[Bug 264257] [tcp] Panic: Fatal trap 12: page fault while in kernel mode (if_io_tqg_4) - m_copydata ... at /usr/src/sys/kern/uipc_mbuf.c:659

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=264257

--- Comment #27 from Richard Scheffenegger <rscheff@freebsd.org> ---
(In reply to iron.udjin from comment #25)

I've prepared a patch against main (may need some manual tweaking to apply to
13.1-RELEASE as of now) 
wget https://reviews.freebsd.org/D35446?id=106838&download=true

If the kernel is built with INVARIANTS, it should panic early on, once an
inconsistency between the socket sendbuffer and tcp state variables is detected
- instead of panicing a few packets later, when that inconsistency results in a
invalid pointer access...

If the kernel is built without INVARIANTS, the kernel log buffer (dmesg) should
provide some hints as to when/where the inconsistency first occured, which may
gve more indirect clues. But it would address the inconsistency right away, and
continue operation.

If the panic was observed during a DDOS, this strengthens the clue that there
exists a race condition (double-accounting for the FIN bit). However, prior to
the introduction of SACK rescue retransmissions, this never materially affected
TCP operations, as the socket buffer data would be used directly to see what
sequence range to send, rather than the SACK scoreboard data.

-- 
You are receiving this mail because:
You are the assignee for the bug.
You are on the CC list for the bug.