From nobody Tue Aug 31 12:57:11 2021
X-Original-To: bugs@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 8DF2217A5548
	for <bugs@mlmmj.nyi.freebsd.org>; Tue, 31 Aug 2021 12:57:11 +0000 (UTC)
	(envelope-from bugzilla-noreply@freebsd.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4GzRzW2542z3PkY
	for <bugs@FreeBSD.org>; Tue, 31 Aug 2021 12:57:11 +0000 (UTC)
	(envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 2FD6F1248C
	for <bugs@FreeBSD.org>; Tue, 31 Aug 2021 12:57:11 +0000 (UTC)
	(envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org ([127.0.1.5])
	by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 17VCvBX1068482
	for <bugs@FreeBSD.org>; Tue, 31 Aug 2021 12:57:11 GMT
	(envelope-from bugzilla-noreply@freebsd.org)
Received: (from www@localhost)
	by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 17VCvBSx068481
	for bugs@FreeBSD.org; Tue, 31 Aug 2021 12:57:11 GMT
	(envelope-from bugzilla-noreply@freebsd.org)
X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f
From: bugzilla-noreply@freebsd.org
To: bugs@FreeBSD.org
Subject: [Bug 258183] [tcp] [panic] [RACK] kernel panic in
 rack_setup_offset_for_rsm() at netinet/tcp_stacks/rack.c:6050
Date: Tue, 31 Aug 2021 12:57:11 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: new
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 13.0-STABLE
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: iron.udjin@gmail.com
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform
 op_sys bug_status bug_severity priority component assigned_to reporter
Message-ID: <bug-258183-227@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-bugs
List-Help: <mailto:freebsd-bugs+help@freebsd.org>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Subscribe: <mailto:freebsd-bugs+subscribe@freebsd.org>
List-Unsubscribe: <mailto:freebsd-bugs+unsubscribe@freebsd.org>
Sender: owner-freebsd-bugs@freebsd.org
MIME-Version: 1.0
X-ThisMailContainsUnwantedMimeParts: N

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D258183

            Bug ID: 258183
           Summary: [tcp] [panic] [RACK] kernel panic in
                    rack_setup_offset_for_rsm() at
                    netinet/tcp_stacks/rack.c:6050
           Product: Base System
           Version: 13.0-STABLE
          Hardware: amd64
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: kern
          Assignee: bugs@FreeBSD.org
          Reporter: iron.udjin@gmail.com

Hello,

OS: 13.0-STABLE stable/13-n247000-5a67aaf1fa2c

It seems related to tcp RACK.

Fatal trap 12: page fault while in kernel mode
cpuid =3D 16; apic id =3D 14
fault virtual address   =3D 0x18
fault code              =3D supervisor read data, page not present
instruction pointer     =3D 0x20:0xffffffff8161731e
stack pointer          =3D 0x28:0xfffffe0201d8daf0
frame pointer          =3D 0x28:0xfffffe0201d8dbe0
code segment            =3D base 0x0, limit 0xfffff, type 0x1b
                        =3D DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags        =3D interrupt enabled, resume, IOPL =3D 0
current process         =3D 0 (if_io_tqg_16)
trap number             =3D 12
panic: page fault
cpuid =3D 16
time =3D 1630412741
KDB: stack backtrace:
#0 0xffffffff805f7d75 at kdb_backtrace+0x65
#1 0xffffffff805ace27 at vpanic+0x187
#2 0xffffffff805acc93 at panic+0x43
#3 0xffffffff80858b17 at trap_fatal+0x387
#4 0xffffffff80858b6f at trap_pfault+0x4f
#5 0xffffffff8085820a at trap+0x25a
#6 0xffffffff80830c48 at calltrap+0x8
#7 0xffffffff8161508a at rack_log_ack+0x88a
#8 0xffffffff816130cc at rack_process_ack+0x13c
#9 0xffffffff81610c8e at rack_do_established+0xffe
#10 0xffffffff816073a4 at rack_do_segment_nounlock+0x2244
#11 0xffffffff8161e13d at ctf_process_inbound_raw+0x9d
#12 0xffffffff8161e576 at ctf_do_queued_segments+0x36
#13 0xffffffff80716ca6 at tcp_lro_flush+0xb76
#14 0xffffffff80716f8b at tcp_lro_flush_all+0x17b
#15 0xffffffff806d1692 at _task_fn_rx+0xc12
#16 0xffffffff805f67ed at gtaskqueue_run_locked+0x16d
#17 0xffffffff805f6453 at gtaskqueue_thread_loop+0xc3
Uptime: 1d11h24m18s
Dumping 24198 out of 196241
MB:..1%..11%..21%..31%..41%..51%..61%..71%..81%..91%

