From nobody Tue Mar 21 12:07:34 2023 X-Original-To: freebsd-xen@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Pgr2s2wTPz400GP for ; Tue, 21 Mar 2023 12:07:49 +0000 (UTC) (envelope-from prvs=437062dd9=roger.pau@citrix.com) Received: from esa3.hc3370-68.iphmx.com (esa3.hc3370-68.iphmx.com [216.71.145.155]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mx1.hc3370-68.iphmx.com", Issuer "HydrantID Server CA O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Pgr2r6lxvz4FJg for ; Tue, 21 Mar 2023 12:07:48 +0000 (UTC) (envelope-from prvs=437062dd9=roger.pau@citrix.com) Authentication-Results: mx1.freebsd.org; none DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=citrix.com; s=securemail; t=1679400468; h=date:from:to:cc:subject:message-id:references: content-transfer-encoding:in-reply-to:mime-version; bh=jAYHqVjt5RHaGZHMV3KWkXXiWDZ5GLiQ8zsv9UgZP+A=; b=cJ1JZTne5kGB7yREgQarvvBgN6uXGzqANVF98T3lKnPir5PVK86EC7M5 +sgWPX7hcpArJXGLqWuFFNmYe3qTMQI/NuS/1Da8KYPelGZA2jpIIAN5o ma2yyv4TYgxT+qxBAXlJC0T8LC2eBV6b1rd37xsDv8pZGcS9jFE9nLSAf U=; X-IronPort-RemoteIP: 104.47.55.170 X-IronPort-MID: 101696288 X-IronPort-Reputation: None X-IronPort-Listener: OutboundMail X-IronPort-SenderGroup: RELAY_O365 X-IronPort-MailFlowPolicy: $RELAYED IronPort-Data: A9a23:PtV8ZK00PNxwHP1AEvbD5dhwkn2cJEfYwER7XKvMYLTBsI5bpzdUm zEbCDiAa/2PZ2X2fIsibYi180JS7cDRxtZiGQo9pC1hF35El5HIVI+TRqvS04F+DeWYFR46s J9OAjXkBJppJpMJjk71atANlVEliefTAOK6ULWeUsxIbVcMYD87jh5+kPIOjIdtgNyoayuAo tq3qMDEULOf82cc3lk8tuTS+HuDgNyo4GlD5gdkPKgS1LPjvyJ94Kw3dPnZw0TQGuG4LsbiL 87fwbew+H/u/htFIrtJRZ6iLyXm6paLVeS/oiI+t5qK23CulQRrukoPD9IOaF8/ttm8t4sZJ OOhF3CHYVxB0qXkwIzxWvTDes10FfUuFLTveRBTvSEPpqFvnrSFL/hGVSkL0YMkFulfMHlp0 OYmLy0xcU7aqcya+K2ZY9BVmZF2RCXrFNt3VnBI6xj8VKxja7aTBqLA6JlfwSs6gd1IEbDGf c0FZDFzbRPGJRpSJlMQD5F4l+Ct7pX9W2QA9BTJ+uxqvi6Kk1QZPLvFabI5fvSQQspYhACAr 3/u9GXlGBAKcteYzFJp91r13raRzH2hCNJ6+LuQseNpgVuuyE8pUyY4TniwovmA1lK1VIcKQ 6AT0m90xUQoz2SiRNu7UxCmiHGBrlgXXN84O+Mg5QyH0aaR8wufLmYeQzNLc9Bgs9U5LQHGz XeMltLtQDZp4LucTCvH8q/O9Gzqfy8IMWUFeCkICxMf5MXuq50yiRSJSct/FKmyjZv+HjSYL y22kRXSTo471aYjv5hXN3ic695wjvAlljII2zg= IronPort-HdrOrdr: A9a23:D6y+R61N5SwEHFY/AwKXEAqjBKUkLtp133Aq2lEZdPUzSKylfq GV/cjzsCWe4gr5N0tQ++xoR5PwJE80maQZ3WBzB9mftWvdyQiVxehZhOPfKlbbdBEWmNQw6U 5oSdkbNOHN X-IronPort-AV: E=Sophos;i="5.98,278,1673931600"; d="scan'208";a="101696288" Received: from mail-bn8nam12lp2170.outbound.protection.outlook.com (HELO NAM12-BN8-obe.outbound.protection.outlook.com) ([104.47.55.170]) by