Date: Tue, 21 Jun 2022 00:00:56 +0000 From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 254725] [tcp] 13.0-RC4 crash tcp_lro Message-ID: <bug-254725-7501-D3uZb4BLmf@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-254725-7501@https.bugs.freebsd.org/bugzilla/> References: <bug-254725-7501@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D254725 --- Comment #15 from Christos Chatzaras <chris@cretaforce.gr> --- Another crash: Fatal trap 12: page fault while in kernel mode cpuid =3D 7; apic id =3D 07 fault virtual address =3D 0x18 fault code =3D supervisor read data, page not present instruction pointer =3D 0x20:0xffffffff80cae31d stack pointer =3D 0x28:0xfffffe01141445c0 frame pointer =3D 0x28:0xfffffe0114144630 code segment =3D base 0x0, limit 0xfffff, type 0x1b =3D DPL 0, pres 1, long 1, def32 0, gran 1 processor eflags =3D interrupt enabled, resume, IOPL =3D 0 current process =3D 0 (if_io_tqg_7) trap number =3D 12 panic: page fault cpuid =3D 7 time =3D 1655767279 KDB: stack backtrace: #0 0xffffffff80c69465 at kdb_backtrace+0x65 #1 0xffffffff80c1bb1f at vpanic+0x17f #2 0xffffffff80c1b993 at panic+0x43 #3 0xffffffff810afdf5 at trap_fatal+0x385 #4 0xffffffff810afe4f at trap_pfault+0x4f #5 0xffffffff81087528 at calltrap+0x8 #6 0xffffffff80de07c9 at tcp_output+0x1339 #7 0xffffffff80dd7eed at tcp_do_segment+0x2cfd #8 0xffffffff80dd44b1 at tcp_input_with_port+0xb61 #9 0xffffffff80dd515b at tcp_input+0xb #10 0xffffffff80dc691f at ip_input+0x11f #11 0xffffffff80d53089 at netisr_dispatch_src+0xb9 #12 0xffffffff80d36ea8 at ether_demux+0x138 #13 0xffffffff80d38235 at ether_nh_input+0x355 #14 0xffffffff80d53089 at netisr_dispatch_src+0xb9 #15 0xffffffff80d372d9 at ether_input+0x69 #16 0xffffffff80ddeaa5 at tcp_push_and_replace+0x25 #17 0xffffffff80ddd74c at tcp_lro_flush+0x4c Uptime: 29d3h36m11s Dumping 4275 out of 65278 MB:..1%..11%..21%..31%..41%..51%..61%..71%..81%..= 91% __curthread () at /usr/src/sys/amd64/include/pcpu_aux.h:55 warning: Source file is more recent than executable. 55 __asm("movq %%gs:%P1,%0" : "=3Dr" (td) : "n" (offsetof(stru= ct pcpu, (kgdb) #0 __curthread () at /usr/src/sys/amd64/include/pcpu_aux.h:55 #1 doadump (textdump=3D<optimized out>) at /usr/src/sys/kern/kern_shutdown.c:399 #2 0xffffffff80c1b71c in kern_reboot (howto=3D260) at /usr/src/sys/kern/kern_shutdown.c:487 #3 0xffffffff80c1bb8e in vpanic (fmt=3D0xffffffff811b4fb9 "%s", ap=3D<optimized out>) at /usr/src/sys/kern/kern_shutdown.c:920 #4 0xffffffff80c1b993 in panic (fmt=3D<unavailable>) at /usr/src/sys/kern/kern_shutdown.c:844 #5 0xffffffff810afdf5 in trap_fatal (frame=3D0xfffffe0114144500, eva=3D24) at /usr/src/sys/amd64/amd64/trap.c:944 #6 0xffffffff810afe4f in trap_pfault (frame=3D0xfffffe0114144500, usermode=3Dfalse, signo=3D<optimized out>, ucode=3D<optimized out>) at /usr/src/sys/amd64/amd64/trap.c:763 #7 <signal handler called> #8 m_copydata (m=3D0x0, m@entry=3D0xfffff80c219ce500, off=3D0, len=3D1, cp=3D<optimized out>) at /usr/src/sys/kern/uipc_mbuf.c:659 #9 0xffffffff80de07c9 in tcp_output (tp=3D<optimized out>) at /usr/src/sys/netinet/tcp_output.c:1081 #10 0xffffffff80dd7eed in tcp_do_segment (m=3D<optimized out>, th=3D<optimized