Bug 259164

Summary:

FreeBSD 13.1-STABLE mpd5-5.9 panic

Product:

Base System

Reporter:

Anatoliy Nebrat <tolich.net>

Component:

kern

Assignee:

Gleb Smirnoff <glebius>

Status:

Closed Overcome By Events

Severity:

Affects Only Me

CC:

emaste, eugen, glebius

Priority:

---

Version:

13.1-STABLE

Hardware:

amd64

OS:

Any

See Also:

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=241133

Attachments:

Description	Flags
ngctl list	none

Description Anatoliy Nebrat 2021-10-14 05:47:47 UTC

FreeBSD 13.0-STABLE #1 stable/13-n247549-b1cca743673: Thu Oct  7 14:54:18 EEST 2021


Fatal trap 9: general protection fault while in kernel mode
cpuid = 0; apic id = 00
instruction pointer     = 0x20:0xffffffff82b9f53c
stack pointer           = 0x28:0xfffffe00cfc3f540
frame pointer           = 0x28:0xfffffe00cfc3f570
code segment            = base rx0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 12 (irq36: sfxge1:0)
trap number             = 9
panic: general protection fault
cpuid = 0
time = 1634152680
KDB: stack backtrace:
#0 0xffffffff80c73ec5 at kdb_backtrace+0x65
#1 0xffffffff80c26017 at vpanic+0x187
#2 0xffffffff80c25e83 at panic+0x43
#3 0xffffffff810af587 at trap_fatal+0x387
#4 0xffffffff810aea7b at trap+0x8b
#5 0xffffffff810859c8 at calltrap+0x8
#6 0xffffffff82b8497d at ng_apply_item+0x2bd
#7 0xffffffff82b844e6 at ng_snd_item+0x1c6
#8 0xffffffff82b9af53 at ng_pppoe_rcvdata_ether+0x193
#9 0xffffffff82b8497d at ng_apply_item+0x2bd
#10 0xffffffff82b844e6 at ng_snd_item+0x1c6
#11 0xffffffff80d413aa at ether_demux+0x22a
#12 0xffffffff80d4265e at ether_nh_input+0x34e
#13 0xffffffff80d5d27a at netisr_dispatch_src+0xca
#14 0xffffffff80d41709 at ether_input+0x69
#15 0xffffffff80d412a1 at ether_demux+0x121
#16 0xffffffff80d4265e at ether_nh_input+0x34e
#17 0xffffffff80d5d27a at netisr_dispatch_src+0xca
Uptime: 5d20h57m48s
Dumping 1856 out of 8123 MB:..1%..11%..21%..31%..41%..51%..61%..71%..81%..91%

__curthread () at /usr/src/sys/amd64/include/pcpu_aux.h:55
55              __asm("movq %%gs:%P1,%0" : "=r" (td) : "n" (offsetof(struct pcpu,
(kgdb) #0  __curthread () at /usr/src/sys/amd64/include/pcpu_aux.h:55
#1  doadump (textdump=<optimized out>)
    at /usr/src/sys/kern/kern_shutdown.c:399
#2  0xffffffff80c25c16 in kern_reboot (howto=260)
    at /usr/src/sys/kern/kern_shutdown.c:487
#3  0xffffffff80c26086 in vpanic (fmt=0xffffffff811aa502 "%s",
    ap=<optimized out>) at /usr/src/sys/kern/kern_shutdown.c:920
#4  0xffffffff80c25e83 in panic (fmt=<unavailable>)
    at /usr/src/sys/kern/kern_shutdown.c:844
#5  0xffffffff810af587 in trap_fatal (frame=0xfffffe00cfc3f480, eva=0)
    at /usr/src/sys/amd64/amd64/trap.c:941
#6  0xffffffff810aea7b in trap (frame=0xfffffe00cfc3f480)
    at /usr/src/sys/amd64/amd64/trap.c:246
#7  <signal handler called>
#8  0xffffffff82b9f53c in ng_tee_rcvdata (hook=<optimized out>,
    item=0xfffff801345bcb00) at /usr/src/sys/netgraph/ng_tee.c:312
#9  0xffffffff82b8497d in ng_apply_item (node=node@entry=0xfffff80130bca600,
    item=item@entry=0xfffff801345bcb00, rw=0)
    at /usr/src/sys/netgraph/ng_base.c:2407
#10 0xffffffff82b844e6 in ng_snd_item (item=item@entry=0xfffff801345bcb00,
    flags=flags@entry=0) at /usr/src/sys/netgraph/ng_base.c:2324
#11 0xffffffff82b9af53 in ng_pppoe_rcvdata_ether (hook=<optimized out>,
    item=0xfffff801345bcb00) at /usr/src/sys/netgraph/ng_pppoe.c:1951
#12 0xffffffff82b8497d in ng_apply_item (node=node@entry=0xfffff80019916c00,
    item=item@entry=0xfffff801345bcb00, rw=0)
    at /usr/src/sys/netgraph/ng_base.c:2407
#13 0xffffffff82b844e6 in ng_snd_item (item=0xfffff801345bcb00, flags=0)
    at /usr/src/sys/netgraph/ng_base.c:2324
#14 0xffffffff80d413aa in ether_demux (ifp=ifp@entry=0xfffff8001925b000,
    m=<optimized out>) at /usr/src/sys/net/if_ethersubr.c:938
#15 0xffffffff80d4265e in ether_input_internal (ifp=0xfffff8001925b000, m=0x0)
    at /usr/src/sys/net/if_ethersubr.c:707
#16 ether_nh_input (m=<optimized out>) at /usr/src/sys/net/if_ethersubr.c:737
#17 0xffffffff80d5d27a in netisr_dispatch_src (proto=proto@entry=5,
    source=<optimized out>, source@entry=0, m=0x8, m@entry=0xfffff80018fed900)
    at /usr/src/sys/net/netisr.c:1143
#18 0xffffffff80d5d55f in netisr_dispatch (proto=3235637440, proto@entry=5,
    m=0x48, m@entry=0xfffff80018fed900) at /usr/src/sys/net/netisr.c:1234
#19 0xffffffff80d41709 in ether_input (ifp=<optimized out>,#20 0xffffffff80d412a1 in ether_demux (ifp=ifp@entry=0xfffff80003a87800,
    m=0x0) at /usr/src/sys/net/if_ethersubr.c:874
#21 0xffffffff80d4265e in ether_input_internal (ifp=0xfffff80003a87800, m=0x0)
    at /usr/src/sys/net/if_ethersubr.c:707
#22 ether_nh_input (m=<optimized out>) at /usr/src/sys/net/if_ethersubr.c:737
#23 0xffffffff80d5d27a in netisr_dispatch_src (proto=proto@entry=5,
    source=<optimized out>, source@entry=0, m=0x8, m@entry=0xfffff80018fed900)
    at /usr/src/sys/net/netisr.c:1143
#24 0xffffffff80d5d55f in netisr_dispatch (proto=3235637440, proto@entry=5,
    m=0x48, m@entry=0xfffff80018fed900) at /usr/src/sys/net/netisr.c:1234
#25 0xffffffff80d41709 in ether_input (ifp=<optimized out>,
    m=0xfffff80018fed900) at /usr/src/sys/net/if_ethersubr.c:828
#26 0xffffffff82121a3d in __sfxge_rx_deliver (sc=0xfffffe00101d4000,
    m=m@entry=0x0) at /usr/src/sys/dev/sfxge/sfxge_rx.c:331
#27 sfxge_rx_deliver (rxq=<optimized out>, rxq@entry=0xfffff8000364a000,
    rx_desc=rx_desc@entry=0xfffffe00101d74e8)
    at /usr/src/sys/dev/sfxge/sfxge_rx.c:365
#28 0xffffffff821213e4 in sfxge_rx_qcomplete (
    rxq=rxq@entry=0xfffff8000364a000, eop=eop@entry=1)
    at /usr/src/sys/dev/sfxge/sfxge_rx.c:918
#29 0xffffffff8211d32f in sfxge_ev_qcomplete (evq=0xfffff8000364a800, eop=1)
    at /usr/src/sys/dev/sfxge/sfxge_ev.c:86
#30 sfxge_ev_qpoll (evq=evq@entry=0xfffff8000364a800)
    at /usr/src/sys/dev/sfxge/sfxge_ev.c:707
#31 0xffffffff8211ed60 in sfxge_intr_message (arg=0xfffff8
000364a800)
    at /usr/src/sys/dev/sfxge/sfxge_intr.c:159
#32 0xffffffff80be66ca in intr_event_execute_handlers (p=<optimized out>,
    ie=0xfffff80003a88b00) at /usr/src/sys/kern/kern_intr.c:1168
#33 ithread_execute_handlers (p=<optimized out>, ie=<optimized out>)
    at /usr/src/sys/kern/kern_intr.c:1181
#34 ithread_loop (arg=arg@entry=0xfffff800059f7480)
    at /usr/src/sys/kern/kern_intr.c:1269
#35 0xffffffff80be34ea in fork_exit (
    callout=0xffffffff80be6470 <ithread_loop>, arg=0xfffff800059f7480,
    frame=0xfffffe00cfc3fc00) at /usr/src/sys/kern/kern_fork.c:1084
#36 <signal handler called>
(kgdb)