ob1.hc3370-68.iphmx.com with ESMTP/TLS/ECDHE-RSA-AES128-GCM-SHA256; 21 Mar 2023 08:07:44 -0400 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=dLx5vyzYOxOWHqr6HX6LlMe4hMl2H2WsPZl1Q0mAnXEdGuywKSKCFRbXuIn3yDBSaac1V5SXbtqm0JcZ9mAMJYLRIPgKdBvgwCNzqnboGieEy2TP2lxVlMAtdtnuEGRBfpFiQvC4/q1iBbhxBMlnG6wAP1LvTBw3QejcpKSb9lVMDhudz2243DxkpD94p6XmUCUVBrlaRD7HM7KeSFvU6w5OB2cbqu3EQghRVxtmnI70/2Um+0saJbevcSrbAb1UBT1hfJ9FCFNYXmHsi5Mj3O2G31V6UHCQwpvdpdYB/KIaOdhieAL3S8UD+vAh4YLyE04s+xXNg+Lk159y+4xSEg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=jimKpa0JdjVkf2foihzPLFUEXsGKGpOBEH0OQ7V9s0I=; b=ZyOEcaWyQrCXNgU+qr/Ww9Aiylq2dHgzR9w5y/8EcuxzRr/lol9OMMFQmE7iUerzRiZXvNRk2iGJYAvyHPfOpc9ETbs2CBOE18nQjs0f8BTpwbhEyV+FbAKAHalQt/mJYPFD3uWqkUUJlkHgIql4HJ7rSvUPhCWs6wjOXsHHVNBK6QWXZFPENUHTw67fU2KG4f2ef4oZhmLilYg5PMXkWCBYC0yLTjbXQCvXS+dHBZ9ihheY+tHTgeLPUbWjMWjcOg5uOotXG4RSYa02wjq14Ae0ZclxjEFvSYagTHIHvVckORadQOcHOWLkohIk75gjwfq07B7yVoZOhfjaWgBSjg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=citrix.onmicrosoft.com; s=selector2-citrix-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=jimKpa0JdjVkf2foihzPLFUEXsGKGpOBEH0OQ7V9s0I=; b=rRLLABwuMxZ0yNTYs6E3UsLIQxfLMyZ9UrmK8kiwI4nOKVw6w43yltDldRZZNsYgNjTq2iEKkJtp1p8SVa8F5bQ5us0367oonc/wfsTxP8Pt8ve/ONXAc2Vql5U075wrlXjRSdN+QNA0J7OGR5piEgA/s0bCAMIniAg5gvCezfA= Received: from SJ0PR03MB6360.namprd03.prod.outlook.com (2603:10b6:a03:395::11) by MW4PR03MB6473.namprd03.prod.outlook.com (2603:10b6:303:120::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6178.37; Tue, 21 Mar 2023 12:07:41 +0000 Received: from SJ0PR03MB6360.namprd03.prod.outlook.com ([fe80::48a7:d1ab:897:acda]) by SJ0PR03MB6360.namprd03.prod.outlook.com ([fe80::48a7:d1ab:897:acda%6]) with mapi id 15.20.6178.037; Tue, 21 Mar 2023 12:07:40 +0000 Date: Tue, 21 Mar 2023 13:07:34 +0100 From: Roger Pau =?utf-8?B?TW9ubsOp?= To: Janis Abens Cc: Xen FreeBSD Subject: Re: Kernel panic due to netback.c Message-ID: References: Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: X-ClientProxiedBy: LO4P265CA0079.GBRP265.PROD.OUTLOOK.COM (2603:10a6:600:2bd::12) To SJ0PR03MB6360.namprd03.prod.outlook.com (2603:10b6:a03:395::11) List-Id: Discussion List-Archive: https://lists.freebsd.org/archives/freebsd-xen List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-xen@freebsd.org X-BeenThere: freebsd-xen@freebsd.org MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SJ0PR03MB6360:EE_|MW4PR03MB6473:EE_ X-MS-Office365-Filtering-Correlation-Id: 07c74f1b-a93c-4bb7-05c6-08db2a04de50 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: K4FEXEaUd/H7NiVQ2zUbto4FfN+jZ67mXxsCAP3ztq2djzI2B2trMhnYO/wKVkyVONF0FUQt/UONZAR0YS6HD12PuctL6G3b20RKf/FWYIKv+46wZljxM8Z3BXoRrptRsL2Mmuz1bWZvnrsAuCUuVkLiwY8YbA+34em/YbhaOnEGQjl8rOBEPRgEbDD7tzwqWLf+H6/xuwtJ0m247ONqHBqTIzxU5y5AhRSr8t2AkhKg/6ybkzIvwXsNio50pwpU+AbatQeHs7YwjL2bFgR3M9FGKIfA3pT4wB8FCZ07Dohgwy/VssQqQ28yUp4QHK85x5FLAsWOsqX++XlyjcjVSlQarJnEk5h94w9ezTy0bsmLEbON4xmIwDaSCQSK+stUVp2mn230wx0L49mxnX3JL+/V+O4VpktzYxzkMyXUOAiQirOiwI8tXZSP+pVg100zepsnGZ7tq6JYSPdh6GNncED35S+U/HoN4NiYWIIyPYx4FaFVUvElUOeiAMMMDV4hL3jIamfsP5W6RwjetR8KzVY1C2XVLZ8kywcE/17AJiju40SzM0IAQkIv7m+D6FJM8zPsdQGH73ixSFoGseguAJvXU31/S9e/PysUPA+tP+5X1CwIXmIqhB6i5XwBDpameNAp88/vEvI556xFcAZIpw== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SJ0PR03MB6360.namprd03.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230025)(4636009)(136003)(396003)(39860400002)(346002)(366004)(376002)(451199018)(86362001)(478600001)(82960400001)(316002)(66476007)(41300700001)(38100700002)(5660300002)(6486002)(8936002)(85182001)(2906002)(6506007)(6666004)(6512007)(66556008)(6916009)(9686003)(66946007)(4326008)(8676002)(186003)(83380400001)(26005);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?Uy8rcFVkRG9yY2FQOVp6V0toNE5EbW9PdHN1OTJqUmc0N0YyUkFtbzZwbXVk?= =?utf-8?B?UU55NHJGbmF6S042dU5zSVVlUFlkV3FJenZXZTRJc0ZkUjZmRmtjZjJ0YjF1?= =?utf-8?B?eWNoL1FJWmNaRmd4SDcvdnRGdTdzTGR2a3pyU1NQVWJZM2RoRHdVOUxWb2M1?= =?utf-8?B?UDRpQlFRYlIwbTdaaUxtT3JMOXVmT3lrT1RJUTFvb2VIL3NBQWtDbm1yd3V2?= =?utf-8?B?ckZlMmlvcGhhTUtFRm5NL2I2MUFvdXd3NmhIQnJBZDlwQ0JabWVVZDZWbWZh?= =?utf-8?B?bUluWmFmZDFKaDFUQUIyTGFtZ2l0ZkgySmZ3ZUI3RHZCblB1aVd5WWI1dnQr?= =?utf-8?B?M29tZkJBbDc1ZTcvU240c0RSZFA2SVcwTlhDd1FWcU5DTng0YVNQMVFpTVVi?= =?utf-8?B?L3hNUnhERTB1bGNYY0tvNEtkUEIyU2t0UGo3Q0dZQVkxWk1JYzZ2OUhBTTU3?= =?utf-8?B?U2dDZWlzSlMwMnJhREZWUnZiSkRhRGpJRHlQVHB4OVhoMmJPaTBuNTVmWERM?= =?utf-8?B?REh0cVpDV3ZSUS9lemU3TWVHRjVOS0FnSHRENzNjd2hWSXpRaXYrOElCYzl6?= =?utf-8?B?elQ0SmZObWpZRjhXY1ltRVVlcXJVczd3NnNSYldIVUtjMVR5dkVMS1JHNzdU?= =?utf-8?B?aEhXajJ1cFF4aCtlRWRhMTJpR2lxNG11ZUlRUENFaXd3eXpvclVSK2pyZGRu?= =?utf-8?B?RlhUZVhSUEc2NnN3VlhJaHpHdmVzcGRLWGR5bjhQRS9kMTdXTG90OEoxY0sy?= =?utf-8?B?RSt5Ty90eUU4VS9GVjg3YWFKMTZPeTlORm0rb0p6V3BSYTFuMjhhNzN1UFN1?= =?utf-8?B?c04vMGRmVWVKaFlyMEMwdGlsTkxkQW84R1NhL2N1VElvZ0RMakU2Y29raGRh?= =?utf-8?B?VEM1MjhvbUl6b2lvRmRYM3ROUUNiM3J4RmVhMGRoMWNHZElFelpZUWo4OHZU?