From nobody Mon Jun 21 16:11:07 2021 X-Original-To: net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id B82DF11D779E for ; Mon, 21 Jun 2021 16:11:07 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4G7vf34kRdz3t4Y for ; Mon, 21 Jun 2021 16:11:07 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 8B1A11FF5E for ; Mon, 21 Jun 2021 16:11:07 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 15LGB7XV022077 for ; Mon, 21 Jun 2021 16:11:07 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 15LGB7Jt022076 for net@FreeBSD.org; Mon, 21 Jun 2021 16:11:07 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 256610] Kernel panic with ngtee Date: Mon, 21 Jun 2021 16:11:07 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 13.0-STABLE X-Bugzilla-Keywords: panic X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: markj@FreeBSD.org X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@freebsd.org MIME-Version: 1.0 X-ThisMailContainsUnwantedMimeParts: N https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D256610 --- Comment #5 from Mark Johnston --- (In reply to John Baldwin from comment #4) The full stack looks like this: #8 #9 memmove_erms () at /usr/src/sys/amd64/amd64/support.S:547 #10 0xffffffff80c80f18 in m_dup (m=3D0xfffff8021e841200,=20 m@entry=3D0xfffff801345d9d00, how=3Dhow@entry=3D1) at /usr/src/sys/kern/uipc_mbuf.c:722 #11 0xffffffff834ab3c1 in ng_ipfw_input (m0=3D,=20 fwa=3D0xfffffe0144090300, tee=3Dfalse) at /usr/src/sys/netgraph/ng_ipfw= .c:324 #12 0xffffffff82936df0 in ipfw_check_packet (m0=3D0xfffffe01440904e8,=20 ifp=3D0xfffff80004e5b800, flags=3D131072, ruleset=3D,=20 inp=3D0xfffff8004cff35b8) at /usr/src/sys/netpfil/ipfw/ip_fw_pfil.c:297 #13 0xffffffff80d2a8c7 in pfil_run_hooks (head=3D, p=3D...,= =20 ifp=3Difp@entry=3D0xfffff80004e5b800, flags=3Dflags@entry=3D131072,=20 inp=3Dinp@entry=3D0xfffff8004cff35b8) at /usr/src/sys/net/pfil.c:187 #14 0xffffffff80d9f287 in ip_output_pfil (mp=3D0xfffffe01440904e8,=20 ifp=3D0xfffff80004e5b800, flags=3D0, inp=3D0xfffff8004cff35b8,=20 dst=3D0xfffff8004cff3760, fibnum=3D, error=3D) at /usr/src/sys/netinet/ip_output.c:130 #15 ip_output (m=3Dm@entry=3D0xfffff801345d9d00, opt=3D,=20 ro=3D, flags=3D, imo=3Dimo@entry=3D0x0,=20 inp=3D) at /usr/src/sys/netinet/ip_output.c:705 #16 0xffffffff80db8cab in tcp_output (tp=3D) at /usr/src/sys/netinet/tcp_output.c:1544 #17 0xffffffff80dccfff in tcp_usr_ready (so=3D,=20 m=3D0xfffff802e78b3d00, count=3D) at /usr/src/sys/netinet/tcp_usrreq.c:1303 #18 0xffffffff80bef395 in sendfile_iodone (arg=3Darg@entry=3D0xfffff8035b9c= db00,=20 pa=3D, pa@entry=3D0x0, count=3D, count@en= try=3D0,=20 error=3D) at /usr/src/sys/kern/kern_sendfile.c:399 #19 0xffffffff80beebc9 in vn_sendfile (fp=3D, sockfd=3D34,=20 hdr_uio=3D0x0, trl_uio=3D0x0, offset=3D, nbytes=3D,=20 sent=3D0xfffffe0144090a88, flags=3D0, td=3D0xfffffe0145810ac0) at /usr/src/sys/kern/kern_sendfile.c:1194 #20 0xffffffff80bef7c7 in fo_sendfile (fp=3D0xfffff8002b911034, sockfd=3D0,= =20 hdr_uio=3D0x7cc, trl_uio=3D0x7cc, offset=3D-8795362095052,=20 nbytes=3D722828843999576199, sent=3D0xfffffe0144090a88, flags=3D7309271= 56,=20 td=3D0xfffffe0145810ac0) at /usr/src/sys/sys/file.h:411 #21 sendfile (td=3D0xfffffe0145810ac0, uap=3D0xfffffe0145810ea8,=20 compat=3D) at /usr/src/sys/kern/kern_sendfile.c:1324 #22 0xffffffff81083ede in syscallenter (td=3D) at /usr/src/sys/amd64/amd64/../../kern/subr_syscall.c:189 > While we could patch m_dup(), I don't know we want to enforce the policy = that the dup is always unmapped? Did you mean mapped? In any case, yeah, I was wondering if it's really a g= ood idea to return a mapped chain. But if a consumer is m_dup()ing something t= hen it probably intends to write to the dup anyway. m_copypacket() should be u= sed otherwise. --=20 You are receiving this mail because: You are the assignee for the bug.=