From owner-freebsd-bugs@freebsd.org Thu Jun 29 13:08:15 2017 Return-Path: Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7E7AAD9D3E6 for ; Thu, 29 Jun 2017 13:08:15 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 6CE1C83F85 for ; Thu, 29 Jun 2017 13:08:15 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id v5TD8Fea099593 for ; Thu, 29 Jun 2017 13:08:15 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-bugs@FreeBSD.org Subject: [Bug 220358] panic in tcp_lro_flush_all Date: Thu, 29 Jun 2017 13:08:15 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: CURRENT X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: iz-rpi03@hs-karlsruhe.de X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform op_sys bug_status bug_severity priority component assigned_to reporter Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 29 Jun 2017 13:08:15 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D220358 Bug ID: 220358 Summary: panic in tcp_lro_flush_all Product: Base System Version: CURRENT Hardware: i386 OS: Any Status: New Severity: Affects Only Me Priority: --- Component: kern Assignee: freebsd-bugs@FreeBSD.org Reporter: iz-rpi03@hs-karlsruhe.de Hi, a recent (r320396) CURRENT kernel crashes repeatable in tcp_lro_flush_all() after connecting to the network via cable. A three weeks old r319620 kernel is stable in the same environment (hardwar= e, network). Regards, Ralf Excerpt from core0.txt: FreeBSD 12.0-CURRENT FreeBSD 12.0-CURRENT #1 r320396: Wed Jun 28 09:14:27 = CEST=20 2017 root@IZ-T193196065251a:/usr/obj/usr/src/sys/E4300 i386 panic: privileged instruction fault GNU gdb (GDB) 7.12.1 [GDB v7.12.1 for FreeBSD] Copyright (C) 2017 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "i386-portbld-freebsd12.0". Type "show configuration" for configuration details. For bug reporting instructions, please see: . Find the GDB manual and other documentation resources online at: . For help, type "help". Type "apropos word" to search for commands related to "word"... Reading symbols from /boot/kernel/kernel...Reading symbols from /usr/lib/debug// boot/kernel/kernel.debug...done. done. Unread portion of the kernel message buffer: Fatal trap 1: privileged instruction fault while in kernel mode cpuid =3D 1; apic id =3D 01 instruction pointer =3D 0x20:0xc7efd41b stack pointer =3D 0x28:0xe37d979c frame pointer =3D 0x28:0xe37d97e8 code segment =3D base 0x0, limit 0xfffff, type 0x1b =3D DPL 0, pres 1, def32 1, gran 1 processor eflags =3D interrupt enabled, resume, IOPL =3D 0 current process =3D 0 (if_io_tqg_1) trap number =3D 1 panic: privileged instruction fault cpuid =3D 1 time =3D 1498722247 KDB: stack backtrace: #0 0xc07dadaf at kdb_backtrace+0x4f #1 0xc079ccb3 at vpanic+0x133 #2 0xc079cb7b at panic+0x1b #3 0xc0ae38fe at trap_fatal+0x31e #4 0xc0ae2e5e at trap+0xce #5 0xc0ad1fea at calltrap+0x6 #6 0xc096bb4f at tcp_do_segment+0x219f #7 0xc0968d67 at tcp_input+0x13a7 #8 0xc08f39a6 at ip_input+0x256 #9 0xc089328c at netisr_dispatch_src+0xcc #10 0xc0893550 at netisr_dispatch+0x20 #11 0xc087d9b0 at ether_demux+0x140 #12 0xc087e65b at ether_nh_input+0x35b #13 0xc089328c at netisr_dispatch_src+0xcc #14 0xc0893550 at netisr_dispatch+0x20 #15 0xc087dc3a at ether_input+0x2a #16 0xc096dfc5 at tcp_lro_flush+0x1d5 #17 0xc096e161 at tcp_lro_flush_all+0x141 Uptime: 4m50s Physical memory: 3523 MB Dumping 144 MB: 129 113 97 81 65 49 33 17 1 Reading symbols from /boot/kernel/snd_hda.ko...Reading symbols from /usr/lib/debug//boot/kernel/snd_hda.ko.debug...done. done. Reading symbols from /boot/kernel/sound.ko...Reading symbols from /usr/lib/debug//boot/kernel/sound.ko.debug...done. done. Reading symbols from /boot/kernel/cuse.ko...Reading