[Bug 254419] Fatal trap 12: page fault while in kernel mode, nginx + sendfile on

bugzilla-noreply at freebsd.org bugzilla-noreply at freebsd.org
Sat Mar 20 01:19:44 UTC 2021 

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=254419

            Bug ID: 254419
           Summary: Fatal trap 12: page fault while in kernel mode, nginx
                    + sendfile on
           Product: Base System
           Version: 13.0-STABLE
          Hardware: amd64
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: kern
          Assignee: bugs at FreeBSD.org
          Reporter: viaprog at gmail.com

FreeBSD-13.0-RC3, git rev 8f731a397ad4dc7b17622c0e69ac045f4a7b9d5b

nginx + sendfile on = kernel panic. With sendfile = off - working fine.


Fatal trap 12: page fault while in kernel mode
cpuid = 19; apic id = 13
fault virtual address   = 0x0
fault code              = supervisor read data, page not present
instruction pointer     = 0x20:0xffffffff8095fa46
stack pointer           = 0x28:0xfffffe01533dd1a0
frame pointer           = 0x28:0xfffffe01533dd1b0
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 3395 (nginx)
trap number             = 12
panic: page fault
cpuid = 19
time = 1616197293
KDB: stack backtrace:
#0 0xffffffff80687015 at kdb_backtrace+0x65
#1 0xffffffff8063a051 at vpanic+0x181
#2 0xffffffff80639ec3 at panic+0x43
#3 0xffffffff809830d7 at trap_fatal+0x387
#4 0xffffffff8098312f at trap_pfault+0x4f
#5 0xffffffff8098278d at trap+0x27d
#6 0xffffffff8095b938 at calltrap+0x8
#7 0xffffffff8095f957 at in_cksum_skip+0x77
#8 0xffffffff8079dc1d at in_delayed_cksum+0x3d
#9 0xffffffff80823d03 at pf_test+0x1403
#10 0xffffffff8083ac6f at pf_check_out+0x1f
#11 0xffffffff80770de7 at pfil_run_hooks+0x97
#12 0xffffffff8079d3f1 at ip_output+0xb61
#13 0xffffffff807b44e4 at tcp_output+0x1b04
#14 0xffffffff807ca379 at tcp_usr_send+0x229
#15 0xffffffff80637f6a at vn_sendfile+0x197a
#16 0xffffffff80638967 at sendfile+0x127
#17 0xffffffff809839dc at amd64_syscall+0x10c
Uptime: 1m0s
Dumping 1632 out of 32637 MB:..1%..11%..21%..31%..41%..51%..61%..71%..81%..91%

__curthread () at /usr/src/sys/amd64/include/pcpu_aux.h:55
55              __asm("movq %%gs:%P1,%0" : "=r" (td) : "n" (offsetof(struct
pcpu,

