Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 10 Jun 2024 19:56:13 +0000
From:      bugzilla-noreply@freebsd.org
To:        bugs@FreeBSD.org
Subject:   [Bug 279653] Page fault in in6_selecthlim
Message-ID:  <bug-279653-227@https.bugs.freebsd.org/bugzilla/>

next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D279653

            Bug ID: 279653
           Summary: Page fault in in6_selecthlim
           Product: Base System
           Version: 14.0-STABLE
          Hardware: amd64
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: kern
          Assignee: bugs@FreeBSD.org
          Reporter: amigan@gmail.com

14-STABLE eff27c3872300e594e0b410364a02302fc555121 built 4 June.

This machine is a gateway and does indeed use ipv6. It runs dns/blocky (a
filtering resolver, like pi-hole written in go) in a jail that lives on ZFS.
The rest of the system is on UFS. I had just rolled back the jail to an old
snapshot when this happened, but I'm not positive that is related, even tho=
ugh
it appears to have crashed after I hit enter on the zfs rollback command. It
looks like it crashed when blocky went to close a TCP connection (the upstr=
eam
resolver is DNS-over-https using ipv6).

Message buffer:
Fatal trap 12: page fault while in kernel mode
cpuid =3D 3; apic id =3D 06
fault virtual address   =3D 0x10
fault code              =3D supervisor read data, page not present
instruction pointer     =3D 0x20:0xffffffff80b10416
stack pointer           =3D 0x28:0xfffffe00b4245980
frame pointer           =3D 0x28:0xfffffe00b42459b0
code segment            =3D base 0x0, limit 0xfffff, type 0x1b
                        =3D DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags        =3D interrupt enabled, resume, IOPL =3D 0
current process         =3D 11116 (blocky)
rdi: fffff8004c742000 rsi: 000000000000001c rdx: fffff801dba0a278
rcx: fffff8004c742000  r8: 00000000ffffffbd  r9: 0000000000000018
rax: 0000000000000000 rbx: 0000000000000000 rbp: fffffe00b42459b0
r10: fffff8004ca20e20 r11: fffff8005ec6b880 r12: fffff8003fb4e898
r13: 0000000000000000 r14: fffffe00b424598c r15: 0000000000010480
trap number             =3D 12
panic: page fault
cpuid =3D 3
time =3D 1718033759
KDB: stack backtrace:
#0 0xffffffff808b899d at kdb_backtrace+0x5d
#1 0xffffffff8086b701 at vpanic+0x131
#2 0xffffffff8086b5c3 at panic+0x43
#3 0xffffffff80d6325b at trap_fatal+0x40b
#4 0xffffffff80d632a6 at trap_pfault+0x46
#5 0xffffffff80d3b718 at calltrap+0x8
#6 0xffffffff80adda9a at tcp_default_output+0x1cda
#7 0xffffffff80aef193 at tcp_usr_disconnect+0x83
#8 0xffffffff8090ff05 at soclose+0x75
#9 0xffffffff8080a5c1 at _fdrop+0x11
#10 0xffffffff8080d82a at closef+0x24a
#11 0xffffffff8080cee6 at fdescfree+0x4e6
#12 0xffffffff8081fa2e at exit1+0x49e
#13 0xffffffff8081f58d at sys_exit+0xd
#14 0xffffffff80d63b15 at amd64_syscall+0x115
#15 0xffffffff80d3c02b at fast_syscall_common+0xf8

kgdb backtrace:
(kgdb) bt
#0  __curthread () at /usr/src/sys/amd64/include/pcpu_aux.h:57
#1  doadump (textdump=3D<optimized out>) at /usr/src/sys/kern/kern_shutdown=
.c:405
#2  0xffffffff8086b297 in kern_reboot (howto=3D260) at
/usr/src/sys/kern/kern_shutdown.c:523
#3  0xffffffff8086b76e in vpanic (fmt=3D0xffffffff80e79c24 "%s",
ap=3Dap@entry=3D0xfffffe00b42457e0) at /usr/src/sys/kern/kern_shutdown.c:967
#4  0xffffffff8086b5c3 in panic (fmt=3D<unavailable>) at
/usr/src/sys/kern/kern_shutdown.c:891
#5  0xffffffff80d6325b in trap_fatal (frame=3D0xfffffe00b42458c0, eva=3D16)=
 at
/usr/src/sys/amd64/amd64/trap.c:952
#6  0xffffffff80d632a6 in trap_pfault (frame=3D<unavailable>, usermode=3Dfa=
lse,
signo=3D<optimized out>, ucode=3D<optimized out>) at
/usr/src/sys/amd64/amd64/trap.c:760
#7  <signal handler called>
#8  0xffffffff80b10416 in in6_selecthlim (inp=3Dinp@entry=3D0xfffff8005ea2b=
540,
ifp=3Difp@entry=3D0x0) at /usr/src/sys/netinet6/in6_src.c:850
#9  0xffffffff80adda9a in tcp_default_output (tp=3D0xfffff8005ea2b540) at
/usr/src/sys/netinet/tcp_output.c:1444
#10 0xffffffff80aef193 in tcp_usr_disconnect (so=3D<optimized out>) at
/usr/src/sys/netinet/tcp_usrreq.c:705
#11 0xffffffff8090ff05 in sodisconnect (so=3D0xfffff80136b683c0) at
/usr/src/sys/kern/uipc_socket.c:1436
#12 soclose (so=3D0xfffff80136b683c0) at /usr/src/sys/kern/uipc_socket.c:12=
71
#13 0xffffffff8080a5c1 in fo_close (fp=3D0xfffff8004c742000,
fp@entry=3D0xfffff8019bc50730, td=3D0x1c, td@entry=3D0xfffff8019bc50730) at
/usr/src/sys/sys/file.h:392
#14 _fdrop (fp=3D0xfffff8004c742000, fp@entry=3D0xfffff8019bc50730, td=3D0x=
1c,
td@entry=3D0xfffff801db4cb000) at /usr/src/sys/kern/kern_descrip.c:3670
#15 0xffffffff8080d82a in closef (fp=3Dfp@entry=3D0xfffff8019bc50730,
td=3Dtd@entry=3D0xfffff801db4cb000) at /usr/src/sys/kern/kern_descrip.c:2843
#16 0xffffffff8080cee6 in fdescfree_fds (td=3D0xfffff801db4cb000,
fdp=3D0xfffffe00b1260860) at /usr/src/sys/kern/kern_descrip.c:2566
#17 fdescfree (td=3Dtd@entry=3D0xfffff801db4cb000) at
/usr/src/sys/kern/kern_descrip.c:2609
#18 0xffffffff8081fa2e in exit1 (td=3D0xfffff801db4cb000, rval=3D<optimized=
 out>,
signo=3Dsigno@entry=3D0) at /usr/src/sys/kern/kern_exit.c:404
#19 0xffffffff8081f58d in sys_exit (td=3D0xfffff8004c742000, uap=3D<optimiz=
ed out>)
at /usr/src/sys/kern/kern_exit.c:210
#20 0xffffffff80d63b15 in syscallenter (td=3D0xfffff801db4cb000) at
/usr/src/sys/amd64/amd64/../../kern/subr_syscall.c:191
#21 amd64_syscall (td=3D0xfffff801db4cb000, traced=3D0) at
/usr/src/sys/amd64/amd64/trap.c:1194
#22 <signal handler called>
#23 0x000000000047398b in ?? ()
Backtrace stopped: Cannot access memory at address 0x8702b7ee8

--=20
You are receiving this mail because:
You are the assignee for the bug.=



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-279653-227>