symbols from /usr/lib/debug//boot/kernel/cuse.ko.debug...done. done. Reading symbols from /boot/kernel/ums.ko...Reading symbols from /usr/lib/debug//boot/kernel/ums.ko.debug...done. done. Reading symbols from /boot/kernel/ng_ubt.ko...Reading symbols from /usr/lib/debug//boot/kernel/ng_ubt.ko.debug...done. done. Reading symbols from /boot/kernel/netgraph.ko...Reading symbols from /usr/lib/debug//boot/kernel/netgraph.ko.debug...done. done. Reading symbols from /boot/kernel/ng_hci.ko...Reading symbols from /usr/lib/debug//boot/kernel/ng_hci.ko.debug...done. done. Reading symbols from /boot/kernel/ng_bluetooth.ko...Reading symbols from /usr/lib/debug//boot/kernel/ng_bluetooth.ko.debug...done. done. Reading symbols from /boot/kernel/ng_l2cap.ko...Reading symbols from /usr/lib/debug//boot/kernel/ng_l2cap.ko.debug...done. done. Reading symbols from /boot/kernel/ng_btsocket.ko...Reading symbols from /usr/lib/debug//boot/kernel/ng_btsocket.ko.debug...done. done. Reading symbols from /boot/kernel/ng_socket.ko...Reading symbols from /usr/lib/debug//boot/kernel/ng_socket.ko.debug...done. done. __curthread () at ./machine/pcpu.h:225 225 __asm("movl %%fs:%1,%0" : "=3Dr" (td) (kgdb) #0 __curthread () at ./machine/pcpu.h:225 #1 doadump (textdump=3D-949457280) at /usr/src/sys/kern/kern_shutdown.c:318 #2 0xc079c924 in kern_reboot (howto=3D) at /usr/src/sys/kern/kern_shutdown.c:386 #3 0xc079cceb in vpanic (fmt=3D, ap=3D) at /usr/src/sys/kern/kern_shutdown.c:779 #4 0xc079cb7b in panic (fmt=3D0xc0b23936 "%s") at /usr/src/sys/kern/kern_shutdown.c:710 #5 0xc0ae38fe in trap_fatal (frame=3D, eva=3D) at /usr/src/sys/i386/i386/trap.c:978 #6 0xc0ae2e5e in trap (frame=3D) at /usr/src/sys/i386/i386/trap.c:213 #7 #8 0xc7efd41b in ?? () #9 0xc096bb4f in tcp_do_segment (m=3D, th=3D= ,=20 so=3D, tp=3D, drop_hdrlen=3D,=20 tlen=3D, iptos=3D,=20 ti_locked=3D) at /usr/src/sys/netinet/tcp_input.c:2444 #10 0xc0968d67 in tcp_input (mp=3D, offp=3D,= =20 proto=3D) at /usr/src/sys/netinet/tcp_input.c:1191 #11 0xc08f39a6 in ip_input (m=3D0x0) at /usr/src/sys/netinet/ip_input.c:823 #12 0xc089328c in netisr_dispatch_src (proto=3D,=20 source=3D, m=3D0xc7efd408) at /usr/src/sys/net/netisr.c:= 1120 #13 0xc0893550 in netisr_dispatch (proto=3D1, m=3D0xc866f500) at /usr/src/sys/net/netisr.c:1211 #14 0xc087d9b0 in ether_demux (ifp=3D0xc77ca800, m=3D0x0) at /usr/src/sys/net/if_ethersubr.c:848 #15 0xc087e65b in ether_input_internal (ifp=3D0xc77ca800, m=3D0xc7efd408) at /usr/src/sys/net/if_ethersubr.c:637 #16 ether_nh_input (m=3D) at /usr/src/sys/net/if_ethersubr.c= :667 #17 0xc089328c in netisr_dispatch_src (proto=3D,=20 source=3D, m=3D0xc7efd408) at /usr/src/sys/net/netisr.c:= 1120 #18 0xc0893550 in netisr_dispatch (proto=3D5, m=3D0xc866f500) at /usr/src/sys/net/netisr.c:1211 #19 0xc087dc3a in ether_input (ifp=3D0xc77ca800, m=3D0x0) at /usr/src/sys/net/if_ethersubr.c:757 #20 0xc096dfc5 in tcp_lro_flush (lc=3D0xc77ad424, le=3D) at /usr/src/sys/netinet/tcp_lro.c:394 #21 0xc096e161 in tcp_lro_rx_done (lc=3D0xc77ad424) at /usr/src/sys/netinet/tcp_lro.c:284 #22 tcp_lro_flush_all (lc=3D) at /usr/src/sys/netinet/tcp_lro.c:532 #23 0xc088dc90 in iflib_rxeof (budget=3D16, rxq=3D) at /usr/src/sys/net/iflib.c:2564 #24 _task_fn_rx (context=3D) at /usr/src/sys/net/iflib.c:3499 #25 0xc07d9aa8 in gtaskqueue_run_locked (queue=3D0xc7688000) at /usr/src/sys/kern/subr_gtaskqueue.c:329 #26 0xc07d97c7 in gtaskqueue_thread_loop (arg=3D0xc7671814) at /usr/src/sys/kern/subr_gtaskqueue.c:504 #27 0xc0764a16 in fork_exit (callout=3D0xc07d9720 ,= =20 arg=3D, frame=3D) at /usr/src/sys/kern/kern_fork.c:1038 #28 (kgdb) --=20 You are receiving this mail because: You are the assignee for the bug.=