[Bug 236846] FreeBSD 12.0-STABLE-p3 r345567: panic: vm_fault_hold: fault on nofault entry
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Thu Mar 28 05:26:09 UTC 2019
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=236846
Bug ID: 236846
Summary: FreeBSD 12.0-STABLE-p3 r345567: panic: vm_fault_hold:
fault on nofault entry
Product: Base System
Version: 12.0-RELEASE
Hardware: amd64
OS: Any
Status: New
Severity: Affects Only Me
Priority: ---
Component: kern
Assignee: bugs at FreeBSD.org
Reporter: ietf-dane at dukhovni.org
CC: alex at inferiorhumanorgans.com, chernov_victor at list.ru,
d8zNeCFG at aon.at, emaste at freebsd.org,
girgen at FreeBSD.org, ietf-dane at dukhovni.org,
langerruslan at gmail.com, mandrews at bit0.com,
markj at FreeBSD.org, pascal.christen at hostpoint.ch,
pi at FreeBSD.org, sbruno at FreeBSD.org, sdalu at sdalu.com
After recompiling the 11.2 code that led to kevent crashes
(<https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=234296#c31>)
natively on 12.0-RELEASE-p3, after running for 30 minutes to an
hour the code again triggered a kernel panic, but this time not
in kevent:
panic: vm_fault_hold: fault on nofault entry, addr: 0xfffffe00c9f87000
cpuid = 0
time = 1553747701
KDB: stack backtrace:
#0 0xffffffff80be7977 at kdb_backtrace+0x67
#1 0xffffffff80b9b563 at vpanic+0x1a3
#2 0xffffffff80b9b3b3 at panic+0x43
#3 0xffffffff80edd120 at unlock_and_deallocate+0
#4 0xffffffff80eda970 at vm_fault+0x60
#5 0xffffffff81074ae3 at trap_pfault+0x163
#6 0xffffffff81073fee at trap+0x29e
#7 0xffffffff8104f465 at calltrap+0x8
#8 0xffffffff80d26cdd at ip_input+0x45d
#9 0xffffffff80cbc576 at netisr_dispatch_src+0xd6
#10 0xffffffff80ca0e63 at ether_demux+0x163
#11 0xffffffff80ca1fc6 at ether_nh_input+0x346
#12 0xffffffff80cbc576 at netisr_dispatch_src+0xd6
#13 0xffffffff80ca1264 at ether_input+0x54
#14 0xffffffff80cb8726 at iflib_rxeof+0xa16
#15 0xffffffff80cb3556 at _task_fn_rx+0x76
#16 0xffffffff80be6204 at gtaskqueue_run_locked+0x144
#17 0xffffffff80be5e68 at gtaskqueue_thread_loop+0x98
This time I have a crash dump. And, FWIW:
$ addr2line -afi -e /usr/lib/debug/boot/kernel/kernel.debug
0xffffffff80d26cdd
0xffffffff80d26cdd
ip_input
/usr/src/sys/netinet/ip_input.c:605
>From kgdb:
(kgdb) fr 28
#28 0xffffffff80d26cdd in ip_input (m=0xfffff80111e4ec00) at
/usr/src/sys/netinet/ip_input.c:605
605 if (pfil_run_hooks(&V_inet_pfil_hook, &m, ifp, PFIL_IN, 0,
NULL) != 0)
(kgdb) p *m
$2 = {{m_next = 0x0, m_slist = {sle_next = 0x0}, m_stailq = {stqe_next = 0x0}},
{m_nextpkt = 0x0, m_slistpkt = {sle_next = 0x0},
m_stailqpkt = {stqe_next = 0x0}}, m_data = 0xfffff8051f18900e "E", m_len =
420, m_type = 1, m_flags = 3, {{m_pkthdr = {{
snd_tag = 0xfffff80003d1e000, rcvif = 0xfffff80003d1e000}, tags =
{slh_first = 0x0}, len = 420, flowid = 2776446732,
