kern/159029: panic: m_copym, offset > size of mbuf chain when pfsync_enable="YES"

Paweł Biernacki pawel.biernacki at gmail.com
Tue Jul 19 13:40:08 UTC 2011 

>Number:         159029
>Category:       kern
>Synopsis:       panic: m_copym, offset > size of mbuf chain when pfsync_enable="YES"
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Jul 19 13:40:07 UTC 2011
>Closed-Date:
>Last-Modified:
>Originator:     Paweł Biernacki
>Release:        FreeBSD 9.0 r224179
>Organization:
>Environment:
FreeBSD a.b.c 9.0-CURRENT FreeBSD 9.0-CURRENT #0: Tue Jul 19 14:30:03 CEST 2011     root at a.b.c:/usr/obj/usr/src/sys/GENERIC  amd64 
>Description:
Problem exists regardless of pf/pflog/psync used as module or complied into the kernel.

<118>Starting Network: pfsync0.
<118>pfsync0: flags=0<> metric 0 mtu 1500
<118>	nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
<118>	syncpeer: 0.0.0.0 maxupd: 128
<118>Starting Network: pflog0.
<118>pflog0: flags=0<> metric 0 mtu 33152
<118>	nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
<118>Starting ums0 moused.
<118>Enabling pfsync.
panic: m_copym, offset > size of mbuf chain
cpuid = 3
KDB: enter: panic



(kgdb) where 
#0  doadump (textdump=0) at /usr/src/sys/kern/kern_shutdown.c:252
#1  0xffffffff802f6670 in db_dump (dummy=Variable "dummy" is not available.
) at /usr/src/sys/ddb/db_command.c:537
#2  0xffffffff802f5c61 in db_command (last_cmdp=0xffffffff810e98c0, cmd_table=Variable "cmd_table" is not available.
) at /usr/src/sys/ddb/db_command.c:448
#3  0xffffffff802f5eb0 in db_command_loop () at /usr/src/sys/ddb/db_command.c:501
#4  0xffffffff802f7ff9 in db_trap (type=Variable "type" is not available.
) at /usr/src/sys/ddb/db_main.c:229
#5  0xffffffff80853a41 in kdb_trap (type=3, code=0, tf=0xffffff8116ce6740) at /usr/src/sys/kern/subr_kdb.c:539
#6  0xffffffff80b03d26 in trap (frame=0xffffff8116ce6740) at /usr/src/sys/amd64/amd64/trap.c:590
#7  0xffffffff80aee4af in calltrap () at /usr/src/sys/amd64/amd64/exception.S:228
#8  0xffffffff8085381b in kdb_enter (why=0xffffffff80d1897d "panic", msg=0x80 <Address 0x80 out of bounds>) at cpufunc.h:63
#9  0xffffffff8081e160 in panic (fmt=Variable "fmt" is not available.
) at /usr/src/sys/kern/kern_shutdown.c:587
#10 0xffffffff808871af in m_copym (m=0x0, off0=1500, len=1480, wait=1) at /usr/src/sys/kern/uipc_mbuf.c:541
#11 0xffffffff8093e6a8 in ip_fragment (ip=0xfffffe0007d6e968, m_frag=0xffffff8116ce6a58, mtu=Variable "mtu" is not available.
) at /usr/src/sys/netinet/ip_output.c:816
#12 0xffffffff8093f668 in ip_output (m=0xfffffe0007d6e900, opt=Variable "opt" is not available.
) at /usr/src/sys/netinet/ip_output.c:647
#13 0xffffffff815cfca5 in pfsync_sendout () at /usr/src/sys/modules/pfsync/../../contrib/pf/net/if_pfsync.c:2348
#14 0xffffffff815d1e99 in pfsyncintr (arg=Variable "arg" is not available.
) at /usr/src/sys/modules/pfsync/../../contrib/pf/net/if_pfsync.c:3269
#15 0xffffffff807f5b86 in intr_event_execute_handlers (p=Variable "p" is not available.
) at /usr/src/sys/kern/kern_intr.c:1257
#16 0xffffffff807f69c2 in ithread_loop (arg=0xfffffe0002dad100) at /usr/src/sys/kern/kern_intr.c:1270
#17 0xffffffff807f30a5 in fork_exit (callout=0xffffffff807f6910 <ithread_loop>, arg=0xfffffe0002dad100, frame=0xffffff8116ce6c50) at /usr/src/sys/kern/kern_fork.c:941
#18 0xffffffff80aee9de in fork_trampoline () at /usr/src/sys/amd64/amd64/exception.S:603
#19 0x0000000000000000 in ?? ()
#20 0x0000000000000000 in ?? ()
#21 0x0000000000000001 in ?? ()
#22 0x0000000000000000 in ?? ()
#23 0x0000000000000000 in ?? ()
#24 0x0000000000000000 in ?? ()
#25 0x0000000000000000 in ?? ()
#26 0x0000000000000000 in ?? ()
#27 0x0000000000000000 in ?? ()
#28 0x0000000000000000 in ?? ()
#29 0x0000000000000000 in ?? ()
#30 0x0000000000000000 in ?? ()
#31 0x0000000000000000 in ?? ()
#32 0x0000000000000000 in ?? ()
#33 0x0000000000000000 in ?? ()
#34 0x0000000000000000 in ?? ()
#35 0x0000000000000000 in ?? ()
#36 0x0000000000000000 in ?? ()
#37 0x0000000000000000 in ?? ()
#38 0x0000000000000000 in ?? ()
#39 0x0000000000000000 in ?? ()
#40 0x0000000000000000 in ?? ()
#41 0x0000000000000000 in ?? ()
#42 0x0000000000000000 in ?? ()
#43 0x0000000000000000 in ?? ()
#44 0x0000000000000000 in ?? ()
#45 0x0000000000000000 in ?? ()
#46 0xffffffff807f6910 in intr_event_add_handler () at /usr/src/sys/kern/kern_intr.c:551

>How-To-Repeat:
add

pfsync_enable="YES"
pfsync_syncdev="igb3" # or sth

reboot or /etc/rc.d/pfsync start

>Fix:
none yet

>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-bugs mailing list