Comment 1 Anatoliy Nebrat 2021-10-17 07:18:02 UTC

Next panic

Fatal trap 12: page fault while in kernel mode
cpuid = 1; apic id = 02
fault virtual address   = 0x29
fault code              = supervisor write data, page not present
instruction pointer     = 0x20:0xffffffff82b9f58d
stack pointer           = 0x28:0xfffffe00eec64710
frame pointer           = 0x28:0xfffffe00eec64740
code segment            = base rx0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 22206 (mpd5)
trap number             = 12
panic: page fault
cpuid = 1
time = 1634454545
KDB: stack backtrace:
#0 0xffffffff80c73ec5 at kdb_backtrace+0x65
#1 0xffffffff80c26017 at vpanic+0x187
#2 0xffffffff80c25e83 at panic+0x43
#3 0xffffffff810af587 at trap_fatal+0x387
#4 0xffffffff810af5df at trap_pfault+0x4f
#5 0xffffffff810aec5a at trap+0x26a
#6 0xffffffff810859c8 at calltrap+0x8
#7 0xffffffff82b8497d at ng_apply_item+0x2bd
#8 0xffffffff82b844e6 at ng_snd_item+0x1c6
#9 0xffffffff82b7f63f at ngd_send+0x10f
#10 0xffffffff80cc6383 at sosend_generic+0x623
#11 0xffffffff80cc67f0 at sosend+0x50
#12 0xffffffff80ccd41e at kern_sendit+0x20e
#13 0xffffffff80ccd827 at sendit+0x1e7
#14 0xffffffff80ccd62d at sys_sendto+0x4d
#15 0xffffffff810afe7c at amd64_syscall+0x10c
#16 0xffffffff810862db at fast_syscall_common+0xf8
Uptime: 3d11h49m11s
Dumping 1787 out of 8123 MB:..1%..11%..21%..31%..41%..51%..61%..71%..81%..91%

__curthread () at /usr/src/sys/amd64/include/pcpu_aux.h:55
55              __asm("movq %%gs:%P1,%0" : "=r" (td) : "n" (offsetof(struct pcpu,
(kgdb) #0  __curthread () at /usr/src/sys/amd64/include/pcpu_aux.h:55
#1  doadump (textdump=<optimized out>)
    at /usr/src/sys/kern/kern_shutdown.c:399
#2  0xffffffff80c25c16 in kern_reboot (howto=260)
    at /usr/src/sys/kern/kern_shutdown.c:487
#3  0xffffffff80c26086 in vpanic (fmt=0xffffffff811aa502 "%s",
    ap=<optimized out>) at /usr/src/sys/kern/kern_shutdown.c:920
#4  0xffffffff80c25e83 in panic (fmt=<unavailable>)
    at /usr/src/sys/kern/kern_shutdown.c:844
#5  0xffffffff810af587 in trap_fatal (frame=0xfffffe00eec64650, eva=41)
    at /usr/src/sys/amd64/amd64/trap.c:941
#6  0xffffffff810af5df in trap_pfault (frame=frame@entry=0xfffffe00eec64650,
    usermode=false, signo=<optimized out>, signo@entry=0x0,
    ucode=<optimized out>, ucode@entry=0x0)
    at /usr/src/sys/amd64/amd64/trap.c:760
#7  0xffffffff810aec5a in trap (frame=0xfffffe00eec64650)
    at /usr/src/sys/amd64/amd64/trap.c:438
#8  <signal handler called>
#9  0xffffffff82b9f58d in ng_tee_rcvdata (hook=<optimized out>,
    item=0xfffff8002dc95600) at /usr/src/sys/netgraph/ng_tee.c:322
#10 0xffffffff82b8497d in ng_apply_item (node=node@entry=0xfffff80187205e00,
    item=item@entry=0xfffff8002dc95600, rw=0)
    at /usr/src/sys/netgraph/ng_base.c:2407
#11 0xffffffff82b844e6 in ng_snd_item (item=item@entry=0xfffff8002dc95600,
    flags=flags@entry=0) at /usr/src/sys/netgraph/ng_base.c:2324
#12 0xffffffff82b7f63f in ngd_send (so=<optimized out>,
    flags=<optimized out>, m=0x0, addr=<optimized out>, control=0x0,
    td=<optimized out>) at /usr/src/sys/netgraph/ng_socket.c:480
#13 0xffffffff80cc6383 in sosend_generic (so=0xfffff80009b53760,
    addr=0xfffff8001e388200, uio=<optimized out>, top=0xfffff800c7e05300,
    control=0x0, flags=0, td=0xfffffe00d1e2c740)
    at /usr/src/sys/kern/uipc_socket.c:1753
#14 0xffffffff80cc67f0 in sosend (so=0xfffff8001af0c300,
    so@entry=0xfffff80009b53760, addr=0xfffff8002dc95600, uio=0x0,
    uio@entry=0xfffffe00eec64998, top=0x23, top@entry=0x0,
    control=control@entry=0x0, flags=451986176, flags@entry=0,
    td=0xfffffe00d1e2c740) at /usr/src/sys/kern/uipc_socket.c:1803
#15 0xffffffff80ccd41e in kern_sendit (td=<optimized out>,
    td@entry=0xfffffe00d1e2c740, s=6, mp=<optimized out>,
    mp@entry=0xfffffe00eec64a80, flags=0, control=0x0,
    segflg=segflg@entry=UIO_USERSPACE)
    at /usr/src/sys/kern/uipc_syscalls.c:795
#16 0xffffffff80ccd827 in sendit (td=0xfffffe00d1e2c740, s=768169472,
    mp=mp@entry=0xfffffe00eec64a80, flags=35)
    at /usr/src/sys/kern/uipc_syscalls.c:720
#17 0xffffffff80ccd62d in sys_sendto (td=0xfffff8001af0c300,
    uap=<optimized out>) at /usr/src/sys/kern/uipc_syscalls.c:838
#18 0xffffffff810afe7c in syscallenter (td=0xfffffe00d1e2c740)
    at /usr/src/sys/amd64/amd64/../../kern/subr_syscall.c:189
#19 amd64_syscall (td=0xfffffe00d1e2c740, traced=0)
    at /usr/src/sys/amd64/amd64/trap.c:1182
#20 <signal handler called>
#21 0x00000008008c037a in ?? ()
Backtrace stopped: Cannot access memory at address 0x7fffdf9fabf8
(kgdb)

