My Oracle Support Banner

panic segkp_fault: accessing redzone BCOPY_MORE WHILE PROCESSING SMB COPYCHUNK REQUEST (Doc ID 2910192.1)

Last updated on DECEMBER 28, 2022

Applies to:

Solaris Operating System - Version 11.4 and later
Information in this document applies to any platform.

Symptoms

System panic similar to the following:

CAT(vmcore.12/11V)> panic
panic on CPU 54
panic string: segkp_fault: accessing redzone
==== panic kernel thread: 0x2a11779db00 PID: 0 on CPU: 54 ====
cmd: sched(smbfs4ec0005)
kname: taskq_d_thread
t_procp: 0x20673dc0 (proc_sched)
  p_as: 0x206755c0 (kas)
  p_zone: 0x20902b58 (global)
t_stk: 0x2a11779d910 sp: 0x20671ec1 t_stkbase: 0x2a117796000
t_pri: 99 (SYS) pctcpu: 0.000882
t_transience: 10 (TRANSIENT)
t_cpupart: 0x2051d828(0) last CPU: 54
idle: 762683 nsec (0.000762683s)
start: Mon Oct 24 12:34:11 2022
age: 21868 seconds (6 hours 4 minutes 28 seconds)
t_state: TS_ONPROC
t_flag: 0x400808 (T_TALLOCSTK|T_PANIC|T_PAGEFLT)
t_proc_flag: 0 (none set)
t_schedflag: 0x13 (TS_LOAD|TS_DONT_SWAP|TS_SIGNALLED)
t_acflag: 4 (TA_NO_ACCOUNTING)
p_flag: 1 (SSYS)

pc: unix:panicsys+0x40: call unix:setjmp

void unix:panicsys+0x40((const char *)0x10861c74, (va_list)0x2a11779c428, (struct regs *)0x20672870, (int)1, 0x1603, , , , , , , , 0x10861c74, 0x2a11779c428)
unix:vpanic_common+0x78(0x10861c74, 0x2a11779c428, 0, 0x76, 0x64032f2668e0, 0x10146800)
void unix:panic+0x1c((const char *)0x10861c74, 0, 0x1508bbcf, 0x4001228e538, 0x64032f2668e0, 0x2a11779c350, ...)
faultcode_t genunix:segkp_fault+0x284((struct hat *)0x400003ed1c0, (struct seg *)0x201a9e88, (caddr_t)0x2a11779e000, (size_t)0x2000, (enum fault_type)0, (enum seg_rw)1)
faultcode_t genunix:as_fault+0x410((struct hat *)0x400003ed1c0, (struct as *), (caddr_t)0x2a11779e000, (size_t)1, (enum fault_type)0, (enum seg_rw)1)
faultcode_t unix:pagefault+0x1c8((caddr_t)0x2a11779e000, (enum fault_type)0, (enum seg_rw), (int)1)
void unix:trap+0xa84((struct regs *), (caddr_t)0x2a11779e000, (uint32_t), (uint32_t))
unix:ktl0+0x7c()
-- trap data type: 0x31 (data access MMU miss) rp: 0x2a11779c7e0 --
pc: 0x10af9770 SPARC-T5:bcopy_more+0x154: ldx [%i0 + 0x300], %o4
npc: 0x10af9774 SPARC-T5:bcopy_more+0x158: stxa %o4, [%i1 + 0x308] %asi
  global: %g1 0x1097005c
  %g2 0xfff80138c2b40000 %g3 0x2000
  %g4 0xfff80138c2b40000 %g5 0
  %g6 0x1c %g7 0x2a11779db00
  out: %o0 0x640058519ad0 %o1 0x2a11779db00
  %o2 0xd80 %o3 0
  %o4 0 %o5 3
  %sp 0x2a11779c081 %o7 0x1092a894
  loc: %l0 0x20890400 %l1 0x64029833e500
  %l2 0xc7a438 %l3 0xfff88100e30ad000
  %l4 0x3000000 %l5 0
  %l6 0x201aab40 %l7 0x10af8aac
  in: %i0 0x2a11779dd08 %i1 0xfff80138c2b40978
  %i2 0 %i3 0x1680
  %i4 0x80 %i5 0x1c615a0
  %fp 0x2a11779c241 %i7 0x1097005c
SPARC-T5:bcopy_more+0x154(, , , , , 0x1c615a0)
genunix:kcopy_nta((const void *)0x2a11779d388, (void *)0xfff80138c2b40000, (size_t)0x2000, (int)0) - frame recycled
int genunix:uiomove+0xa4((void *), (size_t)0x2000, (enum uio_rw)1, (struct uio *)0x2a11779d388)
int genunix:vpm_data_copy+0xe8((struct vnode *)0x64029833e500, (u_offset_t)0x3000000, (size_t)0x2000, (struct uio *)0x2a11779d388, (int)0, (int *)0, (int)0, (enum seg_rw))
int samfs:sam_write_io+0x480((vnode_t *), (uio_t *)0x2a11779d388, (int)0, (cred_t *)0x64040dfdf5f0)
int samfs:sam_write_vn+0x950((vnode_t *)0x64029833e500, (uio_t *)0x2a11779d388, (int)0, (cred_t *)0x64040dfdf5f0, (caller_context_t *)0x2a11779d1d0)
int samfs:sam_client_write_vn+0x44c((vnode_t *), (uio_t *), (int), (cred_t *), (caller_context_t *))
smbsrv:smb_fem_oplock_write((femarg_t *), (uio_t *), (int), (cred_t *)0x64040dfdf5f0, (caller_context_t *)0x2a11779d1d0) - frame recycled
int genunix:vhead_write+0xbc((vnode_t *)0x64029833e500, (uio_t *)0x2a11779d388, (int)0, (cred_t *)0x64040dfdf5f0, (caller_context_t *)0x2a11779d1d0)
int genunix:fop_write+0xe8((vnode_t *)0x64029833e500, (uio_t *)0x2a11779d388, (int)0, (cred_t *)0x64040dfdf5f0, (caller_context_t *)0x2a11779d1d0)
int smbsrv:smb_vop_write+0x78((vnode_t *)0x64029833e500, (uio_t *)0x2a11779d388, (int)0, (uint32_t *)0x2a11779d370, (int)0xb, (cred_t *)0x64040dfdf5f0)
int smbsrv:smb_fsop_write+0xcc((smb_request_t *)0x6403f35ac058, (cred_t *)0x64040dfdf5f0, (smb_node_t *)0x6403886d54e8, (uio_t *)0x2a11779d388, (uint32_t *)0x2a11779d370, (int)0, , 0x6402b12f0000)
ntstatus_t smbsrv:smb_copychunk_copy+0x128((smb_request_t *)0x6403b6182080, (smb_request_t *)0x6403f35ac058, (smb_chunks_t *)0x2a11779d478)
ntstatus_t smbsrv:smb2_ioctl_copychunk+0x268((smb_request_t *)0x6403f35ac058)
smb_sdrc_t smbsrv:smb2_ioctl+0x300((smb_request_t *)0x6403f35ac058)
boolean_t smbsrv:smb2_dispatch_request_impl+0x35c((smb_request_t *)0x6403f35ac058)
boolean_t smbsrv:smb2_dispatch_request+0x34((smb_request_t *)0x6403f35ac058)
void smbsrv:smb2_dispatch_thread+0x28((void *)0x6403f35ac058)
void smbcmn:smb_ktaskq_thread+0x30((void *)0x6403f35ac200)
void genunix:taskq_d_thread+0xb4((taskq_ent_t *)0x6404202c66d8)
unix:thread_start+4()

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Cause
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.