Date: Wed, 17 Feb 2016 12:41:33 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-bugs@FreeBSD.org Subject: [Bug 168411] [vm] [panic] uma_find_refcnt(): zone possibly not UMA_ZONE_REFCNT Message-ID: <bug-168411-8-5f3uolPKhZ@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-168411-8@https.bugs.freebsd.org/bugzilla/> References: <bug-168411-8@https.bugs.freebsd.org/bugzilla/>
index | next in thread | previous in thread | raw e-mail
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=168411 Andrey V. Elsukov <ae@FreeBSD.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |ae@FreeBSD.org --- Comment #1 from Andrey V. Elsukov <ae@FreeBSD.org> --- I can reliably get this panic. We are experimenting with using max_hdr variable to reserve leading space in mbufs allocated by network drivers. The goal is optimize the traffic flow on routers which do IPv4->IPv6 encapsulation or NAT46. We use this function to reserve leading space: #define M_RESERVE_ALIGN 128 /* * Set the m_data pointer of a mbuf to be able place an object of the * max_hdr bytes at the beginning of the mbuf's data, aligned to 128 bytes. * Also (re)initialize m_len and m_pkthdr.len fields. */ static __inline void m_reserve_hdr(struct mbuf *m) { int len; len = roundup2(max_hdr, M_RESERVE_ALIGN); if ((m->m_flags & M_PKTHDR) == 0 || ((int)M_SIZE(m) - len) < 0) return; m->m_data = M_START(m) + len; m->m_len = m->m_pkthdr.len = M_SIZE(m) - len; } And how this function is used in ixgbe(4): --- a/sys/dev/ixgbe/ix_txrx.c +++ b/sys/dev/ixgbe/ix_txrx.c @@ -1319,13 +1319,10 @@ ixgbe_refresh_mbufs(struct rx_ring *rxr, int limit) M_PKTHDR, rxr->mbuf_sz); if (mp == NULL) goto update; - if (adapter->max_frame_size <= (MCLBYTES - ETHER_ALIGN)) - m_adj(mp, ETHER_ALIGN); } else mp = rxbuf->buf; - mp->m_pkthdr.len = mp->m_len = rxr->mbuf_sz; - + m_reserve_hdr(mp); /* If we're dealing with an mbuf that was copied rather * than replaced, there's no need to go through busdma. */ @@ -1517,7 +1514,7 @@ ixgbe_setup_receive_ring(struct rx_ring *rxr) goto fail; } mp = rxbuf->buf; - mp->m_pkthdr.len = mp->m_len = rxr->mbuf_sz; + m_reserve_hdr(mp); /* Get the memory mapping */ error = bus_dmamap_load_mbuf_sg(rxr->ptag, rxbuf->pmap, mp, seg, How to reproduce the panic. Configure MTU greater than MJUMPAGESIZE, and send several packets with size greater than MJUMPAGESIZE. The result: Fatal trap 9: general protection fault while in kernel mode cpuid = 10; apic id = 0a instruction pointer = 0x20:0xffffffff80cc192b stack pointer = 0x28:0xfffffe10466b6730 frame pointer = 0x28:0xfffffe10466b6750 code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, long 1, def32 0, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 12 (irq287: ix0:que 5) #8 0xffffffff80e390d2 in calltrap () at /usr/src/sys/amd64/amd64/exception.S:235 #9 0xffffffff80cc192b in uma_find_refcnt (zone=<value optimized out>, item=<value optimized out>) at /usr/src/sys/vm/uma_core.c:3205 #10 0xffffffff809cd7fa in mb_ctor_clust (mem=0xfffff803394f6000, size=4096, arg=0xfffff80339469200, how=961499136) at /usr/src/sys/kern/kern_mbuf.c:583 #11 0xffffffff80cbfed7 in uma_zalloc_arg (zone=<value optimized out>, udata=0xfffff80339469200, flags=1) at /usr/src/sys/vm/uma_core.c:2203 #12 0xffffffff80a6f966 in m_getjcl (how=1, type=<value optimized out>, flags=<value optimized out>, size=<value optimized out>) at /usr/src/sys/kern/uipc_mbuf.c:189 #13 0xffffffff805cf339 in ixgbe_refresh_mbufs (rxr=0xfffffe00017c0528, limit=4) at /usr/src/sys/dev/ixgbe/ix_txrx.c:1318 #14 0xffffffff805cf209 in ixgbe_rxeof (que=<value optimized out>) at /usr/src/sys/dev/ixgbe/ix_txrx.c:1984 #15 0xffffffff805c7b9b in ixgbe_msix_que (arg=0xfffff8000ef75230) at /usr/src/sys/dev/ixgbe/if_ix.c:1512 #16 0xffffffff809b13f8 in intr_event_execute_handlers (p=<value optimized out>, ie=0xfffff8000ef58700) at /usr/src/sys/kern/kern_intr.c:1241 #17 0xffffffff809b1d6f in ithread_loop (arg=0xfffff8000ef3b3e0) at /usr/src/sys/kern/kern_intr.c:1254 -- You are receiving this mail because: You are the assignee for the bug.help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-168411-8-5f3uolPKhZ>