From owner-freebsd-bugs@freebsd.org Sat Mar 20 01:19:44 2021 Return-Path: Delivered-To: freebsd-bugs@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 7D7415B4D3A for ; Sat, 20 Mar 2021 01:19:44 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 4F2NGS2ywpz4jBf for ; Sat, 20 Mar 2021 01:19:44 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id 655FC5B4D39; Sat, 20 Mar 2021 01:19:44 +0000 (UTC) Delivered-To: bugs@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 652445B4E02 for ; Sat, 20 Mar 2021 01:19:44 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4F2NGS2NHCz4j3j for ; Sat, 20 Mar 2021 01:19:44 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 452361F28A for ; Sat, 20 Mar 2021 01:19:44 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 12K1Jimu048421 for ; Sat, 20 Mar 2021 01:19:44 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 12K1Jixi048420 for bugs@FreeBSD.org; Sat, 20 Mar 2021 01:19:44 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 254419] Fatal trap 12: page fault while in kernel mode, nginx + sendfile on Date: Sat, 20 Mar 2021 01:19:44 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 13.0-STABLE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: viaprog@gmail.com X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: bugs@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform op_sys bug_status bug_severity priority component assigned_to reporter Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 20 Mar 2021 01:19:44 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D254419 Bug ID: 254419 Summary: Fatal trap 12: page fault while in kernel mode, nginx + sendfile on Product: Base System Version: 13.0-STABLE Hardware: amd64 OS: Any Status: New Severity: Affects Only Me Priority: --- Component: kern Assignee: bugs@FreeBSD.org Reporter: viaprog@gmail.com FreeBSD-13.0-RC3, git rev 8f731a397ad4dc7b17622c0e69ac045f4a7b9d5b nginx + sendfile on =3D kernel panic. With sendfile =3D off - working fine. Fatal trap 12: page fault while in kernel mode cpuid =3D 19; apic id =3D 13 fault virtual address =3D 0x0 fault code =3D supervisor read data, page not present instruction pointer =3D 0x20:0xffffffff8095fa46 stack pointer =3D 0x28:0xfffffe01533dd1a0 frame pointer =3D 0x28:0xfffffe01533dd1b0 code segment =3D base 0x0, limit 0xfffff, type 0x1b =3D DPL 0, pres 1, long 1, def32 0, gran 1 processor eflags =3D interrupt enabled, resume, IOPL =3D 0 current process =3D 3395 (nginx) trap number =3D 12 panic: page fault cpuid =3D 19 time =3D 1616197293 KDB: stack backtrace: #0 0xffffffff80687015 at kdb_backtrace+0x65 #1 0xffffffff8063a051 at vpanic+0x181 #2 0xffffffff80639ec3 at panic+0x43 #3 0xffffffff809830d7 at trap_fatal+0x387 #4 0xffffffff8098312f at trap_pfault+0x4f #5 0xffffffff8098278d at trap+0x27d #6 0xffffffff8095b938 at calltrap+0x8 #7 0xffffffff8095f957 at in_cksum_skip+0x77 #8 0xffffffff8079dc1d at in_delayed_cksum+0x3d #9 0xffffffff80823d03 at pf_test+0x1403 #10 0xffffffff8083ac6f at pf_check_out+0x1f #11 0xffffffff80770de7 at pfil_run_hooks+0x97 #12 0xffffffff8079d3f1 at ip_output+0xb61 #13 0xffffffff807b44e4 at tcp_output+0x1b04 #14 0xffffffff807ca379 at tcp_usr_send+0x229 #15 0xffffffff80637f6a at vn_sendfile+0x197a #16 0xffffffff80638967 at sendfile+0x127 #17 0xffffffff809839dc at amd64_syscall+0x10c Uptime: 1m0s Dumping 1632 out of 32637 MB:..1%..11%..21%..31%..41%..51%..61%..71%..81%..= 91% __curthread () at /usr/src/sys/amd64/include/pcpu_aux.h:55 55 __asm("movq %%gs:%P1,%0" : "=3Dr" (td) : "n" (offsetof(stru= ct pcpu, (kgdb) list *0xffffffff8095fa46 0xffffffff8095fa46 is in in_cksumdata (/usr/src/sys/amd64/amd64/in_cksum.c:113). 108 if ((offset =3D 3 & (long) lw) !