[Bug 260393] Page Fault tcp_output/tcp_input

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: <bugzilla-noreply_at_freebsd.org>
Date: Mon, 20 Dec 2021 11:11:37 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=260393

--- Comment #10 from Dobri Dobrev <ddobrev85@gmail.com> ---
(In reply to Michael Tuexen from comment #9)

(kgdb) frame 8
#8  m_copydata (m=0x0, m@entry=0xfffff8010ee80d00, off=0, len=1, cp=<optimized
out>) at /usr/src/sys/kern/uipc_mbuf.c:657
657                     count = min(m->m_len - off, len);
(kgdb) list
652                     off -= m->m_len;
653                     m = m->m_next;
654             }
655             while (len > 0) {
656                     KASSERT(m != NULL, ("m_copydata, length > size of mbuf
chain"));
657                     count = min(m->m_len - off, len);
658                     if ((m->m_flags & M_EXTPG) != 0)
659                             m_copyfromunmapped(m, off, count, cp);
660                     else
661                             bcopy(mtod(m, caddr_t) + off, cp, count);
(kgdb) print *(struct mbuf *)0xfffff8010ee80d00
$1 = {{m_next = 0x0, m_slist = {sle_next = 0x0}, m_stailq = {stqe_next = 0x0}},
{m_nextpkt = 0x0, m_slistpkt = {sle_next = 0x0}, m_stailqpkt = {stqe_next =
0x0}}, 
  m_data = 0xfffff8015b91e528
"&i\365\267\254\350s\352,\025\216*\265\216\004\024\201j\256\245?\225<\020)W\214%\212\371\221$\205s\277LE<\326\340\032\267\377\366\214\217\235\215^)1x\377\342\032\234Ƃ\217]\211\375\333h\361\212\320nE\024\370\330\325S8\272\001y\023\304;\016:\017\032kT5\323\300\f\245MJd\n\025W\352c\321\062)Pl{/\263\320>6\231\362x\305\311\031ö\vy\356&É\265\343;_\273`\272\005\205\315m(\353쁞\001\223\254\371\037]UN\357\202%\201\364\033\r\232G$-N\251\262#\264\204\375\t\321\036\203\241\254\274\314ز\252jŹc.k\217\224#\235\206\241U\262\a\215I\035&\253j3"...,
m_len = 24, m_type = 1, m_flags = 1, {{{m_pkthdr = {{snd_tag = 0x0, 
            rcvif = 0x0}, tags = {slh_first = 0x0}, len = 1337, flowid = 0,
csum_flags = 0, fibnum = 0, numa_domain = 255 '\377', rsstype = 0 '\000',
{rcv_tstmp = 0, {l2hlen = 0 '\000', l3hlen = 0 '\000', 
              l4hlen = 0 '\000', l5hlen = 0 '\000', inner_l2hlen = 0 '\000',
inner_l3hlen = 0 '\000', inner_l4hlen = 0 '\000', inner_l5hlen = 0 '\000'}},
PH_per = {eight = "\000\000\000\000\377\377\000", sixteen = {
              0, 0, 65535, 0}, thirtytwo = {0, 65535}, sixtyfour =
{281470681743360}, unintptr = {281470681743360}, ptr = 0xffff00000000}, PH_loc
= {eight = "\000\000\000\000\000\000\000", sixteen = {0, 0, 0, 0}, 
            thirtytwo = {0, 0}, sixtyfour = {0}, unintptr = {0}, ptr = 0x0}},
{m_epg_npgs = 0 '\000', m_epg_nrdy = 0 '\000', m_epg_hdrlen = 0 '\000',
m_epg_trllen = 0 '\000', m_epg_1st_off = 0, m_epg_last_len = 0, 
          m_epg_flags = 0 '\000', m_epg_record_type = 0 '\000', __spare =
"\000", m_epg_enc_cnt = 0, m_epg_tls = 0x539, m_epg_so = 0xff000000000000,
m_epg_seqno = 0, m_epg_stailq = {stqe_next = 0xffff00000000}}}, {
        m_ext = {{ext_count = 1, ext_cnt = 0x1}, ext_size = 2048, ext_type = 6,
ext_flags = 1, {{ext_buf = 0xfffff8015b91e000
"\023\367\265R\030\254\212\342\220\255\331'\206\217\245f\223o\aH\205\277\222", 
              ext_arg2 = 0x0}, {extpg_pa = {18446735283447783424, 0, 0, 0, 0},
extpg_trail = '\000' <repeats 63 times>, extpg_hdr = '\000' <repeats 22
times>}}, ext_free = 0x0, ext_arg1 = 0x0}, 
        m_pktdat = 0xfffff8010ee80d58 "\001"}}, m_dat = 0xfffff8010ee80d20 ""}}
(kgdb) frame 10
#10 0xffffffff80dcd382 in tcp_do_segment (m=<optimized out>, th=<optimized
out>, so=<optimized out>, tp=0xfffffe0251638870, drop_hdrlen=40,
