From nobody Fri Jun 10 22:18:37 2022 X-Original-To: net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 49FD183B1C4 for ; Fri, 10 Jun 2022 22:18:38 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4LKb2k0R1kz3kqS for ; Fri, 10 Jun 2022 22:18:38 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id CA0C520D2E for ; Fri, 10 Jun 2022 22:18:37 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 25AMIbjm012892 for ; Fri, 10 Jun 2022 22:18:37 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 25AMIbwn012891 for net@FreeBSD.org; Fri, 10 Jun 2022 22:18:37 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 263445] [tcp] Fatal trap 12: page fault while in kernel mode // supervisor read data, page not present // 13.1-RC3 Date: Fri, 10 Jun 2022 22:18:37 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 13.1-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: rscheff@freebsd.org X-Bugzilla-Status: In Progress X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@freebsd.org MIME-Version: 1.0 ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1654899518; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=1cVC3vGFL+DIyFa9qrsrh80T3D32bWzrWrNL6QmEPP8=; b=fFy+iyVeQQoppb/L6EO1GyPYY52l6I07QTN6TK7/AGIq99eSzqjhU18AhyocgwdOmrET4v qxWA7xy7eGQJx6yObVglxwxjq2TRrwFUypqhWFESo9K/stQpS5L/ezWAMM0VyrdEWwyPFk gNfpnjGo7yunIw/h3V2j8dCaOFsWgUAwif3mPzuuf+qEo3pe0XmuHaaV5JMKN1MroyZebk QcFZvh9+BUv95ZN1aN0+tlrq5nXG1rWLYpEIGCsJ2fSyIMqm+UlRE1GXcEANOgRvRfaRpv e+Gy1c7yO89mTqCYnwYCKXeZv9FmVtHLH+FTevLK4kh674PDArZlCqF7N4/AjQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1654899518; a=rsa-sha256; cv=none; b=xTU3mxTFfiuIeel7LctaqovtIzp6MDWzRqn4xjHejjlawkCh4/PzWNDZZuNY4mZuuWwIzB YRMQCTr+AHA6QX5/yZBDCpDClH1DcqlnaOGSIzh0KsWLWYQu0f6KShPxGh3VcFbMMF2DIL JakDROnokgJ6slU3WQuOexX86SalQwZjuGFeUn5WEcYKlzUxr3lUMlCRA0bUJq5eZhoXDc CSY67ciGSOgaE/KKm3JfvCOoICINL5lSboMSAhR7PCzK3C7zLitsE+hjWGMUv/PjCmtkRU hxiLQ8Ik8t3cOOYdjY2Va8StIk6aXBsJWQ3XfuaTF1OCtHG4nG9W5tR7uxhztw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D263445 --- Comment #24 from Richard Scheffenegger --- The current thinking is, that SACK rescue retransmissions (in FBSD13 this is gated by net.inet.tcp.rfc6675_pipe=3D1) very rarely creates an entry, which apparently is beyond the valid data range.=20 While under most common circumstances, a final FIN bit in the sequence spac= e is taken care of, it seems that there may be some double-counting for the FIN = bit. In most of the inspected cores, we found: TCP state: LAST_ACK (FIN received and also FIN sent) SACK loss recovery triggered A cumulative ACK before all outstanding data was received The remote cliet "disappears" for a significant amount of time (7 to 12 retransmission timeouts), but may re-appear again just prior. snd_max consistently 2 counts above the last data, instead of the expected 1 (for the FIN bit). However, it is still unclear under what circumstances this double-counting happens, possibly when the persist timer triggers, and a few other conditio= ns are also fulfilled - maybe a race condition between normal packet processing and a timer firing. In short: disabling rfc6675 enhanced SACK features (more correct pipeline accounting, rescue retransmissions) should address the cause of the panic, while not addressing the root cause of when/why there is the double-account= ing of the FIN bit... Would you be willing to run an intrumented kernel, which either panics (full core dump), or spews out various state, when inconsistencies are detected in this space - while ignoring/addressing them "on the fly" without panicing? --=20 You are receiving this mail because: You are the assignee for the bug.=