Date: Mon, 11 Nov 2024 20:34:45 +0000 From: bugzilla-noreply@freebsd.org To: transport@FreeBSD.org Subject: [Bug 282605] panic: tcp_do_segment: sent too much Message-ID: <bug-282605-38102-JaefTIMNRB@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-282605-38102@https.bugs.freebsd.org/bugzilla/> References: <bug-282605-38102@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D282605 Alexander Leidinger <netchild@FreeBSD.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |netchild@FreeBSD.org --- Comment #5 from Alexander Leidinger <netchild@FreeBSD.org> --- I just run into this panic, on the ipv6 side I would guess (current as of 2024-10-30-120714): ---snip--- [365136] panic: tcp_do_segment: sent too much [365136] cpuid =3D 1 [365136] time =3D 1731354815 [365136] KDB: stack backtrace: [365136] db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe04314f7790 [365136] vpanic() at vpanic+0x136/frame 0xfffffe04314f78c0 [365136] panic() at panic+0x43/frame 0xfffffe04314f7920 [365136] tcp_do_segment() at tcp_do_segment+0x2852/frame 0xfffffe04314f79f0 [365136] tcp_input_with_port() at tcp_input_with_port+0x10e2/frame 0xfffffe04314f7b40 [365136] tcp6_input_with_port() at tcp6_input_with_port+0x6a/frame 0xfffffe04314f7b70 [365136] tcp6_input() at tcp6_input+0xb/frame 0xfffffe04314f7b80 [365136] ip6_input() at ip6_input+0xc76/frame 0xfffffe04314f7c60 [365136] netisr_dispatch_src() at netisr_dispatch_src+0xb9/frame 0xfffffe04314f7cc0 [365136] ether_demux() at ether_demux+0x16a/frame 0xfffffe04314f7cf0 [365136] ether_nh_input() at ether_nh_input+0x3cf/frame 0xfffffe04314f7d40 [365136] netisr_dispatch_src() at netisr_dispatch_src+0xb9/frame 0xfffffe04314f7da0 [365136] ether_input() at ether_input+0xd5/frame 0xfffffe04314f7e00 [365136] epair_tx_start_deferred() at epair_tx_start_deferred+0xd4/frame 0xfffffe04314f7e40 [365136] taskqueue_run_locked() at taskqueue_run_locked+0x1c7/frame 0xfffffe04314f7ec0 [365136] taskqueue_thread_loop() at taskqueue_thread_loop+0xd3/frame 0xfffffe04314f7ef0 [365136] fork_exit() at fork_exit+0x87/frame 0xfffffe04314f7f30 [365136] fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe04314f7f30 [365136] --- trap 0x3de64570, rip =3D 0, rsp =3D 0, rbp =3D 0 --- [365136] Uptime: 4d5h25m36s [365136] Dumping 50824 out of 73621 MB:..1%..11%..21%..31%..41%..51%..61%..71%..81%..91% ---snip-- Parts of the crashdump output (full output available on request): ---snip--- #5 0xffffffff806b6b72 in tcp_do_segment (tp=3D0xfffff80da7abfa80, m=3D<optimized out>, th=3D0xfffff804c5190a96, drop_hdrlen=3D72, tlen=3D= 0, iptos=3D<optimized out>) at /space/system/usr_src/sys/netinet/tcp_input.c:1548 to =3D {to_flags =3D 128, to_tsval =3D 4294965249, to_tsecr =3D 454= 6, to_sacks =3D 0xfffff804c5190aae "\aa\217\345\aa\225}\255\336\336\300\255\336\336\300\255\336\336\300\255\33= 6\336\300\255\336\336\300\255\336\336\300\255\336\336\300\255\336\336\300\2= 55\336\336\300\255\336\336\300\255\336\336\300\255\336\336\300\255\336\336\= 300\255\336\336\300\255\336\336\300\255\336\336\300\255\336\336\300\255\336= \336\300\255", <incomplete sequence \336>, to_signature =3D 0x4 <error: Cannot access memory at address 0x4>, to_tfo_cookie =3D 0xfffffe04314f79c0 "\340yO1", to_mss =3D 22215, to_wscale =3D 111 'o', to_nsacks =3D 1 '\001', to_tfo_len =3D 255= '\377', to_spare =3D 2154633376} maxseg =3D 1432 inp =3D 0xfffff80da7abfa80 needoutput =3D 0 incforsyn =3D <optimized out> so =3D 0xfffff8051a0ffc00 inc =3D <optimized out> thflags =3D <optimized out> sack_changed =3D <optimized out> nsegs =3D 1 s =3D <optimized out> tiwin =3D <optimized out> rstreason =3D <optimized out> todrop =3D <optimized out> acked =3D <optimized out> tfo_syn =3D <optimized out> mfree =3D <optimized out> ourfinisacked =3D <optimized out> win =3D <optimized out> close =3D <optimized out> #6 0xffffffff806b3602 in tcp_input_with_port (mp=3Dmp@entry=3D0xfffffe0431= 4f7bc8, offp=3Doffp@entry=3D0xfffffe04314f7bc0, proto=3D<optimized out>, port= =3D0) at /space/system/usr_src/sys/netinet/tcp_input.c:1158 so =3D 0xfffff8051a0ffc00 to =3D {to_flags =3D 0, to_tsval =3D 0, to_tsecr =3D 719386432, to_sacks =3D 0xfffff80727e1a038 "\001", to_signature =3D 0xfffff80727e1a084 "", to_tfo_cookie =3D 0x5bbafa8e00000073 <error: Cannot access memory= at address 0x5bbafa8e00000073>, to_mss =3D 37456, to_wscale =3D 5 '\005', to_nsacks =3D 0 '\000', to_tfo_len =3D 0 '\000', to_spare =3D 590= 855} m =3D 0xfffff804c5190a00 th =3D 0xfffff804c5190a96 ip =3D 0x0 inp =3D <optimized out> tp =3D <unavailable> optp =3D 0xfffff804c5190aaa "\001\001\005\n\aa\217\345\aa\225}\255\336\336\300\255\336\336\300\255\336\= 336\300\255\336\336\300\255\336\336\300\255\336\336\300\255\336\336\300\255= \336\336\300\255\336\336\300\255\336\336\300\255\336\336\300\255\336\336\30= 0\255\336\336\300\255\336\336\300\255\336\336\300\255\336\336\300\255\336\3= 36\300\255\336\336\300\255", <incomplete sequence \336> optlen =3D 12 tlen =3D <optimized out> rstreason =3D <optimized out> fwd_tag =3D 0x0 ip6 =3D 0xfffff804c5190a6e s =3D 0x0 off0 =3D <optimized out> iptos =3D 0 '\000' off =3D <optimized out> len =3D <optimized out> ipttl =3D <optimized out> thflags =3D <optimized out> drop_hdrlen =3D 72 lookupflag =3D <optimized out> isipv6 =3D <optimized out> #7 0xffffffff806b247a in tcp6_input_with_port (mp=3D0xfffffe04314f7bc8, offp=3D0xfffffe04314f7bc0, proto=3D<optimized out>, port=3Dport@entry= =3D0) at /space/system/usr_src/sys/netinet/tcp_input.c:594 m =3D 0xfffff804c5190a00 ip6 =3D <optimized out> ia6 =3D <unavailable> #8 0xffffffff806b3d5b in tcp6_input (mp=3D<unavailable>, offp=3D<unavailab= le>, proto=3D<unavailable>) at /space/system/usr_src/sys/netinet/tcp_input.c= :601 No locals. ---snip--- --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-282605-38102-JaefTIMNRB>