Date: Wed, 22 Dec 2021 22:24:57 +0000 From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 260393] Page Fault tcp_output/tcp_input Message-ID: <bug-260393-7501-4ucyA3puM9@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-260393-7501@https.bugs.freebsd.org/bugzilla/> References: <bug-260393-7501@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D260393 --- Comment #65 from Dobri Dobrev <ddobrev85@gmail.com> --- (In reply to Hans Petter Selasky from comment #63) So, here it is - I believe this is what we're looking for: "panic: tcp_m_co= pym, length > size of mbuf chain" Unread portion of the kernel message buffer: [12282] panic: tcp_m_copym, length > size of mbuf chain [12282] cpuid =3D 1 [12282] time =3D 1640209960 [12282] KDB: stack backtrace: [12282] db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe017fd62550 [12282] vpanic() at vpanic+0x17f/frame 0xfffffe017fd625a0 [12282] panic() at panic+0x43/frame 0xfffffe017fd62600 [12282] tcp_m_copym() at tcp_m_copym+0x41b/frame 0xfffffe017fd626b0 [12282] tcp_output() at tcp_output+0x1433/frame 0xfffffe017fd62890 [12282] tcp_do_segment() at tcp_do_segment+0x2b9a/frame 0xfffffe017fd62960 [12282] tcp_input_with_port() at tcp_input_with_port+0xb7d/frame 0xfffffe017fd62aa0 [12282] tcp_input() at tcp_input+0xb/frame 0xfffffe017fd62ab0 [12282] ip_input() at ip_input+0x192/frame 0xfffffe017fd62b40 [12282] netisr_dispatch_src() at netisr_dispatch_src+0xaf/frame 0xfffffe017fd62ba0 [12282] ether_demux() at ether_demux+0x16e/frame 0xfffffe017fd62bd0 [12282] ether_nh_input() at ether_nh_input+0x3f8/frame 0xfffffe017fd62c30 [12282] netisr_dispatch_src() at netisr_dispatch_src+0xaf/frame 0xfffffe017fd62c90 [12282] ether_input() at ether_input+0x99/frame 0xfffffe017fd62cf0 [12282] iflib_rxeof() at iflib_rxeof+0xe07/frame 0xfffffe017fd62e00 [12282] _task_fn_rx() at _task_fn_rx+0x7a/frame 0xfffffe017fd62e40 [12282] gtaskqueue_run_locked() at gtaskqueue_run_locked+0xa7/frame 0xfffffe017fd62ec0 [12282] gtaskqueue_thread_loop() at gtaskqueue_thread_loop+0xc2/frame 0xfffffe017fd62ef0 [12282] fork_exit() at fork_exit+0x80/frame 0xfffffe017fd62f30 [12282] fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe017fd62f30 [12282] --- trap 0, rip =3D 0x266300000000000, rsp =3D 0, rbp =3D 0 --- [12282] KDB: enter: panic __curthread () at /usr/src/sys/amd64/include/pcpu_aux.h:55 55 __asm("movq %%gs:%P1,%0" : "=3Dr" (td) : "n" (offsetof(stru= ct pcpu, (kgdb) where #0 __curthread () at /usr/src/sys/amd64/include/pcpu_aux.h:55 #1 doadump (textdump=3Dtextdump@entry=3D0) at /usr/src/sys/kern/kern_shutdown.c:399 #2 0xffffffff804c30fa in db_dump (dummy=3D<optimized out>, dummy2=3D<unava= ilable>, dummy3=3D<unavailable>, dummy4=3D<unavailable>) at /usr/src/sys/ddb/db_command.c:575 #3 0xffffffff804c2fb2 in db_command (last_cmdp=3D<optimized out>, cmd_table=3D<optimized out>, dopager=3Ddopager@entry=3D1) at /usr/src/sys/ddb/db_command.c:482 #4 0xffffffff804c2c0d in db_command_loop () at /usr/src/sys/ddb/db_command.c:535 #5 0xffffffff804c60b6 in db_trap (type=3D<optimized out>, code=3D<optimize= d out>) at /usr/src/sys/ddb/db_main.c:270 #6 0xffffffff80c7a676 in kdb_trap (type=3Dtype@entry=3D3, code=3Dcode@entr= y=3D0, tf=3Dtf@entry=3D0xfffffe017fd62480) at /usr/src/sys/kern/subr_kdb.c:733 #7 0xffffffff810ebd19 in trap (frame=3D0xfffffe017fd62480) at /usr/src/sys/amd64/amd64/trap.c:607 #8 <signal handler called> #9 kdb_enter (why=3D0xffffffff812e57c1 "panic", msg=3D<optimized