Date: Mon, 13 Jun 2022 08:14:28 +0000 From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 264257] [tcp] Panic: Fatal trap 12: page fault while in kernel mode (if_io_tqg_4) - m_copydata ... at /usr/src/sys/kern/uipc_mbuf.c:659 Message-ID: <bug-264257-7501-U2untHgcug@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-264257-7501@https.bugs.freebsd.org/bugzilla/> References: <bug-264257-7501@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D264257 Dmitriy <supportme@ukr.net> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |supportme@ukr.net --- Comment #49 from Dmitriy <supportme@ukr.net> --- (In reply to Richard Scheffenegger from comment #37) Good day to all. We most likely got into exactly the same problem and backtrace. Here is some information that we hope will be of some help. If there is anything else we can help with, please just let me know. 13.1-STABLE FreeBSD 13.1-STABLE #0 stable/13-n251001-41ce229505a: Sat Jun 4 19:47:50 EEST 2022 kgdb /usr/lib/debug/boot/kernel/kernel.debug /var/crash/vmcore.0 ... Fatal trap 12: page fault while in kernel mode cpuid =3D 2; apic id =3D 04 fault virtual address =3D 0x18 fault code =3D supervisor read data, page not present instruction pointer =3D 0x20:0xffffffff806e5569 stack pointer =3D 0x28:0xfffffe027ac53690 frame pointer =3D 0x28:0xfffffe027ac53700 code segment =3D base 0x0, limit 0xfffff, type 0x1b =3D DPL 0, pres 1, long 1, def32 0, gran 1 processor eflags =3D interrupt enabled, resume, IOPL =3D 0 current process =3D 0 (if_io_tqg_2) trap number =3D 12 panic: page fault cpuid =3D 2 time =3D 1655099122 KDB: stack backtrace: #0 0xffffffff806a0cc5 at kdb_backtrace+0x65 #1 0xffffffff80657a0f at vpanic+0x17f #2 0xffffffff80657883 at panic+0x43 #3 0xffffffff80a03837 at trap_fatal+0x387 #4 0xffffffff80a0388f at trap_pfault+0x4f #5 0xffffffff809dcbe8 at calltrap+0x8 #6 0xffffffff807cbee9 at tcp_output+0x1329 #7 0xffffffff807c332b at tcp_do_segment+0x29db #8 0xffffffff807bfc21 at tcp_input_with_port+0xb61 #9 0xffffffff807c08bb at tcp_input+0xb #10 0xffffffff807b2118 at ip_input+0x118 #11 0xffffffff807890b9 at netisr_dispatch_src+0xb9 #12 0xffffffff8076d554 at ether_demux+0x144 #13 0xffffffff8076e8b6 at ether_nh_input+0x346 #14 0xffffffff807890b9 at netisr_dispatch_src+0xb9 #15 0xffffffff8076d979 at ether_input+0x69 #16 0xffffffff80780bf1 at _task_fn_rx+0xc31 #17 0xffffffff8069f6dd at gtaskqueue_run_locked+0x15d Uptime: 8d12h42m8s Dumping 15966 out of 262007 MB:..1%..11%..21%..31%..41%..51%..61%..71%..81%..91% __curthread () at /usr/src/sys/amd64/include/pcpu_aux.h:55 55 __asm("movq %%gs:%P1,%0" : "=3Dr" (td) : "n" (offsetof(stru= ct pcpu, (kgdb) f 10 #10 0xffffffff807c332b in tcp_do_segment (m=3D0xfffff8020c425400, th=3D0xfffff8020c42547a, so=3D0xfffff8179dcc1760, tp=3D0xfffffe09a5da7950, drop_hdrlen=3D41, tlen=3D<optimized out>, iptos=3D0 '\000') at /usr/src/sys/netinet/tcp_input.c:2637 