System (four-core Intel Q6600 with SMP kernel) crashes under load (although relatively light load, thanks to only 2 Mbit outbound link) of roughty hundred TCP connections somewhat reproducibly when HFSC ALTQ traffic scheduling is used. Only information seen about this is the dmesg message: Fatal trap 12: page fault while in kernel mode cpuid = 0; apic id = 00 fault virtual address = 0x4 fault code = supervisor read, page not present instruction pointer = 0x20:0xc04641e7 stack pointer = 0x28:0xe719ca68 frame pointer = 0x28:0xe719caac code segment = base rx0, limit 0xfffff, type 0x1b = DPL 0, pres 1, def32 1, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 15 (swi4: clock sio) trap number = 12 panic: page fault Where the instruction pointer points to inlined code inside hfsc_dequeue: (gdb) l *(0xc04641e7) 0xc04641e7 is in hfsc_dequeue (altq_classq.h:113). 108 struct mbuf *m, *m0; 109 110 if ((m = qtail(q)) == NULL) 111 return (NULL); 112 if ((m0 = m->m_nextpkt) != m) 113 m->m_nextpkt = m0->m_nextpkt; 114 else 115 qtail(q) = NULL; 116 qlen(q)--; 117 m0->m_nextpkt = NULL; Could it be just a simple locking issue in the linked list? How-To-Repeat: Exact conditions are not known, but running lots of outbound TCP traffic over HFSC connection on a SMP system might trigger it.
Responsible Changed From-To: freebsd-bugs->freebsd-net Over to maintainer(s).
For bugs matching the following criteria: Status: In Progress Changed: (is less than) 2014-06-01 Reset to default assignee and clear in-progress tags. Mail being skipped
Keyword: crash – in lieu of summary line prefix: [panic] * bulk change for the keyword * summary lines may be edited manually (not in bulk). Keyword descriptions and search interface: <https://bugs.freebsd.org/bugzilla/describekeywords.cgi>
^Triage: I'm sorry that this PR did not get addressed in a timely fashion. By now, the version that it was created against is long out of support. Please re-open if it is still a problem on a supported version.