Date: Mon, 12 Feb 2024 10:36:32 +0100 From: Alexander Leidinger <alexleidingerde@gmail.com> To: current@freebsd.org Subject: kernel crash in tcp_subr.c:2386 Message-ID: <CAJg7qzH_c8JCKQvLPki6Cv7GRzaQs9vA-omSWBxnFTPy_9Rczw@mail.gmail.com> In-Reply-To: <1707730255-92643-mlmmj-52dbb05a@FreeBSD.org> References: <1707730255-92643-mlmmj-52dbb05a@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--000000000000f6d20a06112c031b
Content-Type: text/plain; charset="UTF-8"
Hi,
I got a coredump with sources from 2024-02-10-144617 (GMT+0100):
---snip---
__curthread () at /space/system/usr_src/sys/amd64/include/pcpu_aux.h:57
57 __asm("movq %%gs:%P1,%0" : "=r" (td) : "n" (offsetof(struct
pcpu,
(kgdb) #0 __curthread () at
/space/system/usr_src/sys/amd64/include/pcpu_aux.h:57
td = <optimized out>
#1 doadump (textdump=textdump@entry=1)
at /space/system/usr_src/sys/kern/kern_shutdown.c:403
error = 0
coredump = <optimized out>
#2 0xffffffff8052fe85 in kern_reboot (howto=260)
at /space/system/usr_src/sys/kern/kern_shutdown.c:521
once = 0
__pc = <optimized out>
#3 0xffffffff80530382 in vpanic (
fmt=0xffffffff808df476 "Assertion %s failed at %s:%d",
ap=ap@entry=0xfffffe08a079ebf0)
at /space/system/usr_src/sys/kern/kern_shutdownc:973
buf = "Assertion !callout_active(&tp->t_callout) failed at
/space/system/usr_src/sys/netinet/tcp_subr.c:2386", '\000' <repeats 154
times>
__pc = <optimized out>
__pc = <optimized out>
__pc = <optimized out>
other_cpus = {__bits = {14680063, 0 <repeats 15 times>}}
td = 0xfffff8068ef99740
bootopt = <unavailable>
newpanic = <optimized out>
#4 0xffffffff805301d3 in panic (fmt=<unavailable>)
at /space/system/usr_src/sys/kern/kern_shutdown.c:889
ap = {{gp_offset = 32, fp_offset = 48,
overflow_arg_area = 0xfffffe08a079ec20,
reg_save_area = 0xfffffe08a079ebc0}}
#5 0xffffffff806c9d8c in tcp_discardcb (tp=tp@entry=0xfffff80af441ba80)
at /space/system/usr_src/sys/netinet/tcp_subr.c:2386
inp = 0xfffff80af441ba80
so = 0xfffff804d23d2780
m = <optimized out>
isipv6 = <optimized out>
#6 0xffffffff806d6291 in tcp_usr_detach (so=0xfffff804d23d2780)
at /space/system/usr_src/sys/netinet/tcp_usrreq.c:214
inp = 0xfffff80af441ba80
tp = 0xfffff80af441ba80
#7 0xffffffff805dba57 in sofree (so=0xfffff804d23d2780)
at /space/system/usr_src/sys/kern/uipc_socket.c:1205
pr = 0xffffffff80a8bd18 <tcp_protosw>
#8 sorele_locked (so=so@entry=0xfffff804d23d2780)
at /space/system/usr_src/sys/kern/uipc_socket.c:1232
No locals.
#9 0xffffffff805dc8c0 in soclose (so=0xfffff804d23d2780)
at /space/system/usr_src/sys/kern/uipc_socket.c:1302
lqueue = {tqh_first = 0xfffff8068ef99740,
tqh_last = 0xfffffe08a079ed40}
error = 0
saved_vnet = 0x0
last = <optimized out>
listening = <optimized out>
#10 0xffffffff804ccbd1 in fo_close (fp=0xfffff805f2dfc500, td=<unavailable>)
at /space/system/usr_src/sys/sys/file.h:390
No locals.
