[Bug 260393] Page Fault tcp_output/tcp_input
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Wed, 22 Dec 2021 22:24:57 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=260393
--- Comment #65 from Dobri Dobrev <ddobrev85@gmail.com> ---
(In reply to Hans Petter Selasky from comment #63)
So, here it is - I believe this is what we're looking for: "panic: tcp_m_copym,
length > size of mbuf chain"
Unread portion of the kernel message buffer:
[12282] panic: tcp_m_copym, length > size of mbuf chain
[12282] cpuid = 1
[12282] time = 1640209960
[12282] KDB: stack backtrace:
[12282] db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame
0xfffffe017fd62550
[12282] vpanic() at vpanic+0x17f/frame 0xfffffe017fd625a0
[12282] panic() at panic+0x43/frame 0xfffffe017fd62600
[12282] tcp_m_copym() at tcp_m_copym+0x41b/frame 0xfffffe017fd626b0
[12282] tcp_output() at tcp_output+0x1433/frame 0xfffffe017fd62890
[12282] tcp_do_segment() at tcp_do_segment+0x2b9a/frame 0xfffffe017fd62960
[12282] tcp_input_with_port() at tcp_input_with_port+0xb7d/frame
0xfffffe017fd62aa0
[12282] tcp_input() at tcp_input+0xb/frame 0xfffffe017fd62ab0
[12282] ip_input() at ip_input+0x192/frame 0xfffffe017fd62b40
[12282] netisr_dispatch_src() at netisr_dispatch_src+0xaf/frame
0xfffffe017fd62ba0
[12282] ether_demux() at ether_demux+0x16e/frame 0xfffffe017fd62bd0
[12282] ether_nh_input() at ether_nh_input+0x3f8/frame 0xfffffe017fd62c30
[12282] netisr_dispatch_src() at netisr_dispatch_src+0xaf/frame
0xfffffe017fd62c90
[12282] ether_input() at ether_input+0x99/frame 0xfffffe017fd62cf0
[12282] iflib_rxeof() at iflib_rxeof+0xe07/frame 0xfffffe017fd62e00
[12282] _task_fn_rx() at _task_fn_rx+0x7a/frame 0xfffffe017fd62e40
[12282] gtaskqueue_run_locked() at gtaskqueue_run_locked+0xa7/frame
0xfffffe017fd62ec0
[12282] gtaskqueue_thread_loop() at gtaskqueue_thread_loop+0xc2/frame
0xfffffe017fd62ef0
[12282] fork_exit() at fork_exit+0x80/frame 0xfffffe017fd62f30
[12282] fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe017fd62f30
[12282] --- trap 0, rip = 0x266300000000000, rsp = 0, rbp = 0 ---
[12282] KDB: enter: panic
__curthread () at /usr/src/sys/amd64/include/pcpu_aux.h:55
55 __asm("movq %%gs:%P1,%0" : "=r" (td) : "n" (offsetof(struct
pcpu,
(kgdb) where
#0 __curthread () at /usr/src/sys/amd64/include/pcpu_aux.h:55
#1 doadump (textdump=textdump@entry=0) at
/usr/src/sys/kern/kern_shutdown.c:399
#2 0xffffffff804c30fa in db_dump (dummy=<optimized out>, dummy2=<unavailable>,
dummy3=<unavailable>, dummy4=<unavailable>) at
/usr/src/sys/ddb/db_command.c:575
#3 0xffffffff804c2fb2 in db_command (last_cmdp=<optimized out>,
cmd_table=<optimized out>, dopager=dopager@entry=1) at
/usr/src/sys/ddb/db_command.c:482
#4 0xffffffff804c2c0d in db_command_loop () at
/usr/src/sys/ddb/db_command.c:535
#5 0xffffffff804c60b6 in db_trap (type=<optimized out>, code=<optimized out>)
at /usr/src/sys/ddb/db_main.c:270
#6 0xffffffff80c7a676 in kdb_trap (type=type@entry=3, code=code@entry=0,
tf=tf@entry=0xfffffe017fd62480) at /usr/src/sys/kern/subr_kdb.c:733
#7 0xffffffff810ebd19 in trap (frame=0xfffffe017fd62480) at
/usr/src/sys/amd64/amd64/trap.c:607
#8 <signal handler called>
#9 kdb_enter (why=0xffffffff812e57c1 "panic", msg=<optimized out>) at
/usr/src/sys/kern/subr_kdb.c:506
