[Bug 264257] [tcp] Panic: Fatal trap 12: page fault while in kernel mode (if_io_tqg_4) - m_copydata ... at /usr/src/sys/kern/uipc_mbuf.c:659

From: <bugzilla-noreply_at_freebsd.org>
Date: Sat, 11 Jun 2022 21:17:37 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=264257

--- Comment #36 from Christos Chatzaras <chris@cretaforce.gr> ---
Today I had a kernel panic in a server. Is it possible the same bug?


Fatal trap 12: page fault while in kernel mode
cpuid = 7; apic id = 07
fault virtual address   = 0x18
fault code              = supervisor read data, page not present
instruction pointer     = 0x20:0xffffffff80cae31d
stack pointer           = 0x28:0xfffffe00e00445f0
frame pointer           = 0x28:0xfffffe00e0044660
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 0 (if_io_tqg_7)
trap number             = 12
panic: page fault
cpuid = 7
time = 1654981222
KDB: stack backtrace:
#0 0xffffffff80c69465 at kdb_backtrace+0x65
#1 0xffffffff80c1bb1f at vpanic+0x17f
#2 0xffffffff80c1b993 at panic+0x43
#3 0xffffffff810afdf5 at trap_fatal+0x385
#4 0xffffffff810afe4f at trap_pfault+0x4f
#5 0xffffffff81087528 at calltrap+0x8
#6 0xffffffff80de07c9 at tcp_output+0x1339
#7 0xffffffff80dd7eed at tcp_do_segment+0x2cfd
#8 0xffffffff80dd44b1 at tcp_input_with_port+0xb61
#9 0xffffffff80dd515b at tcp_input+0xb
#10 0xffffffff80dc691f at ip_input+0x11f
#11 0xffffffff80d53089 at netisr_dispatch_src+0xb9
#12 0xffffffff80d36ea8 at ether_demux+0x138
#13 0xffffffff80d38235 at ether_nh_input+0x355
#14 0xffffffff80d53089 at netisr_dispatch_src+0xb9
#15 0xffffffff80d372d9 at ether_input+0x69
#16 0xffffffff80ddd9f4 at tcp_lro_flush+0x2f4
#17 0xffffffff80dddd3b at tcp_lro_flush_all+0x1bb
Uptime: 20d1h1m33s
Dumping 2502 out of 32501 MB:..1%..11%..21%..31%..41%..51%..61%..71%..81%..91%

