Project

General

Profile

Actions
Copy link

Regression #14138

open

Kernel Panic in ``rtsock_msg_mbuf``

Added by Stephen Baines about 1 year ago. Updated 8 months ago.

Status:
Feedback
Priority:
Normal
Assignee:
-
Category:
Operating System
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Default
Affected Version:
Affected Architecture:
amd64

Description

I’ve been having a number of these over the last week or so. Last night’s was overnight when no one was using the network, so only background activity would have been going on. I can’t attempt to say what triggered them. 


Filename: /var/crash/info.0
Dump header from device: /dev/nvd0p3
  Architecture: amd64
  Architecture Version: 4
  Dump Length: 359424
  Blocksize: 512
  Compression: none
  Dumptime: 2023-03-20 19:36:48 +1030
  Hostname: Zen.gasny.vollans.stream
  Magic: FreeBSD Text Dump
  Version String: FreeBSD 14.0-CURRENT #0 plus-RELENG_23_01-n256037-6e914874a5e: Fri Feb 10 20:30:29 UTC 2023
    root@freebsd:/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/obj/amd64/VDZvZksF/var/j
  Panic String: general protection fault
  Dump Parity: 1579050593
  Bounds: 0
  Dump Status: good

Filename: /var/crash/textdump.tar.0
ddb.txt���������������������������������������������������������������������������������������������0600����0�������0�������751216������14406021050�  7103� �����������������������������������������������������������������������������������������������������ustar���root����������������������������wheel������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������db:0:kdb.enter.default>  run pfs
db:1:pfs> bt
Tracing pid 0 tid 100016 td 0xfffffe0020727900
kdb_enter() at kdb_enter+0x32/frame 0xfffffe00c626ea40
vpanic() at vpanic+0x182/frame 0xfffffe00c626ea90
panic() at panic+0x43/frame 0xfffffe00c626eaf0
trap_fatal() at trap_fatal+0x409/frame 0xfffffe00c626eb50
calltrap() at calltrap+0x8/frame 0xfffffe00c626eb50
--- trap 0x9, rip = 0xffffffff80f00bbd, rsp = 0xfffffe00c626ec20, rbp = 0xfffffe00c626ecf0 ---
rtsock_msg_mbuf() at rtsock_msg_mbuf+0x10d/frame 0xfffffe00c626ecf0
rt_newmaddrmsg() at rt_newmaddrmsg+0xf8/frame 0xfffffe00c626eda0
if_delmulti_locked() at if_delmulti_locked+0x2a/frame 0xfffffe00c626edd0
if_delmulti_ifma_flags() at if_delmulti_ifma_flags+0x4b/frame 0xfffffe00c626ee00
in6m_release_task() at in6m_release_task+0x14d/frame 0xfffffe00c626ee40
taskqueue_run_locked() at taskqueue_run_locked+0x191/frame 0xfffffe00c626eec0
taskqueue_thread_loop() at taskqueue_thread_loop+0xc3/frame 0xfffffe00c626eef0
fork_exit() at fork_exit+0x7e/frame 0xfffffe00c626ef30
fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe00c626ef30
--- trap 0x740c4000, rip = 0, rsp = 0, rbp = 0 ---
db:1:pfs>  show registers
cs                        0x20
ds                        0x3b
es                        0x3b
fs                        0x13
gs                        0x1b
ss                        0x28
rax                       0x12
rcx                        0x1
rdx                      0x3f8
rbx                      0x100
rsp         0xfffffe00c626ea40
rbp         0xfffffe00c626ea40
rsi                          0
rdi         0xffffffff83191e28  gdb_consdev
r8                           0
r9                  0x1c200001
r10         0xffffffff83183f88  vt_conswindow
r11                       0x20
r12                          0
r13         0xfffffe00c626eb60
r14         0xfffffe00c626ead0
r15         0xfffffe0020727900
rip         0xffffffff80dd82f2  kdb_enter+0x32
rflags                    0x86
kdb_enter+0x32: movq    $0,0x27bd313(%rip)
db:1:pfs>  show pcpu
cpuid        = 2
dynamic pcpu = 0xfffffe009d2ed800
curthread    = 0xfffffe0020727900: pid 0 tid 100016 critnest 1 "in6m_free taskq" 
curpcb       = 0xfffffe0020727e20
fpcurthread  = none
idlethread   = 0xfffffe0020725560: tid 100005 "idle: cpu2" 
self         = 0xffffffff84612000
curpmap      = 0xffffffff83549750
tssp         = 0xffffffff84612384
rsp0         = 0xfffffe00c626f000
kcr3         = 0xffffffffffffffff
ucr3         = 0xffffffffffffffff
scr3         = 0x0
gs32p        = 0xffffffff84612404
ldt          = 0xffffffff84612444
tss          = 0xffffffff84612434
curvnet      = 0xfffff800012107c0
db:1:pfs>  run lockinfo
db:2:lockinfo> show locks
No such command; use "help" to list available commands
db:2:lockinfo>  show alllocks
No such command; use "help" to list available commands
db:2:lockinfo>  show lockedvnods
Locked vnodes
db:1:pfs>  acttrace

