panic m_demote: m_nextpkt not NULL

From: Mark Atkinson <atkin901_at_gmail.com>
Date: Fri, 05 Sep 2014 08:38:10 -0700
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

r271093 GENERIC amd64.   Received this panic in the tcp reassembly code:

Unread portion of the kernel message buffer:
panic: m_demote: m_nextpkt not NULL
cpuid = 0
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame
0xfffffe011331b410
kdb_backtrace() at kdb_backtrace+0x39/frame 0xfffffe011331b4c0
vpanic() at vpanic+0x189/frame 0xfffffe011331b540
kassert_panic() at kassert_panic+0x139/frame 0xfffffe011331b5b0
m_demote() at m_demote+0x79/frame 0xfffffe011331b5e0
sbappendstream_locked() at sbappendstream_locked+0x4b/frame
0xfffffe011331b600
tcp_reass() at tcp_reass+0x3bd/frame 0xfffffe011331b660
tcp_do_segment() at tcp_do_segment+0x1b01/frame 0xfffffe011331b750
tcp_input() at tcp_input+0xf67/frame 0xfffffe011331b890
ip_input() at ip_input+0xce/frame 0xfffffe011331b8e0
netisr_dispatch_src() at netisr_dispatch_src+0x86/frame 0xfffffe011331b950
ether_demux() at ether_demux+0x141/frame 0xfffffe011331b980
ether_nh_input() at ether_nh_input+0x32a/frame 0xfffffe011331b9b0
netisr_dispatch_src() at netisr_dispatch_src+0x86/frame 0xfffffe011331ba20
ether_input() at ether_input+0x4f/frame 0xfffffe011331ba50
if_input() at if_input+0xa/frame 0xfffffe011331ba60
em_rxeof() at em_rxeof+0x2bd/frame 0xfffffe011331bae0
em_handle_que() at em_handle_que+0x40/frame 0xfffffe011331bb20
taskqueue_run_locked() at taskqueue_run_locked+0xf0/frame
0xfffffe011331bb80
taskqueue_thread_loop() at taskqueue_thread_loop+0x9b/frame
0xfffffe011331bbb0
fork_exit() at fork_exit+0x84/frame 0xfffffe011331bbf0
fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe011331bbf0
- --- trap 0, rip = 0, rsp = 0xfffffe011331bcb0, rbp = 0 ---
Uptime: 41m32s
Dumping 357 out of 3937
MB:..5%..14%..23%..32%..41%..54%..63%..72%..81%..95%


(kgdb) bt
#0  doadump (textdump=1) at pcpu.h:219
#1  0xffffffff8090d6b7 in kern_reboot (howto=260)
    at /usr/src/sys/kern/kern_shutdown.c:447
#2  0xffffffff8090dc58 in vpanic (fmt=<value optimized out>,
    ap=<value optimized out>) at /usr/src/sys/kern/kern_shutdown.c:746
#3  0xffffffff8090da89 in kassert_panic (fmt=<value optimized out>)
    at /usr/src/sys/kern/kern_shutdown.c:634
#4  0xffffffff80983b59 in m_demote (m0=0xfffff80067044c00,
    all=<value optimized out>) at /usr/src/sys/kern/uipc_mbuf.c:402
#5  0xffffffff8098b0ab in sbappendstream_locked (sb=0xfffff8009914c090,
    m=0xfffff80067044c00) at /usr/src/sys/kern/uipc_sockbuf.c:532
#6  0xffffffff80ac15ed in tcp_reass (tp=0xfffff80099115000,
    th=<value optimized out>, tlenp=<value optimized out>,
    m=<value optimized out>) at /usr/src/sys/netinet/tcp_reass.c:264
#7  0xffffffff80abbb41 in tcp_do_segment (m=0xfffff80067044c00,
    th=0xfffff80067091022, so=0xfffff8009914c000, tp=<value optimized
out>,
    drop_hdrlen=<value optimized out>, tlen=1448, ti_locked=1)
    at /usr/src/sys/netinet/tcp_input.c:2917
#8  0xffffffff80ab9667 in tcp_input (mp=<value optimized out>,
    offp=<value optimized out>, proto=0)
    at /usr/src/sys/netinet/tcp_input.c:1383
#9  0xffffffff80a4f6fe in ip_input (m=0x0)
    at /usr/src/sys/netinet/ip_input.c:729
#10 0xffffffff809e9046 in netisr_dispatch_src (proto=<value optimized
out>,
    source=<value optimized out>, m=0xfffff80067044c00)
    at /usr/src/sys/net/netisr.c:968
#11 0xffffffff809dfe91 in ether_demux (ifp=<value optimized out>,
    m=0xfffff80067044c00) at /usr/src/sys/net/if_ethersubr.c:775
#12 0xffffffff809e0bea in ether_nh_input (m=<value optimized out>)
    at /usr/src/sys/net/if_ethersubr.c:582
#13 0xffffffff809e9046 in netisr_dispatch_src (proto=<value optimized
out>,
    source=<value optimized out>, m=0xfffff80067044c00)
    at /usr/src/sys/net/netisr.c:968
#14 0xffffffff809e019f in ether_input (ifp=0xfffff80002c08000, m=0x0)
    at /usr/src/sys/net/if_ethersubr.c:683
#15 0xffffffff809dd1da in if_input (ifp=0x0, sendmp=0x0)
    at /usr/src/sys/net/if.c:3909
#16 0xffffffff804dd51d in em_rxeof (count=99)
    at /usr/src/sys/dev/e1000/if_em.c:4485
#17 0xffffffff804dce00 in em_handle_que (context=0xfffffe0000d23000,
    pending=<value optimized out>) at /usr/src/sys/dev/e1000/if_em.c:1522
#18 0xffffffff80956bb0 in taskqueue_run_locked (queue=0xfffff80002957000)
    at /usr/src/sys/kern/subr_taskqueue.c:356
#19 0xffffffff809576ab in taskqueue_thread_loop (arg=<value optimized
out>)
    at /usr/src/sys/kern/subr_taskqueue.c:623
#20 0xffffffff808db5f4 in fork_exit (
    callout=0xffffffff80957610 <taskqueue_thread_loop>,
    arg=0xfffffe0000d25738, frame=0xfffffe011331bc00)
    at /usr/src/sys/kern/kern_fork.c:977
#21 0xffffffff80d0607e in fork_trampoline ()
    at /usr/src/sys/amd64/amd64/exception.S:605
#22 0x0000000000000000 in ?? ()
(kgdb) frame 4
#4  0xffffffff80983b59 in m_demote (m0=0xfffff80067044c00,
    all=<value optimized out>) at /usr/src/sys/kern/uipc_mbuf.c:402
402                             KASSERT(m->m_nextpkt == NULL,
(kgdb) list
397                             m_tag_delete_chain(m, NULL);
398                             m->m_flags &= ~M_PKTHDR;
399                             bzero(&m->m_pkthdr, sizeof(struct
pkthdr));
400                     }
401                     if (m != m0 && m->m_nextpkt != NULL) {
402                             KASSERT(m->m_nextpkt == NULL,
403                                 ("%s: m_nextpkt not NULL", __func__));
404                             m_freem(m->m_nextpkt);
405                             m->m_nextpkt = NULL;
406                     }

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlQJ2OIACgkQrDN5kXnx8yZD8wCfXhx5DquDyqQ0YpqhopFxZfwy
ZhkAn0ZAfFcCQNLbOSTYnmxf+dJYGvA8
=mPMI
-----END PGP SIGNATURE-----
Received on Fri Sep 05 2014 - 13:38:38 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:40:51 UTC