=3D 0) { 109 const u_int32_t *masks =3D in_masks + (offset << 2); 110 lw =3D (u_int32_t *) (((long) lw) - offset); 111 sum =3D *lw++ & masks[len >=3D 3 ? 3 : len]; 112 len -=3D 4 - offset; 113 if (len <=3D 0) { 114 REDUCE32; 115 return sum; 116 } 117 } (kgdb)=20 (kgdb) bt #0 __curthread () at /usr/src/sys/amd64/include/pcpu_aux.h:55 #1 doadump (textdump=3D) at /usr/src/sys/kern/kern_shutdown= .c:399 #2 0xffffffff80639c46 in kern_reboot (howto=3D260) at /usr/src/sys/kern/kern_shutdown.c:486 #3 0xffffffff8063a0c0 in vpanic (fmt=3D, ap=3D) at /usr/src/sys/kern/kern_shutdown.c:919 #4 0xffffffff80639ec3 in panic (fmt=3D) at /usr/src/sys/kern/kern_shutdown.c:843 #5 0xffffffff809830d7 in trap_fatal (frame=3D0xfffffe01533dd0e0, eva=3D0) = at /usr/src/sys/amd64/amd64/trap.c:915 #6 0xffffffff8098312f in trap_pfault (frame=3Dframe@entry=3D0xfffffe01533d= d0e0, usermode=3Dfalse, signo=3D, signo@entry=3D0x0, ucode=3D, ucode@entry=3D0x0) at /usr/src/sys/amd64/amd64/trap.c:732 #7 0xffffffff8098278d in trap (frame=3D0xfffffe01533dd0e0) at /usr/src/sys/amd64/amd64/trap.c:398 #8 #9 0xffffffff8095fa46 in in_cksumdata (buf=3D, len=3Dlen@entry=3D1140) at /usr/src/sys/amd64/amd64/in_cksum.c:113 #10 0xffffffff8095f957 in in_cksum_skip (m=3D0xfffff80608d32300, m@entry=3D0xfffff804e6cab200, len=3D1140, skip=3D, skip@entr= y=3D20) at /usr/src/sys/amd64/amd64/in_cksum.c:224 #11 0xffffffff8079dc1d in in_delayed_cksum (m=3D0xfffff804e6cab200) at /usr/src/sys/netinet/ip_output.c:1083 #12 0xffffffff80823d03 in pf_route (m=3D0xfffffe01533dd4f8, r=3D0xfffff8000= d90cc00, dir=3D0, oifp=3D0xfffff8000d86c000, s=3D, pd=3D0xfffffe01533= dd288, inp=3D0xfffff8062603a988) at /usr/src/sys/netpfil/pf/pf.c:5558 #13 pf_test (dir=3D, dir@entry=3D2, pflags=3D, ifp=3D, m0=3D, m0@entry=3D0xfffffe01533dd4f8, inp=3D) at /usr/src/sys/netpfil/pf/pf.c:6269 #14 0xffffffff8083ac6f in pf_check_out (m=3D0xfffffe01533dd4f8, ifp=3D0x0, flags=3D1140, ruleset=3D, inp=3D0x0) at /usr/src/sys/netpfil/pf/pf_ioctl.c:4516 #15 0xffffffff80770de7 in pfil_run_hooks (head=3D, p=3D..., ifp=3D0xfffff8000d86c000, flags=3Dflags@entry=3D131072, inp=3Dinp@entry=3D0xfffff8062603a988) at /usr/src/sys/net/pfil.c:187 #16 0xffffffff8079d3f1 in ip_output_pfil (mp=3D0xfffffe01533dd4f8, ifp=3D0xfffff8000d86c000, flags=3D0, inp=3D0xfffff8062603a988, dst=3D0xfffff8062603ab30, fibnum=3D,=20 error=3D) at /usr/src/sys/netinet/ip_output.c:130 #17 ip_output (m=3Dm@entry=3D0xfffff804e6cab200, opt=3D, ro= =3D, flags=3D0, imo=3Dimo@entry=3D0x0, inp=3D) at /usr/src/sys/netinet/ip_output.c:705 #18 0xffffffff807b44e4 in tcp_output (tp=3D0xfffffe003fc5c890) at /usr/src/sys/netinet/tcp_output.c:1492 #19 0xffffffff807ca379 in tcp_usr_send (so=3D, flags=3D, m=3D0xfffff80626072800, nam=3D0x0, control=3D, td=3D0xfffffe0054f67500) at /usr/src/sys/netinet/tcp_usrreq.c:1210 #20 0xffffffff80637f6a in vn_sendfile (fp=3D, sockfd=3D97, hdr_uio=3D0x0, trl_uio=3D0x0, offset=3D, nbytes=3D, sent=3D0xfffffe01533dda88, flags=3D1,=20 td=3D0xfffffe0054f67500) at /usr/src/sys/kern/kern_sendfile.c:1182 #21 0xffffffff80638967 in fo_sendfile (fp=3D0x0, sockfd=3D1140, hdr_uio=3D0= x0, trl_uio=3D0x0, offset=3D0, nbytes=3D1186733549, sent=3D0xfffffe01533dda88, = flags=3D75701, td=3D0xfffffe0054f67500) at /usr/src/sys/sys/file.h:409 #22 sendfile (td=3D0xfffffe0054f67500, uap=3D0xfffffe0054f678e8, compat=3D<= optimized out>) at /usr/src/sys/kern/kern_sendfile.c:1320 #23 0xffffffff809839dc in syscallenter (td=3D0xfffffe0054f67500) at /usr/src/sys/amd64/amd64/../../kern/subr_syscall.c:189 #24 amd64_syscall (td=3D0xfffffe0054f67500, traced=3D0) at /usr/src/sys/amd64/amd64/trap.c:1156 #25 #26 0x00000008008c834a in ?? () Backtrace stopped: Cannot access memory at address 0x7fffffffd7c8 --=20 You are receiving this mail because: You are the assignee for the bug.=