Comment 2 Anatoliy Nebrat 2021-11-05 13:12:00 UTC

FreeBSD 13.0-STABLE #2 stable/13-n247718-00595201ad4: Wed Oct 20 19:39:49 EEST 2021


Fatal trap 12: page fault while in kernel mode
cpuid = 2; apic id = 04
fault virtual address   = 0x50
fault code              = supervisor read data, page not present
instruction pointer     = 0x20:0xffffffff82b74968
stack pointer           = 0x28:0xfffffe00d2974a90
frame pointer           = 0x28:0xfffffe00d2974b10
code segment            = base rx0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 47936 (mpd5)
trap number             = 12
panic: page fault
cpuid = 2
time = 1636114816
KDB: stack backtrace:
#0 0xffffffff80c76b75 at kdb_backtrace+0x65
#1 0xffffffff80c28a47 at vpanic+0x187
#2 0xffffffff80c288b3 at panic+0x43
#3 0xffffffff810b3447 at trap_fatal+0x387
#4 0xffffffff810b349f at trap_pfault+0x4f
#5 0xffffffff810b2b1a at trap+0x26a
#6 0xffffffff81089a78 at calltrap+0x8
#7 0xffffffff82b744e6 at ng_snd_item+0x1c6
#8 0xffffffff82b6f63f at ngd_send+0x10f
#9 0xffffffff80cc8f7a at sosend_generic+0x62a
#10 0xffffffff80cc94f0 at sosend+0x50
#11 0xffffffff80cd02fe at kern_sendit+0x20e
#12 0xffffffff80cd0707 at sendit+0x1e7
#13 0xffffffff80cd050d at sys_sendto+0x4d
#14 0xffffffff810b3d3c at amd64_syscall+0x10c
#15 0xffffffff8108a38b at fast_syscall_common+0xf8
Uptime: 15d11h40m31s
Dumping 1709 out of 8123 MB:..1%..11%..21%..31%..41%..51%..61%..71%..81%..91%

__curthread () at /usr/src/sys/amd64/include/pcpu_aux.h:55
55              __asm("movq %%gs:%P1,%0" : "=r" (td) : "n" (offsetof(struct pcpu,
(kgdb) #0  __curthread () at /usr/src/sys/amd64/include/pcpu_aux.h:55
#1  doadump (textdump=<optimized out>)
    at /usr/src/sys/kern/kern_shutdown.c:399
#2  0xffffffff80c28646 in kern_reboot (howto=260)
    at /usr/src/sys/kern/kern_shutdown.c:487
#3  0xffffffff80c28ab6 in vpanic (fmt=0xffffffff811ae3d0 "%s",
    ap=<optimized out>) at /usr/src/sys/kern/kern_shutdown.c:920
#4  0xffffffff80c288b3 in panic (fmt=<unavailable>)
    at /usr/src/sys/kern/kern_shutdown.c:844
#5  0xffffffff810b3447 in trap_fatal (frame=0xfffffe00d29749d0, eva=80)
    at /usr/src/sys/amd64/amd64/trap.c:941
#6  0xffffffff810b349f in trap_pfault (frame=frame@entry=0xfffffe00d29749d0,
    usermode=false, signo=<optimized out>, signo@entry=0x0,
    ucode=<optimized out>, ucode@entry=0x0)
    at /usr/src/sys/amd64/amd64/trap.c:760
#7  0xffffffff810b2b1a in trap (frame=0xfffffe00d29749d0)
    at /usr/src/sys/amd64/amd64/trap.c:438
#8  <signal handler called>
#9  0xffffffff82b74968 in ng_apply_item (node=node@entry=0xfffff80029035800,
    item=item@entry=0xfffff80042c40100, rw=0)
    at /usr/src/sys/netgraph/ng_base.c:2402
#10 0xffffffff82b744e6 in ng_snd_item (item=item@entry=0xfffff80042c40100,
    flags=flags@entry=0) at /usr/src/sys/netgraph/ng_base.c:2324
#11 0xffffffff82b6f63f in ngd_send (so=<optimized out>,
    flags=<optimized out>, m=0x0, addr=<optimized out>, control=0x0,
    td=<optimized out>) at /usr/src/sys/netgraph/ng_socket.c:480
#12 0xffffffff80cc8f7a in sosend_generic (so=0xfffff80042cb6760,
    addr=0xfffff80201d0fec0, uio=<optimized out>, top=0xfffff80215de3900,
    control=0x0, flags=0, td=0xfffffe00d2382020)
    at /usr/src/sys/kern/uipc_socket.c:1753
#13 0xffffffff80cc94f0 in sosend (so=0xfffff80029035800,
    so@entry=0xfffff80042cb6760, addr=0xfffff80042c40100, uio=0x0,
    uio@entry=0xfffffe00d2974cd8, top=0xffffffffffffffff, top@entry=0x0,
    control=control@entry=0x0, flags=331884416, flags@entry=0,
    td=0xfffffe00d2382020) at /usr/src/sys/kern/uipc_socket.c:1803
#14 0xffffffff80cd02fe in kern_sendit (td=<optimized out>,
    td@entry=0xfffffe00d2382020, s=7, mp=<optimized out>,
    mp@entry=0xfffffe00d2974dc0, flags=0, control=0x0,
    segflg=segflg@entry=UIO_USERSPACE)
    at /usr/src/sys/kern/uipc_syscalls.c:790
#15 0xffffffff80cd0707 in sendit (td=0xfffffe00d2382020, s=1120141568,
    mp=mp@entry=0xfffffe00d2974dc0, flags=-1)
    at /usr/src/sys/kern/uipc_syscalls.c:715
#16 0xffffffff80cd050d in sys_sendto (td=0xfffff80029035800,
    uap=<optimized out>) at /usr/src/sys/kern/uipc_syscalls.c:833
#17 0xffffffff810b3d3c in syscallenter (td=0xfffffe00d2382020)
    at /usr/src/sys/amd64/amd64/../../kern/subr_syscall.c:189
#18 amd64_syscall (td=0xfffffe00d2382020, traced=0)
    at /usr/src/sys/amd64/amd64/trap.c:1182
#19 <signal handler called>
#20 0x00000008008c139a in ?? ()
Backtrace stopped: Cannot access memory at address 0x7fffdfffdbe8
(kgdb)

Comment 3 Eugene Grosbein freebsd_committer

2022-10-05 12:33:49 UTC

This should be fixed in 13.1-RELEASE, please re-test. If not, please describe your mpd5 setup (used protocol etc.)

