From nobody Wed Dec 22 22:24:57 2021 X-Original-To: net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id E2A671903F20 for ; Wed, 22 Dec 2021 22:24:57 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4JK7DT5PDZz4vrd for ; Wed, 22 Dec 2021 22:24:57 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 974B7251DD for ; Wed, 22 Dec 2021 22:24:57 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 1BMMOvjW059442 for ; Wed, 22 Dec 2021 22:24:57 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 1BMMOveF059441 for net@FreeBSD.org; Wed, 22 Dec 2021 22:24:57 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 260393] Page Fault tcp_output/tcp_input Date: Wed, 22 Dec 2021 22:24:57 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 13.0-STABLE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: ddobrev85@gmail.com X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@freebsd.org MIME-Version: 1.0 ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1640211897; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=43CRBW/2M+928m2uLd+EcJjYQ5K1hyXfxMEpTkT/FuA=; b=n0/PRQ2voY/7aTaVwL5N/cAK3g/A4gSoSzm4vCSRHYl+wMOuTVj0y8NgORZo6RG3GRQanL NUG9JfBXAw7BV8R4a4VwGU50dPvIkf9ilLt90sJfCMASgeKFnR91HXaX3PdeDa4bKdlqwn LHBaNjyj4QpLFPYFvMARxDMPtAka2QqzJp9G3oWsC6+sIDKfJ7qOQPg633MakmB8fyA6HN 6vaUpfA2odKS3dDK5XvxNv/P4yubloHDo/7JP2OiwIBPp2Uco7LVKCcq08Yhb5EhOCB2HD OUgeOqfCkeQjIaIQdLhzK0eJe0rSP+BfYmSAtq3zFEONY6M/QlKbySGAPBqpoA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1640211897; a=rsa-sha256; cv=none; b=vkDbKNv0PY8Zhz40sOh0YzFIBp57dfaxc24CeeExa14PFat2d1U8mT8csLLOROOXw1RgWO HIsBd2NhO4XXoql0F1jObuTJq76Q0DCnVYpczHsnfbeRMLBzAAjlLDsl70AvOrVyWTZBBp vNUnlA54iYlVR1K2PEZ7RLuuAjwsGg/UmPtVZ01qRwcHWYgl8Dt1E6IWIQJyxuaTMUtWsv Jqr1nMGpNBftgkqfOzdsVGZawptqQc2KpNUvDc4uh03YHV+TEi+Q32KRB1rmgPw/Ee8wFE bYUlmRIRGkpGTeFH6nwzoidG4pTZ/jxbDlrLuUAdjtFm066flzgA8hn5b38Z/A== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D260393 --- Comment #65 from Dobri Dobrev --- (In reply to Hans Petter Selasky from comment #63) So, here it is - I believe this is what we're looking for: "panic: tcp_m_co= pym, length > size of mbuf chain" Unread portion of the kernel message buffer: [12282] panic: tcp_m_copym, length > size of mbuf chain [12282] cpuid =3D 1 [12282] time =3D 1640209960 [12282] KDB: stack backtrace: [12282] db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe017fd62550 [12282] vpanic() at vpanic+0x17f/frame 0xfffffe017fd625a0 [12282] panic() at panic+0x43/frame 0xfffffe017fd62600 [12282] tcp_m_copym() at tcp_m_copym+0x41b/frame 0xfffffe017fd626b0 [12282] tcp_output() at tcp_output+0x1433/frame 0xfffffe017fd62890 [12282] tcp_do_segment() at