[Bug 220358] panic in tcp_lro_flush_all

bugzilla-noreply at freebsd.org bugzilla-noreply at freebsd.org
Thu Jun 29 13:08:15 UTC 2017 

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=220358

            Bug ID: 220358
           Summary: panic in tcp_lro_flush_all
           Product: Base System
           Version: CURRENT
          Hardware: i386
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: kern
          Assignee: freebsd-bugs at FreeBSD.org
          Reporter: iz-rpi03 at hs-karlsruhe.de

Hi,

a recent (r320396) CURRENT kernel crashes repeatable in tcp_lro_flush_all()
after connecting to the network via cable.
A three weeks old r319620 kernel is stable in the same environment (hardware,
network).

Regards, Ralf

Excerpt from core0.txt:

FreeBSD  12.0-CURRENT FreeBSD 12.0-CURRENT #1 r320396: Wed Jun 28 09:14:27 CEST 
2017     root at IZ-T193196065251a:/usr/obj/usr/src/sys/E4300  i386

panic: privileged instruction fault

GNU gdb (GDB) 7.12.1 [GDB v7.12.1 for FreeBSD]
Copyright (C) 2017 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "i386-portbld-freebsd12.0".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from /boot/kernel/kernel...Reading symbols from
/usr/lib/debug//
boot/kernel/kernel.debug...done.
done.

Unread portion of the kernel message buffer:


Fatal trap 1: privileged instruction fault while in kernel mode
cpuid = 1; apic id = 01
instruction pointer     = 0x20:0xc7efd41b
stack pointer           = 0x28:0xe37d979c
frame pointer           = 0x28:0xe37d97e8
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, def32 1, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 0 (if_io_tqg_1)
trap number             = 1
panic: privileged instruction fault
cpuid = 1
time = 1498722247
KDB: stack backtrace:
#0 0xc07dadaf at kdb_backtrace+0x4f
#1 0xc079ccb3 at vpanic+0x133
#2 0xc079cb7b at panic+0x1b
#3 0xc0ae38fe at trap_fatal+0x31e
#4 0xc0ae2e5e at trap+0xce
#5 0xc0ad1fea at calltrap+0x6
#6 0xc096bb4f at tcp_do_segment+0x219f
#7 0xc0968d67 at tcp_input+0x13a7
#8 0xc08f39a6 at ip_input+0x256
#9 0xc089328c at netisr_dispatch_src+0xcc
#10 0xc0893550 at netisr_dispatch+0x20
#11 0xc087d9b0 at ether_demux+0x140
#12 0xc087e65b at ether_nh_input+0x35b
#13 0xc089328c at netisr_dispatch_src+0xcc
#14 0xc0893550 at netisr_dispatch+0x20
#15 0xc087dc3a at ether_input+0x2a
#16 0xc096dfc5 at tcp_lro_flush+0x1d5
#17 0xc096e161 at tcp_lro_flush_all+0x141
Uptime: 4m50s

