[Bug 260393] Page Fault tcp_output/tcp_input
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Wed, 22 Dec 2021 22:24:57 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=260393 --- Comment #65 from Dobri Dobrev <ddobrev85@gmail.com> --- (In reply to Hans Petter Selasky from comment #63) So, here it is - I believe this is what we're looking for: "panic: tcp_m_copym, length > size of mbuf chain" Unread portion of the kernel message buffer: [12282] panic: tcp_m_copym, length > size of mbuf chain [12282] cpuid = 1 [12282] time = 1640209960 [12282] KDB: stack backtrace: [12282] db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe017fd62550 [12282] vpanic() at vpanic+0x17f/frame 0xfffffe017fd625a0 [12282] panic() at panic+0x43/frame 0xfffffe017fd62600 [12282] tcp_m_copym() at tcp_m_copym+0x41b/frame 0xfffffe017fd626b0 [12282] tcp_output() at tcp_output+0x1433/frame 0xfffffe017fd62890 [12282] tcp_do_segment() at tcp_do_segment+0x2b9a/frame 0xfffffe017fd62960 [12282] tcp_input_with_port() at tcp_input_with_port+0xb7d/frame 0xfffffe017fd62aa0 [12282] tcp_input() at tcp_input+0xb/frame 0xfffffe017fd62ab0 [12282] ip_input() at ip_input+0x192/frame 0xfffffe017fd62b40 [12282] netisr_dispatch_src() at netisr_dispatch_src+0xaf/frame 0xfffffe017fd62ba0 [12282] ether_demux() at ether_demux+0x16e/frame 0xfffffe017fd62bd0 [12282] ether_nh_input() at ether_nh_input+0x3f8/frame 0xfffffe017fd62c30 [12282] netisr_dispatch_src() at netisr_dispatch_src+0xaf/frame 0xfffffe017fd62c90 [12282] ether_input() at ether_input+0x99/frame 0xfffffe017fd62cf0 [12282] iflib_rxeof() at iflib_rxeof+0xe07/frame 0xfffffe017fd62e00 [12282] _task_fn_rx() at _task_fn_rx+0x7a/frame 0xfffffe017fd62e40 [12282] gtaskqueue_run_locked() at gtaskqueue_run_locked+0xa7/frame 0xfffffe017fd62ec0 [12282] gtaskqueue_thread_loop() at gtaskqueue_thread_loop+0xc2/frame 0xfffffe017fd62ef0 [12282] fork_exit() at fork_exit+0x80/frame 0xfffffe017fd62f30 [12282] fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe017fd62f30 [12282] --- trap 0, rip = 0x266300000000000, rsp = 0, rbp = 0 --- [12282] KDB: enter: panic __curthread () at /usr/src/sys/amd64/include/pcpu_aux.h:55 55 __asm("movq %%gs:%P1,%0" : "=r" (td) : "n" (offsetof(struct pcpu, (kgdb) where #0 __curthread () at /usr/src/sys/amd64/include/pcpu_aux.h:55 #1 doadump (textdump=textdump@entry=0) at /usr/src/sys/kern/kern_shutdown.c:399 #2 0xffffffff804c30fa in db_dump (dummy=<optimized out>, dummy2=<unavailable>, dummy3=<unavailable>, dummy4=<unavailable>) at /usr/src/sys/ddb/db_command.c:575 #3 0xffffffff804c2fb2 in db_command (last_cmdp=<optimized out>, cmd_table=<optimized out>, dopager=dopager@entry=1) at /usr/src/sys/ddb/db_command.c:482 #4 0xffffffff804c2c0d in db_command_loop () at /usr/src/sys/ddb/db_command.c:535 #5 0xffffffff804c60b6 in db_trap (type=<optimized out>, code=<optimized out>) at /usr/src/sys/ddb/db_main.c:270 #6 0xffffffff80c7a676 in kdb_trap (type=type@entry=3, code=code@entry=0, tf=tf@entry=0xfffffe017fd62480) at /usr/src/sys/kern/subr_kdb.c:733 #7 0xffffffff810ebd19 in trap (frame=0xfffffe017fd62480) at /usr/src/sys/amd64/amd64/trap.c:607 #8 <signal handler called> #9 kdb_enter (why=0xffffffff812e57c1 "panic", msg=<optimized out>) at /usr/src/sys/kern/subr_kdb.c:506 #10 0xffffffff80c2c900 in vpanic (fmt=0xffffffff811c2a3b "tcp_m_copym, length > size of mbuf chain", ap=ap@entry=0xfffffe017fd625e0) at /usr/src/sys/kern/kern_shutdown.c:908 #11 0xffffffff80c2c693 in panic (fmt=0xffffffff81e9d040 <cnputs_mtx> "\302&*\201\377\377\377\377") at /usr/src/sys/kern/kern_shutdown.c:844 #12 0xffffffff80e11a3b in tcp_m_copym (m=0x0, m@entry=0xfffff80bc680b500, off0=1388, plen=<optimized out>, plen@entry=0xfffffe017fd6282c, seglimit=1, seglimit@entry=0, segsize=segsize@entry=0, sb=<optimized out>, hw_tls=<optimized out>) at /usr/src/sys/netinet/tcp_output.c:2011 #13 0xffffffff80e0f893 in tcp_output (tp=<optimized out>) at /usr/src/sys/netinet/tcp_output.c:1091 #14 0xffffffff80e0607a in tcp_do_segment (m=<optimized out>, th=0xfffff80bc659e87a, so=<optimized out>, tp=0xfffffe0252e24000, drop_hdrlen=40, tlen=<optimized out>, iptos=0 '\000') at /usr/src/sys/netinet/tcp_input.c:2822 #15 0xffffffff80e025bd in tcp_input_with_port (mp=<optimized out>, offp=<optimized out>, proto=<optimized out>, port=port@entry=0) at /usr/src/sys/netinet/tcp_input.c:1400 #16 0xffffffff80e0340b in tcp_input (mp=0xffffffff81e9d040 <cnputs_mtx>, offp=0x80, proto=-2127893703) at /usr/src/sys/netinet/tcp_input.c:1496 #17 0xffffffff80df3d22 in ip_input (m=0x0) at /usr/src/sys/netinet/ip_input.c:834 #18 0xffffffff80d76f4f in netisr_dispatch_src (proto=1, source=source@entry=0, m=0xfffff80bc659e800) at /usr/src/sys/net/netisr.c:1143 #19 0xffffffff80d7729f in netisr_dispatch (proto=2179584064, m=0xffffffff812aeb39) at /usr/src/sys/net/netisr.c:1234 #20 0xffffffff80d5961e in ether_demux (ifp=ifp@entry=0xfffff8010731e800, m=0x80) at /usr/src/sys/net/if_ethersubr.c:921 #21 0xffffffff80d5ac98 in ether_input_internal (ifp=0xfffff8010731e800, m=0x80) at /usr/src/sys/net/if_ethersubr.c:707 #22 ether_nh_input (m=<optimized out>) at /usr/src/sys/net/if_ethersubr.c:737 #23 0xffffffff80d76f4f in netisr_dispatch_src (proto=proto@entry=5, source=source@entry=0, m=m@entry=0xfffff80bc659e800) at /usr/src/sys/net/netisr.c:1143 #24 0xffffffff80d7729f in netisr_dispatch (proto=2179584064, proto@entry=5, m=0xffffffff812aeb39, m@entry=0xfffff80bc659e800) at /usr/src/sys/net/netisr.c:1234 #25 0xffffffff80d59ae9 in ether_input (ifp=0xfffff8010731e800, m=0xfffff80bc659e800) at /usr/src/sys/net/if_ethersubr.c:828 #26 0xffffffff80d72cc7 in iflib_rxeof (rxq=<optimized out>, rxq@entry=0xfffffe017ff65340, budget=<optimized out>) at /usr/src/sys/net/iflib.c:3046 #27 0xffffffff80d6ca6a in _task_fn_rx (context=0xfffffe017ff65340) at /usr/src/sys/net/iflib.c:3989 #28 0xffffffff80c78927 in gtaskqueue_run_locked (queue=queue@entry=0xfffff80105860600) at /usr/src/sys/kern/subr_gtaskqueue.c:371 #29 0xffffffff80c78752 in gtaskqueue_thread_loop (arg=arg@entry=0xfffffe017fed5020) at /usr/src/sys/kern/subr_gtaskqueue.c:547 #30 0xffffffff80be4ce0 in fork_exit (callout=0xffffffff80c78690 <gtaskqueue_thread_loop>, arg=0xfffffe017fed5020, frame=0xfffffe017fd62f40) at /usr/src/sys/kern/kern_fork.c:1092 #31 <signal handler called> #32 0x0266300000000000 in ?? () Backtrace stopped: Cannot access memory at address 0x0 (kgdb) Let me know what you need from the dump. -- You are receiving this mail because: You are the assignee for the bug.