Date: Sun, 28 Aug 2022 19:52:29 +0000 From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 260393] [tcp] Page Fault tcp_output/tcp_input Message-ID: <bug-260393-7501-hbtEoOnl3m@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-260393-7501@https.bugs.freebsd.org/bugzilla/> References: <bug-260393-7501@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D260393 --- Comment #94 from Dobri Dobrev <ddobrev85@gmail.com> --- Just got a crash on 13.1 -- stable/13-n252201 And this is with net.inet.tcp.rfc6675_pipe=3D0 Here's kgdb: # kgdb /boot/kernel/kernel /var/crash/vmcore.4=20 GNU gdb (GDB) 11.1 [GDB v11.1 for FreeBSD] Copyright (C) 2021 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.htm= l> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-portbld-freebsd13.0". Type "show configuration" for configuration details. For bug reporting instructions, please see: <https://www.gnu.org/software/gdb/bugs/>. Find the GDB manual and other documentation resources online at: <http://www.gnu.org/software/gdb/documentation/>. For help, type "help". Type "apropos word" to search for commands related to "word"... Reading symbols from /boot/kernel/kernel... Reading symbols from /usr/lib/debug//boot/kernel/kernel.debug... Unread portion of the kernel message buffer: [91] frame pointer =3D 0x28:0xfffffe0069f536e0 [91] code segment =3D base 0x0, limit 0xfffff, type 0x1b [91] =3D DPL 0, pres 1, long 1, def32 0, gran 1 [92] processor eflags =3D interrupt enabled, resume, IOPL =3D 0 [92] current process =3D 0 (if_io_tqg_5) [92] trap number =3D 12 [92] panic: page fault [92] cpuid =3D 5 [92] time =3D 1661715643 [92] KDB: stack backtrace: [92] #0 0xffffffff80c50045 at kdb_backtrace+0x65 [92] #1 0xffffffff80c02e81 at vpanic+0x151 [92] #2 0xffffffff80c02d23 at panic+0x43 [92] #3 0xffffffff8109fd57 at trap_fatal+0x387 [92] #4 0xffffffff8109fdaf at trap_pfault+0x4f [92] #5 0xffffffff81077288 at calltrap+0x8 [92] #6 0xffffffff80dc7699 at tcp_output+0x1339 [92] #7 0xffffffff80dbedab at tcp_do_segment+0x2c9b [92] #8 0xffffffff80dbb3e1 at tcp_input_with_port+0xb61 [92] #9 0xffffffff80dbc07b at tcp_input+0xb [92] #10 0xffffffff80dad8f8 at ip_input+0x118 [92] #11 0xffffffff80d3a729 at netisr_dispatch_src+0xb9 [92] #12 0xffffffff80d1e974 at ether_demux+0x144 [92] #13 0xffffffff80d1fcd6 at ether_nh_input+0x346 [92] #14 0xffffffff80d3a729 at netisr_dispatch_src+0xb9 [92] #15 0xffffffff80d1ed99 at ether_input+0x69 [92] #16 0xffffffff80d36c3b at iflib_rxeof+0xbcb [92] #17 0xffffffff80d314c2 at _task_fn_rx+0x72 [92] Uptime: 1m32s [92] Dumping 2355 out of 65425 MB:..1%..11%..21%..31%..41%..51%..61%..71%..81%..91% __curthread () at /usr/src/sys/amd64/include/pcpu_aux.h:55 55 __asm("movq %%gs:%P1,%0" : "=3Dr" (td) : "n" (offsetof(stru= ct pcpu, (kgdb) where #0 __curthread () at /usr/src/sys/amd64/include/pcpu_aux.h:55 #1 dump_savectx () at /usr/src/sys/kern/kern_shutdown.c:394 #2 0xffffffff80c02a78 in dumpsys (di=3D0x0) at /usr/src/sys/x86/include/dump.h:87 #3 doadump (textdump=3D<optimized out>) at /usr/src/sys/kern/kern_shutdown= .c:423 #4 kern_reboot (howto=3D260) at /usr/src/sys/kern/kern_shutdown.c:497 #5 0xffffffff80c02eee in vpanic (fmt=3D<optimized out>, ap=3Dap@entry=3D0xfffffe0069f534c0) at /usr/src/sys/kern/kern_shutdown.c:930 #6 0xffffffff80c02d23 in panic (fmt=3D<unavailable>) at /usr/src/sys/kern/kern_shutdown.c:854 #7 0xffffffff8109fd57 in trap_fatal (frame=3D0xfffffe0069f535b0, eva=3D24)= at /usr/src/sys/amd64/amd64/trap.c:940 #8 0xffffffff8109fdaf in trap_pfault (frame=3D0xfffffe0069f535b0, usermode=3Dfalse, signo=3D<optimized out>, ucode=3D<optimized out>) at /usr/src/sys/amd64/amd64/trap.c:759 #9 <signal handler called> #10 m_copydata (m=3D0x0, m@entry=3D0xfffff8000dc30e00, off=3D0, len=3D1, cp= =3D<optimized out>) at /usr/src/sys/kern/uipc_mbuf.c:659 #11 0xffffffff80dc7699 in tcp_output (tp=3D0xfffffe019e765950) at /usr/src/sys/netinet/tcp_output.c:1084 #12 0xffffffff80dbedab in tcp_do_segment (m=3D0xfffff8002ad7e100, th=3D0xfffff8002ad7e17a, so=3D0xfffff801cb635000, tp=3D0xfffffe019e765950, drop_hdrlen=3D64, tlen=3D<optimized out>, iptos=3D0 '\000') at /usr/src/sys/netinet/tcp_input.c:2822 #13 0xffffffff80dbb3e1 in tcp_input_with_port (mp=3D<optimized out>, offp=3D<optimized out>, proto=3D<optimized out>, port=3Dport@entry=3D0) at /usr/src/sys/netinet/tcp_input.c:1400 #14 0xffffffff80dbc07b in tcp_input (mp=3D0xfffff8000dc30e00, offp=3D0x0, p= roto=3D1) at /usr/src/sys/netinet/tcp_input.c:1496 #15 0xffffffff80dad8f8 in ip_input (m=3D0x0) at /usr/src/sys/netinet/ip_input.c:839 #16 0xffffffff80d3a729 in netisr_dispatch_src (proto=3D1, source=3Dsource@e= ntry=3D0, m=3D0xfffff8002ad7e100) at /usr/src/sys/net/netisr.c:1143 #17 0xffffffff80d3aaff in netisr_dispatch (proto=3D230886912, m=3D0x1) at /usr/src/sys/net/netisr.c:1234 #18 0xffffffff80d1e974 in ether_demux (ifp=3Difp@entry=3D0xfffff800023a6800= , m=3D0x0) at /usr/src/sys/net/if_ethersubr.c:921 #19 0xffffffff80d1fcd6 in ether_input_internal (ifp=3D0xfffff800023a6800, m= =3D0x0) at /usr/src/sys/net/if_ethersubr.c:707 #20 ether_nh_input (m=3D<optimized out>) at /usr/src/sys/net/if_ethersubr.c= :737 #21 0xffffffff80d3a729 in netisr_dispatch_src (proto=3Dproto@entry=3D5, source=3Dsource@entry=3D0, m=3Dm@entry=3D0xfffff8002ad7e100) at /usr/src/sys/net/netisr.c:1143 #22 0xffffffff80d3aaff in netisr_dispatch (proto=3D230886912, proto@entry= =3D5, m=3D0x1, m@entry=3D0xfffff8002ad7e100) at /usr/src/sys/net/netisr.c:1234 #23 0xffffffff80d1ed99 in ether_input (ifp=3D<optimized out>, m=3D0xfffff8002ad7e100) at /usr/src/sys/net/if_ethersubr.c:828 #24 0xffffffff80d36c3b in iflib_rxeof (rxq=3Drxq@entry=3D0xfffffe0114b0f040, budget=3D<optimized out>) at /usr/src/sys/net/iflib.c:3046 #25 0xffffffff80d314c2 in _task_fn_rx (context=3D0xfffffe0114b0f040) at /usr/src/sys/net/iflib.c:3989 #26 0xffffffff80c4ea5d in gtaskqueue_run_locked (queue=3Dqueue@entry=3D0xfffff80001d6b800) at /usr/src/sys/kern/subr_gtaskqueue.c:371 #27 0xffffffff80c4e6c3 in gtaskqueue_thread_loop (arg=3Darg@entry=3D0xfffffe0114a7f080) at /usr/src/sys/kern/subr_gtaskqueue= .c:547 #28 0xffffffff80bbfafe in fork_exit (callout=3D0xffffffff80c4e600 <gtaskqueue_thread_loop>, arg=3D0xfffffe0114a7f080, frame=3D0xfffffe0069f53= f40) at /usr/src/sys/kern/kern_fork.c:1103 #29 <signal handler called> #30 mi_startup () at /usr/src/sys/kern/init_main.c:322 Backtrace stopped: Cannot access memory at address 0x17 (kgdb) --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-260393-7501-hbtEoOnl3m>