From nobody Wed Jun 08 09:21:01 2022 X-Original-To: bugs@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 3892D83F1C3 for ; Wed, 8 Jun 2022 09:21:02 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4LJ1tP6VWjz4lHH for ; Wed, 8 Jun 2022 09:21:01 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id C03864F90 for ; Wed, 8 Jun 2022 09:21:01 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 2589L1eR035708 for ; Wed, 8 Jun 2022 09:21:01 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 2589L1E9035707 for bugs@FreeBSD.org; Wed, 8 Jun 2022 09:21:01 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 264534] [tcp] [ipv6] Panic: Fatal trap 12: page fault while in kernel mode in tcp_sack_output() Date: Wed, 08 Jun 2022 09:21:01 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: CURRENT X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: zarychtam@plan-b.pwste.edu.pl X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: bugs@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform op_sys bug_status bug_severity priority component assigned_to reporter attachments.created Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Bug reports List-Archive: https://lists.freebsd.org/archives/freebsd-bugs List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-bugs@freebsd.org MIME-Version: 1.0 ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1654680061; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=TpRzaMNfr0pCTX1REx6spsX/wrzvqzMyPBGPJY/GJFE=; b=dmCQ33ESuY8bypXSVwtekGuv/7i+mRO4G+C3e4UwXQnvjcTLwJYEe1u6oCErUqERWqFhgv VtXiI3fPfFOHVEy78FT6UVP5LrdLh1OtyBjGLLYPeBPuztECRwfaH5tcv4AHjJ0wodou1w KGHFztNXHu86+3w9mqUMF7xbioOyD9Vc1zhS1rcPtGP/pminy8pWmKw+g6hzjNqOPuk2wD sJ6wSIgXRzY2erlZqq2XGQoSzasA6A05LBzQGAKCototBoXEOnJYN5fRI5eazZEhz08yeC 4s1CF/uZfQLjXbjDD1Q1Q9a6/5yB3lCPqDUS+8B/7t15RCbqZoKcCVL98NkUSg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1654680061; a=rsa-sha256; cv=none; b=u3JRLb1N0xBTC+ohNRycuEds0nI0qv2QJtPQmPapo1RTeU/PhmnGiVI2mGyI+aizNiPLSD 8kBT55wtgoTuoqAalgFh5rOVixHK7QUaZGsrkt0r2ysK6KhugAX7E1KrVevOrXtcxnOCwa X7yTbyPDMt83CIsGlUuCgRYkjCoEX2pP6NoEltjauUHO6xd/SWG5TjymcThiBwkLI/E84V GcfRWRD954MgfQx7/W1CIuKpy3BT8Cr1YohMmS6LmaCujzNoWsLleHOkZnPR/7laIhPOLI mIxercn/BBTSFm/D6lE2eID0h7t6gydFh9XhoDN1vWLVsyAWNC+mpxBNI4f8Tw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D264534 Bug ID: 264534 Summary: [tcp] [ipv6] Panic: Fatal trap 12: page fault while in kernel mode in tcp_sack_output() Product: Base System Version: CURRENT Hardware: arm64 OS: Any Status: New Severity: Affects Only Me Priority: --- Component: kern Assignee: bugs@FreeBSD.org Reporter: zarychtam@plan-b.pwste.edu.pl Created attachment 234540 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D234540&action= =3Dedit post mortem dump analysis Not easily reproducible, ip6 related panic on the most recent CURRENT: Free= BSD 14.0-CURRENT #14 main-n256041-0a9541d9f34: Wed Jun 8 08:07:19 CEST 2022 Fatal trap 12: page fault while in kernel mode cpuid =3D 3; apic id =3D 03 fault virtual address =3D 0x0 fault code =3D supervisor read data, page not present instruction pointer =3D 0x20:0xffffffff80d991f0 stack pointer =3D 0x28:0xfffffe0080177680 frame pointer =3D 0x28:0xfffffe0080177690 code segment =3D base 0x0, limit 0xfffff, type 0x1b =3D DPL 0, pres 1, long 1, def32 0, gran 1 processor eflags =3D interrupt enabled, resume, IOPL =3D 0 current process =3D 0 (bge0 taskq) trap number =3D 12 panic: page fault cpuid =3D 3 time =3D 1654678074 KDB: