[Bug 279653] Page fault in in6_selecthlim
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 279653] Page fault in in6_selecthlim"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Mon, 10 Jun 2024 19:56:13 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=279653
Bug ID: 279653
Summary: Page fault in in6_selecthlim
Product: Base System
Version: 14.0-STABLE
Hardware: amd64
OS: Any
Status: New
Severity: Affects Only Me
Priority: ---
Component: kern
Assignee: bugs@FreeBSD.org
Reporter: amigan@gmail.com
14-STABLE eff27c3872300e594e0b410364a02302fc555121 built 4 June.
This machine is a gateway and does indeed use ipv6. It runs dns/blocky (a
filtering resolver, like pi-hole written in go) in a jail that lives on ZFS.
The rest of the system is on UFS. I had just rolled back the jail to an old
snapshot when this happened, but I'm not positive that is related, even though
it appears to have crashed after I hit enter on the zfs rollback command. It
looks like it crashed when blocky went to close a TCP connection (the upstream
resolver is DNS-over-https using ipv6).
Message buffer:
Fatal trap 12: page fault while in kernel mode
cpuid = 3; apic id = 06
fault virtual address = 0x10
fault code = supervisor read data, page not present
instruction pointer = 0x20:0xffffffff80b10416
stack pointer = 0x28:0xfffffe00b4245980
frame pointer = 0x28:0xfffffe00b42459b0
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags = interrupt enabled, resume, IOPL = 0
current process = 11116 (blocky)
rdi: fffff8004c742000 rsi: 000000000000001c rdx: fffff801dba0a278
rcx: fffff8004c742000 r8: 00000000ffffffbd r9: 0000000000000018
rax: 0000000000000000 rbx: 0000000000000000 rbp: fffffe00b42459b0
r10: fffff8004ca20e20 r11: fffff8005ec6b880 r12: fffff8003fb4e898
r13: 0000000000000000 r14: fffffe00b424598c r15: 0000000000010480
trap number = 12
panic: page fault
cpuid = 3
time = 1718033759
KDB: stack backtrace:
#0 0xffffffff808b899d at kdb_backtrace+0x5d
#1 0xffffffff8086b701 at vpanic+0x131
#2 0xffffffff8086b5c3 at panic+0x43
#3 0xffffffff80d6325b at trap_fatal+0x40b
#4 0xffffffff80d632a6 at trap_pfault+0x46
#5 0xffffffff80d3b718 at calltrap+0x8
#6 0xffffffff80adda9a at tcp_default_output+0x1cda
#7 0xffffffff80aef193 at tcp_usr_disconnect+0x83
#8 0xffffffff8090ff05 at soclose+0x75
#9 0xffffffff8080a5c1 at _fdrop+0x11
#10 0xffffffff8080d82a at closef+0x24a
#11 0xffffffff8080cee6 at fdescfree+0x4e6
#12 0xffffffff8081fa2e at exit1+0x49e
#13 0xffffffff8081f58d at sys_exit+0xd
#14 0xffffffff80d63b15 at amd64_syscall+0x115
#15 0xffffffff80d3c02b at fast_syscall_common+0xf8
kgdb backtrace:
(kgdb) bt
#0 __curthread () at /usr/src/sys/amd64/include/pcpu_aux.h:57
#1 doadump (textdump=<optimized out>) at /usr/src/sys/kern/kern_shutdown.c:405
#2 0xffffffff8086b297 in kern_reboot (howto=260) at
/usr/src/sys/kern/kern_shutdown.c:523
#3 0xffffffff8086b76e in vpanic (fmt=0xffffffff80e79c24 "%s",
ap=ap@entry=0xfffffe00b42457e0) at /usr/src/sys/kern/kern_shutdown.c:967
#4 0xffffffff8086b5c3 in panic (fmt=<unavailable>) at
/usr/src/sys/kern/kern_shutdown.c:891
#5 0xffffffff80d6325b in trap_fatal (frame=0xfffffe00b42458c0, eva=16) at
/usr/src/sys/amd64/amd64/trap.c:952
#6 0xffffffff80d632a6 in trap_pfault (frame=<unavailable>, usermode=false,
signo=<optimized out>, ucode=<optimized out>) at
/usr/src/sys/amd64/amd64/trap.c:760
#7 <signal handler called>
#8 0xffffffff80b10416 in in6_selecthlim (inp=inp@entry=0xfffff8005ea2b540,
ifp=ifp@entry=0x0) at /usr/src/sys/netinet6/in6_src.c:850
#9 0xffffffff80adda9a in tcp_default_output (tp=0xfffff8005ea2b540) at
/usr/src/sys/netinet/tcp_output.c:1444
#10 0xffffffff80aef193 in tcp_usr_disconnect (so=<optimized out>) at
/usr/src/sys/netinet/tcp_usrreq.c:705
#11 0xffffffff8090ff05 in sodisconnect (so=0xfffff80136b683c0) at
/usr/src/sys/kern/uipc_socket.c:1436
#12 soclose (so=0xfffff80136b683c0) at /usr/src/sys/kern/uipc_socket.c:1271
#13 0xffffffff8080a5c1 in fo_close (fp=0xfffff8004c742000,
fp@entry=0xfffff8019bc50730, td=0x1c, td@entry=0xfffff8019bc50730) at
/usr/src/sys/sys/file.h:392
#14 _fdrop (fp=0xfffff8004c742000, fp@entry=0xfffff8019bc50730, td=0x1c,
td@entry=0xfffff801db4cb000) at /usr/src/sys/kern/kern_descrip.c:3670
#15 0xffffffff8080d82a in closef (fp=fp@entry=0xfffff8019bc50730,
td=td@entry=0xfffff801db4cb000) at /usr/src/sys/kern/kern_descrip.c:2843
#16 0xffffffff8080cee6 in fdescfree_fds (td=0xfffff801db4cb000,
fdp=0xfffffe00b1260860) at /usr/src/sys/kern/kern_descrip.c:2566
#17 fdescfree (td=td@entry=0xfffff801db4cb000) at
/usr/src/sys/kern/kern_descrip.c:2609
#18 0xffffffff8081fa2e in exit1 (td=0xfffff801db4cb000, rval=<optimized out>,
signo=signo@entry=0) at /usr/src/sys/kern/kern_exit.c:404
#19 0xffffffff8081f58d in sys_exit (td=0xfffff8004c742000, uap=<optimized out>)
at /usr/src/sys/kern/kern_exit.c:210
#20 0xffffffff80d63b15 in syscallenter (td=0xfffff801db4cb000) at
/usr/src/sys/amd64/amd64/../../kern/subr_syscall.c:191
#21 amd64_syscall (td=0xfffff801db4cb000, traced=0) at
/usr/src/sys/amd64/amd64/trap.c:1194
#22 <signal handler called>
#23 0x000000000047398b in ?? ()
Backtrace stopped: Cannot access memory at address 0x8702b7ee8
--
You are receiving this mail because:
You are the assignee for the bug.