From owner-freebsd-current@FreeBSD.ORG Sat Jan 10 17:59:55 2004 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 96C6C16A4CE; Sat, 10 Jan 2004 17:59:55 -0800 (PST) Received: from sizone.org (mortar.sizone.org [65.126.154.242]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5425A43D1D; Sat, 10 Jan 2004 17:59:54 -0800 (PST) (envelope-from dgilbert@daveg.ca) Received: by sizone.org (Postfix, from userid 66) id AC82E307CA; Sat, 10 Jan 2004 20:59:53 -0500 (EST) Received: by canoe.dclg.ca (Postfix, from userid 101) id E4B1E1D1F65; Sat, 10 Jan 2004 20:59:51 -0500 (EST) From: David Gilbert MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <16384.44567.797902.985587@canoe.dclg.ca> Date: Sat, 10 Jan 2004 20:59:51 -0500 To: Andre Oppermann In-Reply-To: <40008783.330FAFF4@freebsd.org> References: <16384.14322.83258.940369@canoe.dclg.ca> <40008783.330FAFF4@freebsd.org> X-Mailer: VM 7.17 under 21.4 (patch 14) "Reasonable Discussion" XEmacs Lucid cc: freebsd-net@freebsd.org cc: freebsd-current@freebsd.org cc: David Gilbert Subject: Re: off-by-one error in ip_fragment, recently. X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 11 Jan 2004 01:59:55 -0000 >>>>> "Andre" == Andre Oppermann writes: Andre> There are two possible ways this can happen: The function Andre> m_copym was called with off == 0, or off == m->m_len. Neither Andre> is supposed to happen (obviously) so the bug must be in Andre> ip_fragment. Lets have a look at that next... I got there pretty quickly, too. Andre> Is this panic reproduceable? What kind of traffic was going on Andre> at that time? Or was it right away when you started using the Andre> GRE tunnel? It happens during the boot. I'm working on clearing off a drive so that I can get a crash dump with symbols. I have the following in rc.conf: cloned_interfaces="gre0" ifconfig_dc0="DHCP" ifconfig_wi0="inet x.y.z.105/29 media autoselect mode 11b mediaopt hostap ssid DaveG.ca channel 11" ifconfig_gre0="inet x.y.z.114 x.y.z.113 netmask 255.255.255.252 tunnel a.b.27.151 x.y.z.17" ifconfig_sis0="inet x.y.z.81/28" static_routes="tunnel default" route_tunnel="x.y.z.17/32 a.b.24.1" route_default="default x.y.z.113" dhcp picks up a.b.27.151 from my cable provider relatively dependably. So wi0 and sis0 are internal networks and dc0 is the external interface. gre0 runs over dc0. The crash happens after a few of the daemons start. It's a UDP send that's large enough to fragment. It could be a large dns packet or ntp. Not sure exactly. Andre> Could you please open a PR with this information too? It helps Andre> keeping track of the progress. I'll be opening the PR tomorrow once I have a crash dump and a better trace. This configuration is working in a kernel from 5.1-CURRENT built in october. Dave. -- ============================================================================ |David Gilbert, Independent Contractor. | Two things can only be | |Mail: dave@daveg.ca | equal if and only if they | |http://daveg.ca | are precisely opposite. | =========================================================GLO================