80111e4ec00 "", lo_flags = 5, lo_data = 0, lo_witness = 0x118}, mtx_lock = 5}, ifq_drv_head = 0xfffff80003792000, ifq_drv_tail = 0x0, ifq_drv_len = 1977558928, ifq_drv_maxlen = -512, altq_type = -2134129290, altq_flags = -1, altq_disc = 0xe74d00, altq_ifp = 0x0, altq_enqueue = 0x175df27c0, altq_dequeue = 0xfffff80003792000, altq_request = 0x0, altq_clfier = 0xfffff80111e4ec00, altq_classify = 0xfffff80003d1e000, altq_tbr = 0x0, altq_cdnr = 0xfffffe0075df27c0}, if_linktask = {ta_link = {stqe_next = 0xffffffff80ca1264 <ether_input+84>}, ta_pending = 0, ta_priority = 0, ta_func = 0x1b2, ta_context = 0xfffff80003d1e000}, if_addr_lock = {lock_object = { lo_name = 0x1 <error: Cannot access memory at address 0x1>, lo_flags = 1977559200, lo_data = 4294966784, lo_witness = 0xffffffff80cb8726 <iflib_rxeof+2582>}, mtx_lock = 18446741877785532224}, if_addrhead = { cstqh_first = 0xfffffe00b8ba7740, cstqh_last = 0xfffff80003d49800}, if_multiaddrs = {cstqh_first = 0xffffffffffff00e8, cstqh_last = 0xfffff80003d3e140}, if_amcount = 64264192, if_addr = 0xfffff80003d13000, if_hw_addr = 0xe801b200000000, if_broadcastaddr = 0xfffff80003d1e000 "", if_afdata_lock = {lock_object = {lo_name = 0xfffff80003d3e140 "", lo_flags = 2776446732, lo_data = 251658240, lo_witness = 0x3f01000000ffff}, mtx_lock = 18446735281926513849}, if_afdata = { 0xfffff8017eaaec01, 0xfffff80003d3e030, 0x18ffffffff, 0xfffff80003d3e000, 0xffffffff81a76540 <igb_sctx_init>, 0xfffff80003d1e000, 0xfffff801000001b2, 0x0, 0xfffff80003784000, 0xfffff80003d13000, 0xfffffe0075df2908, 0xfffff80003d3e000, 0xfffff80003784050, 0xfffffe0075df28e0, 0xffffffff80cb3556 <_task_fn_rx+118>, 0x0, 0xfffff80003784000, 0xfffff80003784000, 0xfffff80003d3e090, 0xfffffe0075df2900, 0xfffff80003784050, 0xfffffe0075df2940, 0xffffffff80be6204 <gtaskqueue_run_locked+324>, 0xfffffe0075df2940, 0xfffff80003784038, 0xfffff80003d3e090, 0x0, 0xfffff80003784028, 0xfffff80003784038, 0xfffffe00041fd008, 0xffffffff81fe62e0 <proc0>, 0xfffff80003784000, 0xffffffff80be5dd0 <gtaskqueue_thread_loop>, 0xfffffe0075df2970, 0xffffffff80be5e68 <gtaskqueue_thread_loop+152>, 0xfffffe0075df2960, 0x202, 0xfffff80003792000, 0xfffffe0075df29c0, 0xfffffe0075df29b0, 0xffffffff80b5bf33 <fork_exit+131>, 0x0}, if_afdata_initialized = 69193736, if_fib = 4294966784, if_vnet = 0xffffffff80be5dd0 <gtaskqueue_thread_loop>, if_home_vnet = 0x0, if_vlantrunk = 0xffffffff81ea6300 <tdq_cpu>, if_bpf = 0xffffffff81fe6820 <thread0_st>, if_pcount = 0, if_bridge = 0xffffffff8105045e <fork_trampoline+14>, if_lagg = 0x0, if_pf_kif = 0x0, if_carp = 0x0, if_label = 0x0, if_netmap = 0x0, if_output = 0x0, if_input = 0x0, if_bridge_input = 0x0, if_bridge_output = 0x0, if_bridge_linkstate = 0x0, if_start = 0x0, if_ioctl = 0x0, if_init = 0x0, if_resolvemulti = 0x0, if_qflush = 0x0, if_transmit = 0x0, if_reassign = 0x0, if_get_counter = 0x0, if_requestencap = 0x0, if_counters = {0x0, 0x0, 0x0, 0x0, 0x0, 0xfffff80003792000, 0xffffffff81f74688 <sleepq_chains+4104>, 0x0, 0x0, 0xfffffe0075df2890, 0xfffffe0075df27c8, 0xfffff800036db000}, if_hw_tsomax = 2159857853, if_hw_tsomaxsegcount = 4294967295, if_hw_tsomaxsegsize = 0, if_snd_tag_alloc = 0x0, if_snd_tag_modify = 0x0, if_snd_tag_query = 0x0, if_snd_tag_free = 0x0, if_pcp = 0 '\000', if_netdump_methods = 0x0, if_epoch_ctx = {data = {0x0, 0x0}}, if_addr_et = {datap = {0x0, 0x0, 0x0}, datai = {0}}, if_maddr_et = {datap = {0x0, 0x0, 0x0}, datai = {0}}, if_ispare = {1, 0, 0, 0}} -- You are receiving this mail because: You are the assignee for the bug.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-236846-227>