__curthread () at /usr/src/sys/amd64/include/pcpu_aux.h:55
55              __asm("movq %%gs:%P1,%0" : "=3Dr" (td) : "n" (offsetof(stru=
ct
pcpu,
(kgdb) bt
#0  __curthread () at /usr/src/sys/amd64/include/pcpu_aux.h:55
#1  doadump (textdump=3D<optimized out>) at /usr/src/sys/kern/kern_shutdown=
.c:399
#2  0xffffffff805aca25 in kern_reboot (howto=3D260) at
/usr/src/sys/kern/kern_shutdown.c:486
#3  0xffffffff805ace96 in vpanic (fmt=3D0xffffffff808b9aee "%s", ap=3D<opti=
mized
out>) at /usr/src/sys/kern/kern_shutdown.c:919
#4  0xffffffff805acc93 in panic (fmt=3D<unavailable>) at
/usr/src/sys/kern/kern_shutdown.c:843
#5  0xffffffff80858b17 in trap_fatal (frame=3D0xfffffe0201d8da30, eva=3D24)=
 at
/usr/src/sys/amd64/amd64/trap.c:941
#6  0xffffffff80858b6f in trap_pfault (frame=3Dframe@entry=3D0xfffffe0201d8=
da30,
usermode=3Dfalse, signo=3D<optimized out>, signo@entry=3D0x0, ucode=3D<opti=
mized out>,
ucode@entry=3D0x0) at /usr/src/sys/amd64/amd64/trap.c:760
#7  0xffffffff8085820a in trap (frame=3D0xfffffe0201d8da30) at
/usr/src/sys/amd64/amd64/trap.c:438
#8  <signal handler called>
#9  rack_setup_offset_for_rsm (src_rsm=3D<optimized out>, rsm=3D0xfffff8056=
8cc88c0)
at /usr/src/sys/modules/tcp/rack/../../../netinet/tcp_stacks/rack.c:6050
#10 rack_proc_sack_blk (tp=3D<optimized out>, tp@entry=3D0xfffffe05926e8518,
rack=3Drack@entry=3D0xfffffe03d3606040, sack=3Dsack@entry=3D0xfffffe0201d8d=
c10,
to=3D<optimized out>, prsm=3D<optimized out>, prsm@entry=3D0xfffffe0201d8dc=
78,
cts=3Dcts@entry=3D2904271550, moved_two=3D0xfffffe0201d8dc94)
    at /usr/src/sys/modules/tcp/rack/../../../netinet/tcp_stacks/rack.c:8507
#11 0xffffffff8161508a in rack_log_ack (tp=3D<optimized out>,
tp@entry=3D0xfffffe05926e8518, to=3D<optimized out>, to@entry=3D0xfffffe020=
1d8e080,
th=3Dth@entry=3D0xfffff801e62bd47a, entered_recovery=3D0, dup_ack_struck=3D=
<optimized
out>) at /usr/src/sys/modules/tcp/rack/../../../netinet/tcp_stacks/rack.c:9=
325
#12 0xffffffff816130cc in rack_process_ack (m=3Dm@entry=3D0xfffff801e62bd40=
0,
th=3Dth@entry=3D0xfffff801e62bd47a, so=3Dso@entry=3D0xfffff8113b427000,
tp=3Dtp@entry=3D0xfffffe05926e8518, to=3Dto@entry=3D0xfffffe0201d8e080,
tiwin=3D<optimized out>, tlen=3D0, ofia=3D0x0, thflags=3D16,
ret_val=3D0xfffffe0201d8ded4)
    at /usr/src/sys/modules/tcp/rack/../../../netinet/tcp_stacks/rack.c:9830