tcp_do_segment+0x2b9a/frame 0xfffffe017fd62960 [12282] tcp_input_with_port() at tcp_input_with_port+0xb7d/frame 0xfffffe017fd62aa0 [12282] tcp_input() at tcp_input+0xb/frame 0xfffffe017fd62ab0 [12282] ip_input() at ip_input+0x192/frame 0xfffffe017fd62b40 [12282] netisr_dispatch_src() at netisr_dispatch_src+0xaf/frame 0xfffffe017fd62ba0 [12282] ether_demux() at ether_demux+0x16e/frame 0xfffffe017fd62bd0 [12282] ether_nh_input() at ether_nh_input+0x3f8/frame 0xfffffe017fd62c30 [12282] netisr_dispatch_src() at netisr_dispatch_src+0xaf/frame 0xfffffe017fd62c90 [12282] ether_input() at ether_input+0x99/frame 0xfffffe017fd62cf0 [12282] iflib_rxeof() at iflib_rxeof+0xe07/frame 0xfffffe017fd62e00 [12282] _task_fn_rx() at _task_fn_rx+0x7a/frame 0xfffffe017fd62e40 [12282] gtaskqueue_run_locked() at gtaskqueue_run_locked+0xa7/frame 0xfffffe017fd62ec0 [12282] gtaskqueue_thread_loop() at gtaskqueue_thread_loop+0xc2/frame 0xfffffe017fd62ef0 [12282] fork_exit() at fork_exit+0x80/frame 0xfffffe017fd62f30 [12282] fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe017fd62f30 [12282] --- trap 0, rip =3D 0x266300000000000, rsp =3D 0, rbp =3D 0 --- [12282] KDB: enter: panic __curthread () at /usr/src/sys/amd64/include/pcpu_aux.h:55 55 __asm("movq %%gs:%P1,%0" : "=3Dr" (td) : "n" (offsetof(stru= ct pcpu, (kgdb) where #0 __curthread () at /usr/src/sys/amd64/include/pcpu_aux.h:55 #1 doadump (textdump=3Dtextdump@entry=3D0) at /usr/src/sys/kern/kern_shutdown.c:399 #2 0xffffffff804c30fa in db_dump (dummy=3D, dummy2=3D, dummy3=3D, dummy4=3D) at /usr/src/sys/ddb/db_command.c:575 #3 0xffffffff804c2fb2 in db_command (last_cmdp=3D, cmd_table=3D, dopager=3Ddopager@entry=3D1) at /usr/src/sys/ddb/db_command.c:482 #4 0xffffffff804c2c0d in db_command_loop () at /usr/src/sys/ddb/db_command.c:535 #5 0xffffffff804c60b6 in db_trap (type=3D, code=3D) at /usr/src/sys/ddb/db_main.c:270 #6 0xffffffff80c7a676 in kdb_trap (type=3Dtype@entry=3D3, code=3Dcode@entr= y=3D0, tf=3Dtf@entry=3D0xfffffe017fd62480) at /usr/src/sys/kern/subr_kdb.c:733 #7 0xffffffff810ebd19 in trap (frame=3D0xfffffe017fd62480) at /usr/src/sys/amd64/amd64/trap.c:607 #8 #9 kdb_enter (why=3D0xffffffff812e57c1 "panic", msg=3D) at /usr/src/sys/kern/subr_kdb.c:506 #10 0xffffffff80c2c900 in vpanic (fmt=3D0xffffffff811c2a3b "tcp_m_copym, le= ngth > size of mbuf chain", ap=3Dap@entry=3D0xfffffe017fd625e0) at /usr/src/sys/kern/kern_shutdown.c:908 #11 0xffffffff80c2c693 in panic (fmt=3D0xffffffff81e9d040 "\302&*\201\377\377\377\377") at /usr/src/sys/kern/kern_shutdown.c:844 #12 0xffffffff80e11a3b in tcp_m_copym (m=3D0x0, m@entry=3D0xfffff80bc680b50= 0, off0=3D1388, plen=3D, plen@entry=3D0xfffffe017fd6282c, segli= mit=3D1, seglimit@entry=3D0, segsize=3Dsegsize@entry=3D0, sb=3D,=20 