On 06/25/2019 4:18 am, Andrey V. Elsukov wrote: > On 24.06.2019 23:10, Larry Rosenman wrote: >>>> #5 0xffffffff828ee5b7 in ng_snd_item (item=0xfffff8021e3b4d80, >>>> flags=0) >>>> at /usr/src/sys/netgraph/ng_base.c:2252 >>> >>> It looks like you use some netgraph based ethernet interface. >>> The system got received ARP request and is going to send the reply, >>> but somehow mbuf with this ARP request has initialized m_next >>> pointer, >>> thus it is considered as a chain of mbufs. >>> >>> in_arpinput() reuses received mbuf to construct the reply, but it >>> doesn't check that an mbut is a chain. It just sets m_len and sends >>> it. >>> Then since you have INVARIANTS in your kernel, the netgraph code >>> check >>> the actual length of the chain, and it doesn't match to m_len. It >>> panics. >> >> >> so, is this a bug? Timing race? Other? > > I think we should determine that my assumption is correct :) > Can you show the output of the following commands from the kgdb for > this > core? > > (kgdb) f 7 > (kgdb) p *m > (kgdb) p *m->m_next (kgdb) fr 7 #7 0xffffffff805b1e43 in ether_output (ifp=<optimized out>, m=0xfffff81f59eefb00, dst=0xfffffe012628d740, ro=<optimized out>) at /usr/src/sys/net/if_ethersubr.c:430 430 if ((error = (*ng_ether_output_p)(ifp, &m)) != 0) { (kgdb) p *m $1 = {{m_next = 0xfffff81086c9dd00, m_slist = {sle_next = 0xfffff81086c9dd00}, m_stailq = {stqe_next = 0xfffff81086c9dd00}}, {m_nextpkt = 0x0, m_slistpkt = {sle_next = 0x0}, m_stailqpkt = {stqe_next = 0x0}}, m_data = 0xfffff81f59eefb72 "\004\311\331c\"\207\244\272\333)f\225\b\006", m_len = 42, m_type = 1, m_flags = 2, {{m_pkthdr = {{snd_tag = 0x0, rcvif = 0x0}, tags = {slh_first = 0xfffff8104c530d60}, len = 42, flowid = 0, csum_flags = 0, fibnum = 0, numa_domain = 255 '\377', rsstype = 0 '\000', {rcv_tstmp = 0, {l2hlen = 0 '\000', l3hlen = 0 '\000', l4hlen = 0 '\000', l5hlen = 0 '\000', spare = 0}}, PH_per = {eight = "\000\000\000\000\000\000\000", sixteen = {0, 0, 0, 0}, thirtytwo = {0, 0}, sixtyfour = { 0}, unintptr = {0}, ptr = 0x0}, PH_loc = {eight = "\000\000\000\000\000\000\000", sixteen = {0, 0, 0, 0}, thirtytwo = {0, 0}, sixtyfour = {0}, unintptr = {0}, ptr = 0x0}}, {m_ext = {{ext_count = 3735929054, ext_cnt = 0xdeadc0dedeadc0de}, ext_buf = 0x200000207 <error: Cannot access memory at address 0x200000207>, ext_size = 99483648, ext_type = 0, ext_flags = 0, ext_free = 0x872263d9c9040000, ext_arg1 = 0x608956629dbbaa4, ext_arg2 = 0x200040600080100}, m_pktdat = 0xfffff81f59eefb58 "\336\300\255\336\336\300\255\336\a\002"}}, m_dat = 0xfffff81f59eefb20 ""}} (kgdb) p *m->m_next $2 = {{m_next = 0x0, m_slist = {sle_next = 0x0}, m_stailq = {stqe_next = 0x0}}, {m_nextpkt = 0x0, m_slistpkt = {sle_next = 0x0}, m_stailqpkt = {stqe_next = 0x0}}, m_data = 0xfffff8002144b800 "\004\002\b\n\001tWg\001tWg\001\003\003\006\255\336zڭ\336zڭ\336zڭ\336zڭ\336zڭ\336zڭ\336zڭ\336zڭ\336zڭ\336zڭ\336zڭ\336", <incomplete sequence \332>, m_len = 1372, m_type = 1, m_flags = 1, {{m_pkthdr = {{snd_tag = 0x0, rcvif = 0x0}, tags = {slh_first = 0x0}, len = 0, flowid = 0, csum_flags = 0, fibnum = 0, numa_domain = 0 '\000', rsstype = 0 '\000', {rcv_tstmp = 0, {l2hlen = 0 '\000', l3hlen = 0 '\000', l4hlen = 0 '\000', l5hlen = 0 '\000', spare = 0}}, PH_per = { eight = "\000\000\000\000\000\000\000", sixteen = {0, 0, 0, 0}, thirtytwo = {0, 0}, sixtyfour = {0}, unintptr = {0}, ptr = 0x0}, PH_loc = {eight = "\000\000\000\000\000\000\000", sixteen = {0, 0, 0, 0}, thirtytwo = {0, 0}, sixtyfour = {0}, unintptr = {0}, ptr = 0x0}}, {m_ext = {{ext_count = 1, ext_cnt = 0xdeadc0de00000001}, ext_buf = 0xfffff8002144b800 "\004\002\b\n\001tWg\001tWg\001\003\003\006\255\336zڭ\336zڭ\336zڭ\336zڭ\336zڭ\336zڭ\336zڭ\336zڭ\336zڭ\336zڭ\336zڭ\336", <incomplete sequence \332>, ext_size = 2048, ext_type = 6, ext_flags = 1, ext_free = 0x0, ext_arg1 = 0x0, ext_arg2 = 0x0}, m_pktdat = 0xfffff81086c9dd58 "\001"}}, m_dat = 0xfffff81086c9dd20 ""}} (kgdb) -- Larry Rosenman http://www.lerctr.org/~ler Phone: +1 214-642-9640 E-Mail: ler_at_lerctr.org US Mail: 5708 Sabbia Dr, Round Rock, TX 78665-2106Received on Tue Jun 25 2019 - 10:59:07 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:41:21 UTC