Date: Sun, 11 Jan 2004 00:15:15 +0100 From: Andre Oppermann <andre@freebsd.org> To: David Gilbert <dgilbert@dclg.ca> Cc: freebsd-current@freebsd.org Subject: Re: off-by-one error in ip_fragment, recently. Message-ID: <40008783.330FAFF4@freebsd.org> References: <16384.14322.83258.940369@canoe.dclg.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
David Gilbert wrote: > > I just updated a machine that uses GRE to -CURRENT. Upon rebooting, > the debugger stopped at the following: > > "panic: m_copym, offset > size of mbuf chain" There are two possible ways this can happen: The function m_copym was called with off == 0, or off == m->m_len. Neither is supposed to happen (obviously) so the bug must be in ip_fragment. Lets have a look at that next... > panic() > m_copym() > ip_fragment() > ip_output() > gre_output() > ip_output() > udp_output() > upd_send() > sosend() > kern_sendit() > sendit() > sendto() > syscall() > xint0x80_syscall() > > ... now I'm not sure that the error is perfectly technically > off-by-one, but its something similar. Is this panic reproduceable? What kind of traffic was going on at that time? Or was it right away when you started using the GRE tunnel? Could you please open a PR with this information too? It helps keeping track of the progress. -- Andre
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?40008783.330FAFF4>