Comment 4 Anatoliy Nebrat 2022-10-07 18:34:38 UTC

Fri Oct  7 17:25:49 EEST 2022
FreeBSD 13.1-STABLE FreeBSD 13.1-STABLE #0 stable/13-n252461-a5a49aedc639: Thu Sep 22 10:21:03 EEST 2022

panic: page fault

GNU gdb (GDB) 10.2 [GDB v10.2 for FreeBSD]
Copyright (C) 2021 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-portbld-freebsd13.0".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<https://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
    <http://www.gnu.org/software/gdb/documentation/>.

For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from /boot/kernel/kernel...
Reading symbols from /usr/lib/debug//boot/kernel/kernel.debug...

Unread portion of the kernel message buffer:


Fatal trap 12: page fault while in kernel mode
cpuid = 3; apic id = 06
fault virtual address   = 0x29
fault code              = supervisor write data, page not present
instruction pointer     = 0x20:0xffffffff82d9b55d
stack pointer           = 0x28:0xfffffe00d202fa50
frame pointer           = 0x28:0xfffffe00d202fa80
code segment            = base rx0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 22195 (mpd5)
trap number             = 12
panic: page fault
cpuid = 3
time = 1665152619
KDB: stack backtrace:
#0 0xffffffff80c4fad5 at kdb_backtrace+0x65
#1 0xffffffff80c029f1 at vpanic+0x151
#2 0xffffffff80c02893 at panic+0x43
#3 0xffffffff810a3d67 at trap_fatal+0x387
#4 0xffffffff810a3dbf at trap_pfault+0x4f
#5 0xffffffff8107baa8 at calltrap+0x8
#6 0xffffffff82d80aef at ng_apply_item+0x2bf
#7 0xffffffff82d805ae at ng_snd_item+0x28e
#8 0xffffffff82d7b62b at ngd_send+0x10b
#9 0xffffffff80ca2b87 at sosend_generic+0x617
#10 0xffffffff80ca30a0 at sosend+0x50
#11 0xffffffff80ca9ade at kern_sendit+0x20e
#12 0xffffffff80ca9eda at sendit+0x1da
#13 0xffffffff80ca9ced at sys_sendto+0x4d
#14 0xffffffff810a465c at amd64_syscall+0x10c
#15 0xffffffff8107c3bb at fast_syscall_common+0xf8
Uptime: 1h27m26s
Dumping 1043 out of 8121 MB:..2%..11%..22%..31%..42%..51%..62%..71%..82%..91%

__curthread () at /usr/src/sys/amd64/include/pcpu_aux.h:55
55              __asm("movq %%gs:%P1,%0" : "=r" (td) : "n" (offsetof(struct pcpu,
(kgdb) #0  __curthread () at /usr/src/sys/amd64/include/pcpu_aux.h:55
#1  dump_savectx () at /usr/src/sys/kern/kern_shutdown.c:394
#2  0xffffffff80c025e8 in dumpsys (di=0x0)
    at /usr/src/sys/x86/include/dump.h:87
#3  doadump (textdump=<optimized out>)
    at /usr/src/sys/kern/kern_shutdown.c:423
#4  kern_reboot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:497
#5  0xffffffff80c02a5e in vpanic (fmt=<optimized out>,
    ap=ap@entry=0xfffffe00d202f8a0) at /usr/src/sys/kern/kern_shutdown.c:930
#6  0xffffffff80c02893 in panic (fmt=<unavailable>)
    at /usr/src/sys/kern/kern_shutdown.c:854
#7  0xffffffff810a3d67 in trap_fatal (frame=0xfffffe00d202f990, eva=41)
    at /usr/src/sys/amd64/amd64/trap.c:942
#8  0xffffffff810a3dbf in trap_pfault (frame=0xfffffe00d202f990,
    usermode=false, signo=<optimized out>, ucode=<optimized out>)
    at /usr/src/sys/amd64/amd64/trap.c:761
#9  <signal handler called>
#10 0xffffffff82d9b55d in ng_tee_rcvdata (hook=<optimized out>,
    item=0xfffff80171ca9c80) at /usr/src/sys/netgraph/ng_tee.c:322
#11 0xffffffff82d80aef in ng_apply_item (node=node@entry=0xfffff800c4369a00,
    item=item@entry=0xfffff80171ca9c80, rw=0)
    at /usr/src/sys/netgraph/ng_base.c:2406
#12 0xffffffff82d805ae in ng_snd_item (item=item@entry=0xfffff80171ca9c80,
    flags=flags@entry=0) at /usr/src/sys/netgraph/ng_base.c:2323
#13 0xffffffff82d7b62b in ngd_send (so=<optimized out>,
    flags=<optimized out>, m=0x0, addr=<optimized out>, control=0x0,
    td=<optimized out>) at /usr/src/sys/netgraph/ng_socket.c:480
#14 0xffffffff80ca2b87 in sosend_generic (so=0xfffff8000d235b10, addr=0x23,
    uio=0xfffffe00d202fcd8, top=0x0, control=0x19501, flags=0,
    td=0xfffffe00e743a3a0) at /usr/src/sys/kern/uipc_socket.c:1758
#15 0xffffffff80ca30a0 in sosend (so=0xfffff800c453bf00,
    so@entry=0xfffff8000d235b10, addr=0xfffff80171ca9c80, uio=0x0,
    uio@entry=0xfffffe00d202fcd8, top=0x23, top@entry=0x0,
    control=control@entry=0x0, flags=-1001144576, flags@entry=0,
    td=0xfffffe00e743a3a0) at /usr/src/sys/kern/uipc_socket.c:1808
#16 0xffffffff80ca9ade in kern_sendit (td=td@entry=0xfffffe00e743a3a0, s=6,
    mp=<optimized out>, mp@entry=0xfffffe00d202fdc0, flags=0,
    control=0x19501, segflg=segflg@entry=UIO_USERSPACE)
    at /usr/src/sys/kern/uipc_syscalls.c:792
#17 0xffffffff80ca9eda in sendit (td=0xfffffe00e743a3a0, s=1909103744,
    mp=mp@entry=0xfffffe00d202fdc0, flags=35)
    at /usr/src/sys/kern/uipc_syscalls.c:717
#18 0xffffffff80ca9ced in sys_sendto (td=0xfffff800c453bf00,
    uap=<optimized out>) at /usr/src/sys/kern/uipc_syscalls.c:835
#19 0xffffffff810a465c in syscallenter (td=0xfffffe00e743a3a0)
    at /usr/src/sys/amd64/amd64/../../kern/subr_syscall.c:189
#20 amd64_syscall (td=0xfffffe00e743a3a0, traced=0)
    at /usr/src/sys/amd64/amd64/trap.c:1183
#21 <signal handler called>
#22 0x00001c46606af87a in ?? ()
Backtrace stopped: Cannot access memory at address 0x1c470dc18bd8
(kgdb)