#11 _fdrop (fp=fp@entry=0xfffff805f2dfc500, td=<unavailable>,
td@entry=0xfffff8068ef99740)
at /space/system/usr_src/sys/kern/kern_descrip.c:3666
count = <unavailable>
error = <optimized out>
#12 0xffffffff804d02f3 in closef (fp=fp@entry=0xfffff805f2dfc500,
td=td@entry=0xfffff8068ef99740)
at /space/system/usr_src/sys/kern/kern_descrip.c:2839
_error = 0
_fp = 0xfffff805f2dfc500
lf = {l_start = -8791759350504, l_len = -8791759350528, l_pid = 0,
l_type = 0, l_whence = 0, l_sysid = 0}
vp = <optimized out>
fdtol = <optimized out>
fdp = <optimized out>
#13 0xffffffff804cd50c in closefp_impl (fdp=0xfffffe07afebf860, fd=19,
fp=0xfffff805f2dfc500, td=0xfffff8068ef99740, audit=<optimized out>)
at /space/system/usr_src/sys/kern/kern_descrip.c:1315
error = <optimized out>
#14 closefp (fdp=0xfffffe07afebf860, fd=19, fp=0xfffff805f2dfc500,
td=0xfffff8068ef99740, holdleaders=true, audit=<optimized out>)
at /space/system/usr_src/sys/kern/kern_descrip.c:1372
No locals.
#15 0xffffffff808597d6 in syscallenter (td=0xfffff8068ef99740)
at /space/system/usr_src/sys/amd64/amd64/../../kern/subr_syscall.c:186
se = 0xffffffff80a48330 <sysent+192>
p = 0xfffffe07f29995c0
sa = 0xfffff8068ef99b30
error = <optimized out>
sy_thr_static = <optimized out>
traced = <optimized out>
#16 amd64_syscall (td=0xfffff8068ef99740, traced=0)
at /space/system/usr_src/sys/amd64/amd64/trap.c:1192
ksi = {ksi_link = {tqe_next = 0xfffffe08a079ef30,
tqe_prev = 0xffffffff808588af <trap+2351>}, ksi_info = {
si_signo = 1, si_errno = 0, si_code = 2015268872, si_pid = -512,
si_uid = 2398721856, si_status = -2042,
si_addr = 0xfffffe08a079ef40, si_value = {sival_int =
-1602621824,
sival_ptr = 0xfffffe08a079ee80, sigval_int = -1602621824,
sigval_ptr = 0xfffffe08a079ee80}, _reason = {_fault = {
_trapno = 1489045984}, _timer = {_timerid = 1489045984,
_overrun = 17999}, _mesgq = {_mqd = 1489045984}, _poll = {
_band = 77306605406688}, _capsicum = {_syscall =
1489045984},
__spare__ = {__spare1__ = 77306605406688, __spare2__ = {
1489814048, 17999, 208, 0, 0, 0, 992191072}}}},
ksi_flags = 975329968, ksi_sigq = 0xffffffff8082f8f3
<Xinvlop+179>}
#17 <signal handler called>
No locals.
#18 0x00003af13b17fc9a in ?? ()
No symbol table info available.
Backtrace stopped: Cannot access memory at address 0x3af13a225ab8
---snip---
Any ideas?
Due to another issue in userland, I updated to 2024-02-11-212006, but I
have the above mentioned version and core still in a BE if needed.
Bye,
Alexander.