#10 0xffffffff80c2c900 in vpanic (fmt=0xffffffff811c2a3b "tcp_m_copym, length >
size of mbuf chain", ap=ap@entry=0xfffffe017fd625e0) at
/usr/src/sys/kern/kern_shutdown.c:908
#11 0xffffffff80c2c693 in panic (fmt=0xffffffff81e9d040 <cnputs_mtx>
"\302&*\201\377\377\377\377") at /usr/src/sys/kern/kern_shutdown.c:844
#12 0xffffffff80e11a3b in tcp_m_copym (m=0x0, m@entry=0xfffff80bc680b500,
off0=1388, plen=<optimized out>, plen@entry=0xfffffe017fd6282c, seglimit=1,
seglimit@entry=0, segsize=segsize@entry=0, sb=<optimized out>,
hw_tls=<optimized out>) at /usr/src/sys/netinet/tcp_output.c:2011
#13 0xffffffff80e0f893 in tcp_output (tp=<optimized out>) at
/usr/src/sys/netinet/tcp_output.c:1091
#14 0xffffffff80e0607a in tcp_do_segment (m=<optimized out>,
th=0xfffff80bc659e87a, so=<optimized out>, tp=0xfffffe0252e24000,
drop_hdrlen=40, tlen=<optimized out>, iptos=0 '\000') at
/usr/src/sys/netinet/tcp_input.c:2822
#15 0xffffffff80e025bd in tcp_input_with_port (mp=<optimized out>,
offp=<optimized out>, proto=<optimized out>, port=port@entry=0) at
/usr/src/sys/netinet/tcp_input.c:1400
#16 0xffffffff80e0340b in tcp_input (mp=0xffffffff81e9d040 <cnputs_mtx>,
offp=0x80, proto=-2127893703) at /usr/src/sys/netinet/tcp_input.c:1496
#17 0xffffffff80df3d22 in ip_input (m=0x0) at
/usr/src/sys/netinet/ip_input.c:834
#18 0xffffffff80d76f4f in netisr_dispatch_src (proto=1, source=source@entry=0,
m=0xfffff80bc659e800) at /usr/src/sys/net/netisr.c:1143
#19 0xffffffff80d7729f in netisr_dispatch (proto=2179584064,
m=0xffffffff812aeb39) at /usr/src/sys/net/netisr.c:1234
#20 0xffffffff80d5961e in ether_demux (ifp=ifp@entry=0xfffff8010731e800,
m=0x80) at /usr/src/sys/net/if_ethersubr.c:921
#21 0xffffffff80d5ac98 in ether_input_internal (ifp=0xfffff8010731e800, m=0x80)
at /usr/src/sys/net/if_ethersubr.c:707
#22 ether_nh_input (m=<optimized out>) at /usr/src/sys/net/if_ethersubr.c:737
#23 0xffffffff80d76f4f in netisr_dispatch_src (proto=proto@entry=5,
source=source@entry=0, m=m@entry=0xfffff80bc659e800) at
/usr/src/sys/net/netisr.c:1143
#24 0xffffffff80d7729f in netisr_dispatch (proto=2179584064, proto@entry=5,
m=0xffffffff812aeb39, m@entry=0xfffff80bc659e800) at
/usr/src/sys/net/netisr.c:1234
#25 0xffffffff80d59ae9 in ether_input (ifp=0xfffff8010731e800,
m=0xfffff80bc659e800) at /usr/src/sys/net/if_ethersubr.c:828
#26 0xffffffff80d72cc7 in iflib_rxeof (rxq=<optimized out>,
rxq@entry=0xfffffe017ff65340, budget=<optimized out>) at
/usr/src/sys/net/iflib.c:3046
#27 0xffffffff80d6ca6a in _task_fn_rx (context=0xfffffe017ff65340) at
/usr/src/sys/net/iflib.c:3989
#28 0xffffffff80c78927 in gtaskqueue_run_locked
(queue=queue@entry=0xfffff80105860600) at
/usr/src/sys/kern/subr_gtaskqueue.c:371
#29 0xffffffff80c78752 in gtaskqueue_thread_loop
(arg=arg@entry=0xfffffe017fed5020) at /usr/src/sys/kern/subr_gtaskqueue.c:547
#30 0xffffffff80be4ce0 in fork_exit (callout=0xffffffff80c78690
<gtaskqueue_thread_loop>, arg=0xfffffe017fed5020, frame=0xfffffe017fd62f40) at
/usr/src/sys/kern/kern_fork.c:1092
#31 <signal handler called>
#32 0x0266300000000000 in ?? ()
Backtrace stopped: Cannot access memory at address 0x0
(kgdb)
Let me know what you need from the dump.
--
You are receiving this mail because:
You are the assignee for the bug.