Date: Tue, 25 Jun 2019 12:18:43 +0300 From: "Andrey V. Elsukov" <bu7cher@yandex.ru> To: Larry Rosenman <ler@lerctr.org> Cc: freebsd-current@freebsd.org, freebsd-net@freebsd.org Subject: Re: ng_snd_item: Panic? Message-ID: <f5c32384-ae8c-7dcf-cff7-b2053bb8a03b@yandex.ru> In-Reply-To: <d1d85d35671198f1cb41f4f781a91587@lerctr.org> References: <20190624183200.hu4vzocjsopjsnnz@ler-imac.local> <c3de35e2-0954-9811-8600-85e059c61464@yandex.ru> <d1d85d35671198f1cb41f4f781a91587@lerctr.org>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --GTseMcnxxuoYZ926VnWhJq0AiOFNjcq3Z Content-Type: multipart/mixed; boundary="Gj8DifvlaNd17w6FNJpzqBuXQ23ABTZFQ"; protected-headers="v1" From: "Andrey V. Elsukov" <bu7cher@yandex.ru> To: Larry Rosenman <ler@lerctr.org> Cc: freebsd-current@freebsd.org, freebsd-net@freebsd.org Message-ID: <f5c32384-ae8c-7dcf-cff7-b2053bb8a03b@yandex.ru> Subject: Re: ng_snd_item: Panic? References: <20190624183200.hu4vzocjsopjsnnz@ler-imac.local> <c3de35e2-0954-9811-8600-85e059c61464@yandex.ru> <d1d85d35671198f1cb41f4f781a91587@lerctr.org> In-Reply-To: <d1d85d35671198f1cb41f4f781a91587@lerctr.org> --Gj8DifvlaNd17w6FNJpzqBuXQ23ABTZFQ Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable On 24.06.2019 23:10, Larry Rosenman wrote: >>> #5=C2=A0 0xffffffff828ee5b7 in ng_snd_item (item=3D0xfffff8021e3b4d80= , flags=3D0) >>> =C2=A0=C2=A0=C2=A0 at /usr/src/sys/netgraph/ng_base.c:2252 >> >> It looks like you use some netgraph based ethernet interface. >> The system got received ARP request and is going to send the reply, >> but somehow mbuf with this ARP request has initialized m_next pointer,= >> thus it is considered as a chain of mbufs. >> >> in_arpinput() reuses received mbuf to construct the reply, but it >> doesn't check that an mbut is a chain. It just sets m_len and sends it= =2E >> Then since you have INVARIANTS in your kernel, the netgraph code check= >> the actual length of the chain, and it doesn't match to m_len. It pani= cs. >=20 >=20 > so, is this a bug?=C2=A0 Timing race? Other? I think we should determine that my assumption is correct :) Can you show the output of the following commands from the kgdb for this core? (kgdb) f 7 (kgdb) p *m (kgdb) p *m->m_next --=20 WBR, Andrey V. Elsukov --Gj8DifvlaNd17w6FNJpzqBuXQ23ABTZFQ-- --GTseMcnxxuoYZ926VnWhJq0AiOFNjcq3Z Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQEzBAEBCAAdFiEE5lkeG0HaFRbwybwAAcXqBBDIoXoFAl0R5vMACgkQAcXqBBDI oXrI+ggAu+FdQZOmI9Lr1ldSMr3IYofxiPX+e1/nzX3KE8zS++BnV8HUxQB2wAF0 MisTfSFuEO2yT6wZGMSfxdWUWcIiQLTKTSdOi2fjlJaXK1i7JAkVKIw+40Fk1OJo xLP4zfdxDvHaiYe6AImm1UJ6iSv4gQNZihP09W//UKrZg5LM0q5vNKkjMz/lqCHT mQhXuPJLIkAAuZxljdnoFVVz0m4KeOkFFqxlgZMMR5Quuh0P6QJQ5s+Iff4i7Z7/ MTC34e0GivO1Sn1bGnISRTh903YjAKNNgyN9xCA6Rbs5L3gp8aLs8zS5EoARLT1/ qEKo7xQj4bX7ob2221ZqwEMLVJoTlw== =0D0U -----END PGP SIGNATURE----- --GTseMcnxxuoYZ926VnWhJq0AiOFNjcq3Z--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?f5c32384-ae8c-7dcf-cff7-b2053bb8a03b>