Tracing command kernel pid 0 tid 100016 td 0xfffffe0020727900 (CPU 2)
kdb_enter() at kdb_enter+0x32/frame 0xfffffe00c626ea40
vpanic() at vpanic+0x182/frame 0xfffffe00c626ea90
panic() at panic+0x43/frame 0xfffffe00c626eaf0
trap_fatal() at trap_fatal+0x409/frame 0xfffffe00c626eb50
calltrap() at calltrap+0x8/frame 0xfffffe00c626eb50
--- trap 0x9, rip = 0xffffffff80f00bbd, rsp = 0xfffffe00c626ec20, rbp = 0xfffffe00c626ecf0 ---
rtsock_msg_mbuf() at rtsock_msg_mbuf+0x10d/frame 0xfffffe00c626ecf0
rt_newmaddrmsg() at rt_newmaddrmsg+0xf8/frame 0xfffffe00c626eda0
if_delmulti_locked() at if_delmulti_locked+0x2a/frame 0xfffffe00c626edd0
if_delmulti_ifma_flags() at if_delmulti_ifma_flags+0x4b/frame 0xfffffe00c626ee00
in6m_release_task() at in6m_release_task+0x14d/frame 0xfffffe00c626ee40
taskqueue_run_locked() at taskqueue_run_locked+0x191/frame 0xfffffe00c626eec0
taskqueue_thread_loop() at taskqueue_thread_loop+0xc3/frame 0xfffffe00c626eef0
fork_exit() at fork_exit+0x7e/frame 0xfffffe00c626ef30
fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe00c626ef30
--- trap 0x740c4000, rip = 0, rsp = 0, rbp = 0 ---

Tracing command killall pid 10515 tid 100440 td 0xfffffe011eaf63a0 (CPU 0)
cpustop_handler() at cpustop_handler+0x28/frame 0xffffffff83609200
ipi_nmi_handler() at ipi_nmi_handler+0x39/frame 0xffffffff83609210
trap() at trap+0x3f/frame 0xffffffff83609330
nmi_calltrap() at nmi_calltrap+0x8/frame 0xffffffff83609330
--- trap 0x13, rip = 0x499db02b88a0, rsp = 0x1a7acf458b90, rbp = 0x1a7acf4596f0 ---

Tracing command avahi-daemon pid 6640 tid 100511 td 0xfffffe0123304e40 (CPU 1)
cpustop_handler() at cpustop_handler+0x28/frame 0xfffffe002051ddf0
ipi_nmi_handler() at ipi_nmi_handler+0x39/frame 0xfffffe002051de00
trap() at trap+0x3f/frame 0xfffffe002051df20
nmi_calltrap() at nmi_calltrap+0x8/frame 0xfffffe002051df20
--- trap 0x13, rip = 0x827064a0f, rsp = 0x820fac218, rbp = 0x820fac230 ---