--000000000000f6d20a06112c031b
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr">Hi,<div class=3D"gmail_quote"><div dir=3D"ltr"><br>I got a=
coredump with sources from 2024-02-10-144617 (GMT+0100):<br>---snip---<br>=
__curthread () at /space/system/usr_src/sys/amd64/include/pcpu_aux.h:57<br>=
57 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0__asm("movq %%gs:%P=
1,%0" : "=3Dr" (td) : "n" (offsetof(struct pcpu,<b=
r>(kgdb) #0 =C2=A0__curthread () at /space/system/usr_src/sys/amd64/include=
/pcpu_aux.h:57<br>=C2=A0 =C2=A0 =C2=A0 =C2=A0 td =3D <optimized out><=
br>#1 =C2=A0doadump (textdump=3Dtextdump@entry=3D1)<br>=C2=A0 =C2=A0 at /sp=
ace/system/usr_src/sys/kern/kern_shutdown.c:403<br>=C2=A0 =C2=A0 =C2=A0 =C2=
=A0 error =3D 0<br>=C2=A0 =C2=A0 =C2=A0 =C2=A0 coredump =3D <optimized o=
ut><br>#2 =C2=A00xffffffff8052fe85 in kern_reboot (howto=3D260)<br>=C2=
=A0 =C2=A0 at /space/system/usr_src/sys/kern/kern_shutdown.c:521<br>=C2=A0 =
=C2=A0 =C2=A0 =C2=A0 once =3D 0<br>=C2=A0 =C2=A0 =C2=A0 =C2=A0 __pc =3D <=
;optimized out><br>#3 =C2=A00xffffffff80530382 in vpanic (<br>=C2=A0 =C2=
=A0 fmt=3D0xffffffff808df476 "Assertion %s failed at %s:%d",<br>=
=C2=A0 =C2=A0 ap=3Dap@entry=3D0xfffffe08a079ebf0)<br>=C2=A0 =C2=A0 at /spac=
e/system/usr_src/sys/kern/kern_shutdownc:973<br>=C2=A0 =C2=A0 =C2=A0 =C2=A0=
buf =3D "Assertion !callout_active(&tp->t_callout) failed at /=
space/system/usr_src/sys/netinet/tcp_subr.c:2386", '\000' <=
repeats 154 times><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0 __pc =3D <optimized=
out><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0 __pc =3D <optimized out><br>=
=C2=A0 =C2=A0 =C2=A0 =C2=A0 __pc =3D <optimized out><br>=C2=A0 =C2=A0=
=C2=A0 =C2=A0 other_cpus =3D {__bits =3D {14680063, 0 <repeats 15 times=
>}}<br>=C2=A0 =C2=A0 =C2=A0 =C2=A0 td =3D 0xfffff8068ef99740<br>=C2=A0 =
=C2=A0 =C2=A0 =C2=A0 bootopt =3D <unavailable><br>=C2=A0 =C2=A0 =C2=
=A0 =C2=A0 newpanic =3D <optimized out><br>#4 =C2=A00xffffffff805301d=
3 in panic (fmt=3D<unavailable>)<br>=C2=A0 =C2=A0 at /space/system/us=
r_src/sys/kern/kern_shutdown.c:889<br>=C2=A0 =C2=A0 =C2=A0 =C2=A0 ap =3D {{=
gp_offset =3D 32, fp_offset =3D 48,<br>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =
=C2=A0 overflow_arg_area =3D 0xfffffe08a079ec20,<br>=C2=A0 =C2=A0 =C2=A0 =
=C2=A0 =C2=A0 =C2=A0 reg_save_area =3D 0xfffffe08a079ebc0}}<br>#5 =C2=A00xf=
fffffff806c9d8c in tcp_discardcb (tp=3Dtp@entry=3D0xfffff80af441ba80)<br>=
=C2=A0 =C2=A0 at /space/system/usr_src/sys/netinet/tcp_subr.c:2386<br>=C2=
=A0 =C2=A0 =C2=A0 =C2=A0 inp =3D 0xfffff80af441ba80<br>=C2=A0 =C2=A0 =C2=A0=
=C2=A0 so =3D 0xfffff804d23d2780<br>=C2=A0 =C2=A0 =C2=A0 =C2=A0 m =3D <=
optimized out><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0 isipv6 =3D <optimized o=
ut><br>#6 =C2=A00xffffffff806d6291 in tcp_usr_detach (so=3D0xfffff804d23=
