Re: Panic after update main-n269202-4e7aa03b7076 -> n269230-f6f67f58c19d
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Tue, 09 Apr 2024 17:59:08 UTC
Cy Schubert writes:
> In message <ZhV2Ii4E3H5erfjk@cell.glebi.us>, Gleb Smirnoff writes:
> > On Tue, Apr 09, 2024 at 07:02:11PM +0200, FreeBSD User wrote:
> > F> The crash is still present on the most recent checked out sources as of
> mi
> > nutes ago.
> > F> I just checked out on HEAD the latest commits (see below, just for the r
> ec
> > ord and to prevent
> > F> being wrong here).
> > F>
> > F> [...]
> > F> commit 841cf52595b6a6b98e266b63e54a7cf6fb6ca73e (HEAD -> main, origin/ma
> in
> > , origin/HEAD)
> >
> > Is the crash same or different? Can you please share backtrace?
>
> The new panic is:
>
> Fatal trap 12: page fault while in kernel mode
> cpuid = 3; apic id = 03
> fault virtual address = 0x28
> fault code = supervisor read data, page not present
> instruction pointer = 0x20:0xffffffff80729d8d
> stack pointer = 0x28:0xfffffe00b59c0a70
> frame pointer = 0x28:0xfffffe00b59c0aa0
> code segment = base 0x0, limit 0xfffff, type 0x1b
> = DPL 0, pres 1, long 1, def32 0, gran 1
> processor eflags = interrupt enabled, resume, IOPL = 0
> current process = 2697 (rpcbind)
> rdi: fffff80004fcd720 rsi: 0000000000000000 rdx: fffffe00b59c0b68
> rcx: 0000000000000000 r8: 0000000000000001 r9: 000000003b9ac9e0
> rax: 000000003b9aca00 rbx: fffffe00b59c0b68 rbp: fffffe00b59c0aa0
> r10: 0000000000000020 r11: 00000000ffffffff r12: 0000000000000000
> r13: 0000000000000020 r14: 0000000000000020 r15: fffff80004fcd720
> trap number = 12
> panic: page fault
> cpuid = 3
> time = 1712682162
> KDB: stack backtrace:
> db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame
> 0xfffffe00b59c0760
> vpanic() at vpanic+0x135/frame 0xfffffe00b59c0890
> panic() at panic+0x43/frame 0xfffffe00b59c08f0
> trap_fatal() at trap_fatal+0x40b/frame 0xfffffe00b59c0950
> trap_pfault() at trap_pfault+0x46/frame 0xfffffe00b59c09a0
> calltrap() at calltrap+0x8/frame 0xfffffe00b59c09a0
> --- trap 0xc, rip = 0xffffffff80729d8d, rsp = 0xfffffe00b59c0a70, rbp =
> 0xfffffe00b59c0aa0 ---
> uiomove_faultflag() at uiomove_faultflag+0x9d/frame 0xfffffe00b59c0aa0
> uipc_soreceive_stream_or_seqpacket() at uipc_soreceive_stream_or_seqpacket+0
> x38c/frame 0xfffffe00b59c0b30
> soreceive() at soreceive+0x2f/frame 0xfffffe00b59c0b50
> clnt_vc_soupcall() at clnt_vc_soupcall+0x139/frame 0xfffffe00b59c0c00
> sorwakeup_locked() at sorwakeup_locked+0x98/frame 0xfffffe00b59c0c20
> uipc_sosend_stream_or_seqpacket() at uipc_sosend_stream_or_seqpacket+0x58e/f
> rame 0xfffffe00b59c0ce0
> sousrsend() at sousrsend+0x5f/frame 0xfffffe00b59c0d40
> dofilewrite() at dofilewrite+0x7f/frame 0xfffffe00b59c0d90
> sys_write() at sys_write+0xb3/frame 0xfffffe00b59c0e00
> amd64_syscall() at amd64_syscall+0x115/frame 0xfffffe00b59c0f30
> fast_syscall_common() at fast_syscall_common+0xf8/frame 0xfffffe00b59c0f30
> --- syscall (4, FreeBSD ELF64, write), rip = 0x1d82f79281a, rsp =
> 0x1d82c63be78, rbp = 0x1d82c63bee0 ---
> Uptime: 39s
> Dumping 515 out of 7969 MB:..4%..13%..22%..32%..41%..53%..63%..72%..81%..91%
>
> (kgdb) bt
> #0 __curthread () at /opt/src/git-src/sys/amd64/include/pcpu_aux.h:57
> #1 doadump (textdump=textdump@entry=1) at /opt/src/git-src/sys/kern/kern_sh
> utdown.c:404
> #2 0xffffffff806bd7d9 in kern_reboot (howto=260) at
> /opt/src/git-src/sys/kern/kern_shutdown.c:524
> #3 0xffffffff806bdcf2 in vpanic (fmt=0xffffffff80ae0f0d "%s",
> ap=ap@entry=0xfffffe00b59c08d0) at /opt/src/git-src/sys/kern/kern_shutdown.c
> :976
> #4 0xffffffff806bdb43 in panic (fmt=<unavailable>) at
> /opt/src/git-src/sys/kern/kern_shutdown.c:892
> #5 0xffffffff80a597fb in trap_fatal (frame=0xfffffe00b59c09b0, eva=40) at
> /opt/src/git-src/sys/amd64/amd64/trap.c:950
> #6 0xffffffff80a59846 in trap_pfault (frame=<unavailable>, usermode=false,
> signo=<optimized out>, ucode=<optimized out>) at /opt/src/git-src/sys/amd64/