Tracing command route pid 10966 tid 100310 td 0xfffffe011e973c80 (CPU 3)
cpustop_handler() at cpustop_handler+0x28/frame 0xfffffe0020537df0
ipi_nmi_handler() at ipi_nmi_handler+0x39/frame 0xfffffe0020537e00
trap() at trap+0x3f/frame 0xfffffe0020537f20
nmi_calltrap() at nmi_calltrap+0x8/frame 0xfffffe0020537f20
--- trap 0x13, rip = 0xffffffff80dbc98f, rsp = 0xfffffe01137a3850, rbp = 0xfffffe01137a38f0 ---
sched_switch() at sched_switch+0x1df/frame 0xfffffe01137a38f0
mi_switch() at mi_switch+0xc2/frame 0xfffffe01137a3910
kern_yield() at kern_yield+0x59/frame 0xfffffe01137a3940
uiomove_faultflag() at uiomove_faultflag+0x10c/frame 0xfffffe01137a3980
dmu_read_uio_dnode() at dmu_read_uio_dnode+0xa3/frame 0xfffffe01137a39e0
dmu_read_uio_dbuf() at dmu_read_uio_dbuf+0x3b/frame 0xfffffe01137a3a10
zfs_read() at zfs_read+0x1da/frame 0xfffffe01137a3a70
zfs_freebsd_read() at zfs_freebsd_read+0x39/frame 0xfffffe01137a3a90
VOP_READ_APV() at VOP_READ_APV+0x1f/frame 0xfffffe01137a3ab0
vn_read() at vn_read+0x1d1/frame 0xfffffe01137a3b20
vn_io_fault_doio() at vn_io_fault_doio+0x43/frame 0xfffffe01137a3b80
vn_io_fault1() at vn_io_fault1+0x15c/frame 0xfffffe01137a3cd0
vn_io_fault() at vn_io_fault+0x1b4/frame 0xfffffe01137a3d50
dofileread() at dofileread+0x83/frame 0xfffffe01137a3d90
sys_read() at sys_read+0xbc/frame 0xfffffe01137a3e00
amd64_syscall() at amd64_syscall+0x10c/frame 0xfffffe01137a3f30
fast_syscall_common() at fast_syscall_common+0xf8/frame 0xfffffe01137a3f30
--- syscall (3, FreeBSD ELF64, sys_read), rip = 0x436c448cf3da, rsp = 0x376b9fa01b88, rbp = 0x376b9fa01ca0 ---

Files

Download all files
info.0 (554 Bytes) info.0 Stephen Baines, 03/21/2023 02:20 AM
textdump.tar.0 (351 KB) textdump.tar.0 Stephen Baines, 03/21/2023 02:20 AM
Actions
Copy link
 #1

Updated by Kris Phillips about 1 year ago

Did this start after updating or something? General Protection Fault is almost always hardware failure or a hardware issue causing the panic, although it can sometimes be things like drivers.

Actions
Copy link
 #2

Updated by Stephen Baines about 1 year ago

It's the exact same hardware I ran the previous version on, with no changes to hardware or BIOS settings. The problems only started once I upgraded to 23.01.

Actions
Copy link
 #3

Updated by Jim Pingle about 1 year ago

  • Tracker changed from Bug to Regression
  • Project changed from pfSense Plus to pfSense
  • Subject changed from Kernel Panic - General Protection Fault to Kernel Panic in ``rtsock_msg_mbuf``
  • Category changed from Unknown to Operating System
  • Status changed from New to Feedback
  • Priority changed from High to Normal
  • Affected Plus Version deleted (23.01)

Is the backtrace always the same?

Is there anything else going on when this happens?

In the message buffer it looks like your igc2 interface is bouncing up and down. If you disable that interface do the crashes stop?

The backtrace is different but it might be a similar cause as #14164

Actions
Copy link
 #4

Updated by Kris Phillips 8 months ago

Stephen,

Can you please re-test on 23.05.1? The associated redmine is marked as Resolved for this release, so this should no longer be an issue unless your problem is hardware.

Actions
Copy link
 #5

Updated by Stephen Baines 8 months ago

All I can say is I haven’t seen it since the 23.05.01 upgrade. It’s not something I could directly trigger.

Actions
Copy link

Also available in: Atom PDF