mpd5 v 5.9
default:
        load server
        load pppoe
server:
        log -all
        create bundle template B
        set ipcp ranges 195.../32 ippool ppp_free
        set ippool add ppp_free 172.17.1.1 172.17.254.254
        set ipcp yes vjcomp
        set ipcp dns 1.1.1.1
        set iface disable on-demand
        set iface disable proxy-arp
        set iface enable tcpmssfix
pppoe:
        create link template LPPPoE pppoe
        set pppoe service ""
        set link action bundle B
        set link disable multilink
        set link yes acfcomp protocomp
        set link no pap chap
        set link enable chap
        set link keep-alive 5 30
        set link yes report-mac
        load auth

        # vlan1
        create link template vlan1 LPPPoE
        set pppoe iface vlan1
        set link enable incoming
        # vlan200
        create link template vlan200 LPPPoE
        set pppoe iface vlan200
        set link enable incoming
        # vlan201
...
        # vlan399
        create link template vlan399 LPPPoE
        set pppoe iface vlan399
        set link enable incoming

auth:
        set auth disable internal
        set auth enable radius-auth
        set auth enable radius-acct
        set auth acct-update 10
        set radius server 192... test 1812 1813
        set radius timeout 30
        set radius retries 3
        set radius me 192...
        set radius identifier 192...
        set auth update-limit-in 5000000
        set auth update-limit-out 5000000

Comment 5 Gleb Smirnoff freebsd_committer

2022-10-08 04:07:55 UTC

Can you please share core + /boot/kernel/* + /usr/lib/debug/boot/kernel of the last one panic? You can email my privately at glebius@FreeBSD.org.

Comment 6 Eugene Grosbein freebsd_committer

2022-10-08 04:18:46 UTC

(In reply to Anatoliy Nebrat from comment #4)

> log -all

As a side note, you may return normal logging for mpd5. That problem was fixed long time ago.

Comment 7 Anatoliy Nebrat 2022-11-10 00:38:26 UTC

(In reply to Anatoliy Nebrat from comment #4)

FreeBSD speed.svs.pl.ua 13.1-STABLE FreeBSD 13.1-STABLE #0 stable/13-n252461-a5a49aedc639: Thu Sep 22 10:21:03 EEST 2022

uptime
2:34AM  up 33 days, 10:10, 1 user, load averages: 0.66, 0.59, 0.53

Comment 8 Eugene Grosbein freebsd_committer

2022-11-10 00:46:13 UTC

(In reply to Anatoliy Nebrat from comment #7)

Did you change something so panics stopped?

Comment 9 Anatoliy Nebrat 2022-12-02 07:09:27 UTC

(In reply to Eugene Grosbein from comment #8)
I didn't take any action. Perhaps the problem has been fixed.

Comment 10 Anatoliy Nebrat 2022-12-15 18:17:28 UTC

(In reply to Anatoliy Nebrat from comment #9)
Thu Dec 15 20:07:11 EET 2022

FreeBSD 13.1-STABLE #0 stable/13-n252461-a5a49aedc639: Thu Sep 22 10:21:03 EEST 2022     /usr/obj/usr/src/amd64.amd64/sys/GENERIC  amd64

panic: page fault

GNU gdb (GDB) 10.2 [GDB v10.2 for FreeBSD]
Copyright (C) 2021 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-portbld-freebsd13.0".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<https://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
    <http://www.gnu.org/software/gdb/documentation/>.

For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from /boot/kernel/kernel...
Reading symbols from /usr/lib/debug//boot/kernel/kernel.debug...

Unread portion of the kernel message buffer:


Fatal trap 12: page fault while in kernel mode
cpuid = 2; apic id = 04
fault virtual address	= 0x388
fault code		= supervisor read data, page not present
instruction pointer	= 0x20:0xffffffff80da6c67
stack pointer	        = 0x0:0xfffffe00c3827a90
frame pointer	        = 0x0:0xfffffe00c3827ae0
code segment		= base rx0, limit 0xfffff, type 0x1b
			= DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags	= interrupt enabled, resume, IOPL = 0
current process		= 22301 (mpd5)
trap number		= 12
panic: page fault
cpuid = 2
time = 1671127478
KDB: stack backtrace:
#0 0xffffffff80c4fad5 at kdb_backtrace+0x65
#1 0xffffffff80c029f1 at vpanic+0x151
#2 0xffffffff80c02893 at panic+0x43
#3 0xffffffff810a3d67 at trap_fatal+0x387
#4 0xffffffff810a3dbf at trap_pfault+0x4f
#5 0xffffffff8107baa8 at calltrap+0x8
#6 0xffffffff80da6b7d at in_leavegroup+0x3d
#7 0xffffffff80da115e at in_difaddr_ioctl+0x34e
#8 0xffffffff80da0076 at in_control+0xb6
#9 0xffffffff80d199ed at ifioctl+0x3ad
#10 0xffffffff80c7053d at kern_ioctl+0x26d
#11 0xffffffff80c70220 at sys_ioctl+0x100
#12 0xffffffff810a465c at amd64_syscall+0x10c
#13 0xffffffff8107c3bb at fast_syscall_common+0xf8
Uptime: 21d11h30m10s
Dumping 1760 out of 8121 MB:..1%..11%..21%..31%..41%..51%..61%..71%..81%..91%