stack backtrace: db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe0080177= 440 vpanic() at vpanic+0x151/frame 0xfffffe0080177490 panic() at panic+0x43/frame 0xfffffe00801774f0 trap_fatal() at trap_fatal+0x387/frame 0xfffffe0080177550 trap_pfault() at trap_pfault+0x4f/frame 0xfffffe00801775b0 calltrap() at calltrap+0x8/frame 0xfffffe00801775b0 --- trap 0xc, rip =3D 0xffffffff80d991f0, rsp =3D 0xfffffe0080177680, rbp = =3D 0xfffffe0080177690 --- tcp_sack_output() at tcp_sack_output+0x50/frame 0xfffffe0080177690 tcp_default_output() at tcp_default_output+0x2f6/frame 0xfffffe0080177860 tcp_output() at tcp_output+0x10/frame 0xfffffe0080177880 tcp_do_segment() at tcp_do_segment+0x2854/frame 0xfffffe0080177960 tcp_input_with_port() at tcp_input_with_port+0xc1e/frame 0xfffffe0080177ab0 tcp6_input_with_port() at tcp6_input_with_port+0x69/frame 0xfffffe0080177ae0 tcp6_input() at tcp6_input+0xb/frame 0xfffffe0080177af0 ip6_input() at ip6_input+0x96d/frame 0xfffffe0080177bd0 netisr_dispatch_src() at netisr_dispatch_src+0xb1/frame 0xfffffe0080177c20 ether_demux() at ether_demux+0x144/frame 0xfffffe0080177c50 ether_nh_input() at ether_nh_input+0x349/frame 0xfffffe0080177cb0 netisr_dispatch_src() at netisr_dispatch_src+0xb1/frame 0xfffffe0080177d00 ether_input() at ether_input+0x69/frame 0xfffffe0080177d60 if_input() at if_input+0xa/frame 0xfffffe0080177d70 bge_rxeof() at bge_rxeof+0x4ad/frame 0xfffffe0080177df0 bge_intr_task() at bge_intr_task+0x1ae/frame 0xfffffe0080177e40 taskqueue_run_locked() at taskqueue_run_locked+0x181/frame 0xfffffe0080177e= c0 taskqueue_thread_loop() at taskqueue_thread_loop+0xc3/frame 0xfffffe0080177= ef0 fork_exit() at fork_exit+0x7d/frame 0xfffffe0080177f30 fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe0080177f30 --- trap 0xa853fc8, rip =3D 0x15ff0a853ff0, rsp =3D 0xfff8800001049658, rbp= =3D 0xfff8800000248041 --- KDB: enter: panic __curthread () at /usr/src/sys/amd64/include/pcpu_aux.h:55 55 /usr/src/sys/amd64/include/pcpu_aux.h: No such file or directory. (kgdb) #0 __curthread () at /usr/src/sys/amd64/include/pcpu_aux.h:55 #1 dump_savectx () at /usr/src/sys/kern/kern_shutdown.c:401 #2 0xffffffff80bc75b8 in dumpsys (di=3D0x0) at /usr/src/sys/x86/include/dump.h:87 #3 doadump (textdump=3Dtextdump@entry=3D0) at /usr/src/sys/kern/kern_shutdown.c:430 #4 0xffffffff804a94ca in db_dump (dummy=3D,=20 dummy2=3D, dummy3=3D, dummy4=3D) at /usr/src/sys/ddb/db_command.c:575 #5 0xffffffff804a9382 in db_command (last_cmdp=3D,=20 cmd_table=3D, dopager=3Ddopager@entry=3D1) at /usr/src/sys/ddb/db_command.c:482 #6 0xffffffff804a8fdd in db_command_loop () at /usr/src/sys/ddb/db_command.c:535 #7 0xffffffff804ac898 in db_trap (type=3D, code=3D) at /usr/src/sys/ddb/db_main.c:270 #8 0xffffffff80c15cda in kdb_trap (type=3Dtype@entry=3D3, code=3Dcode@entr= y=3D0,=20 tf=3Dtf@entry=3D0xfffffe0080177380) at /usr/src/sys/kern/subr_kdb.c:734 #9 0xffffffff8106e8c6 in trap (frame=3D0xfffffe0080177380) at /usr/src/sys/amd64/amd64/trap.c:609 #10 #11 kdb_enter (why=3D, msg=3D) at /usr/src/sys/kern/subr_kdb.c:507 #12 0xffffffff80bc77b2 in vpanic (fmt=3D,=20 ap=3Dap@entry=3D0xfffffe00801774d0) at /usr/src/sys/kern/kern_shutdown.