= =?utf-8?B?TURuTm54NmJCaERTemxBMzQ5TmhmS25PZ1g5L0c2OEFrSVFNOEZQcFJidXRK?= =?utf-8?B?Q1BvUm93cjhSakZsbDZxUjhlOXV0UnplT3JlcGZGOUQ0VjhZVGRUYnpqQURG?= =?utf-8?B?NWxOSWMvRGNYN1RXVk1ZYVBLNm5RSmpIaGk4Z2xnRlowTk1tU1RCMDFWbU9N?= =?utf-8?B?eWVPMGRmT3I4c3ZwNXd4Z2hNdFVIbENvTUM5Q0hXSUxHTXRwSHhKK3FYcVFW?= =?utf-8?B?Tk45MTljTUZMQ0RxMUowcWZnaEhtelpaVEk2ckFFNlcrMDVwT3IyVmdzdUR6?= =?utf-8?B?d05taFhlais3dGlPa2JveGwyb0dHdDNEV1hkcXFZQ1RSdUt3emhBQ0NaNllK?= =?utf-8?B?UjNRUFIwdW1lTnJtcHNhUlFEa0hjT28rRDFsZVl4RkRBV2lnSDNMMzZ1WHVH?= =?utf-8?B?ekN2TzNDSnl0KzMzUGY4SjFHdUZpQnNhT1RtM1VoZmpRQzEyeGxjbzYxbzgw?= =?utf-8?B?Qmd0SVd4QjlDeDh5cFRpNlZOTHFSYktiQ0pOUTIxeW1FLzJCcjNJYWhxMkg0?= =?utf-8?B?K0NKamJid0ZNdHQzbTkrQTNXUDJQV3RYS2pXTEJOQTZOdlVTQklLTGY5aWE3?= =?utf-8?B?cGtEZnBBVDhDeHI1WUJYTzZKUUljakRTOHk3eVNrTCtUa1ZSMUZaWStld1pU?= =?utf-8?B?MUgzSHIwNlFnY2E0YzRYZW9yQit4a3NIVFVhQ3A2TWVZbTB2Um5GYWVOSkhE?= =?utf-8?B?bDF3VjkvejNyeFJuWHNEV1VOZFJBWWdNYVlSNktJUzlJcDFwaFl1ajVXS2JJ?= =?utf-8?B?Nm5OVHlMVkdRc1RCNHBnY2R5Y3RFTjhuenI2NlZRcnpwaTIvKzJqWEExZTVa?= =?utf-8?B?K3F0Qys2Q1ZyaHdxaVlpQlh1Zyt1NUhaWHI3dWVzZUFwdm4wc2lMMG1HZmNy?= =?utf-8?B?aUw0MGhHV3pTTU1UbURSSmpaZmRET2MwNFZEWTNtMmpVZTUweXEyQzVzWFMx?= =?utf-8?B?SU9nWW1jM0swamY2Z0JidVpLaXRmOG9OUVFnQ3V2YkY5Vk93elNScWJVcFN5?= =?utf-8?B?bHRiNGlORjdXZlYrMER0cFliRWpzUXlrODlXNXUvaXdTdFlMZmJLU2s4aWJX?= =?utf-8?B?c29TVHFwSXBNWld2TFkzenMxUHRjcXFabURJdU1mZktRR0pHUXNIMmVpWDc5?= =?utf-8?B?WGZKVlZGeWh6eko1RHRZSTdabVJIbndJQnMvTDZUY2FrWXRrZUU4TTh0cE9q?= =?utf-8?B?Rmc9PQ==?= X-MS-Exchange-AntiSpam-ExternalHop-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-ExternalHop-MessageData-0: q9OA99qakSMsfJN6fdmIRd46IJ2x8BMR7Ne2eLpK8zOGYq9svj3VdCjoeZQkiMbkFPlBi+VO8znFhR/nm0jAvlaLfzZanV0QaJNPxD+tNAEgJ3WWM8ilQ+uE6otDtTppf9qgRmaTvzjZmy2/3LoQ2+I+R05XSaWW2mRliJGYT7UoC/WQdxsm7iw4hwiFky+hJKFFJMzB8ho25mhyWaN5r7ZrGhNfqW6nERBJ/0At7gnPl8HHGilcB43Bik9fcCvmb+G0rm7KUStVi3IKndhrx6iTaQ018026Kf+YdbXpFh6Iiqg1dzsDg6h3e6vtW8O4TCxKjnC/EOLwnbmph3aUR1xhekiBmWNMWbZPFKY+YzNs7wVkiA8O5wGcok4iOLKexLqUbWVTVnsjUS07Cjy24YqcvYEOjonh+NYR83V/Ja6tDdr4fg8l/At9CYV1xmULPiUwZJ+vvnd+CYzVIfxCZN92gAwgbQwHAM0jXiKXGwuZk9SBT2y6mhlUaHfgn5/ry9MXEgX8lZaFPhFOAYbCLTioimcDGYxXIDp23U7TWvYha7erhJ0AmmvKkj57f3RkVdim3MKO7aAAj1SvFL0DUkgvuiU56u6GKqhPUKQB98DJTe3bKMCrNRBm6/AEYhjkXDFN40Dw3Ad4AVbiRiwhFvHM/8fqmtiFAMc7JgEWxm5njRNHVxDBdyj/QSKybsyNjRWF72p2zZN+3YJixGUqWsH85TpwNgH+lfwkUzVyh/9fM1ITY4ICkCrmHXy6dBphuCJGFyCNF+WNyFv0OY9NJw== X-OriginatorOrg: citrix.com X-MS-Exchange-CrossTenant-Network-Message-Id: 07c74f1b-a93c-4bb7-05c6-08db2a04de50 X-MS-Exchange-CrossTenant-AuthSource: SJ0PR03MB6360.