__curthread () at /usr/src/sys/amd64/include/pcpu_aux.h:55
55		__asm("movq %%gs:%P1,%0" : "=r" (td) : "n" (offsetof(struct pcpu,
(kgdb) #0  __curthread () at /usr/src/sys/amd64/include/pcpu_aux.h:55
#1  dump_savectx () at /usr/src/sys/kern/kern_shutdown.c:394
#2  0xffffffff80c025e8 in dumpsys (di=0x0)
    at /usr/src/sys/x86/include/dump.h:87
#3  doadump (textdump=<optimized out>)
    at /usr/src/sys/kern/kern_shutdown.c:423
#4  kern_reboot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:497
#5  0xffffffff80c02a5e in vpanic (fmt=<optimized out>, 
    ap=ap@entry=0xfffffe00c38278e0) at /usr/src/sys/kern/kern_shutdown.c:930
#6  0xffffffff80c02893 in panic (fmt=<unavailable>)
    at /usr/src/sys/kern/kern_shutdown.c:854
#7  0xffffffff810a3d67 in trap_fatal (frame=0xfffffe00c38279d0, eva=904)
    at /usr/src/sys/amd64/amd64/trap.c:942
#8  0xffffffff810a3dbf in trap_pfault (frame=0xfffffe00c38279d0, 
    usermode=false, signo=<optimized out>, ucode=<optimized out>)
    at /usr/src/sys/amd64/amd64/trap.c:761
#9  <signal handler called>
#10 0xffffffff80da6c67 in in_leavegroup_locked (
    inm=inm@entry=0xfffff801947c0b00, imf=0xfffffe00c3827a90, imf@entry=0x0)
    at /usr/src/sys/netinet/in_mcast.c:1354
#11 0xffffffff80da6b7d in in_leavegroup (inm=0xfffff801947c0b00, 
    imf=imf@entry=0x0) at /usr/src/sys/netinet/in_mcast.c:1297
#12 0xffffffff80da115e in in_difaddr_ioctl (cmd=2149607705, 
    data=data@entry=0xfffffe00c3827d50 "ng1398", 
    ifp=ifp@entry=0xfffff800356da000, td=td@entry=0xfffffe00c35b5020)
    at /usr/src/sys/netinet/in.c:686
#13 0xffffffff80da0076 in in_control (so=<optimized out>, 
    cmd=<optimized out>, data=0xfffffe00c3827d50 "ng1398", 
    ifp=0xfffff800356da000, td=0xfffffe00c35b5020)
    at /usr/src/sys/netinet/in.c:300
#14 0xffffffff80d199ed in ifioctl (so=0xfffff801e7c6e3b0, cmd=2149607705, 
    data=0xfffffe00c3827d50 "ng1398", td=0xfffffe00c35b5530)
    at /usr/src/sys/net/if.c:3109
#15 0xffffffff80c7053d in fo_ioctl (fp=0xfffff8004a9452d0, 
    com=18446741877966404240, data=0x0, active_cred=0xfffffe00838e2a02, 
    td=0xfffffe00c35b5020) at /usr/src/sys/sys/file.h:361
#16 kern_ioctl (td=0xfffffe00c35b5530, td@entry=0xfffffe00c35b5020, 
    fd=<optimized out>, com=18446741877966404240, com@entry=2149607705, 
    data=0x0, data@entry=0xfffffe00c3827d50 "ng1398")
    at /usr/src/sys/kern/sys_generic.c:803
#17 0xffffffff80c70220 in sys_ioctl (td=0xfffffe00c35b5020, 
    uap=0xfffffe00c35b5408) at /usr/src/sys/kern/sys_generic.c:711
#18 0xffffffff810a465c in syscallenter (td=0xfffffe00c35b5020)
    at /usr/src/sys/amd64/amd64/../../kern/subr_syscall.c:189
#19 amd64_syscall (td=0xfffffe00c35b5020, traced=0)
    at /usr/src/sys/amd64/amd64/trap.c:1183
#20 <signal handler called>
#21 0x00002593072bf9da in ?? ()
Backtrace stopped: Cannot access memory at address 0x25930dbb9548
(kgdb)

Comment 11 Eugene Grosbein freebsd_committer

2022-12-15 21:41:57 UTC

Reopen due to new data.

Comment 12 Eugene Grosbein freebsd_committer

2022-12-15 21:48:27 UTC

(In reply to Anatoliy Nebrat from comment #9)

Can you make the crashdump with your kernel.debug available for download? Alternatively, use lldb or modern gdb package to inspect the crashdump with commands:

frame 10
list

Comment 13 Gleb Smirnoff freebsd_committer

2022-12-15 21:50:05 UTC

This is a new and unrelated panic. It should be a separate bug.

Comment 14 Eugene Grosbein freebsd_committer

2022-12-15 21:57:10 UTC

(In reply to Gleb Smirnoff from comment #13)

> This is a new and unrelated panic.

It is.

> It should be a separate bug.

Well, not much happened for dealing with previous one in context of this PR. I do not see a reason to multiply PRs.

Comment 15 Anatoliy Nebrat 2022-12-17 06:45:05 UTC

Fri Dec 16 18:51:11 EET 2022

FreeBSD 13.1-STABLE #0 stable/13-n252461-a5a49aedc639: Thu Sep 22 10:21:03 EEST 2022     /usr/obj/usr/src/amd64.amd64/sys/GENERIC  amd64

panic: page fault

GNU gdb (GDB) 10.2 [GDB v10.2 for FreeBSD]
Copyright (C) 2021 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-portbld-freebsd13.0".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<https://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
    <http://www.gnu.org/software/gdb/documentation/>.

For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from /boot/kernel/kernel...
Reading symbols from /usr/lib/debug//boot/kernel/kernel.debug...

Unread portion of the kernel message buffer:


Fatal trap 12: page fault while in kernel mode
cpuid = 2; apic id = 04
fault virtual address	= 0x40
fault code		= supervisor read data, page not present
instruction pointer	= 0x20:0xffffffff82d83014
stack pointer	        = 0x28:0xfffffe00d0b649e0
frame pointer	        = 0x28:0xfffffe00d0b64a10
code segment		= base rx0, limit 0xfffff, type 0x1b
			= DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags	= interrupt enabled, resume, IOPL = 0
current process		= 22301 (mpd5)
trap number		= 12
panic: page fault
cpuid = 2
time = 1671209325
KDB: stack backtrace:
#0 0xffffffff80c4fad5 at kdb_backtrace+0x65
#1 0xffffffff80c029f1 at vpanic+0x151
#2 0xffffffff80c02893 at panic+0x43
#3 0xffffffff810a3d67 at trap_fatal+0x387
#4 0xffffffff810a3dbf at trap_pfault+0x4f
#5 0xffffffff8107baa8 at calltrap+0x8
#6 0xffffffff82d82adc at ng_mkpeer+0x6c
#7 0xffffffff82d80ce1 at ng_apply_item+0x4b1
#8 0xffffffff82d805ae at ng_snd_item+0x28e
#9 0xffffffff82d7ade3 at ngc_send+0x1b3
#10 0xffffffff80ca2b87 at sosend_generic+0x617
#11 0xffffffff80ca30a0 at sosend+0x50
#12 0xffffffff80ca9ade at kern_sendit+0x20e
#13 0xffffffff80ca9eda at sendit+0x1da
#14 0xffffffff80ca9ced at sys_sendto+0x4d
#15 0xffffffff810a465c at amd64_syscall+0x10c
#16 0xffffffff8107c3bb at fast_syscall_common+0xf8
Uptime: 22h42m24s
Dumping 1537 out of 8121 MB:..2%..11%..21%..31%..41%..51%..61%..71%..81%..91%