#13 0xffffffff81610c8e in rack_do_established (m=3D0xfffff801e62bd400,
th=3D<optimized out>, so=3D0xfffff8113b427000, tp=3D0xfffffe05926e8518,
to=3D0xfffffe0201d8e080, drop_hdrlen=3D52, tlen=3D-748658560, tiwin=3D13132=
8,
thflags=3D0, nxt_pkt=3D1, iptos=3D0 '\000') at
/usr/src/sys/modules/tcp/rack/../../../netinet/tcp_stacks/rack.c:11346
#14 0xffffffff816073a4 in rack_do_segment_nounlock (m=3D0xfffff801e62bd400,
th=3D<optimized out>, so=3D0xfffff8113b427000, tp=3D0xfffffe05926e8518,
drop_hdrlen=3D780023670, tlen=3D<optimized out>, iptos=3D0 '\000', nxt_pkt=
=3D1,
tv=3D0xfffffe0201d8e128) at
/usr/src/sys/modules/tcp/rack/../../../netinet/tcp_stacks/rack.c:13986
#15 0xffffffff8161e13d in ctf_process_inbound_raw (tp=3D0xfffffe05926e8518,
so=3D0xfffff8113b427000, m=3D0xfffff801e62bd400, has_pkt=3D0) at
/usr/src/sys/modules/tcp/rack/../../../netinet/tcp_stacks/rack_bbr_common.c=
:502
#16 0xffffffff8161e576 in ctf_do_queued_segments (so=3D0x0, tp=3D<optimized=
 out>,
have_pkt=3D0) at
/usr/src/sys/modules/tcp/rack/../../../netinet/tcp_stacks/rack_bbr_common.c=
:538
#17 0xffffffff80716ca6 in tcp_lro_flush_tcphpts (lc=3D<optimized out>,
le=3D<optimized out>) at /usr/src/sys/netinet/tcp_lro.c:1328
#18 tcp_lro_flush (lc=3Dlc@entry=3D0xfffffe014d159a30, le=3D0xfffffe0150585=
690) at
/usr/src/sys/netinet/tcp_lro.c:1345
#19 0xffffffff80716f8b in tcp_lro_rx_done (lc=3D0xfffffe014d159a30) at
/usr/src/sys/netinet/tcp_lro.c:562
#20 tcp_lro_flush_all (lc=3Dlc@entry=3D0xfffffe014d159a30) at
/usr/src/sys/netinet/tcp_lro.c:1506
#21 0xffffffff806d1692 in iflib_rxeof (rxq=3D<optimized out>, budget=3D<opt=
imized
out>) at /usr/src/sys/net/iflib.c:3056
#22 _task_fn_rx (context=3D<optimized out>) at /usr/src/sys/net/iflib.c:3988
#23 0xffffffff805f67ed in gtaskqueue_run_locked
(queue=3Dqueue@entry=3D0xfffff80104ce1300) at
/usr/src/sys/kern/subr_gtaskqueue.c:371
#24 0xffffffff805f6453 in gtaskqueue_thread_loop (arg=3D<optimized out>,
arg@entry=3D0xfffffe014d8cd188) at /usr/src/sys/kern/subr_gtaskqueue.c:547
#25 0xffffffff8056cef9 in fork_exit (callout=3D0xffffffff805f6390
<gtaskqueue_thread_loop>, arg=3D0xfffffe014d8cd188, frame=3D0xfffffe0201d8e=
480) at
/usr/src/sys/kern/kern_fork.c:1083
#26 <signal handler called>
(kgdb)

--=20
You are receiving this mail because:
You are the assignee for the bug.=