[Bug 264257] [tcp] Panic: Fatal trap 12: page fault while in kernel mode (if_io_tqg_4) - m_copydata ... at /usr/src/sys/kern/uipc_mbuf.c:659

From: <bugzilla-noreply_at_freebsd.org>
Date: Mon, 20 Jun 2022 23:49:32 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=264257

--- Comment #68 from Christos Chatzaras <chris@cretaforce.gr> ---
Today I had another crash in a different server.

Fatal trap 12: page fault while in kernel mode
cpuid = 7; apic id = 07
fault virtual address   = 0x18
fault code              = supervisor read data, page not present
instruction pointer     = 0x20:0xffffffff80cae31d
stack pointer           = 0x28:0xfffffe01141445c0
frame pointer           = 0x28:0xfffffe0114144630
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 0 (if_io_tqg_7)
trap number             = 12
panic: page fault
cpuid = 7
time = 1655767279
KDB: stack backtrace:
#0 0xffffffff80c69465 at kdb_backtrace+0x65
#1 0xffffffff80c1bb1f at vpanic+0x17f
#2 0xffffffff80c1b993 at panic+0x43
#3 0xffffffff810afdf5 at trap_fatal+0x385
#4 0xffffffff810afe4f at trap_pfault+0x4f
#5 0xffffffff81087528 at calltrap+0x8
#6 0xffffffff80de07c9 at tcp_output+0x1339
#7 0xffffffff80dd7eed at tcp_do_segment+0x2cfd
#8 0xffffffff80dd44b1 at tcp_input_with_port+0xb61
#9 0xffffffff80dd515b at tcp_input+0xb
#10 0xffffffff80dc691f at ip_input+0x11f
#11 0xffffffff80d53089 at netisr_dispatch_src+0xb9
#12 0xffffffff80d36ea8 at ether_demux+0x138
#13 0xffffffff80d38235 at ether_nh_input+0x355
#14 0xffffffff80d53089 at netisr_dispatch_src+0xb9
#15 0xffffffff80d372d9 at ether_input+0x69
#16 0xffffffff80ddeaa5 at tcp_push_and_replace+0x25
#17 0xffffffff80ddd74c at tcp_lro_flush+0x4c
Uptime: 29d3h36m11s
Dumping 4275 out of 65278 MB:..1%..11%..21%..31%..41%..51%..61%..71%..81%..91%