__curthread () at /usr/src/sys/amd64/include/pcpu_aux.h:55
55		__asm("movq %%gs:%P1,%0" : "=r" (td) : "n" (offsetof(struct pcpu,
(kgdb) #0  __curthread () at /usr/src/sys/amd64/include/pcpu_aux.h:55
#1  dump_savectx () at /usr/src/sys/kern/kern_shutdown.c:394
#2  0xffffffff80c025e8 in dumpsys (di=0x0)
    at /usr/src/sys/x86/include/dump.h:87
#3  doadump (textdump=<optimized out>)
    at /usr/src/sys/kern/kern_shutdown.c:423
#4  kern_reboot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:497
#5  0xffffffff80c02a5e in vpanic (fmt=<optimized out>, 
    ap=ap@entry=0xfffffe00d0b64830) at /usr/src/sys/kern/kern_shutdown.c:930
#6  0xffffffff80c02893 in panic (fmt=<unavailable>)
    at /usr/src/sys/kern/kern_shutdown.c:854
#7  0xffffffff810a3d67 in trap_fatal (frame=0xfffffe00d0b64920, eva=64)
    at /usr/src/sys/amd64/amd64/trap.c:942
#8  0xffffffff810a3dbf in trap_pfault (frame=0xfffffe00d0b64920, 
    usermode=false, signo=<optimized out>, ucode=<optimized out>)
    at /usr/src/sys/amd64/amd64/trap.c:761
#9  <signal handler called>
#10 0xffffffff82d83014 in ng_findhook (node=0xfffff800a8702a00, 
    name=0xfffff800a8061378 "left") at /usr/src/sys/netgraph/ng_base.c:1133
#11 ng_add_hook (node=node@entry=0xfffff800a8702a00, 
    name=name@entry=0xfffff800a8061378 "left", 
    hookp=hookp@entry=0xfffffe00d0b64a38)
    at /usr/src/sys/netgraph/ng_base.c:1078
#12 0xffffffff82d82adc in ng_mkpeer (node=node@entry=0xfffff80120218900, 
    name=name@entry=0xfffff800a8061358 "mpd22301-4340", 
    name2=name2@entry=0xfffff800a8061378 "left", type=<optimized out>)
    at /usr/src/sys/netgraph/ng_base.c:1560
#13 0xffffffff82d80ce1 in ng_generic_msg (here=0xfffff80120218900, 
    item=0xfffff801201ba880, lasthook=0x0)
    at /usr/src/sys/netgraph/ng_base.c:2540
#14 ng_apply_item (node=node@entry=0xfffff80120218900, 
    item=item@entry=0xfffff801201ba880, rw=1)
    at /usr/src/sys/netgraph/ng_base.c:2440
#15 0xffffffff82d805ae in ng_snd_item (item=item@entry=0xfffff801201ba880, 
    flags=flags@entry=0) at /usr/src/sys/netgraph/ng_base.c:2323
#16 0xffffffff82d7ade3 in ngc_send (so=<optimized out>, 
    flags=<optimized out>, m=0xfffff80120497500, addr=<optimized out>, 
    control=<optimized out>, td=<optimized out>)
    at /usr/src/sys/netgraph/ng_socket.c:345
#17 0xffffffff80ca2b87 in sosend_generic (so=0xfffff8001257d3b0, 
    addr=0xfffff80087355280, uio=0xfffffe00d0b64cd8, top=0xfffffe00d0b64a38, 
    control=0x0, flags=0, td=0xfffffe00d05cc020)
    at /usr/src/sys/kern/uipc_socket.c:1758
#18 0xffffffff80ca30a0 in sosend (so=0xfffff800a8702a00, 
    so@entry=0xfffff8001257d3b0, addr=0xfffff800a8061378, 
    uio=0xfffffe00d0b64a38, uio@entry=0xfffffe00d0b64cd8, 
    top=0xfffff80087355280, top@entry=0x0, control=control@entry=0x0, 
    flags=flags@entry=0, td=0xfffffe00d05cc020)
    at /usr/src/sys/kern/uipc_socket.c:1808
#19 0xffffffff80ca9ade in kern_sendit (td=td@entry=0xfffffe00d05cc020, s=260, 
    mp=<optimized out>, mp@entry=0xfffffe00d0b64dc0, flags=0, control=0x0, 
    segflg=segflg@entry=UIO_USERSPACE)
    at /usr/src/sys/kern/uipc_syscalls.c:792
#20 0xffffffff80ca9eda in sendit (td=0xfffffe00d05cc020, s=-1475996808, 
    mp=mp@entry=0xfffffe00d0b64dc0, flags=-2026548608)
    at /usr/src/sys/kern/uipc_syscalls.c:717
#21 0xffffffff80ca9ced in sys_sendto (td=0xfffff800a8702a00, 
    uap=<optimized out>) at /usr/src/sys/kern/uipc_syscalls.c:835
#22 0xffffffff810a465c in syscallenter (td=0xfffffe00d05cc020)
    at /usr/src/sys/amd64/amd64/../../kern/subr_syscall.c:189
#23 amd64_syscall (td=0xfffffe00d05cc020, traced=0)
    at /usr/src/sys/amd64/amd64/trap.c:1183
#24 <signal handler called>
#25 0x000013bfb156087a in ?? ()
Backtrace stopped: Cannot access memory at address 0x13bfb6880ec8
(kgdb)

Comment 16 Eugene Grosbein freebsd_committer

2022-12-17 07:13:28 UTC

Please show output of "ngctl list" command.
It seems, you build your STABLE system yourself. Also, please post /etc/src.conf used by your build system and all non-default settings for buildworld/buildkernel, if any.

Comment 17 Eugene Grosbein freebsd_committer

2022-12-17 07:17:49 UTC

(In reply to Anatoliy Nebrat from comment #15)

Please double check if you posted right GDB backtrace. It does not seem to correspond to KDB stack backtrace.

Comment 18 Anatoliy Nebrat 2022-12-17 07:27:44 UTC

Created attachment 238862 [details]
ngctl list

/etc/src.conf does not exist

Comment 19 Anatoliy Nebrat 2022-12-17 14:42:21 UTC

Sat Dec 17 16:15:41 EET 2022

13.1-STABLE FreeBSD 13.1-STABLE #0 stable/13-n252461-a5a49aedc639: Thu Sep 22 10:21:03 EEST 2022     /usr/obj/usr/src/amd64.amd64/sys/GENERIC  amd64

panic: page fault

GNU gdb (GDB) 10.2 [GDB v10.2 for FreeBSD]
Copyright (C) 2021 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-portbld-freebsd13.0".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<https://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
    <http://www.gnu.org/software/gdb/documentation/>.

For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from /boot/kernel/kernel...
Reading symbols from /usr/lib/debug//boot/kernel/kernel.debug...

