Date: Thu, 29 Jun 2017 13:08:15 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-bugs@FreeBSD.org Subject: [Bug 220358] panic in tcp_lro_flush_all Message-ID: <bug-220358-8@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D220358 Bug ID: 220358 Summary: panic in tcp_lro_flush_all Product: Base System Version: CURRENT Hardware: i386 OS: Any Status: New Severity: Affects Only Me Priority: --- Component: kern Assignee: freebsd-bugs@FreeBSD.org Reporter: iz-rpi03@hs-karlsruhe.de Hi, a recent (r320396) CURRENT kernel crashes repeatable in tcp_lro_flush_all() after connecting to the network via cable. A three weeks old r319620 kernel is stable in the same environment (hardwar= e, network). Regards, Ralf Excerpt from core0.txt: FreeBSD 12.0-CURRENT FreeBSD 12.0-CURRENT #1 r320396: Wed Jun 28 09:14:27 = CEST=20 2017 root@IZ-T193196065251a:/usr/obj/usr/src/sys/E4300 i386 panic: privileged instruction fault GNU gdb (GDB) 7.12.1 [GDB v7.12.1 for FreeBSD] Copyright (C) 2017 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.htm= l> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "i386-portbld-freebsd12.0". Type "show configuration" for configuration details. For bug reporting instructions, please see: <http://www.gnu.org/software/gdb/bugs/>. Find the GDB manual and other documentation resources online at: <http://www.gnu.org/software/gdb/documentation/>. For help, type "help". Type "apropos word" to search for commands related to "word"... Reading symbols from /boot/kernel/kernel...Reading symbols from /usr/lib/debug// boot/kernel/kernel.debug...done. done. Unread portion of the kernel message buffer: Fatal trap 1: privileged instruction fault while in kernel mode cpuid =3D 1; apic id =3D 01 instruction pointer =3D 0x20:0xc7efd41b stack pointer =3D 0x28:0xe37d979c frame pointer =3D 0x28:0xe37d97e8 code segment =3D base 0x0, limit 0xfffff, type 0x1b =3D DPL 0, pres 1, def32 1, gran 1 processor eflags =3D interrupt enabled, resume, IOPL =3D 0 current process =3D 0 (if_io_tqg_1) trap number =3D 1 panic: privileged instruction fault cpuid =3D 1 time =3D 1498722247 KDB: stack backtrace: #0 0xc07dadaf at kdb_backtrace+0x4f #1 0xc079ccb3 at vpanic+0x133 #2 0xc079cb7b at panic+0x1b #3 0xc0ae38fe at trap_fatal+0x31e #4 0xc0ae2e5e at trap+0xce #5 0xc0ad1fea at calltrap+0x6 #6 0xc096bb4f at tcp_do_segment+0x219f #7 0xc0968d67 at tcp_input+0x13a7 #8 0xc08f39a6 at ip_input+0x256 #9 0xc089328c at netisr_dispatch_src+0xcc #10 0xc0893550 at netisr_dispatch+0x20 #11 0xc087d9b0 at ether_demux+0x140 #12 0xc087e65b at ether_nh_input+0x35b #13 0xc089328c at netisr_dispatch_src+0xcc #14 0xc0893550 at netisr_dispatch+0x20 #15 0xc087dc3a at ether_input+0x2a #16 0xc096dfc5 at tcp_lro_flush+0x1d5 #17 0xc096e161 at tcp_lro_flush_all+0x141 Uptime: 4m50s Physical memory: 3523 MB Dumping 144 MB: 129 113 97 81 65 49 33 17 1 Reading symbols from /boot/kernel/snd_hda.ko...Reading symbols from /usr/lib/debug//boot/kernel/snd_hda.ko.debug...done. done. Reading symbols from /boot/kernel/sound.ko...Reading symbols from /usr/lib/debug//boot/kernel/sound.ko.debug...done. done. Reading symbols from /boot/kernel/cuse.ko...Reading symbols from /usr/lib/debug//boot/kernel/cuse.ko.debug...done. done. Reading symbols from /boot/kernel/ums.ko...Reading symbols from /usr/lib/debug//boot/kernel/ums.ko.debug...done. done. Reading symbols from /boot/kernel/ng_ubt.ko...Reading symbols from /usr/lib/debug//boot/kernel/ng_ubt.ko.debug...done. done. Reading symbols from /boot/kernel/netgraph.ko...Reading symbols from /usr/lib/debug//boot/kernel/netgraph.ko.debug...done. done. Reading symbols from /boot/kernel/ng_hci.ko...Reading symbols from /usr/lib/debug//boot/kernel/ng_hci.ko.debug...done. done. Reading symbols from /boot/kernel/ng_bluetooth.ko...Reading symbols from /usr/lib/debug//boot/kernel/ng_bluetooth.ko.debug...done. done. Reading symbols from /boot/kernel/ng_l2cap.ko...Reading symbols from /usr/lib/debug//boot/kernel/ng_l2cap.ko.debug...done. done. Reading symbols from /boot/kernel/ng_btsocket.ko...Reading symbols from /usr/lib/debug//boot/kernel/ng_btsocket.ko.debug...done. done. Reading symbols from /boot/kernel/ng_socket.ko...Reading symbols from /usr/lib/debug//boot/kernel/ng_socket.ko.debug...done. done. __curthread () at ./machine/pcpu.h:225 225 __asm("movl %%fs:%1,%0" : "=3Dr" (td) (kgdb) #0 __curthread () at ./machine/pcpu.h:225 #1 doadump (textdump=3D-949457280) at /usr/src/sys/kern/kern_shutdown.c:318 #2 0xc079c924 in kern_reboot (howto=3D<optimized out>) at /usr/src/sys/kern/kern_shutdown.c:386 #3 0xc079cceb in vpanic (fmt=3D<optimized out>, ap=3D<optimized out>) at /usr/src/sys/kern/kern_shutdown.c:779 #4 0xc079cb7b in panic (fmt=3D0xc0b23936 "%s") at /usr/src/sys/kern/kern_shutdown.c:710 #5 0xc0ae38fe in trap_fatal (frame=3D<optimized out>, eva=3D<optimized out= >) at /usr/src/sys/i386/i386/trap.c:978 #6 0xc0ae2e5e in trap (frame=3D<optimized out>) at /usr/src/sys/i386/i386/trap.c:213 #7 <signal handler called> #8 0xc7efd41b in ?? () #9 0xc096bb4f in tcp_do_segment (m=3D<optimized out>, th=3D<optimized out>= ,=20 so=3D<optimized out>, tp=3D<optimized out>, drop_hdrlen=3D<optimized ou= t>,=20 tlen=3D<optimized out>, iptos=3D<optimized out>,=20 ti_locked=3D<error reading variable: Cannot access memory at address 0x= 1>) at /usr/src/sys/netinet/tcp_input.c:2444 #10 0xc0968d67 in tcp_input (mp=3D<optimized out>, offp=3D<optimized out>,= =20 proto=3D<optimized out>) at /usr/src/sys/netinet/tcp_input.c:1191 #11 0xc08f39a6 in ip_input (m=3D0x0) at /usr/src/sys/netinet/ip_input.c:823 #12 0xc089328c in netisr_dispatch_src (proto=3D<optimized out>,=20 source=3D<optimized out>, m=3D0xc7efd408) at /usr/src/sys/net/netisr.c:= 1120 #13 0xc0893550 in netisr_dispatch (proto=3D1, m=3D0xc866f500) at /usr/src/sys/net/netisr.c:1211 #14 0xc087d9b0 in ether_demux (ifp=3D0xc77ca800, m=3D0x0) at /usr/src/sys/net/if_ethersubr.c:848 #15 0xc087e65b in ether_input_internal (ifp=3D0xc77ca800, m=3D0xc7efd408) at /usr/src/sys/net/if_ethersubr.c:637 #16 ether_nh_input (m=3D<optimized out>) at /usr/src/sys/net/if_ethersubr.c= :667 #17 0xc089328c in netisr_dispatch_src (proto=3D<optimized out>,=20 source=3D<optimized out>, m=3D0xc7efd408) at /usr/src/sys/net/netisr.c:= 1120 #18 0xc0893550 in netisr_dispatch (proto=3D5, m=3D0xc866f500) at /usr/src/sys/net/netisr.c:1211 #19 0xc087dc3a in ether_input (ifp=3D0xc77ca800, m=3D0x0) at /usr/src/sys/net/if_ethersubr.c:757 #20 0xc096dfc5 in tcp_lro_flush (lc=3D0xc77ad424, le=3D<optimized out>) at /usr/src/sys/netinet/tcp_lro.c:394 #21 0xc096e161 in tcp_lro_rx_done (lc=3D0xc77ad424) at /usr/src/sys/netinet/tcp_lro.c:284 #22 tcp_lro_flush_all (lc=3D<optimized out>) at /usr/src/sys/netinet/tcp_lro.c:532 #23 0xc088dc90 in iflib_rxeof (budget=3D16, rxq=3D<optimized out>) at /usr/src/sys/net/iflib.c:2564 #24 _task_fn_rx (context=3D<optimized out>) at /usr/src/sys/net/iflib.c:3499 #25 0xc07d9aa8 in gtaskqueue_run_locked (queue=3D0xc7688000) at /usr/src/sys/kern/subr_gtaskqueue.c:329 #26 0xc07d97c7 in gtaskqueue_thread_loop (arg=3D0xc7671814) at /usr/src/sys/kern/subr_gtaskqueue.c:504 #27 0xc0764a16 in fork_exit (callout=3D0xc07d9720 <gtaskqueue_thread_loop>,= =20 arg=3D<optimized out>, frame=3D<optimized out>) at /usr/src/sys/kern/kern_fork.c:1038 #28 <signal handler called> (kgdb) --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-220358-8>