(kgdb) list *0xffffffff8095fa46
0xffffffff8095fa46 is in in_cksumdata
(/usr/src/sys/amd64/amd64/in_cksum.c:113).
108             if ((offset = 3 & (long) lw) != 0) {
109                     const u_int32_t *masks = in_masks + (offset << 2);
110                     lw = (u_int32_t *) (((long) lw) - offset);
111                     sum = *lw++ & masks[len >= 3 ? 3 : len];
112                     len -= 4 - offset;
113                     if (len <= 0) {
114                             REDUCE32;
115                             return sum;
116                     }
117             }
(kgdb) 
(kgdb) bt
#0  __curthread () at /usr/src/sys/amd64/include/pcpu_aux.h:55
#1  doadump (textdump=<optimized out>) at /usr/src/sys/kern/kern_shutdown.c:399
#2  0xffffffff80639c46 in kern_reboot (howto=260) at
/usr/src/sys/kern/kern_shutdown.c:486
#3  0xffffffff8063a0c0 in vpanic (fmt=<optimized out>, ap=<optimized out>) at
/usr/src/sys/kern/kern_shutdown.c:919
#4  0xffffffff80639ec3 in panic (fmt=<unavailable>) at
/usr/src/sys/kern/kern_shutdown.c:843
#5  0xffffffff809830d7 in trap_fatal (frame=0xfffffe01533dd0e0, eva=0) at
/usr/src/sys/amd64/amd64/trap.c:915
#6  0xffffffff8098312f in trap_pfault (frame=frame at entry=0xfffffe01533dd0e0,
usermode=false, signo=<optimized out>, signo at entry=0x0, ucode=<optimized out>,
ucode at entry=0x0)
    at /usr/src/sys/amd64/amd64/trap.c:732
#7  0xffffffff8098278d in trap (frame=0xfffffe01533dd0e0) at
/usr/src/sys/amd64/amd64/trap.c:398
#8  <signal handler called>
#9  0xffffffff8095fa46 in in_cksumdata (buf=<optimized out>,
len=len at entry=1140) at /usr/src/sys/amd64/amd64/in_cksum.c:113
#10 0xffffffff8095f957 in in_cksum_skip (m=0xfffff80608d32300,
m at entry=0xfffff804e6cab200, len=1140, skip=<optimized out>, skip at entry=20) at
/usr/src/sys/amd64/amd64/in_cksum.c:224
#11 0xffffffff8079dc1d in in_delayed_cksum (m=0xfffff804e6cab200) at
/usr/src/sys/netinet/ip_output.c:1083
#12 0xffffffff80823d03 in pf_route (m=0xfffffe01533dd4f8, r=0xfffff8000d90cc00,
dir=0, oifp=0xfffff8000d86c000, s=<optimized out>, pd=0xfffffe01533dd288,
inp=0xfffff8062603a988)
    at /usr/src/sys/netpfil/pf/pf.c:5558
#13 pf_test (dir=<optimized out>, dir at entry=2, pflags=<optimized out>,
ifp=<optimized out>, m0=<optimized out>, m0 at entry=0xfffffe01533dd4f8,
inp=<optimized out>)
    at /usr/src/sys/netpfil/pf/pf.c:6269
#14 0xffffffff8083ac6f in pf_check_out (m=0xfffffe01533dd4f8, ifp=0x0,
flags=1140, ruleset=<optimized out>, inp=0x0) at
/usr/src/sys/netpfil/pf/pf_ioctl.c:4516
#15 0xffffffff80770de7 in pfil_run_hooks (head=<optimized out>, p=...,
ifp=0xfffff8000d86c000, flags=flags at entry=131072,
inp=inp at entry=0xfffff8062603a988) at /usr/src/sys/net/pfil.c:187
#16 0xffffffff8079d3f1 in ip_output_pfil (mp=0xfffffe01533dd4f8,
ifp=0xfffff8000d86c000, flags=0, inp=0xfffff8062603a988,
dst=0xfffff8062603ab30, fibnum=<optimized out>, 
    error=<optimized out>) at /usr/src/sys/netinet/ip_output.c:130
#17 ip_output (m=m at entry=0xfffff804e6cab200, opt=<optimized out>, ro=<optimized
out>, flags=0, imo=imo at entry=0x0, inp=<optimized out>) at
/usr/src/sys/netinet/ip_output.c:705
#18 0xffffffff807b44e4 in tcp_output (tp=0xfffffe003fc5c890) at
/usr/src/sys/netinet/tcp_output.c:1492
#19 0xffffffff807ca379 in tcp_usr_send (so=<optimized out>, flags=<optimized
out>, m=0xfffff80626072800, nam=0x0, control=<optimized out>,
td=0xfffffe0054f67500)
    at /usr/src/sys/netinet/tcp_usrreq.c:1210
#20 0xffffffff80637f6a in vn_sendfile (fp=<optimized out>, sockfd=97,
hdr_uio=0x0, trl_uio=0x0, offset=<optimized out>, nbytes=<optimized out>,
sent=0xfffffe01533dda88, flags=1, 
    td=0xfffffe0054f67500) at /usr/src/sys/kern/kern_sendfile.c:1182
#21 0xffffffff80638967 in fo_sendfile (fp=0x0, sockfd=1140, hdr_uio=0x0,
trl_uio=0x0, offset=0, nbytes=1186733549, sent=0xfffffe01533dda88, flags=75701,
td=0xfffffe0054f67500)
    at /usr/src/sys/sys/file.h:409
#22 sendfile (td=0xfffffe0054f67500, uap=0xfffffe0054f678e8, compat=<optimized
out>) at /usr/src/sys/kern/kern_sendfile.c:1320
#23 0xffffffff809839dc in syscallenter (td=0xfffffe0054f67500) at
/usr/src/sys/amd64/amd64/../../kern/subr_syscall.c:189
#24 amd64_syscall (td=0xfffffe0054f67500, traced=0) at
/usr/src/sys/amd64/amd64/trap.c:1156
#25 <signal handler called>
#26 0x00000008008c834a in ?? ()
Backtrace stopped: Cannot access memory at address 0x7fffffffd7c8

-- 
You are receiving this mail because:
You are the assignee for the bug.

More information about the freebsd-bugs mailing list