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 21 Mar 2023 12:07:40.5013 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 335836de-42ef-43a2-b145-348c2ee9ca5b X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: EZkK6N6UO2YaqVgraPXPr7UnO39ljTFr/aFRkfaetrFNYlgUxdyd5w4rNZekWRGtt8vb7X7d0VkTswMDGh/ikQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW4PR03MB6473 X-Rspamd-Queue-Id: 4Pgr2r6lxvz4FJg X-Spamd-Bar: ---- X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:16417, ipnet:216.71.145.0/24, country:US] X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-ThisMailContainsUnwantedMimeParts: N On Mon, Mar 20, 2023 at 09:25:17PM +0100, Janis Abens wrote: > I'm sorry, it's unreadable. I sen't it from the new webmail, that has a default setting to HTML. Fixing my error and resending previous message as text. >   > Hello, > > From time to time a kernel panic occurs. Xen-kernel-4.15, dom0, FreeBSD 13.0-RELEASE. > > "Fatal trap 12: page fault while in kernel mode" > > I can not repeat it reliably, but eventually it happens. I have captured a stack trace (always the same on crash), relevant part is: > .. > #9 xnb_txpkt2gnttab (pkt=, pkt@entry=0xfffffe00c49fdac8, mbufc=, mbufc@entry=0xfffff8002f958500, gnttab=gnttab@entry=0xfffffe019ae94a70, > txb=txb@entry=0xfffffe019ae95480, otherend_id=6) at /usr/src/sys/dev/xen/netback/netback.c:1715 > #10 0xffffffff80a8d72a in xnb_recv (txb=0xfffffe019ae95480, otherend=6, mbufc=, ifnet=0xfffff80170f81000, gnttab=0xfffffe019ae94a70) > at /usr/src/sys/dev/xen/netback/netback.c:1851 > #11 xnb_intr (arg=0xfffffe019ae94000) at /usr/src/sys/dev/xen/netback/netback.c:1446 > .. > > It seems netback.c has not changed in ages, same lines are valid in 13.2 RC3 as well. > > relevant code around /usr/src/sys/dev/xen/netback/netback.c:1715 > .. > xnb_txpkt2gnttab(const struct xnb_pkt *pkt, struct mbuf *mbufc, > .. > while (size_remaining > 0) { > const netif_tx_request_t *txq = RING_GET_REQUEST(txb, r_idx); > const size_t mbuf_space = M_TRAILINGSPACE(mbuf) - m_ofs; /* PANIC happens here! */ > > .. > > By analyzing the trace i've come to conclusion that mbuf is NULL, thus macro: > #define M_TRAILINGSPACE(m) ((m)->m_maxlen - (m)->m_len) > introduces panic. > > The only way mbuf can become NULL is within this same loop at line:1751 mbuf = mbuf->m_next; > It