2637 (void) tp->t_fb->tfb_tcp_output(tp); (kgdb) p *tp $12 =3D {t_inpcb =3D 0xfffff81612d9f1f0, t_fb =3D 0xffffffff80ebe670 <tcp_def_funcblk>, t_fb_ptr =3D 0x0, t_maxseg =3D 1440, t_logstate =3D 0, t= _port =3D 0, t_state =3D 8, t_idle_reduce =3D 0, t_delayed_ack =3D 0, t_fin_is_rst =3D 0, t_log_state_set =3D 0,=20 bits_spare =3D 0, t_flags =3D 537920116, snd_una =3D 893181596, snd_max = =3D 893186736, snd_nxt =3D 893186736, snd_up =3D 893181596, snd_wnd =3D 66240, = snd_cwnd =3D 7996, t_peakrate_thr =3D 0, ts_offset =3D 0, rfbuf_ts =3D 736745954, rcv_nu= msacks =3D 0,=20 t_tsomax =3D 0, t_tsomaxsegcount =3D 0, t_tsomaxsegsize =3D 0, rcv_nxt =3D 2834403673, rcv_adv =3D 2834408281, rcv_wnd =3D 4608, t_flags2 =3D 1026, t_= srtt =3D 0, t_rttvar =3D 4000, ts_recent =3D 0, snd_scale =3D 2 '\002', rcv_scale =3D 9= '\t',=20 snd_limited =3D 0 '\000', request_r_scale =3D 9 '\t', last_ack_sent =3D 2= 834403673, t_rcvtime =3D 2883811337, rcv_up =3D 2834403673, t_segqlen =3D 0, t_segqmbu= flen =3D 0, t_segq =3D {tqh_first =3D 0x0, tqh_last =3D 0xfffffe09a5da79e0}, t_in_pkt = =3D 0x0,=20 t_tail_pkt =3D 0x0, t_timers =3D 0xfffffe09a5da7bf8, t_vnet =3D 0xfffff80= 1016b1380, snd_ssthresh =3D 2880, snd_wl1 =3D 2834403673, snd_wl2 =3D 893181596, irs = =3D 2834403154, iss =3D 893181595, t_acktime =3D 0, t_sndtime =3D 2883799567, ts_recent_age =3D 0,=20 snd_recover =3D 893186735, cl4_spare =3D 0, t_oobflags =3D 0 '\000', t_io= bc =3D 0 '\000', t_rxtcur =3D 64000, t_rxtshift =3D 7, t_rtttime =3D 2883799567, t_r= tseq =3D 893186734, t_starttime =3D 2883628642, t_fbyte_in =3D 2883628647,=20 t_fbyte_out =3D 2883628648, t_pmtud_saved_maxseg =3D 0, t_blackhole_enter= =3D 0, t_blackhole_exit =3D 0, t_rttmin =3D 30, t_rttbest =3D 0, t_softerror =3D 0= , max_sndwnd =3D 66240, snd_cwnd_prev =3D 23040, snd_ssthresh_prev =3D 1073725440,=20 snd_recover_prev =3D 893181595, t_sndzerowin =3D 0, t_rttupdated =3D 0, snd_numholes =3D 3, t_badrxtwin =3D 2883629648, snd_holes =3D {tqh_first =3D 0xfffff808705bae80, tqh_last =3D 0xfffff8037d9e6110}, snd_fack =3D 89318673= 5, sackblks =3D {{ start =3D 2834403672, end =3D 2834403673}, {start =3D 0, end =3D 0}, = {start =3D 0, end =3D 0}, {start =3D 0, end =3D 0}, {start =3D 0, end =3D 0}, {start =3D = 0, end =3D 0}}, sackhint =3D {nexthole =3D 0xfffff8037d9e6100, sack_bytes_rexmit =3D 4250,= =20 last_sack_ack =3D 0, delivered_data =3D 0, sacked_bytes =3D 888, recove= r_fs =3D 5138, prr_delivered =3D 6636, prr_out =3D 20102}, t_rttlow =3D 0, rfbuf_cnt= =3D 517, tod =3D 0x0, t_sndrexmitpack =3D 85, t_rcvoopack =3D 0, t_toe =3D 0x0,=20 cc_algo =3D 0xffffffff80ebb1b0 <newreno_cc_algo>, ccv =3D 0xfffffe09a5da7= d40, osd =3D 0xfffffe09a5da7d68, t_bytes_acked =3D 0, t_maxunacktime =3D 0, t_keepin= it =3D 0, t_keepidle =3D 0, t_keepintvl =3D 0, t_keepcnt =3D 0, t_dupacks =3D 52, t_l= ognum =3D 0,=20 t_loglimit =3D 