csum_flags = 251658240, fibnum = 0, cosqos = 0 '\000', rsstype = 63
'?', {rcv_tstmp = 0, {l2hlen = 0 '\000',
l3hlen = 0 '\000', l4hlen = 0 '\000', l5hlen = 0 '\000', spare =
0}}, PH_per = {
eight = "\000\000\000\000\377\377\000", sixteen = {0, 0, 65535, 0},
thirtytwo = {0, 65535}, sixtyfour = {
281470681743360}, unintptr = {281470681743360}, ptr =
0xffff00000000}, PH_loc = {
eight = "\000\000\000\000\000\000\000", sixteen = {0, 0, 0, 0},
thirtytwo = {0, 0}, sixtyfour = {0}, unintptr = {0},
ptr = 0x0}}, {m_ext = {{ext_count = 1, ext_cnt = 0x5443454c00000001},
ext_buf = 0xfffff8051f189000 "\f\304z\340H\250\\E'tD\306\b", ext_size
= 2048, ext_type = 1, ext_flags = 1,
ext_free = 0x0, ext_arg1 = 0x0, ext_arg2 = 0x0}, m_pktdat =
0xfffff80111e4ec58 "\001"}},
m_dat = 0xfffff80111e4ec20 ""}}
(kgdb) p *ifp
$3 = {if_link = {cstqe_next = 0xfffff80111e4ec00}, if_clones = {le_next = 0x1,
le_prev = 0x38}, if_groups = {cstqh_first = 0x1,
cstqh_last = 0xfffff80003792000}, if_alloctype = 0 '\000', if_softc =
0xfffffe0075df26b0,
if_llsoftc = 0xffffffff80cbc576 <netisr_dispatch_src+214>, if_l2com =
0xe74d00,
if_dname = 0xffffffff80e71134 <mac_ifnet_create_mbuf+292>
"\200<%=\020\240\201", if_dunit = -2113854840, if_index = 65535,
if_index_reserved = -1, if_xname = "\000\b\000\000\000\000\000\000\000
y\003", <incomplete sequence \370\377\377>,
if_description = 0x8 <error: Cannot access memory at address 0x8>, if_flags =
64086016, if_drv_flags = -2048,
if_capabilities = 64086016, if_capenable = -2048, if_linkmib =
0xfffffe0075df26e0, if_linkmiblen = 18446744071575309923,
if_refcount = 58269696, if_type = 0 '\000', if_addrlen = 248 '\370',
if_hdrlen = 255 '\377', if_link_state = 255 '\377',
if_mtu = 300215296, if_metric = 4294965249, if_baudrate =
18446735282211712000, if_hwassist = 18446735299613069312,
if_epoch = -2197045696704, if_lastchange = {tv_sec = -2134237242, tv_usec =
512}, if_snd = {ifq_head = 0x7,
ifq_tail = 0xfffffe0075df27c0, ifq_len = 50907712, ifq_maxlen = -2048,
ifq_mtx = {lock_object = {
lo_name = 0xfffff80111e4ec00 "", lo_flags = 5, lo_data = 0, lo_witness
= 0x118}, mtx_lock = 5},
ifq_drv_head = 0xfffff80003792000, ifq_drv_tail = 0x0, ifq_drv_len =
1977558928, ifq_drv_maxlen = -512,
altq_type = -2134129290, altq_flags = -1, altq_disc = 0xe74d00, altq_ifp =
0x0, altq_enqueue = 0x175df27c0,
altq_dequeue = 0xfffff80003792000, altq_request = 0x0, altq_clfier =
0xfffff80111e4ec00, altq_classify = 0xfffff80003d1e000,
altq_tbr = 0x0, altq_cdnr = 0xfffffe0075df27c0}, if_linktask = {ta_link =
{stqe_next = 0xffffffff80ca1264 <ether_input+84>},
ta_pending = 0, ta_priority = 0, ta_func = 0x1b2, ta_context =
0xfffff80003d1e000}, if_addr_lock = {lock_object = {
lo_name = 0x1 <error: Cannot access memory at address 0x1>, lo_flags =