can not be NULL at the function call, because xnb_recv ensures that it is not NULL, before call. > > The problem definiteley is because while condition is on size_remaining, but contents are accessed based on mbuf->m_next; > > So my questions are: > 1) would it be possible to add some function before the PANIC line (or mbuf->m_next) that dumps offending packet in error logs or something similar? The goal for this would be to find a way to reliably repeat this case and understand what is the cause? If there is no such a function, which variables would be relevant and hellpful in this case? > 2) How could this code be modified so that it does not panic in this case, but just drops offending packet instead? Likely, that would be a more graceful failure rather than a pointer dereference. I believe this is not supposed to happen in the first place, and thus the deref is a result of a bug elsewhere. I'm attaching a patch below that will print the relevant values from the previous loop when m_next is NULL and there's still data from the ring packet to copy. I've also added a break in that case, but I'm unsure that the rest of the logic can cope with this situation, it's quite possible that you will get a deref or a panic elsewhere in netback. Let me know what output you get with this patch. > A code snippet in xnb_recv has caught my eye: > if (*mbufc == NULL) { > /* > * Couldn't allocate mbufs. Respond and drop the packet. Do > * not consume the requests > */ > xnb_txpkt2rsp(&pkt, txb, 1); > DPRINTF("xnb_intr: Couldn't allocate mbufs, num_consumed=%d\n", > num_consumed); > if_inc_counter(ifnet, IFCOUNTER_IQDROPS, 1); > return ENOMEM; > } > > Could it be used in function xnb_txpkt2gnttab to avoid panic in this particular case as well? Hm, not really, at least not without understanding what causes this mismatch. Regards, Roger. --- diff --git a/sys/dev/xen/netback/netback.c b/sys/dev/xen/netback/netback.c index ddd5218a8936..89b9de2a3c98 100644 --- a/sys/dev/xen/netback/netback.c +++ b/sys/dev/xen/netback/netback.c @@ -1749,6 +1749,11 @@ xnb_txpkt2gnttab(const struct xnb_pkt *pkt, struct mbuf *mbufc, /* Must move to the next mbuf */ m_ofs = 0; mbuf = mbuf->m_next; + if (mbuf == NULL && size_remaining > 0) { + printf("next mbuf == NULL size_remaining: %d r_ofs %d m_ofs %d mbuf_space %zu req_size %zu pkt_space %zu space %zu", + size_remaining, r_ofs, m_ofs, mbuf_space, req_size, pkt_space, space); + break; + } } }