Date: Sun, 11 Jan 2004 00:33:07 +0100 From: Andre Oppermann <andre@freebsd.org> To: David Gilbert <dgilbert@dclg.ca>, freebsd-net@freebsd.org, freebsd-current@freebsd.org Subject: Re: off-by-one error in ip_fragment, recently. Message-ID: <40008BB3.B35CC892@freebsd.org> References: <16384.14322.83258.940369@canoe.dclg.ca> <40008783.330FAFF4@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Andre Oppermann wrote: > > David Gilbert wrote: > > > > I just updated a machine that uses GRE to -CURRENT. Upon rebooting, > > the debugger stopped at the following: > > > > "panic: m_copym, offset > size of mbuf chain" > > There are two possible ways this can happen: The function m_copym > was called with off == 0, or off == m->m_len. Neither is supposed > to happen (obviously) so the bug must be in ip_fragment. Lets have > a look at that next... > > > panic() > > m_copym() > > ip_fragment() > > ip_output() > > gre_output() > > ip_output() > > udp_output() > > upd_send() > > sosend() > > kern_sendit() > > sendit() > > sendto() > > syscall() > > xint0x80_syscall() > > > > ... now I'm not sure that the error is perfectly technically > > off-by-one, but its something similar. > > Is this panic reproduceable? What kind of traffic was going on > at that time? Or was it right away when you started using the > GRE tunnel? Ok, I should read the email again instead of the code. You said it happens on booting. I'm not in the office and my test boxen are there. I don't want to panic it from home. On Monday I'll look at it in more detail. Having a full backtrace will help alot since the ip_fragment code is not that easy to step through. > Could you please open a PR with this information too? It helps > keeping track of the progress. -- Andre
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?40008BB3.B35CC892>