out>) at /usr/src/sys/kern/subr_kdb.c:506 #10 0xffffffff80c2c900 in vpanic (fmt=3D0xffffffff811c2a3b "tcp_m_copym, le= ngth > size of mbuf chain", ap=3Dap@entry=3D0xfffffe017fd625e0) at /usr/src/sys/kern/kern_shutdown.c:908 #11 0xffffffff80c2c693 in panic (fmt=3D0xffffffff81e9d040 <cnputs_mtx> "\302&*\201\377\377\377\377") at /usr/src/sys/kern/kern_shutdown.c:844 #12 0xffffffff80e11a3b in tcp_m_copym (m=3D0x0, m@entry=3D0xfffff80bc680b50= 0, off0=3D1388, plen=3D<optimized out>, plen@entry=3D0xfffffe017fd6282c, segli= mit=3D1, seglimit@entry=3D0, segsize=3Dsegsize@entry=3D0, sb=3D<optimized out>,=20 hw_tls=3D<optimized out>) at /usr/src/sys/netinet/tcp_output.c:2011 #13 0xffffffff80e0f893 in tcp_output (tp=3D<optimized out>) at /usr/src/sys/netinet/tcp_output.c:1091 #14 0xffffffff80e0607a in tcp_do_segment (m=3D<optimized out>, th=3D0xfffff80bc659e87a, so=3D<optimized out>, tp=3D0xfffffe0252e24000, drop_hdrlen=3D40, tlen=3D<optimized out>, iptos=3D0 '\000') at /usr/src/sys/netinet/tcp_input.c:2822 #15 0xffffffff80e025bd in tcp_input_with_port (mp=3D<optimized out>, offp=3D<optimized out>, proto=3D<optimized out>, port=3Dport@entry=3D0) at /usr/src/sys/netinet/tcp_input.c:1400 #16 0xffffffff80e0340b in tcp_input (mp=3D0xffffffff81e9d040 <cnputs_mtx>, offp=3D0x80, proto=3D-2127893703) at /usr/src/sys/netinet/tcp_input.c:1496 #17 0xffffffff80df3d22 in ip_input (m=3D0x0) at /usr/src/sys/netinet/ip_input.c:834 #18 0xffffffff80d76f4f in netisr_dispatch_src (proto=3D1, source=3Dsource@e= ntry=3D0, m=3D0xfffff80bc659e800) at /usr/src/sys/net/netisr.c:1143 #19 0xffffffff80d7729f in netisr_dispatch (proto=3D2179584064, m=3D0xffffffff812aeb39) at /usr/src/sys/net/netisr.c:1234 #20 0xffffffff80d5961e in ether_demux (ifp=3Difp@entry=3D0xfffff8010731e800, m=3D0x80) at /usr/src/sys/net/if_ethersubr.c:921 #21 0xffffffff80d5ac98 in ether_input_internal (ifp=3D0xfffff8010731e800, m= =3D0x80) at /usr/src/sys/net/if_ethersubr.c:707 #22 ether_nh_input (m=3D<optimized out>) at /usr/src/sys/net/if_ethersubr.c= :737 #23 0xffffffff80d76f4f in netisr_dispatch_src (proto=3Dproto@entry=3D5, source=3Dsource@entry=3D0, m=3Dm@entry=3D0xfffff80bc659e800) at /usr/src/sys/net/netisr.c:1143 #24 0xffffffff80d7729f in netisr_dispatch (proto=3D2179584064, proto@entry= =3D5, m=3D0xffffffff812aeb39, m@entry=3D0xfffff80bc659e800) at /usr/src/sys/net/netisr.c:1234 #25 0xffffffff80d59ae9 in ether_input (ifp=3D0xfffff8010731e800, m=3D0xfffff80bc659e800) at /usr/src/sys/net/if_ethersubr.c:828 #26 0xffffffff80d72cc7 in iflib_rxeof (rxq=3D<optimized out>, rxq@entry=3D0xfffffe017ff65340, budget=3D<optimized out>) at /usr/src/sys/net/iflib.c:3046 #27 0xffffffff80d6ca6a in _task_fn_rx (context=3D0xfffffe017ff65340) at /usr/src/sys/net/iflib.c:3989 #28 0xffffffff80c78927 in gtaskqueue_run_locked (queue=3Dqueue@entry=3D0xfffff80105860600) at /usr/src/sys/kern/subr_gtaskqueue.c:371 #29 0xffffffff80c78752 in gtaskqueue_thread_loop (arg=3Darg@entry=3D0xfffffe017fed5020) at /usr/src/sys/kern/subr_gtaskqueue= .c:547 #30 0xffffffff80be4ce0 in fork_exit (callout=3D0xffffffff80c78690 <gtaskqueue_thread_loop>, arg=3D0xfffffe017fed5020, frame=3D0xfffffe017fd62= f40) at /usr/src/sys/kern/kern_fork.c:1092 #31 <signal handler called> #32 0x0266300000000000 in ?? () Backtrace stopped: Cannot access memory at address 0x0 (kgdb) Let me know what you need from the dump. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-260393-7501-4ucyA3puM9>