= c:963 #13 0xffffffff80bc7623 in panic ( fmt=3D0xffffffff818e8a08 "\224\220%\201\377\377\377\= 377") at /usr/src/sys/kern/kern_shutdown.c:899 #14 0xffffffff8106ed07 in trap_fatal (frame=3D0xfffffe00801775c0, eva=3D0) at /usr/src/sys/amd64/amd64/trap.c:942 #15 0xffffffff8106ed5f in trap_pfault (frame=3D0xfffffe00801775c0,=20 usermode=3Dfalse, signo=3D, ucode=3D) at /usr/src/sys/amd64/amd64/trap.c:761 #16 #17 tcp_sack_output (tp=3Dtp@entry=3D0xfffffe00c38e2140,=20 sack_bytes_rexmt=3Dsack_bytes_rexmt@entry=3D0xfffffe008017777c) at /usr/src/sys/netinet/tcp_sack.c:974 #18 0xffffffff80d8ef56 in tcp_default_output (tp=3D0xfffffe00c38e2140) at /usr/src/sys/netinet/tcp_output.c:310 #19 0xffffffff80d87ad0 in tcp_output (tp=3Dtp@entry=3D0xfffffe00c38e2140) at /usr/src/sys/netinet/tcp_var.h:407 #20 0xffffffff80d87034 in tcp_do_segment (m=3D0xfffff8001ea87000,=20 th=3D0xfffff8001ecc9838, so=3D0xfffff8001e3d0780, tp=3D0xfffffe00c38e21= 40,=20 drop_hdrlen=3D84, tlen=3D, iptos=3D0 '\000') at /usr/src/sys/netinet/tcp_input.c:2672 #21 0xffffffff80d83b1e in tcp_input_with_port ( mp=3Dmp@entry=3D0xfffffe0080177b38, offp=3Doffp@entry=3D0xfffffe0080177= b30,=20 proto=3D, port=3D0) at /usr/src/sys/netinet/tcp_input.c:= 1397 #22 0xffffffff80d82e99 in tcp6_input_with_port (mp=3D0xfffffe0080177b38,=20 offp=3D0xfffffe0080177b30, proto=3D, port=3Dport@entry= =3D0) at /usr/src/sys/netinet/tcp_input.c:596 #23 0xffffffff80d842fb in tcp6_input (mp=3D0xfffffe00c38e2140,=20 offp=3D0xfffffe008017777c, proto=3D64260) at /usr/src/sys/netinet/tcp_input.c:603 #24 0xffffffff80dcb97d in ip6_input (m=3D0x0) at /usr/src/sys/netinet6/ip6_input.c:944 #25 0xffffffff80d05111 in netisr_dispatch_src (proto=3D6,=20 source=3Dsource@entry=3D0, m=3D0xfffff8001ea87000) at /usr/src/sys/net/netisr.c:1153 #26 0xffffffff80d054cf in netisr_dispatch (proto=3D3280871744, m=3D0xfb04) at /usr/src/sys/net/netisr.c:1244 #27 0xffffffff80ce8eb4 in ether_demux (ifp=3Difp@entry=3D0xfffff800037ff800= ,=20 m=3D0xfffffe008017777c) at /usr/src/sys/net/if_ethersubr.c:925 #28 0xffffffff80cea1c9 in ether_input_internal (ifp=3D0xfffff800037ff800,=20 m=3D0xfffffe008017777c) at /usr/src/sys/net/if_ethersubr.c:711 #29 ether_nh_input (m=3D) at /usr/src/sys/net/if_ethersubr.c= :741 #30 0xffffffff80d05111 in netisr_dispatch_src (proto=3Dproto@entry=3D5,=20 source=3Dsource@entry=3D0, m=3Dm@entry=3D0xfffff8001ea87000) at /usr/src/sys/net/netisr.c:1153 #31 0xffffffff80d054cf in netisr_dispatch (proto=3D3280871744, proto@entry= =3D5,=20 m=3D0xfb04, m@entry=3D0xfffff8001ea87000) at /usr/src/sys/net/netisr.c:= 1244 #32 0xffffffff80ce92d9 in ether_input (ifp=3D,=20 m=3D0xfffff8001ea87000) at /usr/src/sys/net/if_ethersubr.c:832 #33 0xffffffff80ce59ba in if_input (ifp=3D0xfffffe00c38e2140,=20 ifp@entry=3D0xfffff800037ff800, sendmp=3D0xfffffe008017777c,=20 sendmp@entry=3D0xfffff8001ea87000) at /usr/src/sys/net/if.c:4564 #34 0xffffffff805e358d in bge_rxeof (sc=3Dsc@entry=3D0xfffffe0080955000,=20 rx_prod=3Drx_prod@entry=3D368, holdlck=3Dholdlck@entry=3D0) at /usr/src/sys/dev/bge/if_bge.c:4410 #35 0xffffffff805e09be in bge_intr_task (arg=3D0xfffffe0080955000,=20 pending=3D) at /usr/src/sys/dev/bge/if_bge.c:4640 #36 0xffffffff80c2abe1 in taskqueue_run_locked ( queue=3Dqueue@entry=3D0xfffff800037f6e00) at /usr/src/sys/kern/subr_taskqueue.c:514 #37 0xffffffff80c2bea3 in taskqueue_thread_loop ( arg=3Darg@entry=3D0xfffffe008095c568) at /usr/src/sys/kern/subr_taskqueue.c:826 #38 0xffffffff80b8289d in fork_exit ( callout=3D0xffffffff80c2bde0 ,=20 arg=3D0xfffffe008095c568, frame=3D0xfffffe0080177f40) at /usr/src/sys/kern/kern_fork.c:1102 #39 #40 0x000015ff0a853ff0 in ?? () Backtrace stopped: Cannot access memory at address 0xfff8800001049658 --=20 You are receiving this mail because: You are the assignee for the bug.=