1977559200, lo_data = 4294966784,
lo_witness = 0xffffffff80cb8726 <iflib_rxeof+2582>}, mtx_lock =
18446741877785532224}, if_addrhead = {
cstqh_first = 0xfffffe00b8ba7740, cstqh_last = 0xfffff80003d49800},
if_multiaddrs = {cstqh_first = 0xffffffffffff00e8,
cstqh_last = 0xfffff80003d3e140}, if_amcount = 64264192, if_addr =
0xfffff80003d13000, if_hw_addr = 0xe801b200000000,
if_broadcastaddr = 0xfffff80003d1e000 "", if_afdata_lock = {lock_object =
{lo_name = 0xfffff80003d3e140 "",
lo_flags = 2776446732, lo_data = 251658240, lo_witness =
0x3f01000000ffff}, mtx_lock = 18446735281926513849}, if_afdata = {
0xfffff8017eaaec01, 0xfffff80003d3e030, 0x18ffffffff, 0xfffff80003d3e000,
0xffffffff81a76540 <igb_sctx_init>,
0xfffff80003d1e000, 0xfffff801000001b2, 0x0, 0xfffff80003784000,
0xfffff80003d13000, 0xfffffe0075df2908, 0xfffff80003d3e000,
0xfffff80003784050, 0xfffffe0075df28e0, 0xffffffff80cb3556
<_task_fn_rx+118>, 0x0, 0xfffff80003784000, 0xfffff80003784000,
0xfffff80003d3e090, 0xfffffe0075df2900, 0xfffff80003784050,
0xfffffe0075df2940,
0xffffffff80be6204 <gtaskqueue_run_locked+324>, 0xfffffe0075df2940,
0xfffff80003784038, 0xfffff80003d3e090, 0x0,
0xfffff80003784028, 0xfffff80003784038, 0xfffffe00041fd008,
0xffffffff81fe62e0 <proc0>, 0xfffff80003784000,
0xffffffff80be5dd0 <gtaskqueue_thread_loop>, 0xfffffe0075df2970,
0xffffffff80be5e68 <gtaskqueue_thread_loop+152>,
0xfffffe0075df2960, 0x202, 0xfffff80003792000, 0xfffffe0075df29c0,
0xfffffe0075df29b0, 0xffffffff80b5bf33 <fork_exit+131>,
0x0}, if_afdata_initialized = 69193736, if_fib = 4294966784, if_vnet =
0xffffffff80be5dd0 <gtaskqueue_thread_loop>,
if_home_vnet = 0x0, if_vlantrunk = 0xffffffff81ea6300 <tdq_cpu>, if_bpf =
0xffffffff81fe6820 <thread0_st>, if_pcount = 0,
if_bridge = 0xffffffff8105045e <fork_trampoline+14>, if_lagg = 0x0, if_pf_kif
= 0x0, if_carp = 0x0, if_label = 0x0,
if_netmap = 0x0, if_output = 0x0, if_input = 0x0, if_bridge_input = 0x0,
if_bridge_output = 0x0, if_bridge_linkstate = 0x0,
if_start = 0x0, if_ioctl = 0x0, if_init = 0x0, if_resolvemulti = 0x0,
if_qflush = 0x0, if_transmit = 0x0, if_reassign = 0x0,
if_get_counter = 0x0, if_requestencap = 0x0, if_counters = {0x0, 0x0, 0x0,
0x0, 0x0, 0xfffff80003792000,
0xffffffff81f74688 <sleepq_chains+4104>, 0x0, 0x0, 0xfffffe0075df2890,
0xfffffe0075df27c8, 0xfffff800036db000},
if_hw_tsomax = 2159857853, if_hw_tsomaxsegcount = 4294967295,
if_hw_tsomaxsegsize = 0, if_snd_tag_alloc = 0x0,
if_snd_tag_modify = 0x0, if_snd_tag_query = 0x0, if_snd_tag_free = 0x0,
if_pcp = 0 '\000', if_netdump_methods = 0x0,
if_epoch_ctx = {data = {0x0, 0x0}}, if_addr_et = {datap = {0x0, 0x0, 0x0},
datai = {0}}, if_maddr_et = {datap = {0x0, 0x0,
0x0}, datai = {0}}, if_ispare = {1, 0, 0, 0}}
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-bugs
mailing list