Unread portion of the kernel message buffer:


Fatal trap 12: page fault while in kernel mode
cpuid = 3; apic id = 06
fault virtual address	= 0x6000000040
fault code		= supervisor read data, page not present
instruction pointer	= 0x20:0xffffffff82d7f83b
stack pointer	        = 0x28:0xfffffe00c39e99f0
frame pointer	        = 0x28:0xfffffe00c39e9a10
code segment		= base rx0, limit 0xfffff, type 0x1b
			= DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags	= interrupt enabled, resume, IOPL = 0
current process		= 22301 (mpd5)
trap number		= 12
panic: page fault
cpuid = 1
time = 1671286385
KDB: stack backtrace:
#0 0xffffffff80c4fad5 at kdb_backtrace+0x65
#1 0xffffffff80c029f1 at vpanic+0x151
#2 0xffffffff80c02893 at panic+0x43
#3 0xffffffff810a3d67 at trap_fatal+0x387
#4 0xffffffff810a3dbf at trap_pfault+0x4f
#5 0xffffffff8107baa8 at calltrap+0x8
#6 0xffffffff82d9b34e at ng_tee_close+0x1e
#7 0xffffffff82d7e7bd at ng_rmnode+0x5d
#8 0xffffffff82d80c72 at ng_apply_item+0x442
#9 0xffffffff82d805ae at ng_snd_item+0x28e
#10 0xffffffff82d7ade3 at ngc_send+0x1b3
#11 0xffffffff80ca2b87 at sosend_generic+0x617
#12 0xffffffff80ca30a0 at sosend+0x50
#13 0xffffffff80ca9ade at kern_sendit+0x20e
#14 0xffffffff80ca9eda at sendit+0x1da
#15 0xffffffff80ca9ced at sys_sendto+0x4d
#16 0xffffffff810a465c at amd64_syscall+0x10c
#17 0xffffffff8107c3bb at fast_syscall_common+0xf8
Uptime: 21h22m45s
Dumping 1855 out of 8121 MB:..1%..11%..21%..31%..41%..51%..61%..71%..81%..91%

__curthread () at /usr/src/sys/amd64/include/pcpu_aux.h:55
55		__asm("movq %%gs:%P1,%0" : "=r" (td) : "n" (offsetof(struct pcpu,
(kgdb) #0  __curthread () at /usr/src/sys/amd64/include/pcpu_aux.h:55
#1  dump_savectx () at /usr/src/sys/kern/kern_shutdown.c:394
#2  0xffffffff80c025e8 in dumpsys (di=0x0)
    at /usr/src/sys/x86/include/dump.h:87
#3  doadump (textdump=<optimized out>)
    at /usr/src/sys/kern/kern_shutdown.c:423
#4  kern_reboot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:497
#5  0xffffffff80c02a5e in vpanic (fmt=<optimized out>, 
    ap=ap@entry=0xfffffe00c39e9840) at /usr/src/sys/kern/kern_shutdown.c:930
#6  0xffffffff80c02893 in panic (fmt=<unavailable>)
    at /usr/src/sys/kern/kern_shutdown.c:854
#7  0xffffffff810a3d67 in trap_fatal (frame=0xfffffe00c39e9930, 
    eva=412316860480) at /usr/src/sys/amd64/amd64/trap.c:942
#8  0xffffffff810a3dbf in trap_pfault (frame=0xfffffe00c39e9930, 
    usermode=false, signo=<optimized out>, ucode=<optimized out>)
    at /usr/src/sys/amd64/amd64/trap.c:761
#9  <signal handler called>
#10 ng_bypass (hook1=0x6000000008, hook2=0xfffff801ec9b8100)
    at /usr/src/sys/netgraph/ng_base.c:1243
#11 0xffffffff82d9b34e in ng_tee_close (node=<optimized out>)
    at /usr/src/sys/netgraph/ng_tee.c:343
#12 0xffffffff82d7e7bd in ng_rmnode (node=node@entry=0xfffff801eb258600, 
    dummy1=<optimized out>, dummy2=<optimized out>, dummy3=<optimized out>)
    at /usr/src/sys/netgraph/ng_base.c:741
#13 0xffffffff82d80c72 in ng_generic_msg (here=0xfffff801eb258600, 
    item=0xfffff801c8422400, lasthook=0xfffff80094e1cb80)
    at /usr/src/sys/netgraph/ng_base.c:2526
#14 ng_apply_item (node=node@entry=0xfffff801eb258600, 
    item=item@entry=0xfffff801c8422400, rw=1)
    at /usr/src/sys/netgraph/ng_base.c:2440
#15 0xffffffff82d805ae in ng_snd_item (item=item@entry=0xfffff801c8422400, 
    flags=flags@entry=0) at /usr/src/sys/netgraph/ng_base.c:2323
#16 0xffffffff82d7ade3 in ngc_send (so=<optimized out>, 
    flags=<optimized out>, m=0xfffff80199b32a00, addr=<optimized out>, 
    control=<optimized out>, td=<optimized out>)
    at /usr/src/sys/netgraph/ng_socket.c:345
#17 0xffffffff80ca2b87 in sosend_generic (so=0xfffff8000f5a6000, 
    addr=0xcffffffb, uio=0xfffffe00c39e9cd8, top=0x1, control=0x0, flags=0, 
    td=0xfffffe00c4370020) at /usr/src/sys/kern/uipc_socket.c:1758
#18 0xffffffff80ca30a0 in sosend (so=0x6000000008, 
    so@entry=0xfffff8000f5a6000, addr=0xfffff801ec9b8100, uio=0x1, 
    uio@entry=0xfffffe00c39e9cd8, top=0xcffffffb, top@entry=0x0, 
    control=control@entry=0x0, flags=-1797141632, flags@entry=0, 
    td=0xfffffe00c4370020) at /usr/src/sys/kern/uipc_socket.c:1808
#19 0xffffffff80ca9ade in kern_sendit (td=td@entry=0xfffffe00c4370020, s=230, 
    mp=<optimized out>, mp@entry=0xfffffe00c39e9dc0, flags=0, control=0x0, 
    segflg=segflg@entry=UIO_USERSPACE)
    at /usr/src/sys/kern/uipc_syscalls.c:792
#20 0xffffffff80ca9eda in sendit (td=0xfffffe00c4370020, s=-325353216, 
    mp=mp@entry=0xfffffe00c39e9dc0, flags=-805306373)
    at /usr/src/sys/kern/uipc_syscalls.c:717
#21 0xffffffff80ca9ced in sys_sendto (td=0x6000000008, uap=<optimized out>)
    at /usr/src/sys/kern/uipc_syscalls.c:835
#22 0xffffffff810a465c in syscallenter (td=0xfffffe00c4370020)
    at /usr/src/sys/amd64/amd64/../../kern/subr_syscall.c:189
#23 amd64_syscall (td=0xfffffe00c4370020, traced=0)
    at /usr/src/sys/amd64/amd64/trap.c:1183
#24 <signal handler called>
#25 0x0000005d9c56a87a in ?? ()
Backtrace stopped: Cannot access memory at address 0x5da34bc558
(kgdb)

Comment 20 Eugene Grosbein freebsd_committer

2022-12-18 01:25:54 UTC

(In reply to Anatoliy Nebrat from comment #18)

And output of "kldstat", please.

Comment 21 Eugene Grosbein freebsd_committer

2022-12-18 01:28:49 UTC

Your panics have very different backtraces. It maybe kernel problem or physical memory problem. Are you sure the RAM is all right?

Comment 22 Gleb Smirnoff freebsd_committer

2022-12-30 02:21:59 UTC

Anatoliy, please open a separate bug report for every separate problem.

Eugene, please don't re-open the bugs that are assigned to me and are closed, before sending me a message.