__curthread () at /usr/src/sys/amd64/include/pcpu_aux.h:55
warning: Source file is more recent than executable.
55              __asm("movq %%gs:%P1,%0" : "=r" (td) : "n" (offsetof(struct
pcpu,
(kgdb) #0  __curthread () at /usr/src/sys/amd64/include/pcpu_aux.h:55
#1  doadump (textdump=<optimized out>)
    at /usr/src/sys/kern/kern_shutdown.c:399
#2  0xffffffff80c1b71c in kern_reboot (howto=260)
    at /usr/src/sys/kern/kern_shutdown.c:487
#3  0xffffffff80c1bb8e in vpanic (fmt=0xffffffff811b4fb9 "%s", 
    ap=<optimized out>) at /usr/src/sys/kern/kern_shutdown.c:920
#4  0xffffffff80c1b993 in panic (fmt=<unavailable>)
    at /usr/src/sys/kern/kern_shutdown.c:844
#5  0xffffffff810afdf5 in trap_fatal (frame=0xfffffe00e0044530, eva=24)
    at /usr/src/sys/amd64/amd64/trap.c:944
#6  0xffffffff810afe4f in trap_pfault (frame=0xfffffe00e0044530, 
    usermode=false, signo=<optimized out>, ucode=<optimized out>)
    at /usr/src/sys/amd64/amd64/trap.c:763
#7  <signal handler called>
#8  m_copydata (m=0x0, m@entry=0xfffff80405398400, off=0, len=1, 
    cp=<optimized out>) at /usr/src/sys/kern/uipc_mbuf.c:659
#9  0xffffffff80de07c9 in tcp_output (tp=<optimized out>)
    at /usr/src/sys/netinet/tcp_output.c:1081
#10 0xffffffff80dd7eed in tcp_do_segment (m=<optimized out>, 
    th=<optimized out>, so=<optimized out>, tp=0xfffffe013f603000, 
    drop_hdrlen=40, tlen=<optimized out>, iptos=0 '\000')
    at /usr/src/sys/netinet/tcp_input.c:2637
#11 0xffffffff80dd44b1 in tcp_input_with_port (mp=<optimized out>, 
    offp=<optimized out>, proto=<optimized out>, port=port@entry=0)
    at /usr/src/sys/netinet/tcp_input.c:1400
#12 0xffffffff80dd515b in tcp_input (mp=0xfffff80405398400, offp=0x0, proto=1)
    at /usr/src/sys/netinet/tcp_input.c:1496
#13 0xffffffff80dc691f in ip_input (m=0x0)
    at /usr/src/sys/netinet/ip_input.c:839
#14 0xffffffff80d53089 in netisr_dispatch_src (proto=1, 
    source=source@entry=0, m=0xfffff8002f330900)
    at /usr/src/sys/net/netisr.c:1143
#15 0xffffffff80d5345f in netisr_dispatch (proto=87655424, m=0x1)
    at /usr/src/sys/net/netisr.c:1234
#16 0xffffffff80d36ea8 in ether_demux (ifp=ifp@entry=0xfffff80004454000, 
    m=0x0) at /usr/src/sys/net/if_ethersubr.c:921
#17 0xffffffff80d38235 in ether_input_internal (ifp=0xfffff80004454000, m=0x0)
    at /usr/src/sys/net/if_ethersubr.c:707
#18 ether_nh_input (m=<optimized out>) at /usr/src/sys/net/if_ethersubr.c:737
#19 0xffffffff80d53089 in netisr_dispatch_src (proto=proto@entry=5, 
    source=source@entry=0, m=m@entry=0xfffff8002f330900)
    at /usr/src/sys/net/netisr.c:1143
#20 0xffffffff80d5345f in netisr_dispatch (proto=87655424, proto@entry=5, 
    m=0x1, m@entry=0xfffff8002f330900) at /usr/src/sys/net/netisr.c:1234
#21 0xffffffff80d372d9 in ether_input (ifp=<optimized out>, 
    m=0xfffff8002f330900) at /usr/src/sys/net/if_ethersubr.c:828
#22 0xffffffff80ddd9f4 in tcp_lro_flush (lc=lc@entry=0xfffff80003cf5830, 
    le=0xfffffe0103f3f690) at /usr/src/sys/netinet/tcp_lro.c:1375
#23 0xffffffff80dddd3b in tcp_lro_rx_done (lc=0xfffff80003cf5830)
    at /usr/src/sys/netinet/tcp_lro.c:566
#24 tcp_lro_flush_all (lc=lc@entry=0xfffff80003cf5830)
    at /usr/src/sys/netinet/tcp_lro.c:1532
#25 0xffffffff80d4f503 in iflib_rxeof (rxq=<optimized out>, 
    rxq@entry=0xfffff80003cf5800, budget=<optimized out>)
    at /usr/src/sys/net/iflib.c:3058
#26 0xffffffff80d49b22 in _task_fn_rx (context=0xfffff80003cf5800)
    at /usr/src/sys/net/iflib.c:3990
#27 0xffffffff80c67e9d in gtaskqueue_run_locked (
    queue=queue@entry=0xfffff80003ac2000)
    at /usr/src/sys/kern/subr_gtaskqueue.c:371
#28 0xffffffff80c67b12 in gtaskqueue_thread_loop (arg=<optimized out>, 
    arg@entry=0xfffffe00387fb0b0) at /usr/src/sys/kern/subr_gtaskqueue.c:547
#29 0xffffffff80bd8a5e in fork_exit (
    callout=0xffffffff80c67a50 <gtaskqueue_thread_loop>, 
    arg=0xfffffe00387fb0b0, frame=0xfffffe00e0044f40)
    at /usr/src/sys/kern/kern_fork.c:1093
#30 <signal handler called>
#31 mi_startup () at /usr/src/sys/kern/init_main.c:322
Backtrace stopped: Cannot access memory at address 0x1d
(kgdb)

-- 
You are receiving this mail because:
You are the assignee for the bug.
You are on the CC list for the bug.