out>, so=3D<optimized out>, tp=3D0xfffffe01990a1000, drop_hdrlen=3D64, tlen=3D<optimized out>, iptos=3D0 '\000') at /usr/src/sys/netinet/tcp_input.c:2637 #11 0xffffffff80dd44b1 in tcp_input_with_port (mp=3D<optimized out>, offp=3D<optimized out>, proto=3D<optimized out>, port=3Dport@entry=3D0) at /usr/src/sys/netinet/tcp_input.c:1400 #12 0xffffffff80dd515b in tcp_input (mp=3D0xfffff80c219ce500, offp=3D0x0, p= roto=3D1) at /usr/src/sys/netinet/tcp_input.c:1496 #13 0xffffffff80dc691f in ip_input (m=3D0x0) at /usr/src/sys/netinet/ip_input.c:839 #14 0xffffffff80d53089 in netisr_dispatch_src (proto=3D1, source=3Dsource@entry=3D0, m=3D0xfffff80e00395400) at /usr/src/sys/net/netisr.c:1143 #15 0xffffffff80d5345f in netisr_dispatch (proto=3D563930368, m=3D0x1) at /usr/src/sys/net/netisr.c:1234 #16 0xffffffff80d36ea8 in ether_demux (ifp=3Difp@entry=3D0xfffff80004659000, m=3D0x0) at /usr/src/sys/net/if_ethersubr.c:921 #17 0xffffffff80d38235 in ether_input_internal (ifp=3D0xfffff80004659000, m= =3D0x0) at /usr/src/sys/net/if_ethersubr.c:707 #18 ether_nh_input (m=3D<optimized out>) at /usr/src/sys/net/if_ethersubr.c= :737 #19 0xffffffff80d53089 in netisr_dispatch_src (proto=3Dproto@entry=3D5, source=3Dsource@entry=3D0, m=3Dm@entry=3D0xfffff80e00395400) at /usr/src/sys/net/netisr.c:1143 #20 0xffffffff80d5345f in netisr_dispatch (proto=3D563930368, proto@entry= =3D5, m=3D0x1, m@entry=3D0xfffff80e00395400) at /usr/src/sys/net/netisr.c:1234 #21 0xffffffff80d372d9 in ether_input (ifp=3D<optimized out>, m=3D0xfffff80e00395400) at /usr/src/sys/net/if_ethersubr.c:828 #22 0xffffffff80ddeaa5 in tcp_push_and_replace (lc=3D0xfffff80c219ce500, lc@entry=3D0xfffff80003ef2830, le=3Dle@entry=3D0xfffffe0158387690, m=3Dm@entry=3D0xfffff80f2b178300) at /usr/src/sys/netinet/tcp_lro.c:923 #23 0xffffffff80ddd74c in tcp_lro_condense (lc=3D0xfffff80003ef2830, le=3D0xfffffe0158387690) at /usr/src/sys/netinet/tcp_lro.c:1011 #24 tcp_lro_flush (lc=3Dlc@entry=3D0xfffff80003ef2830, le=3D0xfffffe0158387= 690) at /usr/src/sys/netinet/tcp_lro.c:1374 #25 0xffffffff80dddd3b in tcp_lro_rx_done (lc=3D0xfffff80003ef2830) at /usr/src/sys/netinet/tcp_lro.c:566 #26 tcp_lro_flush_all (lc=3Dlc@entry=3D0xfffff80003ef2830) at /usr/src/sys/netinet/tcp_lro.c:1532 #27 0xffffffff80d4f503 in iflib_rxeof (rxq=3D<optimized out>, rxq@entry=3D0xfffff80003ef2800, budget=3D<optimized out>) at /usr/src/sys/net/iflib.c:3058 #28 0xffffffff80d49b22 in _task_fn_rx (context=3D0xfffff80003ef2800) at /usr/src/sys/net/iflib.c:3990 #29 0xffffffff80c67e9d in gtaskqueue_run_locked ( queue=3Dqueue@entry=3D0xfffff80003cbf000) at /usr/src/sys/kern/subr_gtaskqueue.c:371 #30 0xffffffff80c67b12 in gtaskqueue_thread_loop (arg=3D<optimized out>, arg@entry=3D0xfffffe01142820b0) at /usr/src/sys/kern/subr_gtaskqueue.c:= 547 #31 0xffffffff80bd8a5e in fork_exit ( callout=3D0xffffffff80c67a50 <gtaskqueue_thread_loop>, arg=3D0xfffffe01142820b0, frame=3D0xfffffe0114144f40) at /usr/src/sys/kern/kern_fork.c:1093 #32 <signal handler called> #33 mi_startup () at /usr/src/sys/kern/init_main.c:322 Backtrace stopped: Cannot access memory at address 0x1d (kgdb) --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-254725-7501-D3uZb4BLmf>