From owner-freebsd-current@freebsd.org Sat Jun 9 21:49:37 2018 Return-Path: Delivered-To: freebsd-current@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 069BD100A116 for ; Sat, 9 Jun 2018 21:49:37 +0000 (UTC) (envelope-from ler@FreeBSD.org) Received: from smtp.freebsd.org (smtp.freebsd.org [IPv6:2610:1c1:1:606c::24b:4]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "smtp.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id AE460790E7 for ; Sat, 9 Jun 2018 21:49:36 +0000 (UTC) (envelope-from ler@FreeBSD.org) Received: from ler-imac.local (unknown [IPv6:2600:1700:210:b18f:e948:4d52:fe47:94a5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) (Authenticated sender: ler) by smtp.freebsd.org (Postfix) with ESMTPSA id 665492471F for ; Sat, 9 Jun 2018 21:49:36 +0000 (UTC) (envelope-from ler@FreeBSD.org) Date: Sat, 9 Jun 2018 16:49:35 -0500 From: Larry Rosenman To: freebsd-current@freebsd.org Subject: rack: m_copydata: negative offset panic Message-ID: <20180609214935.ksi5ekifgcbbjg7f@ler-imac.local> Mail-Followup-To: freebsd-current@freebsd.org MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="o6iy5q26i4wicoe2" Content-Disposition: inline User-Agent: NeoMutt/20180512 X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 09 Jun 2018 21:49:37 -0000 --o6iy5q26i4wicoe2 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Got the following panic. vmcore IS available: borg.lerctr.org dumped core - see /var/crash/vmcore.0 Sat Jun 9 16:46:17 CDT 2018 FreeBSD borg.lerctr.org 12.0-CURRENT FreeBSD 12.0-CURRENT #35 r334894: Sat = Jun 9 15:53:46 CDT 2018 root@borg.lerctr.org:/usr/obj/usr/src/amd64.am= d64/sys/VT-LER amd64 panic: m_copydata, negative off -1 GNU gdb (GDB) 8.1 [GDB v8.1 for FreeBSD] Copyright (C) 2018 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-portbld-freebsd12.0". Type "show configuration" for configuration details. For bug reporting instructions, please see: . Find the GDB manual and other documentation resources online at: . For help, type "help". Type "apropos word" to search for commands related to "word"... Reading symbols from /boot/kernel/kernel...Reading symbols from /usr/lib/de= bug//boot/kernel/kernel.debug...done. done. Unread portion of the kernel message buffer: panic: m_copydata, negative off -1 cpuid =3D 20 time =3D 1528580395 KDB: stack backtrace: db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe344db49= 6d0 vpanic() at vpanic+0x1a3/frame 0xfffffe344db49730 doadump() at doadump/frame 0xfffffe344db497b0 m_copydata() at m_copydata+0x111/frame 0xfffffe344db497f0 rack_output() at rack_output+0x31fd/frame 0xfffffe344db49a60 tcp_hpts_thread() at tcp_hpts_thread+0x6ab/frame 0xfffffe344db49b20 intr_event_execute_handlers() at intr_event_execute_handlers+0x99/frame 0xf= ffffe344db49b60 ithread_loop() at ithread_loop+0xb7/frame 0xfffffe344db49bb0 fork_exit() at fork_exit+0x84/frame 0xfffffe344db49bf0 fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe344db49bf0 --- trap 0, rip =3D 0, rsp =3D 0, rbp =3D 0 --- Uptime: 23m59s Dumping 6766 out of 130994 MB:..1%..11%..21%..31%..41%..51%..61%..71%..81%.