[Bug 264257] [tcp] Panic: Fatal trap 12: page fault while in kernel mode (if_io_tqg_4) - m_copydata ... at /usr/src/sys/kern/uipc_mbuf.c:659

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: <bugzilla-noreply_at_freebsd.org>
Date: Tue, 14 Jun 2022 15:34:43 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=264257

--- Comment #50 from Dmitriy <supportme@ukr.net> ---
After applying the patch comment#34
and with
options INVARIANTS
options INVARIANT_SUPPORT
in kernel, system goin to panic in 5-40 minutes (tried 3 times, all the same
place), with following trace:

Unread portion of the kernel message buffer:
panic: tcp_output: snd_max beyond so_snd
cpuid = 12
time = 1655213044
KDB: stack backtrace:
#0 0xffffffff808d8f01 at kdb_backtrace+0x71
#1 0xffffffff8086f797 at vpanic+0x227
#2 0xffffffff8086f2be at panic+0x4e
#3 0xffffffff80ab3551 at tcp_output+0x32a1
#4 0xffffffff80aa2722 at tcp_do_segment+0x2e72
#5 0xffffffff80a9ec35 at tcp_input_with_port+0x1be5
#6 0xffffffff80a9f777 at tcp_input+0x27
#7 0xffffffff80a87061 at ip_input+0xdd1
#8 0xffffffff80a4023f at netisr_dispatch_src+0x1df
#9 0xffffffff80a407a1 at netisr_dispatch+0x21
#10 0xffffffff80a11266 at ether_demux+0x306
#11 0xffffffff80a13c10 at ether_input_internal+0x9e0
#12 0xffffffff80a13221 at ether_nh_input+0xb1
#13 0xffffffff80a4023f at netisr_dispatch_src+0x1df
#14 0xffffffff80a407a1 at netisr_dispatch+0x21
#15 0xffffffff80a11b09 at ether_input+0x1a9
#16 0xffffffff80a3a925 at iflib_rxeof+0x895
#17 0xffffffff80a2e4e5 at _task_fn_rx+0xd5
Uptime: 43m43s
Dumping 9369 out of 261999 MB:..1%..11%..21%..31%..41%..51%..61%..71%..81%..91%

doadump (textdump=1) at /usr/src/sys/kern/kern_shutdown.c:399
399    dumptid = curthread->td_tid;
(kgdb) bt
#0  doadump (textdump=1) at /usr/src/sys/kern/kern_shutdown.c:399
#1  0xffffffff8086efd3 in kern_reboot (howto=260) at
/usr/src/sys/kern/kern_shutdown.c:487
#2  0xffffffff8086f84f in vpanic (fmt=0xffffffff80f390c8 "%s: snd_max beyond
so_snd", ap=0xfffffe027ac92320) at /usr/src/sys/kern/kern_shutdown.c:920
#3  0xffffffff8086f2be in panic (fmt=0xffffffff80f390c8 "%s: snd_max beyond
so_snd") at /usr/src/sys/kern/kern_shutdown.c:844
#4  0xffffffff80ab3551 in tcp_output (tp=0xfffffe04709abca8) at
/usr/src/sys/netinet/tcp_output.c:1583
#5  0xffffffff80aa2722 in tcp_do_segment (m=0xfffff801ef8be500,
th=0xfffff801ef8be57a, so=0xfffff8061cdc8b10, tp=0xfffffe04709abca8,
drop_hdrlen=41, tlen=0, iptos=0 '\000') at
/usr/src/sys/netinet/tcp_input.c:2713
#6  0xffffffff80a9ec35 in tcp_input_with_port (mp=0xfffffe027ac929c8,
offp=0xfffffe027ac92968, proto=6, port=0) at
/usr/src/sys/netinet/tcp_input.c:1400
#7  0xffffffff80a9f777 in tcp_input (mp=0xfffffe027ac929c8,
offp=0xfffffe027ac92968, proto=6) at /usr/src/sys/netinet/tcp_input.c:1496
#8  0xffffffff80a87061 in ip_input (m=0x0) at
/usr/src/sys/netinet/ip_input.c:839
#9  0xffffffff80a4023f in netisr_dispatch_src (proto=1, source=0,
m=0xfffff801ef8be500) at /usr/src/sys/net/netisr.c:1143
#10 0xffffffff80a407a1 in netisr_dispatch (proto=1, m=0xfffff801ef8be500) at
/usr/src/sys/net/netisr.c:1234
#11 0xffffffff80a11266 in ether_demux (ifp=0xfffff820816e3800,
m=0xfffff801ef8be500) at /usr/src/sys/net/if_ethersubr.c:921
#12 0xffffffff80a13c10 in ether_input_internal (ifp=0xfffff820816e3800,
m=0xfffff801ef8be500) at /usr/src/sys/net/if_ethersubr.c:707
#13 0xffffffff80a13221 in ether_nh_input (m=0xfffff801ef8be500) at
/usr/src/sys/net/if_ethersubr.c:737
#14 0xffffffff80a4023f in netisr_dispatch_src (proto=5, source=0,
m=0xfffff801ef8be500) at /usr/src/sys/net/netisr.c:1143
#15 0xffffffff80a407a1 in netisr_dispatch (proto=5, m=0xfffff801ef8be500) at
/usr/src/sys/net/netisr.c:1234
#16 0xffffffff80a11b09 in ether_input (ifp=0xfffff8010650a000,
m=0xfffff801ef8be500) at /usr/src/sys/net/if_ethersubr.c:828
#17 0xffffffff80a3a925 in iflib_rxeof (rxq=0xfffffe01b7551080, budget=16) at
/usr/src/sys/net/iflib.c:3047
#18 0xffffffff80a2e4e5 in _task_fn_rx (context=0xfffffe01b7551080) at
/usr/src/sys/net/iflib.c:3990
#19 0xffffffff808d7427 in gtaskqueue_run_locked (queue=0xfffff80104d7e200) at
/usr/src/sys/kern/subr_gtaskqueue.c:371
#20 0xffffffff808d6fad in gtaskqueue_thread_loop (arg=0xfffffe01b71a7128) at
/usr/src/sys/kern/subr_gtaskqueue.c:547
#21 0xffffffff808053f2 in fork_exit (callout=0xffffffff808d6f00
<gtaskqueue_thread_loop>, arg=0xfffffe01b71a7128, frame=0xfffffe027ac92f40) at
/usr/src/sys/kern/kern_fork.c:1093
#22 <signal handler called>
#23 0xffffffff8129ea18 in periodic_resettodr_sys_init ()
Backtrace stopped: Cannot access memory at address 0x0
(kgdb) fr 4
#4  0xffffffff80ab3551 in tcp_output (tp=0xfffffe04709abca8) at
/usr/src/sys/netinet/tcp_output.c:1583


1583        KASSERT(SEQ_LEQ(tp->snd_max, top+1),
(kgdb) p tp->snd_max
$1 = 3141897257
(kgdb) p top
$2 = 3141897255
(kgdb)

No KTLS enabled\used. Adapter is Intel X710 (if_ixl).
If there is anything else we can help with, please just let me know.

-- 
You are receiving this mail because:
You are the assignee for the bug.
You are on the CC list for the bug.