From owner-freebsd-net@FreeBSD.ORG  Sat Jan 10 15:33:20 2004
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 92D0216A4CE
	for <freebsd-net@freebsd.org>; Sat, 10 Jan 2004 15:33:20 -0800 (PST)
Received: from mailtoaster1.pipeline.ch (mailtoaster1.pipeline.ch
	[62.48.0.70])	by mx1.FreeBSD.org (Postfix) with ESMTP id 5BC8343D5C
	for <freebsd-net@freebsd.org>; Sat, 10 Jan 2004 15:33:08 -0800 (PST)
	(envelope-from andre@freebsd.org)
Received: (qmail 48735 invoked from network); 10 Jan 2004 23:33:07 -0000
Received: from unknown (HELO freebsd.org) ([62.48.0.54])
          (envelope-sender <andre@freebsd.org>)
          by mailtoaster1.pipeline.ch (qmail-ldap-1.03) with SMTP
          for <dgilbert@dclg.ca>; 10 Jan 2004 23:33:07 -0000
Message-ID: <40008BB3.B35CC892@freebsd.org>
Date: Sun, 11 Jan 2004 00:33:07 +0100
From: Andre Oppermann <andre@freebsd.org>
X-Mailer: Mozilla 4.76 [en] (Windows NT 5.0; U)
X-Accept-Language: en
MIME-Version: 1.0
To: David Gilbert <dgilbert@dclg.ca>, freebsd-net@freebsd.org,
	freebsd-current@freebsd.org
References: <16384.14322.83258.940369@canoe.dclg.ca>
	<40008783.330FAFF4@freebsd.org>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Subject: Re: off-by-one error in ip_fragment, recently.
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 10 Jan 2004 23:33:20 -0000

Andre Oppermann wrote:
> 
> David Gilbert wrote:
> >
> > I just updated a machine that uses GRE to -CURRENT.  Upon rebooting,
> > the debugger stopped at the following:
> >
> > "panic: m_copym, offset > size of mbuf chain"
> 
> There are two possible ways this can happen:  The function m_copym
> was called with off == 0, or off == m->m_len.  Neither is supposed
> to happen (obviously) so the bug must be in ip_fragment.  Lets have
> a look at that next...
> 
> > panic()
> > m_copym()
> > ip_fragment()
> > ip_output()
> > gre_output()
> > ip_output()
> > udp_output()
> > upd_send()
> > sosend()
> > kern_sendit()
> > sendit()
> > sendto()
> > syscall()
> > xint0x80_syscall()
> >
> > ... now I'm not sure that the error is perfectly technically
> > off-by-one, but its something similar.
> 
> Is this panic reproduceable?  What kind of traffic was going on
> at that time?  Or was it right away when you started using the
> GRE tunnel?

Ok, I should read the email again instead of the code.  You said
it happens on booting.  I'm not in the office and my test boxen
are there.  I don't want to panic it from home.  On Monday I'll
look at it in more detail.  Having a full backtrace will help
alot since the ip_fragment code is not that easy to step through.

> Could you please open a PR with this information too?  It helps
> keeping track of the progress.

-- 
Andre