Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 21 Dec 1995 12:38:22 -0800
From:      Faried Nawaz <fn@pain.csrv.uidaho.edu>
To:        current@freebsd.org
Subject:   another m_copydata crash
Message-ID:  <199512212038.MAA00467@pain.csrv.uidaho.edu>

next in thread | raw e-mail | index | archive | help
i had > 3 crashes today, but /var/crash (actually /usr/crash) filled up
so i only got the first dump.


Script started on Thu Dec 21 12:35:25 1995
; gdb -k -q
(kgdb) symbol-file kernel.debug
Reading symbols from kernel.debug...done.
(kgdb) exec-file /var/crash/kernel.20
(kgdb) core-file /var/crash/vmcore.20
IdlePTD 1a2000
current pcb at 1937fc
panic: m_copydata
#0  boot (howto=3D256) at ../../i386/i386/machdep.c:913
913					savectx(&dumppcb, 0);
(kgdb) where
#0  boot (howto=3D256) at ../../i386/i386/machdep.c:913
#1  0xf010fbc3 in panic (fmt=3D0xf0118724 "m_copydata")
    at ../../kern/subr_prf.c:124
#2  0xf0118751 in m_copydata (m=3D0x0, off=3D-1, len=3D1, cp=3D0xf082a0e8 =
"")
    at ../../kern/uipc_mbuf.c:371
#3  0xf013b9b5 in tcp_output (tp=3D0xf06cba00) at ../../netinet/tcp_output=
.c:476
#4  0xf013ac4a in tcp_input (m=3D0xf082f280, iphlen=3D20)
    at ../../netinet/tcp_input.c:1629
#5  0xf0135b69 in ipintr () at ../../netinet/ip_input.c:464
#6  0xf0159ffd in swi_net_next ()
#7  0xf015f0d8 in cpu_switch ()
(kgdb) up
#1  0xf010fbc3 in panic (fmt=3D0xf0118724 "m_copydata")
    at ../../kern/subr_prf.c:124
124		boot(bootopt);
(kgdb) up
#2  0xf0118751 in m_copydata (m=3D0x0, off=3D-1, len=3D1, cp=3D0xf082a0e8 =
"")
    at ../../kern/uipc_mbuf.c:371
371			panic("m_copydata");
(kgdb) up
#3  0xf013b9b5 in tcp_output (tp=3D0xf06cba00) at ../../netinet/tcp_output=
.c:476
476				m_copydata(so->so_snd.sb_mb, off, (int) len,
(kgdb) print *tp
$1 =3D {seg_next =3D 0xf082f2ac, seg_prev =3D 0xf082f2ac, t_state =3D 4, t=
_timer =3D {0, =

    0, 14400, 0}, t_rxtshift =3D 0, t_rxtcur =3D 128, t_dupacks =3D 0, =

  t_maxseg =3D 492, t_maxopd =3D 512, t_force =3D 0, t_flags =3D 25057, =

  t_template =3D 0xf081b414, t_inpcb =3D 0xf076d700, snd_una =3D 406370359=
4, =

  snd_nxt =3D 4063703593, snd_up =3D 4063703593, snd_wl1 =3D 1720394763, =

  snd_wl2 =3D 4063703594, iss =3D 4063703593, snd_wnd =3D 16728, rcv_wnd =3D=
 16728, =

  rcv_nxt =3D 1720394754, rcv_up =3D 1720394754, irs =3D 1720394753, =

  rcv_adv =3D 1720411482, snd_max =3D 4063703594, snd_cwnd =3D 492, =

  snd_ssthresh =3D 984, t_idle =3D 0, t_rtt =3D 0, t_rtseq =3D 4063703593,=
 =

  t_srtt =3D 480, t_rttvar =3D 120, t_rttmin =3D 2, max_sndwnd =3D 16728, =

  t_oobflags =3D 0 '\000', t_iobc =3D 0 '\000', t_softerror =3D 0, =

  snd_scale =3D 0 '\000', rcv_scale =3D 0 '\000', request_r_scale =3D 0 '\=
000', =

  requested_s_scale =3D 0 '\000', ts_recent =3D 2539439, ts_recent_age =3D=
 309962, =

  last_ack_sent =3D 1720394754, cc_send =3D 4064, cc_recv =3D 37581, =

  t_duration =3D 58, t_tuba_pcb =3D 0x0, t_rttupdated =3D 1}
(kgdb) up
#4  0xf013ac4a in tcp_input (m=3D0xf082f280, iphlen=3D20)
    at ../../netinet/tcp_input.c:1629
1629		(void) tcp_output(tp);
(kgdb) print *m
$2 =3D {m_hdr =3D {mh_next =3D 0x0, mh_nextpkt =3D 0x0, mh_len =3D 0, =

    mh_data =3D 0xf082f2e8 "", mh_type =3D 1, mh_flags =3D 2}, M_dat =3D {=
MH =3D {
      MH_pkthdr =3D {len =3D 60, rcvif =3D 0xf0193c7c}, MH_dat =3D {MH_ext=
 =3D {
          ext_buf =3D 0x4000e898 <Address 0x4000e898 out of bounds>, =

          ext_free =3D 0x48782d33, ext_size =3D 17563648}, =

        MH_databuf =3D "\230=E8\000@3-xH\000\000\f\001\022\b\b\000\000=BAl=
=F0\000=BAl=F0\000\006\000\000=CD\213\001r\201erm\200=F2\202=F0\013$\213f*=
27=F2=A0\021XA\000\000\000\000\001\001\b\n\000&=BF=EB\000\004=BA=CA\001\00=
1\013\006\000\000\222=CD\000\000\000\000\000\000\000\000\001", '\000' <rep=
eats 14 times>}}, =

    M_databuf =3D "<\000\000\000|<\031=F0\230=E8\000@3-xH\000\000\f\001\02=
2\b\b\000\000=BAl=F0\000=BAl=F0\000\006\000\000=CD\213\001r\201erm\200=F2\=
202=F0\013$\213f*27=F2=A0\021XA\000\000\000\000\001\001\b\n\000&=BF=EB\000=
\004=BA=CA\001\001\013\006\000\000\222=CD\000\000\000\000\000\000\000\000\=
001", '\000' <repeats 14 times>}}
(kgdb) print *ti
$3 =3D {ti_i =3D {ih_next =3D 0xf06cba00 "=AC=F2\202=F0=AC=F2\202=F0\004",=
 =

    ih_prev =3D 0xf06cba00 "=AC=F2\202=F0=AC=F2\202=F0\004", ih_x1 =3D 0 '=
\000', =

    ih_pr =3D 6 '\006', ih_len =3D 0, ih_src =3D {s_addr =3D 1912703949}, =
ih_dst =3D {
      s_addr =3D 1836213633}}, ti_t =3D {th_sport =3D 62080, th_dport =3D =
61570, =

    th_seq =3D 1720394763, th_ack =3D 4063703594, th_x2 =3D 0 '\000', =

    th_off =3D 10 '\n', th_flags =3D 17 '\021', th_win =3D 16728, th_sum =3D=
 0, =

    th_urp =3D 0}}
(kgdb) up
#5  0xf0135b69 in ipintr () at ../../netinet/ip_input.c:464
464		goto next;
(kgdb) quit
; exit

Script done on Thu Dec 21 12:36:41 1995





Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199512212038.MAA00467>