tlen=<optimized out>, iptos=0 '\000')
    at /usr/src/sys/netinet/tcp_input.c:2822
2822                                                    tcp_sack_partialack(tp,
th);
(kgdb) print *tp
$2 = {t_inpcb = 0xfffff80a54294000, t_fb = 0xffffffff8193b000
<tcp_def_funcblk>, t_fb_ptr = 0x0, t_maxseg = 1360, t_logstate = 0, t_port = 0,
t_state = 8, t_idle_reduce = 0, t_delayed_ack = 0, t_fin_is_rst = 0, 
  t_log_state_set = 0, bits_spare = 0, t_flags = 554697333, snd_una =
3223852179, snd_max = 3223852205, snd_nxt = 3223852204, snd_up = 3223850831,
snd_wnd = 65292, snd_cwnd = 1359, t_peakrate_thr = 0, 
  ts_offset = 0, rfbuf_ts = 313886170, rcv_numsacks = 0, t_tsomax = 65535,
t_tsomaxsegcount = 37, t_tsomaxsegsize = 4096, rcv_nxt = 2467824635, rcv_adv =
2467891323, rcv_wnd = 66688, t_flags2 = 1024, t_srtt = 3309, 
  t_rttvar = 287, ts_recent = 0, snd_scale = 2 '\002', rcv_scale = 6 '\006',
snd_limited = 0 '\000', request_r_scale = 6 '\006', last_ack_sent = 2467824635,
t_rcvtime = 2461112999, rcv_up = 2467824635, 
  t_segqlen = 0, t_segqmbuflen = 0, t_segq = {tqh_first = 0x0, tqh_last =
0xfffffe0251638900}, t_in_pkt = 0x0, t_tail_pkt = 0x0, t_timers =
0xfffffe0251638b18, t_vnet = 0xfffff801014c0580, snd_ssthresh = 2720, 
  snd_wl1 = 2467824635, snd_wl2 = 3223852179, irs = 2467822589, iss =
3223768989, t_acktime = 0, t_sndtime = 2460931776, ts_recent_age = 0,
snd_recover = 3223852205, cl4_spare = 0, t_oobflags = 0 '\000', 
  t_iobc = 0 '\000', t_rxtcur = 64000, t_rxtshift = 11, t_rtttime = 0, t_rtseq
= 3223852203, t_starttime = 2460765463, t_fbyte_in = 2460765472, t_fbyte_out =
2460765472, t_pmtud_saved_maxseg = 0, 
  t_blackhole_enter = 0, t_blackhole_exit = 0, t_rttmin = 30, t_rttbest = 3596,
t_softerror = 0, max_sndwnd = 66640, snd_cwnd_prev = 8160, snd_ssthresh_prev =
2720, snd_recover_prev = 3223823643, t_sndzerowin = 0, 
  t_rttupdated = 9, snd_numholes = 1, t_badrxtwin = 2460781714, snd_holes =
{tqh_first = 0xfffff806d12b8780, tqh_last = 0xfffff806d12b8790}, snd_fack =
3223852203, sackblks = {{start = 2467824634, 
      end = 2467824635}, {start = 0, end = 0}, {start = 0, end = 0}, {start =
0, end = 0}, {start = 0, end = 0}, {start = 0, end = 0}}, sackhint = {nexthole
= 0xfffff806d12b8780, sack_bytes_rexmit = 0, 
    last_sack_ack = 3223852203, delivered_data = 12, sacked_bytes = 0,
recover_fs = 1373, prr_delivered = 2722, prr_out = 4105}, t_rttlow = 84,
rfbuf_cnt = 0, tod = 0x0, t_sndrexmitpack = 59, t_rcvoopack = 0, 
  t_toe = 0x0, cc_algo = 0xffffffff81937eb0 <newreno_cc_algo>, ccv =
0xfffffe0251638c60, osd = 0xfffffe0251638c88, t_bytes_acked = 0, t_maxunacktime
= 0, t_keepinit = 0, t_keepidle = 0, t_keepintvl = 0, 
  t_keepcnt = 0, t_dupacks = 0, t_lognum = 0, t_loglimit = 5000, t_pacing_rate
= -1, t_logs = {stqh_first = 0x0, stqh_last = 0xfffffe0251638a88}, t_lin = 0x0,
t_lib = 0x0, t_output_caller = 0x0, t_stats = 0x0, 
  t_logsn = 0, gput_ts = 0, gput_seq = 0, gput_ack = 0, t_stats_gput_prev = 0,
t_maxpeakrate = 0, t_sndtlppack = 0, t_sndtlpbyte = 0, t_sndbytes = 91397,
t_snd_rxt_bytes = 61193, t_tfo_client_cookie_len = 0 '\000', 
  t_end_info_status = 0, t_tfo_pending = 0x0, t_tfo_cookie = {client = '\000'
<repeats 15 times>, server = 0}, {t_end_info_bytes =
"\000\000\000\000\000\000\000", t_end_info = 0}}
(kgdb) frame 12
#12 0xffffffff80dca9eb in tcp_input (mp=0xfffff8010ee80d00, offp=0x0, proto=1)
at /usr/src/sys/netinet/tcp_input.c:1496
1496            return(tcp_input_with_port(mp, offp, proto, 0));
(kgdb) print **mp
Cannot access memory at address 0x0
(kgdb)

-- 
You are receiving this mail because:
You are the assignee for the bug.