d2780)<br>=C2=A0 =C2=A0 at /space/system/usr_src/sys/netinet/tcp_usrreq.c:2=
14<br>=C2=A0 =C2=A0 =C2=A0 =C2=A0 inp =3D 0xfffff80af441ba80<br>=C2=A0 =C2=
=A0 =C2=A0 =C2=A0 tp =3D 0xfffff80af441ba80<br>#7 =C2=A00xffffffff805dba57 =
in sofree (so=3D0xfffff804d23d2780)<br>=C2=A0 =C2=A0 at /space/system/usr_s=
rc/sys/kern/uipc_socket.c:1205<br>=C2=A0 =C2=A0 =C2=A0 =C2=A0 pr =3D 0xffff=
ffff80a8bd18 <tcp_protosw><br>#8 =C2=A0sorele_locked (so=3Dso@entry=
=3D0xfffff804d23d2780)<br>=C2=A0 =C2=A0 at /space/system/usr_src/sys/kern/u=
ipc_socket.c:1232<br>No locals.<br>#9 =C2=A00xffffffff805dc8c0 in soclose (=
so=3D0xfffff804d23d2780)<br>=C2=A0 =C2=A0 at /space/system/usr_src/sys/kern=
/uipc_socket.c:1302<br>=C2=A0 =C2=A0 =C2=A0 =C2=A0 lqueue =3D {tqh_first =
=3D 0xfffff8068ef99740,<br>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 tqh_last =3D =
0xfffffe08a079ed40}<br>=C2=A0 =C2=A0 =C2=A0 =C2=A0 error =3D 0<br>=C2=A0 =
=C2=A0 =C2=A0 =C2=A0 saved_vnet =3D 0x0<br>=C2=A0 =C2=A0 =C2=A0 =C2=A0 last=
=3D <optimized out><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0 listening =3D <=
;optimized out><br>#10 0xffffffff804ccbd1 in fo_close (fp=3D0xfffff805f2=
dfc500, td=3D<unavailable>)<br>=C2=A0 =C2=A0 at /space/system/usr_src=
/sys/sys/file.h:390<br>No locals.<br>#11 _fdrop (fp=3Dfp@entry=3D0xfffff805=
f2dfc500, td=3D<unavailable>,<br>=C2=A0 =C2=A0 td@entry=3D0xfffff8068=
ef99740)<br>=C2=A0 =C2=A0 at /space/system/usr_src/sys/kern/kern_descrip.c:=
3666<br>=C2=A0 =C2=A0 =C2=A0 =C2=A0 count =3D <unavailable><br>=C2=A0=
=C2=A0 =C2=A0 =C2=A0 error =3D <optimized out><br>#12 0xffffffff804d=
02f3 in closef (fp=3Dfp@entry=3D0xfffff805f2dfc500,<br>=C2=A0 =C2=A0 td=3Dt=
d@entry=3D0xfffff8068ef99740)<br>=C2=A0 =C2=A0 at /space/system/usr_src/sys=
/kern/kern_descrip.c:2839<br>=C2=A0 =C2=A0 =C2=A0 =C2=A0 _error =3D 0<br>=
=C2=A0 =C2=A0 =C2=A0 =C2=A0 _fp =3D 0xfffff805f2dfc500<br>=C2=A0 =C2=A0 =C2=
=A0 =C2=A0 lf =3D {l_start =3D -8791759350504, l_len =3D -8791759350528, l_=
pid =3D 0,<br>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 l_type =3D 0, l_whence =3D=
0, l_sysid =3D 0}<br>=C2=A0 =C2=A0 =C2=A0 =C2=A0 vp =3D <optimized out&=
gt;<br>=C2=A0 =C2=A0 =C2=A0 =C2=A0 fdtol =3D <optimized out><br>=C2=
=A0 =C2=A0 =C2=A0 =C2=A0 fdp =3D <optimized out><br>#13 0xffffffff804=
cd50c in closefp_impl (fdp=3D0xfffffe07afebf860, fd=3D19,<br>=C2=A0 =C2=A0 =
fp=3D0xfffff805f2dfc500, td=3D0xfffff8068ef99740, audit=3D<optimized out=
>)<br>=C2=A0 =C2=A0 at /space/system/usr_src/sys/kern/kern_descrip.c:131=
5<br>=C2=A0 =C2=A0 =C2=A0 =C2=A0 error =3D <optimized out><br>#14 clo=
sefp (fdp=3D0xfffffe07afebf860, fd=3D19, fp=3D0xfffff805f2dfc500,<br>=C2=A0=
=C2=A0 td=3D0xfffff8068ef99740, holdleaders=3Dtrue, audit=3D<optimized =
out>)<br>=C2=A0 =C2=A0 at /space/system/usr_src/sys/kern/kern_descrip.c:=