__curthread () at /usr/src/sys/amd64/include/pcpu_aux.h:55
warning: Source file is more recent than executable.
55              __asm("movq %%gs:%P1,%0" : "=r" (td) : "n" (offsetof(struct
pcpu,
(kgdb) #0  __curthread () at /usr/src/sys/amd64/include/pcpu_aux.h:55
#1  doadump (textdump=<optimized out>)
    at /usr/src/sys/kern/kern_shutdown.c:399
#2  0xffffffff80c1b71c in kern_reboot (howto=260)
    at /usr/src/sys/kern/kern_shutdown.c:487
#3  0xffffffff80c1bb8e in vpanic (fmt=0xffffffff811b4fb9 "%s",
    ap=<optimized out>) at /usr/src/sys/kern/kern_shutdown.c:920
#4  0xffffffff80c1b993 in panic (fmt=<unavailable>)
    at /usr/src/sys/kern/kern_shutdown.c:844
#5  0xffffffff810afdf5 in trap_fatal (frame=0xfffffe0114144500, eva=24)
    at /usr/src/sys/amd64/amd64/trap.c:944
#6  0xffffffff810afe4f in trap_pfault (frame=0xfffffe0114144500,
    usermode=false, signo=<optimized out>, ucode=<optimized out>)
    at /usr/src/sys/amd64/amd64/trap.c:763
#7  <signal handler called>
#8  m_copydata (m=0x0, m@entry=0xfffff80c219ce500, off=0, len=1,
    cp=<optimized out>) at /usr/src/sys/kern/uipc_mbuf.c:659
#9  0xffffffff80de07c9 in tcp_output (tp=<optimized out>)
    at /usr/src/sys/netinet/tcp_output.c:1081
#10 0xffffffff80dd7eed in tcp_do_segment (m=<optimized out>,
    th=<optimized out>, so=<optimized out>, tp=0xfffffe01990a1000,
    drop_hdrlen=64, tlen=<optimized out>, iptos=0 '\000')
    at /usr/src/sys/netinet/tcp_input.c:2637
#11 0xffffffff80dd44b1 in tcp_input_with_port (mp=<optimized out>,
    offp=<optimized out>, proto=<optimized out>, port=port@entry=0)
    at /usr/src/sys/netinet/tcp_input.c:1400
#12 0xffffffff80dd515b in tcp_input (mp=0xfffff80c219ce500, offp=0x0, proto=1)
    at /usr/src/sys/netinet/tcp_input.c:1496
#13 0xffffffff80dc691f in ip_input (m=0x0)
    at /usr/src/sys/netinet/ip_input.c:839
#14 0xffffffff80d53089 in netisr_dispatch_src (proto=1,
    source=source@entry=0, m=0xfffff80e00395400)
    at /usr/src/sys/net/netisr.c:1143
#15 0xffffffff80d5345f in netisr_dispatch (proto=563930368, m=0x1)
    at /usr/src/sys/net/netisr.c:1234
#16 0xffffffff80d36ea8 in ether_demux (ifp=ifp@entry=0xfffff80004659000,
    m=0x0) at /usr/src/sys/net/if_ethersubr.c:921
#17 0xffffffff80d38235 in ether_input_internal (ifp=0xfffff80004659000, m=0x0)
    at /usr/src/sys/net/if_ethersubr.c:707
#18 ether_nh_input (m=<optimized out>) at /usr/src/sys/net/if_ethersubr.c:737
#19 0xffffffff80d53089 in netisr_dispatch_src (proto=proto@entry=5,
    source=source@entry=0, m=m@entry=0xfffff80e00395400)
    at /usr/src/sys/net/netisr.c:1143
#20 0xffffffff80d5345f in netisr_dispatch (proto=563930368, proto@entry=5,
    m=0x1, m@entry=0xfffff80e00395400) at /usr/src/sys/net/netisr.c:1234
#21 0xffffffff80d372d9 in ether_input (ifp=<optimized out>,
    m=0xfffff80e00395400) at /usr/src/sys/net/if_ethersubr.c:828
#22 0xffffffff80ddeaa5 in tcp_push_and_replace (lc=0xfffff80c219ce500,
    lc@entry=0xfffff80003ef2830, le=le@entry=0xfffffe0158387690,
    m=m@entry=0xfffff80f2b178300) at /usr/src/sys/netinet/tcp_lro.c:923
#23 0xffffffff80ddd74c in tcp_lro_condense (lc=0xfffff80003ef2830,
    le=0xfffffe0158387690) at /usr/src/sys/netinet/tcp_lro.c:1011
#24 tcp_lro_flush (lc=lc@entry=0xfffff80003ef2830, le=0xfffffe0158387690)
    at /usr/src/sys/netinet/tcp_lro.c:1374
#25 0xffffffff80dddd3b in tcp_lro_rx_done (lc=0xfffff80003ef2830)
    at /usr/src/sys/netinet/tcp_lro.c:566
#26 tcp_lro_flush_all (lc=lc@entry=0xfffff80003ef2830)
    at /usr/src/sys/netinet/tcp_lro.c:1532
#27 0xffffffff80d4f503 in iflib_rxeof (rxq=<optimized out>,
    rxq@entry=0xfffff80003ef2800, budget=<optimized out>)
    at /usr/src/sys/net/iflib.c:3058
#28 0xffffffff80d49b22 in _task_fn_rx (context=0xfffff80003ef2800)
    at /usr/src/sys/net/iflib.c:3990
#29 0xffffffff80c67e9d in gtaskqueue_run_locked (
    queue=queue@entry=0xfffff80003cbf000)
    at /usr/src/sys/kern/subr_gtaskqueue.c:371
#30 0xffffffff80c67b12 in gtaskqueue_thread_loop (arg=<optimized out>,
    arg@entry=0xfffffe01142820b0) at /usr/src/sys/kern/subr_gtaskqueue.c:547
#31 0xffffffff80bd8a5e in fork_exit (
    callout=0xffffffff80c67a50 <gtaskqueue_thread_loop>,
    arg=0xfffffe01142820b0, frame=0xfffffe0114144f40)
    at /usr/src/sys/kern/kern_fork.c:1093
#32 <signal handler called>
#33 mi_startup () at /usr/src/sys/kern/init_main.c:322
Backtrace stopped: Cannot access memory at address 0x1d
(kgdb)

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are the assignee for the bug.