Date: Tue, 31 Aug 2021 12:57:11 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 258183] [tcp] [panic] [RACK] kernel panic in rack_setup_offset_for_rsm() at netinet/tcp_stacks/rack.c:6050 Message-ID: <bug-258183-227@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D258183 Bug ID: 258183 Summary: [tcp] [panic] [RACK] kernel panic in rack_setup_offset_for_rsm() at netinet/tcp_stacks/rack.c:6050 Product: Base System Version: 13.0-STABLE Hardware: amd64 OS: Any Status: New Severity: Affects Only Me Priority: --- Component: kern Assignee: bugs@FreeBSD.org Reporter: iron.udjin@gmail.com Hello, OS: 13.0-STABLE stable/13-n247000-5a67aaf1fa2c It seems related to tcp RACK. Fatal trap 12: page fault while in kernel mode cpuid =3D 16; apic id =3D 14 fault virtual address =3D 0x18 fault code =3D supervisor read data, page not present instruction pointer =3D 0x20:0xffffffff8161731e stack pointer =3D 0x28:0xfffffe0201d8daf0 frame pointer =3D 0x28:0xfffffe0201d8dbe0 code segment =3D base 0x0, limit 0xfffff, type 0x1b =3D DPL 0, pres 1, long 1, def32 0, gran 1 processor eflags =3D interrupt enabled, resume, IOPL =3D 0 current process =3D 0 (if_io_tqg_16) trap number =3D 12 panic: page fault cpuid =3D 16 time =3D 1630412741 KDB: stack backtrace: #0 0xffffffff805f7d75 at kdb_backtrace+0x65 #1 0xffffffff805ace27 at vpanic+0x187 #2 0xffffffff805acc93 at panic+0x43 #3 0xffffffff80858b17 at trap_fatal+0x387 #4 0xffffffff80858b6f at trap_pfault+0x4f #5 0xffffffff8085820a at trap+0x25a #6 0xffffffff80830c48 at calltrap+0x8 #7 0xffffffff8161508a at rack_log_ack+0x88a #8 0xffffffff816130cc at rack_process_ack+0x13c #9 0xffffffff81610c8e at rack_do_established+0xffe #10 0xffffffff816073a4 at rack_do_segment_nounlock+0x2244 #11 0xffffffff8161e13d at ctf_process_inbound_raw+0x9d #12 0xffffffff8161e576 at ctf_do_queued_segments+0x36 #13 0xffffffff80716ca6 at tcp_lro_flush+0xb76 #14 0xffffffff80716f8b at tcp_lro_flush_all+0x17b #15 0xffffffff806d1692 at _task_fn_rx+0xc12 #16 0xffffffff805f67ed at gtaskqueue_run_locked+0x16d #17 0xffffffff805f6453 at gtaskqueue_thread_loop+0xc3 Uptime: 1d11h24m18s Dumping 24198 out of 196241 MB:..1%..11%..21%..31%..41%..51%..61%..71%..81%..91% __curthread () at /usr/src/sys/amd64/include/pcpu_aux.h:55 55 __asm("movq %%gs:%P1,%0" : "=3Dr" (td) : "n" (offsetof(stru= ct pcpu, (kgdb) bt #0 __curthread () at /usr/src/sys/amd64/include/pcpu_aux.h:55 #1 doadump (textdump=3D<optimized out>) at /usr/src/sys/kern/kern_shutdown= .c:399 #2 0xffffffff805aca25 in kern_reboot (howto=3D260) at /usr/src/sys/kern/kern_shutdown.c:486 #3 0xffffffff805ace96 in vpanic (fmt=3D0xffffffff808b9aee "%s", ap=3D<opti= mized out>) at /usr/src/sys/kern/kern_shutdown.c:919 #4 0xffffffff805acc93 in panic (fmt=3D<unavailable>) at /usr/src/sys/kern/kern_shutdown.c:843 #5 0xffffffff80858b17 in trap_fatal (frame=3D0xfffffe0201d8da30, eva=3D24)= at /usr/src/sys/amd64/amd64/trap.c:941 #6 0xffffffff80858b6f in trap_pfault (frame=3Dframe@entry=3D0xfffffe0201d8= da30, usermode=3Dfalse, signo=3D<optimized out>, signo@entry=3D0x0, ucode=3D<opti= mized out>, ucode@entry=3D0x0) at /usr/src/sys/amd64/amd64/trap.c:760 #7 0xffffffff8085820a in trap (frame=3D0xfffffe0201d8da30) at /usr/src/sys/amd64/amd64/trap.c:438 #8 <signal handler called> #9 rack_setup_offset_for_rsm (src_rsm=3D<optimized out>, rsm=3D0xfffff8056= 8cc88c0) at /usr/src/sys/modules/tcp/rack/../../../netinet/tcp_stacks/rack.c:6050 #10 rack_proc_sack_blk (tp=3D<optimized out>, tp@entry=3D0xfffffe05926e8518, rack=3Drack@entry=3D0xfffffe03d3606040, sack=3Dsack@entry=3D0xfffffe0201d8d= c10, to=3D<optimized out>, prsm=3D<optimized out>, prsm@entry=3D0xfffffe0201d8dc= 78, cts=3Dcts@entry=3D2904271550, moved_two=3D0xfffffe0201d8dc94) at /usr/src/sys/modules/tcp/rack/../../../netinet/tcp_stacks/rack.c:8507 #11 0xffffffff8161508a in rack_log_ack (tp=3D<optimized out>, tp@entry=3D0xfffffe05926e8518, to=3D<optimized out>, to@entry=3D0xfffffe020= 1d8e080, th=3Dth@entry=3D0xfffff801e62bd47a, entered_recovery=3D0, dup_ack_struck=3D= <optimized out>) at /usr/src/sys/modules/tcp/rack/../../../netinet/tcp_stacks/rack.c:9= 325 #12 0xffffffff816130cc in rack_process_ack (m=3Dm@entry=3D0xfffff801e62bd40= 0, th=3Dth@entry=3D0xfffff801e62bd47a, so=3Dso@entry=3D0xfffff8113b427000, tp=3Dtp@entry=3D0xfffffe05926e8518, to=3Dto@entry=3D0xfffffe0201d8e080, tiwin=3D<optimized out>, tlen=3D0, ofia=3D0x0, thflags=3D16, ret_val=3D0xfffffe0201d8ded4) at /usr/src/sys/modules/tcp/rack/../../../netinet/tcp_stacks/rack.c:9830 #13 0xffffffff81610c8e in rack_do_established (m=3D0xfffff801e62bd400, th=3D<optimized out>, so=3D0xfffff8113b427000, tp=3D0xfffffe05926e8518, to=3D0xfffffe0201d8e080, drop_hdrlen=3D52, tlen=3D-748658560, tiwin=3D13132= 8, thflags=3D0, nxt_pkt=3D1, iptos=3D0 '\000') at /usr/src/sys/modules/tcp/rack/../../../netinet/tcp_stacks/rack.c:11346 #14 0xffffffff816073a4 in rack_do_segment_nounlock (m=3D0xfffff801e62bd400, th=3D<optimized out>, so=3D0xfffff8113b427000, tp=3D0xfffffe05926e8518, drop_hdrlen=3D780023670, tlen=3D<optimized out>, iptos=3D0 '\000', nxt_pkt= =3D1, tv=3D0xfffffe0201d8e128) at /usr/src/sys/modules/tcp/rack/../../../netinet/tcp_stacks/rack.c:13986 #15 0xffffffff8161e13d in ctf_process_inbound_raw (tp=3D0xfffffe05926e8518, so=3D0xfffff8113b427000, m=3D0xfffff801e62bd400, has_pkt=3D0) at /usr/src/sys/modules/tcp/rack/../../../netinet/tcp_stacks/rack_bbr_common.c= :502 #16 0xffffffff8161e576 in ctf_do_queued_segments (so=3D0x0, tp=3D<optimized= out>, have_pkt=3D0) at /usr/src/sys/modules/tcp/rack/../../../netinet/tcp_stacks/rack_bbr_common.c= :538 #17 0xffffffff80716ca6 in tcp_lro_flush_tcphpts (lc=3D<optimized out>, le=3D<optimized out>) at /usr/src/sys/netinet/tcp_lro.c:1328 #18 tcp_lro_flush (lc=3Dlc@entry=3D0xfffffe014d159a30, le=3D0xfffffe0150585= 690) at /usr/src/sys/netinet/tcp_lro.c:1345 #19 0xffffffff80716f8b in tcp_lro_rx_done (lc=3D0xfffffe014d159a30) at /usr/src/sys/netinet/tcp_lro.c:562 #20 tcp_lro_flush_all (lc=3Dlc@entry=3D0xfffffe014d159a30) at /usr/src/sys/netinet/tcp_lro.c:1506 #21 0xffffffff806d1692 in iflib_rxeof (rxq=3D<optimized out>, budget=3D<opt= imized out>) at /usr/src/sys/net/iflib.c:3056 #22 _task_fn_rx (context=3D<optimized out>) at /usr/src/sys/net/iflib.c:3988 #23 0xffffffff805f67ed in gtaskqueue_run_locked (queue=3Dqueue@entry=3D0xfffff80104ce1300) at /usr/src/sys/kern/subr_gtaskqueue.c:371 #24 0xffffffff805f6453 in gtaskqueue_thread_loop (arg=3D<optimized out>, arg@entry=3D0xfffffe014d8cd188) at /usr/src/sys/kern/subr_gtaskqueue.c:547 #25 0xffffffff8056cef9 in fork_exit (callout=3D0xffffffff805f6390 <gtaskqueue_thread_loop>, arg=3D0xfffffe014d8cd188, frame=3D0xfffffe0201d8e= 480) at /usr/src/sys/kern/kern_fork.c:1083 #26 <signal handler called> (kgdb) --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-258183-227>