hw_tls=3D) at /usr/src/sys/netinet/tcp_output.c:2011 #13 0xffffffff80e0f893 in tcp_output (tp=3D) at /usr/src/sys/netinet/tcp_output.c:1091 #14 0xffffffff80e0607a in tcp_do_segment (m=3D, th=3D0xfffff80bc659e87a, so=3D, tp=3D0xfffffe0252e24000, drop_hdrlen=3D40, tlen=3D, iptos=3D0 '\000') at /usr/src/sys/netinet/tcp_input.c:2822 #15 0xffffffff80e025bd in tcp_input_with_port (mp=3D, offp=3D, proto=3D, port=3Dport@entry=3D0) at /usr/src/sys/netinet/tcp_input.c:1400 #16 0xffffffff80e0340b in tcp_input (mp=3D0xffffffff81e9d040 , offp=3D0x80, proto=3D-2127893703) at /usr/src/sys/netinet/tcp_input.c:1496 #17 0xffffffff80df3d22 in ip_input (m=3D0x0) at /usr/src/sys/netinet/ip_input.c:834 #18 0xffffffff80d76f4f in netisr_dispatch_src (proto=3D1, source=3Dsource@e= ntry=3D0, m=3D0xfffff80bc659e800) at /usr/src/sys/net/netisr.c:1143 #19 0xffffffff80d7729f in netisr_dispatch (proto=3D2179584064, m=3D0xffffffff812aeb39) at /usr/src/sys/net/netisr.c:1234 #20 0xffffffff80d5961e in ether_demux (ifp=3Difp@entry=3D0xfffff8010731e800, m=3D0x80) at /usr/src/sys/net/if_ethersubr.c:921 #21 0xffffffff80d5ac98 in ether_input_internal (ifp=3D0xfffff8010731e800, m= =3D0x80) at /usr/src/sys/net/if_ethersubr.c:707 #22 ether_nh_input (m=3D) at /usr/src/sys/net/if_ethersubr.c= :737 #23 0xffffffff80d76f4f in netisr_dispatch_src (proto=3Dproto@entry=3D5, source=3Dsource@entry=3D0, m=3Dm@entry=3D0xfffff80bc659e800) at /usr/src/sys/net/netisr.c:1143 #24 0xffffffff80d7729f in netisr_dispatch (proto=3D2179584064, proto@entry= =3D5, m=3D0xffffffff812aeb39, m@entry=3D0xfffff80bc659e800) at /usr/src/sys/net/netisr.c:1234 #25 0xffffffff80d59ae9 in ether_input (ifp=3D0xfffff8010731e800, m=3D0xfffff80bc659e800) at /usr/src/sys/net/if_ethersubr.c:828 #26 0xffffffff80d72cc7 in iflib_rxeof (rxq=3D, rxq@entry=3D0xfffffe017ff65340, budget=3D) at /usr/src/sys/net/iflib.c:3046 #27 0xffffffff80d6ca6a in _task_fn_rx (context=3D0xfffffe017ff65340) at /usr/src/sys/net/iflib.c:3989 #28 0xffffffff80c78927 in gtaskqueue_run_locked (queue=3Dqueue@entry=3D0xfffff80105860600) at /usr/src/sys/kern/subr_gtaskqueue.c:371 #29 0xffffffff80c78752 in gtaskqueue_thread_loop (arg=3Darg@entry=3D0xfffffe017fed5020) at /usr/src/sys/kern/subr_gtaskqueue= .c:547 #30 0xffffffff80be4ce0 in fork_exit (callout=3D0xffffffff80c78690 , arg=3D0xfffffe017fed5020, frame=3D0xfffffe017fd62= f40) at /usr/src/sys/kern/kern_fork.c:1092 #31 #32 0x0266300000000000 in ?? () Backtrace stopped: Cannot access memory at address 0x0 (kgdb) Let me know what you need from the dump. --=20 You are receiving this mail because: You are the assignee for the bug.=