1372<br>No locals.<br>#15 0xffffffff808597d6 in syscallenter (td=3D0xfffff8=
068ef99740)<br>=C2=A0 =C2=A0 at /space/system/usr_src/sys/amd64/amd64/../..=
/kern/subr_syscall.c:186<br>=C2=A0 =C2=A0 =C2=A0 =C2=A0 se =3D 0xffffffff80=
a48330 <sysent+192><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0 p =3D 0xfffffe07f2=
9995c0<br>=C2=A0 =C2=A0 =C2=A0 =C2=A0 sa =3D 0xfffff8068ef99b30<br>=C2=A0 =
=C2=A0 =C2=A0 =C2=A0 error =3D <optimized out><br>=C2=A0 =C2=A0 =C2=
=A0 =C2=A0 sy_thr_static =3D <optimized out><br>=C2=A0 =C2=A0 =C2=A0 =
=C2=A0 traced =3D <optimized out><br>#16 amd64_syscall (td=3D0xfffff8=
068ef99740, traced=3D0)<br>=C2=A0 =C2=A0 at /space/system/usr_src/sys/amd64=
/amd64/trap.c:1192<br>=C2=A0 =C2=A0 =C2=A0 =C2=A0 ksi =3D {ksi_link =3D {tq=
e_next =3D 0xfffffe08a079ef30,<br>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0=
tqe_prev =3D 0xffffffff808588af <trap+2351>}, ksi_info =3D {<br>=C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 si_signo =3D 1, si_errno =3D 0, si_c=
ode =3D 2015268872, si_pid =3D -512,<br>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =
=C2=A0 si_uid =3D 2398721856, si_status =3D -2042,<br>=C2=A0 =C2=A0 =C2=A0 =
=C2=A0 =C2=A0 =C2=A0 si_addr =3D 0xfffffe08a079ef40, si_value =3D {sival_in=
t =3D -1602621824,<br>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 siva=
l_ptr =3D 0xfffffe08a079ee80, sigval_int =3D -1602621824,<br>=C2=A0 =C2=A0 =
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 sigval_ptr =3D 0xfffffe08a079ee80}, _rea=
son =3D {_fault =3D {<br>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =
=C2=A0 _trapno =3D 1489045984}, _timer =3D {_timerid =3D 1489045984,<br>=C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 _overrun =3D 17999}, _=
mesgq =3D {_mqd =3D 1489045984}, _poll =3D {<br>=C2=A0 =C2=A0 =C2=A0 =C2=A0=
=C2=A0 =C2=A0 =C2=A0 =C2=A0 _band =3D 77306605406688}, _capsicum =3D {_sys=
call =3D 1489045984},<br>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 _=
_spare__ =3D {__spare1__ =3D 77306605406688, __spare2__ =3D {<br>=C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 1489814048, 17999, 208=
, 0, 0, 0, 992191072}}}},<br>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 ksi_flags =
=3D 975329968, ksi_sigq =3D 0xffffffff8082f8f3 <Xinvlop+179>}<br>#17 =
<signal handler called><br>No locals.<br>#18 0x00003af13b17fc9a in ??=
()<br>No symbol table info available.<br>Backtrace stopped: Cannot access =
memory at address 0x3af13a225ab8<br>---snip---<br><br>Any ideas?<br><div><b=
r></div><div>Due to another issue in userland, I updated to 2024-02-11-2120=
06, but I have the above mentioned version and core still in a BE if needed=
.<br></div><div><br></div>Bye,<br>Alexander.<br></div>
</div></div>
--000000000000f6d20a06112c031b--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAJg7qzH_c8JCKQvLPki6Cv7GRzaQs9vA-omSWBxnFTPy_9Rczw>