Physical memory: 3523 MB
Dumping 144 MB: 129 113 97 81 65 49 33 17 1

Reading symbols from /boot/kernel/snd_hda.ko...Reading symbols from
/usr/lib/debug//boot/kernel/snd_hda.ko.debug...done.
done.
Reading symbols from /boot/kernel/sound.ko...Reading symbols from
/usr/lib/debug//boot/kernel/sound.ko.debug...done.
done.
Reading symbols from /boot/kernel/cuse.ko...Reading symbols from
/usr/lib/debug//boot/kernel/cuse.ko.debug...done.
done.
Reading symbols from /boot/kernel/ums.ko...Reading symbols from
/usr/lib/debug//boot/kernel/ums.ko.debug...done.
done.
Reading symbols from /boot/kernel/ng_ubt.ko...Reading symbols from
/usr/lib/debug//boot/kernel/ng_ubt.ko.debug...done.
done.
Reading symbols from /boot/kernel/netgraph.ko...Reading symbols from
/usr/lib/debug//boot/kernel/netgraph.ko.debug...done.
done.
Reading symbols from /boot/kernel/ng_hci.ko...Reading symbols from
/usr/lib/debug//boot/kernel/ng_hci.ko.debug...done.
done.
Reading symbols from /boot/kernel/ng_bluetooth.ko...Reading symbols from
/usr/lib/debug//boot/kernel/ng_bluetooth.ko.debug...done.
done.
Reading symbols from /boot/kernel/ng_l2cap.ko...Reading symbols from
/usr/lib/debug//boot/kernel/ng_l2cap.ko.debug...done.
done.
Reading symbols from /boot/kernel/ng_btsocket.ko...Reading symbols from
/usr/lib/debug//boot/kernel/ng_btsocket.ko.debug...done.
done.
Reading symbols from /boot/kernel/ng_socket.ko...Reading symbols from
/usr/lib/debug//boot/kernel/ng_socket.ko.debug...done.
done.
__curthread () at ./machine/pcpu.h:225
225             __asm("movl %%fs:%1,%0" : "=r" (td)
(kgdb) #0  __curthread () at ./machine/pcpu.h:225
#1  doadump (textdump=-949457280) at /usr/src/sys/kern/kern_shutdown.c:318
#2  0xc079c924 in kern_reboot (howto=<optimized out>)
    at /usr/src/sys/kern/kern_shutdown.c:386
#3  0xc079cceb in vpanic (fmt=<optimized out>, ap=<optimized out>)
    at /usr/src/sys/kern/kern_shutdown.c:779
#4  0xc079cb7b in panic (fmt=0xc0b23936 "%s")
    at /usr/src/sys/kern/kern_shutdown.c:710
#5  0xc0ae38fe in trap_fatal (frame=<optimized out>, eva=<optimized out>)
    at /usr/src/sys/i386/i386/trap.c:978
#6  0xc0ae2e5e in trap (frame=<optimized out>)
    at /usr/src/sys/i386/i386/trap.c:213
#7  <signal handler called>
#8  0xc7efd41b in ?? ()
#9  0xc096bb4f in tcp_do_segment (m=<optimized out>, th=<optimized out>, 
    so=<optimized out>, tp=<optimized out>, drop_hdrlen=<optimized out>, 
    tlen=<optimized out>, iptos=<optimized out>, 
    ti_locked=<error reading variable: Cannot access memory at address 0x1>)
    at /usr/src/sys/netinet/tcp_input.c:2444
#10 0xc0968d67 in tcp_input (mp=<optimized out>, offp=<optimized out>, 
    proto=<optimized out>) at /usr/src/sys/netinet/tcp_input.c:1191
#11 0xc08f39a6 in ip_input (m=0x0) at /usr/src/sys/netinet/ip_input.c:823
#12 0xc089328c in netisr_dispatch_src (proto=<optimized out>, 
    source=<optimized out>, m=0xc7efd408) at /usr/src/sys/net/netisr.c:1120
#13 0xc0893550 in netisr_dispatch (proto=1, m=0xc866f500)
    at /usr/src/sys/net/netisr.c:1211
#14 0xc087d9b0 in ether_demux (ifp=0xc77ca800, m=0x0)
    at /usr/src/sys/net/if_ethersubr.c:848
#15 0xc087e65b in ether_input_internal (ifp=0xc77ca800, m=0xc7efd408)
    at /usr/src/sys/net/if_ethersubr.c:637
#16 ether_nh_input (m=<optimized out>) at /usr/src/sys/net/if_ethersubr.c:667
#17 0xc089328c in netisr_dispatch_src (proto=<optimized out>, 
    source=<optimized out>, m=0xc7efd408) at /usr/src/sys/net/netisr.c:1120
#18 0xc0893550 in netisr_dispatch (proto=5, m=0xc866f500)
    at /usr/src/sys/net/netisr.c:1211
#19 0xc087dc3a in ether_input (ifp=0xc77ca800, m=0x0)
    at /usr/src/sys/net/if_ethersubr.c:757
#20 0xc096dfc5 in tcp_lro_flush (lc=0xc77ad424, le=<optimized out>)
    at /usr/src/sys/netinet/tcp_lro.c:394
#21 0xc096e161 in tcp_lro_rx_done (lc=0xc77ad424)
    at /usr/src/sys/netinet/tcp_lro.c:284
#22 tcp_lro_flush_all (lc=<optimized out>)
    at /usr/src/sys/netinet/tcp_lro.c:532
#23 0xc088dc90 in iflib_rxeof (budget=16, rxq=<optimized out>)
    at /usr/src/sys/net/iflib.c:2564
#24 _task_fn_rx (context=<optimized out>) at /usr/src/sys/net/iflib.c:3499
#25 0xc07d9aa8 in gtaskqueue_run_locked (queue=0xc7688000)
    at /usr/src/sys/kern/subr_gtaskqueue.c:329
#26 0xc07d97c7 in gtaskqueue_thread_loop (arg=0xc7671814)
    at /usr/src/sys/kern/subr_gtaskqueue.c:504
#27 0xc0764a16 in fork_exit (callout=0xc07d9720 <gtaskqueue_thread_loop>, 
    arg=<optimized out>, frame=<optimized out>)
    at /usr/src/sys/kern/kern_fork.c:1038
#28 <signal handler called>
(kgdb)

-- 
You are receiving this mail because:
You are the assignee for the bug.

More information about the freebsd-bugs mailing list