[Bug 264534] [tcp] [ipv6] Panic: Fatal trap 12: page fault while in kernel mode in tcp_sack_output()
Date: Wed, 08 Jun 2022 09:21:01 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=264534
Bug ID: 264534
Summary: [tcp] [ipv6] Panic: Fatal trap 12: page fault while in
kernel mode in tcp_sack_output()
Product: Base System
Version: CURRENT
Hardware: arm64
OS: Any
Status: New
Severity: Affects Only Me
Priority: ---
Component: kern
Assignee: bugs@FreeBSD.org
Reporter: zarychtam@plan-b.pwste.edu.pl
Created attachment 234540
--> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=234540&action=edit
post mortem dump analysis
Not easily reproducible, ip6 related panic on the most recent CURRENT: FreeBSD
14.0-CURRENT #14 main-n256041-0a9541d9f34: Wed Jun 8 08:07:19 CEST 2022
Fatal trap 12: page fault while in kernel mode
cpuid = 3; apic id = 03
fault virtual address = 0x0
fault code = supervisor read data, page not present
instruction pointer = 0x20:0xffffffff80d991f0
stack pointer = 0x28:0xfffffe0080177680
frame pointer = 0x28:0xfffffe0080177690
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags = interrupt enabled, resume, IOPL = 0
current process = 0 (bge0 taskq)
trap number = 12
panic: page fault
cpuid = 3
time = 1654678074
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe0080177440
vpanic() at vpanic+0x151/frame 0xfffffe0080177490
panic() at panic+0x43/frame 0xfffffe00801774f0
trap_fatal() at trap_fatal+0x387/frame 0xfffffe0080177550
trap_pfault() at trap_pfault+0x4f/frame 0xfffffe00801775b0
calltrap() at calltrap+0x8/frame 0xfffffe00801775b0
--- trap 0xc, rip = 0xffffffff80d991f0, rsp = 0xfffffe0080177680, rbp =
0xfffffe0080177690 ---
tcp_sack_output() at tcp_sack_output+0x50/frame 0xfffffe0080177690
tcp_default_output() at tcp_default_output+0x2f6/frame 0xfffffe0080177860
tcp_output() at tcp_output+0x10/frame 0xfffffe0080177880
tcp_do_segment() at tcp_do_segment+0x2854/frame 0xfffffe0080177960
tcp_input_with_port() at tcp_input_with_port+0xc1e/frame 0xfffffe0080177ab0
tcp6_input_with_port() at tcp6_input_with_port+0x69/frame 0xfffffe0080177ae0
tcp6_input() at tcp6_input+0xb/frame 0xfffffe0080177af0
ip6_input() at ip6_input+0x96d/frame 0xfffffe0080177bd0
netisr_dispatch_src() at netisr_dispatch_src+0xb1/frame 0xfffffe0080177c20
ether_demux() at ether_demux+0x144/frame 0xfffffe0080177c50
ether_nh_input() at ether_nh_input+0x349/frame 0xfffffe0080177cb0
netisr_dispatch_src() at netisr_dispatch_src+0xb1/frame 0xfffffe0080177d00
ether_input() at ether_input+0x69/frame 0xfffffe0080177d60
if_input() at if_input+0xa/frame 0xfffffe0080177d70
bge_rxeof() at bge_rxeof+0x4ad/frame 0xfffffe0080177df0
bge_intr_task() at bge_intr_task+0x1ae/frame 0xfffffe0080177e40
taskqueue_run_locked() at taskqueue_run_locked+0x181/frame 0xfffffe0080177ec0
taskqueue_thread_loop() at taskqueue_thread_loop+0xc3/frame 0xfffffe0080177ef0
fork_exit() at fork_exit+0x7d/frame 0xfffffe0080177f30
fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe0080177f30
--- trap 0xa853fc8, rip = 0x15ff0a853ff0, rsp = 0xfff8800001049658, rbp =
0xfff8800000248041 ---
KDB: enter: panic
__curthread () at /usr/src/sys/amd64/include/pcpu_aux.h:55
55 /usr/src/sys/amd64/include/pcpu_aux.h: No such file or directory.