= =2E91% __curthread () at ./machine/pcpu.h:231 231 __asm("movq %%gs:%1,%0" : "=3Dr" (td) (kgdb) #0 __curthread () at ./machine/pcpu.h:231 #1 doadump (textdump=3D1) at /usr/src/sys/kern/kern_shutdown.c:366 #2 0xffffffff80b844d2 in kern_reboot (howto=3D260) at /usr/src/sys/kern/kern_shutdown.c:446 #3 0xffffffff80b84ab3 in vpanic (fmt=3D, ap=3D0xfffffe344db= 49770) at /usr/src/sys/kern/kern_shutdown.c:863 #4 0xffffffff80b84820 in kassert_panic ( fmt=3D0xffffffff8125ae7e "m_copydata, negative off %d") at /usr/src/sys/kern/kern_shutdown.c:749 #5 0xffffffff80c107f1 in m_copydata (m=3D0xfffff801e3e5c400, off=3D-1, len= =3D15, cp=3D0xfffff801e3e686a4 "\336\300\255\336\336\300\255\336\336\300\255\3= 36\336\300\255\336\336\300\255\336\336\300\255\336\336\300\255\336\336\300\= 255\336\336\300\255\336\336\300\255\336\336\300\255\336\336\300\255\336\336= \300\255\336\336\300\255\336\336\300\255\336\336\300\255\336\336\300\255\33= 6\336\300\255\336\336\300\255\336\336\300\255\336\336\300\255\336\336\300\2= 55\336\336\300\255\336\336\300\255\336\336\300\255\336\336\300\255\336\336\= 300\255\336\336\300\255\336\336\300\255\336\336\300\255\336\336\300\255\336= \336\300\255\336\336\300\255\336\336\300\255\336\336\300\255\336\336\300\25= 5\336\336\300\255\336\336\300\255\336\336\300\255\336\336\300\255\336\336\3= 00\255\336\336\300\255\336\336\300\255\336\336\300\255\336\336\300\255\336\= 336\300\255\336\336\300\255\336\336\300\255\336\336\300\255\336\336\300\255= \336"...) at /usr/src/sys/kern/uipc_mbuf.c:582 #6 0xffffffff839a739d in rack_output (tp=3D) at /usr/src/sys/modules/tcp/rack/../../../netinet/tcp_stacks/rack.c:7922 #7 0xffffffff80da568b in tcp_hptsi (hpts=3D, ctick=3D0x59f) at /usr/src/sys/netinet/tcp_hpts.c:1615 #8 tcp_hpts_thread (ctx=3D) at /usr/src/sys/netinet/tcp_hpts.c:1808 #9 0xffffffff80b46369 in intr_event_execute_handlers (p=3D, ie=3D0xfffff80151f47d00) at /usr/src/sys/kern/kern_intr.c:1013 #10 0xffffffff80b46a57 in ithread_execute_handlers (ie=3D, p=3D) at /usr/src/sys/kern/kern_intr.c:1026 #11 ithread_loop (arg=3D0xfffff80151f47900) at /usr/src/sys/kern/kern_intr.c:1106 #12 0xffffffff80b43754 in fork_exit ( callout=3D0xffffffff80b469a0 , arg=3D0xfffff80151f47900, frame=3D0xfffffe344db49c00) at /usr/src/sys/kern/kern_fork.c:1039 #13 (kgdb) --=20 Larry Rosenman https://people.FreeBSD.org/~ler/ Phone: +1 214-642-9640 E-Mail: ler@FreeBSD.org US Mail: 5708 Sabbia Drive, Round Rock, TX 78665-2106 --o6iy5q26i4wicoe2 Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQHBBAABCgCrFiEEHjgknedhWzvJgwVzaXyZsatIp30FAlscS28tFIAAAAAAFQAP cGthLWFkZHJlc3NAZ251cGcub3JnbGVyQEZyZWVCU0Qub3JnXxSAAAAAAC4AKGlz c3Vlci1mcHJAbm90YXRpb25zLm9wZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQxRTM4 MjQ5REU3NjE1QjNCQzk4MzA1NzM2OTdDOTlCMUFCNDhBNzdEAAoJEGl8mbGrSKd9 4ssH/jjLwLwxwjlZegcXADRqmIUTtNFNbWySRVLAbjcXqfH4eMDjCFdL5vMyytnU S/UovawUNKdHLJl8mSrsgXMMlirIDJy1hGf2O4i8NjoT7N+OIYPJ6HbJ7QuvbCZn TYsTHg8gXkGylXsJ1jwcMLZKeJhfYXVyy5zF5ecMFi5FVB7b2yrDqUlJuJpQl0JQ fznGXejmi5GEkfFIDDFby2fvsL85wXL+yZwJS2EAX297pCsHZL6fjQEmTCrKh1ob Xfqx2stfhyIIcj50atN/NJZd8hnZ3QfhiQCdcipFBYiqkg+ho+SDti/yxaiAs+xc 4DYmsSgPAPIKmBWjpK0BO0y5HXQ= =yCjI -----END PGP SIGNATURE----- --o6iy5q26i4wicoe2--