Crash in udp6_input on -HEAD

From: Larry Rosenman <ler_at_FreeBSD.org>
Date: Wed, 4 Jul 2018 11:51:53 -0500
borg.lerctr.org dumped core - see /var/crash/vmcore.0

Wed Jul  4 11:37:29 CDT 2018

FreeBSD borg.lerctr.org 12.0-CURRENT FreeBSD 12.0-CURRENT #46 r335957: Wed Jul  4 11:08:13 CDT 2018     root_at_borg.lerctr.org:/usr/obj/usr/src/amd64.amd64/sys/VT-LER  amd64

panic: page fault

GNU gdb (GDB) 8.1 [GDB v8.1 for FreeBSD]
Copyright (C) 2018 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-portbld-freebsd12.0".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from /boot/kernel/kernel...Reading symbols from /usr/lib/debug//boot/kernel/kernel.debug...done.
done.

Unread portion of the kernel message buffer:
<118>Starting cupsd.


Fatal trap 12: page fault while in kernel mode
cpuid = 17; apic id = 05
fault virtual address	= 0x60
fault code		= supervisor read data, page not present
instruction pointer	= 0x20:0xffffffff80e0f61f
stack pointer	        = 0x28:0xfffffe00004288a0
frame pointer	        = 0x28:0xfffffe00004289b0
code segment		= base 0x0, limit 0xfffff, type 0x1b
			= DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags	= interrupt enabled, resume, IOPL = 0
current process		= 12 (swi1: netisr 0)
trap number		= 12
panic: page fault
cpuid = 17
time = 1530721146
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe0000428550
vpanic() at vpanic+0x1a3/frame 0xfffffe00004285b0
panic() at panic+0x43/frame 0xfffffe0000428610
trap_fatal() at trap_fatal+0x35f/frame 0xfffffe0000428660
trap_pfault() at trap_pfault+0x49/frame 0xfffffe00004286c0
trap() at trap+0x2ba/frame 0xfffffe00004287d0
calltrap() at calltrap+0x8/frame 0xfffffe00004287d0
--- trap 0xc, rip = 0xffffffff80e0f61f, rsp = 0xfffffe00004288a0, rbp = 0xfffffe00004289b0 ---
udp6_input() at udp6_input+0xbdf/frame 0xfffffe00004289b0
ip6_input() at ip6_input+0xdd8/frame 0xfffffe0000428aa0
swi_net() at swi_net+0x1b9/frame 0xfffffe0000428b20
intr_event_execute_handlers() at intr_event_execute_handlers+0x99/frame 0xfffffe0000428b60
ithread_loop() at ithread_loop+0xb7/frame 0xfffffe0000428bb0
fork_exit() at fork_exit+0x84/frame 0xfffffe0000428bf0
fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe0000428bf0
--- trap 0, rip = 0, rsp = 0, rbp = 0 ---
Uptime: 1m3s
Dumping 6608 out of 130994 MB:..1%..11%..21%..31%..41%..51%..61%..71%..81%..91%

__curthread () at ./machine/pcpu.h:231
231		__asm("movq %%gs:%1,%0" : "=r" (td)
(kgdb) #0  __curthread () at ./machine/pcpu.h:231
#1  doadump (textdump=1) at /usr/src/sys/kern/kern_shutdown.c:366
#2  0xffffffff80b909b2 in kern_reboot (howto=260)
    at /usr/src/sys/kern/kern_shutdown.c:446
#3  0xffffffff80b90f93 in vpanic (fmt=<optimized out>, ap=0xfffffe00004285f0)
    at /usr/src/sys/kern/kern_shutdown.c:863
#4  0xffffffff80b90fe3 in panic (fmt=<unavailable>)
    at /usr/src/sys/kern/kern_shutdown.c:790
#5  0xffffffff8107291f in trap_fatal (frame=0xfffffe00004287e0, eva=96)
    at /usr/src/sys/amd64/amd64/trap.c:892
#6  0xffffffff81072979 in trap_pfault (frame=0xfffffe00004287e0, usermode=0)
    at /usr/src/sys/amd64/amd64/trap.c:728
#7  0xffffffff81071f9a in trap (frame=0xfffffe00004287e0)
    at /usr/src/sys/amd64/amd64/trap.c:427
#8  <signal handler called>
#9  udp6_input (mp=<optimized out>, offp=<optimized out>, 
    proto=<optimized out>) at /usr/src/sys/netinet6/udp6_usrreq.c:424
#10 0xffffffff80df0c18 in ip6_input (m=0xfffff80237299400)
    at /usr/src/sys/netinet6/ip6_input.c:962
#11 0xffffffff80cb6919 in netisr_process_workstream_proto (
    nwsp=<optimized out>, proto=<optimized out>)
    at /usr/src/sys/net/netisr.c:901
#12 swi_net (arg=<optimized out>) at /usr/src/sys/net/netisr.c:948
#13 0xffffffff80b52289 in intr_event_execute_handlers (p=<optimized out>, 
    ie=0xfffff8012088e500) at /usr/src/sys/kern/kern_intr.c:1013
#14 0xffffffff80b529c7 in ithread_execute_handlers (ie=<optimized out>, 
    p=<optimized out>) at /usr/src/sys/kern/kern_intr.c:1026
#15 ithread_loop (arg=0xfffff8012088e100)
    at /usr/src/sys/kern/kern_intr.c:1106
#16 0xffffffff80b4f704 in fork_exit (
    callout=0xffffffff80b52910 <ithread_loop>, arg=0xfffff8012088e100, 
    frame=0xfffffe0000428c00) at /usr/src/sys/kern/kern_fork.c:1057
#17 <signal handler called>
(kgdb) 


vmcore *IS* available, as is a 2nd one.

This is after an upgrade from 
FreeBSD borg.lerctr.org 12.0-CURRENT FreeBSD 12.0-CURRENT #45 r335610: Sun Jun 24 17:12:56 CDT 2018     root_at_borg.lerctr.org:/usr/obj/usr/src/amd64.amd64/sys/VT-LER  amd64 1200069 1200071
to r335957.



Ideas?
-- 
Larry Rosenman                         https://people.FreeBSD.org/~ler/
Phone: +1 214-642-9640                 E-Mail: ler_at_FreeBSD.org
US Mail: 5708 Sabbia Drive, Round Rock, TX 78665-2106
Received on Wed Jul 04 2018 - 14:51:55 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:41:16 UTC