(kgdb) #0 __curthread () at /usr/src/sys/amd64/include/pcpu_aux.h:55
#1 dump_savectx () at /usr/src/sys/kern/kern_shutdown.c:401
#2 0xffffffff80bc75b8 in dumpsys (di=0x0)
at /usr/src/sys/x86/include/dump.h:87
#3 doadump (textdump=textdump@entry=0)
at /usr/src/sys/kern/kern_shutdown.c:430
#4 0xffffffff804a94ca in db_dump (dummy=<optimized out>,
dummy2=<unavailable>, dummy3=<unavailable>, dummy4=<unavailable>)
at /usr/src/sys/ddb/db_command.c:575
#5 0xffffffff804a9382 in db_command (last_cmdp=<optimized out>,
cmd_table=<optimized out>, dopager=dopager@entry=1)
at /usr/src/sys/ddb/db_command.c:482
#6 0xffffffff804a8fdd in db_command_loop ()
at /usr/src/sys/ddb/db_command.c:535
#7 0xffffffff804ac898 in db_trap (type=<optimized out>, code=<optimized out>)
at /usr/src/sys/ddb/db_main.c:270
#8 0xffffffff80c15cda in kdb_trap (type=type@entry=3, code=code@entry=0,
tf=tf@entry=0xfffffe0080177380) at /usr/src/sys/kern/subr_kdb.c:734
#9 0xffffffff8106e8c6 in trap (frame=0xfffffe0080177380)
at /usr/src/sys/amd64/amd64/trap.c:609
#10 <signal handler called>
#11 kdb_enter (why=<optimized out>, msg=<optimized out>)
at /usr/src/sys/kern/subr_kdb.c:507
#12 0xffffffff80bc77b2 in vpanic (fmt=<optimized out>,
ap=ap@entry=0xfffffe00801774d0) at /usr/src/sys/kern/kern_shutdown.c:963
#13 0xffffffff80bc7623 in panic (
fmt=0xffffffff818e8a08 <vt_conswindow+16> "\224\220%\201\377\377\377\377")
at /usr/src/sys/kern/kern_shutdown.c:899
#14 0xffffffff8106ed07 in trap_fatal (frame=0xfffffe00801775c0, eva=0)
at /usr/src/sys/amd64/amd64/trap.c:942
#15 0xffffffff8106ed5f in trap_pfault (frame=0xfffffe00801775c0,
usermode=false, signo=<optimized out>, ucode=<optimized out>)
at /usr/src/sys/amd64/amd64/trap.c:761
#16 <signal handler called>
#17 tcp_sack_output (tp=tp@entry=0xfffffe00c38e2140,
sack_bytes_rexmt=sack_bytes_rexmt@entry=0xfffffe008017777c)
at /usr/src/sys/netinet/tcp_sack.c:974
#18 0xffffffff80d8ef56 in tcp_default_output (tp=0xfffffe00c38e2140)
at /usr/src/sys/netinet/tcp_output.c:310
#19 0xffffffff80d87ad0 in tcp_output (tp=tp@entry=0xfffffe00c38e2140)
at /usr/src/sys/netinet/tcp_var.h:407
#20 0xffffffff80d87034 in tcp_do_segment (m=0xfffff8001ea87000,
th=0xfffff8001ecc9838, so=0xfffff8001e3d0780, tp=0xfffffe00c38e2140,
drop_hdrlen=84, tlen=<optimized out>, iptos=0 '\000')
at /usr/src/sys/netinet/tcp_input.c:2672
#21 0xffffffff80d83b1e in tcp_input_with_port (
mp=mp@entry=0xfffffe0080177b38, offp=offp@entry=0xfffffe0080177b30,
proto=<optimized out>, port=0) at /usr/src/sys/netinet/tcp_input.c:1397
#22 0xffffffff80d82e99 in tcp6_input_with_port (mp=0xfffffe0080177b38,
offp=0xfffffe0080177b30, proto=<optimized out>, port=port@entry=0)
at /usr/src/sys/netinet/tcp_input.c:596
#23 0xffffffff80d842fb in tcp6_input (mp=0xfffffe00c38e2140,
offp=0xfffffe008017777c, proto=64260)
at /usr/src/sys/netinet/tcp_input.c:603
#24 0xffffffff80dcb97d in ip6_input (m=0x0)
at /usr/src/sys/netinet6/ip6_input.c:944
#25 0xffffffff80d05111 in netisr_dispatch_src (proto=6,
source=source@entry=0, m=0xfffff8001ea87000)
at /usr/src/sys/net/netisr.c:1153
#26 0xffffffff80d054cf in netisr_dispatch (proto=3280871744, m=0xfb04)
at /usr/src/sys/net/netisr.c:1244
#27 0xffffffff80ce8eb4 in ether_demux (ifp=ifp@entry=0xfffff800037ff800,
m=0xfffffe008017777c) at /usr/src/sys/net/if_ethersubr.c:925
#28 0xffffffff80cea1c9 in ether_input_internal (ifp=0xfffff800037ff800,
m=0xfffffe008017777c) at /usr/src/sys/net/if_ethersubr.c:711
#29 ether_nh_input (m=<optimized out>) at /usr/src/sys/net/if_ethersubr.c:741
#30 0xffffffff80d05111 in netisr_dispatch_src (proto=proto@entry=5,
source=source@entry=0, m=m@entry=0xfffff8001ea87000)
at /usr/src/sys/net/netisr.c:1153
#31 0xffffffff80d054cf in netisr_dispatch (proto=3280871744, proto@entry=5,
m=0xfb04, m@entry=0xfffff8001ea87000) at /usr/src/sys/net/netisr.c:1244
#32 0xffffffff80ce92d9 in ether_input (ifp=<optimized out>,
m=0xfffff8001ea87000) at /usr/src/sys/net/if_ethersubr.c:832
#33 0xffffffff80ce59ba in if_input (ifp=0xfffffe00c38e2140,
ifp@entry=0xfffff800037ff800, sendmp=0xfffffe008017777c,
sendmp@entry=0xfffff8001ea87000) at /usr/src/sys/net/if.c:4564
#34 0xffffffff805e358d in bge_rxeof (sc=sc@entry=0xfffffe0080955000,
rx_prod=rx_prod@entry=368, holdlck=holdlck@entry=0)
at /usr/src/sys/dev/bge/if_bge.c:4410
#35 0xffffffff805e09be in bge_intr_task (arg=0xfffffe0080955000,
pending=<optimized out>) at /usr/src/sys/dev/bge/if_bge.c:4640
#36 0xffffffff80c2abe1 in taskqueue_run_locked (
queue=queue@entry=0xfffff800037f6e00)
at /usr/src/sys/kern/subr_taskqueue.c:514
#37 0xffffffff80c2bea3 in taskqueue_thread_loop (
arg=arg@entry=0xfffffe008095c568)
at /usr/src/sys/kern/subr_taskqueue.c:826
#38 0xffffffff80b8289d in fork_exit (
callout=0xffffffff80c2bde0 <taskqueue_thread_loop>,
arg=0xfffffe008095c568, frame=0xfffffe0080177f40)
at /usr/src/sys/kern/kern_fork.c:1102
#39 <signal handler called>
#40 0x000015ff0a853ff0 in ?? ()
Backtrace stopped: Cannot access memory at address 0xfff8800001049658
--
You are receiving this mail because:
You are the assignee for the bug.