5000, t_pacing_rate =3D -1, t_logs =3D {stqh_first =3D 0x0= , stqh_last =3D 0xfffffe09a5da7b68}, t_lin =3D 0x0, t_lib =3D 0x0, t_output_caller =3D = 0x0, t_stats =3D 0x0, t_logsn =3D 0, gput_ts =3D 0, gput_seq =3D 0, gput_ack =3D 0,=20 t_stats_gput_prev =3D 0, t_maxpeakrate =3D 0, t_sndtlppack =3D 0, t_sndtl= pbyte =3D 0, t_sndbytes =3D 13753, t_snd_rxt_bytes =3D 37794, t_tfo_client_cookie_len = =3D 0 '\000', t_end_info_status =3D 0, t_tfo_pending =3D 0x0, t_tfo_cookie =3D { client =3D '\000' <repeats 15 times>, server =3D 0}, {t_end_info_bytes = =3D "\000\000\000\000\000\000\000", t_end_info =3D 0}} (kgdb) p *tp->sackhint.nexthole $14 =3D {start =3D 893186733, end =3D 893186734, rxmit =3D 893186733, scbli= nk =3D {tqe_next =3D 0x0, tqe_prev =3D 0xfffff80870696d90}} (kgdb) p tp->snd_una + tp->t_inpcb->inp_socket->so_snd.sb_ccc $15 =3D 893186733 (kgdb) p/x tp->t_flags $16 =3D 0x20100274 (kgdb) p/x tp->t_flags2 $17 =3D 0x402 (kgdb) p *tp->t_timers $18 =3D {tt_rexmt =3D {c_links =3D {le =3D {le_next =3D 0xfffffe03c8712b18,= le_prev =3D 0xfffffe01a40f36f8}, sle =3D {sle_next =3D 0xfffffe03c8712b18}, tqe =3D {tq= e_next =3D 0xfffffe03c8712b18, tqe_prev =3D 0xfffffe01a40f36f8}}, c_time =3D 316530875= 4918543,=20 c_precision =3D 17179868000, c_arg =3D 0xfffffe09a5da7950, c_func =3D 0xffffffff807dde30 <tcp_timer_rexmt>, c_lock =3D 0x0, c_flags =3D 2, c_ifla= gs =3D 20, c_cpu =3D 0}, tt_persist =3D {c_links =3D {le =3D {le_next =3D 0x0, le_prev= =3D 0x0}, sle =3D {sle_next =3D 0x0}, tqe =3D {tqe_next =3D 0x0, tqe_prev =3D 0x0}}, c_time = =3D 0, c_precision =3D 0, c_arg =3D 0x0, c_func =3D 0x0, c_lock =3D 0x0, c_flags = =3D 0, c_iflags =3D 16, c_cpu =3D 0}, tt_keep =3D {c_links =3D {le =3D {le_next =3D 0xfffff= e0cfc422408,=20 le_prev =3D 0xfffffe05c8f73328}, sle =3D {sle_next =3D 0xfffffe0cfc= 422408}, tqe =3D {tqe_next =3D 0xfffffe0cfc422408, tqe_prev =3D 0xfffffe05c8f73328}}= , c_time =3D 3195223522196068, c_precision =3D 1932735150000, c_arg =3D 0xfffffe09a5da79= 50,=20 c_func =3D 0xffffffff807dd730 <tcp_timer_keep>, c_lock =3D 0x0, c_flags= =3D 2, c_iflags =3D 20, c_cpu =3D 0}, tt_2msl =3D {c_links =3D {le =3D {le_next = =3D 0x0, le_prev =3D 0x0}, sle =3D {sle_next =3D 0x0}, tqe =3D {tqe_next =3D 0x0, tqe_prev =3D 0= x0}},=20 c_time =3D 0, c_precision =3D 0, c_arg =3D 0x0, c_func =3D 0x0, c_lock = =3D 0x0, c_flags =3D 0, c_iflags =3D 16, c_cpu =3D 0}, tt_delack =3D {c_links =3D {l= e =3D {le_next =3D 0x0, le_prev =3D 0x0}, sle =3D {sle_next =3D 0x0}, tqe =3D {tqe_next =3D 0x= 0,=20 tqe_prev =3D 0x0}}, c_time =3D 0, c_precision =3D 0, c_arg =3D 0x0,= c_func =3D 0x0, c_lock =3D 0x0, c_flags =3D 0, c_iflags =3D 16, c_cpu =3D 0}, tt_flags= =3D 0, tt_draincnt =3D 0} (kgdb) --=20 You are receiving this mail because: You are the assignee for the bug. You are on the CC list for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-264257-7501-U2untHgcug>