> amd64/trap.c:758
> #7 <signal handler called>
> #8 uiomove_faultflag (cp=0xfffff80004fcd720, n=32,
> uio=uio@entry=0xfffffe00b59c0b68, nofault=nofault@entry=0) at
> /opt/src/git-src/sys/kern/subr_uio.c:240
> #9 0xffffffff80729ce9 in uiomove (cp=0xfffff80004fcd720, n=0,
> uio=uio@entry=0xfffffe00b59c0b68) at /opt/src/git-src/sys/kern/subr_uio.c:19
> 3
> #10 0xffffffff80774f1c in uipc_soreceive_stream_or_seqpacket
> (so=0xfffff800361f4000, psa=<optimized out>, uio=0xfffffe00b59c0b68,
> mp0=<optimized out>, controlp=0xfffffe00b59c0bc0, flagsp=0xfffffe00b59c0ba8)
> at /opt/src/git-src/sys/kern/uipc_usrreq.c:1420
> #11 0xffffffff8076d4ff in soreceive (so=0xfffff80004fcd720,
> so@entry=0xfffff800361f4000, psa=psa@entry=0x0, uio=uio@entry=0xfffffe00b59c
> 0b68, mp0=0x0, mp0@entry=0xfffffe00b59c0bb8, controlp=0x1,
> controlp@entry=0xfffffe00b59c0bc0, flagsp=0x3b9ac9e0,
> flagsp@entry=0xfffffe00b59c0ba8) at /opt/src/git-src/sys/kern/uipc_socke
> t.c:2965
> #12 0xffffffff80917719 in clnt_vc_soupcall (so=0xfffff800361f4000,
> arg=0xfffff80036191c00, waitflag=<optimized out>) at
> /opt/src/git-src/sys/rpc/clnt_vc.c:991
> #13 0xffffffff80765338 in sowakeup (so=0xfffff800361f4000, which=SO_RCV) at
> /opt/src/git-src/sys/kern/uipc_sockbuf.c:493
> #14 sorwakeup_locked (so=so@entry=0xfffff800361f4000) at
> /opt/src/git-src/sys/kern/uipc_sockbuf.c:526
> #15 0xffffffff807758ae in uipc_sosend_stream_or_seqpacket
> (so=0xfffff800361e4b40, addr=<optimized out>, uio=0xfffffe00b59c0da8,
> m=<optimized out>, c=<optimized out>, flags=<optimized out>,
> td=0xfffff8001e73e000) at /opt/src/git-src/sys/kern/uipc_usrreq.c:1154
> #16 0xffffffff8076b2cf in sousrsend (so=0xfffff80004fcd720, addr=0x0,
> uio=0xfffffe00b59c0b68, control=0x1, flags=0, userproc=0x0) at
> /opt/src/git-src/sys/kern/uipc_socket.c:1941
> #17 0xffffffff8073106f in fo_write (fp=0xfffff800092800a0,
> uio=0xfffffe00b59c0da8, active_cred=0xfffffe00b59c0b68,
> td=0xfffff8001e73e000, flags=<optimized out>) at /opt/src/git-src/sys/sys/fi
> le.h:352
> #18 dofilewrite (td=td@entry=0xfffff8001e73e000, fd=fd@entry=14,
> fp=0xfffff800092800a0, auio=auio@entry=0xfffffe00b59c0da8,
> offset=offset@entry=-1, flags=flags@entry=0) at /opt/src/git-src/sys/kern/sy
> s_generic.c:562
> #19 0xffffffff80730c23 in kern_writev (td=0xfffff8001e73e000, fd=14,
> auio=0xfffffe00b59c0da8) at /opt/src/git-src/sys/kern/sys_generic.c:489
> #20 sys_write (td=0xfffff8001e73e000, uap=<optimized out>) at
> /opt/src/git-src/sys/kern/sys_generic.c:404
> #21 0xffffffff80a5a0b5 in syscallenter (td=0xfffff8001e73e000) at
> /opt/src/git-src/sys/amd64/amd64/../../kern/subr_syscall.c:189
> #22 amd64_syscall (td=0xfffff8001e73e000, traced=0) at
> /opt/src/git-src/sys/amd64/amd64/trap.c:1192
> #23 <signal handler called>
> #24 0x000001d82f79281a in ?? ()
> Backtrace stopped: Cannot access memory at address 0x1d82c63be78
> (kgdb) frame 8
> #8 uiomove_faultflag (cp=0xfffff80004fcd720, n=32,
> uio=uio@entry=0xfffffe00b59c0b68, nofault=nofault@entry=0) at
> /opt/src/git-src/sys/kern/subr_uio.c:240
> 240 cnt = iov->iov_len;
> (kgdb) p *iov
> Cannot access memory at address 0x20
> (kgdb) l
> 235 while (n > 0 && uio->uio_resid) {
> 236 KASSERT(uio->uio_iovcnt > 0,
> 237 ("%s: uio %p iovcnt underflow", __func__, uio));
> 238
> 239 iov = uio->uio_iov;
> 240 cnt = iov->iov_len;
> 241 if (cnt == 0) {
> 242 uio->uio_iov++;
> 243 uio->uio_iovcnt--;
> 244 continue;
> (kgdb) p *uio
> $1 = {uio_iov = 0x20, uio_iovcnt = 0, uio_offset = 0, uio_resid =
> 1000000000, uio_segflg = (unknown: 0x80696078), uio_rw = (UIO_WRITE |
> unknown: 0xfffffffe), uio_td = 0xfffff8001e73e000}
> (kgdb)
uio_iov contains 0x20 at frame 12. Is it because send buffer is now
bypassed, not initializing uio_iov?
--
Cheers,
Cy Schubert <Cy.Schubert@cschubert.com>
FreeBSD UNIX: <cy@FreeBSD.org> Web: https://FreeBSD.org
NTP: <cy@nwtime.org> Web: https://nwtime.org
e^(i*pi)+1=0