From owner-freebsd-stable@FreeBSD.ORG  Wed Nov 10 11:10:59 2004
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 8A22116A4CE; Wed, 10 Nov 2004 11:10:59 +0000 (GMT)
Received: from mail.struchtrup.de (mail.struchtrup.de [80.190.247.172])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id E847543D41; Wed, 10 Nov 2004 11:10:56 +0000 (GMT)
	(envelope-from sebastian@struchtrup.de)
Received: from p5087da2f.dip0.t-ipconnect.de ([80.135.218.47] helo=[10.0.0.2])
	by mail.struchtrup.de with esmtpsa (TLSv1:AES256-SHA:256)
	(Exim 4.42 (FreeBSD))
	id 1CRqM1-0003Fi-Ub; Wed, 10 Nov 2004 11:09:34 +0000
Message-ID: <4191F724.2010405@struchtrup.de>
Date: Wed, 10 Nov 2004 12:10:28 +0100
From: Sebastian Schulze Struchtrup <sebastian@struchtrup.de>
User-Agent: Mozilla Thunderbird 0.9 (X11/20041108)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Robert Watson <rwatson@freebsd.org>
References: <Pine.NEB.3.96L.1041110094326.60848U-100000@fledge.watson.org>
In-Reply-To: <Pine.NEB.3.96L.1041110094326.60848U-100000@fledge.watson.org>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Struchtrup-MailScanner-Information: Please contact the ISP for more
	information
X-Struchtrup-MailScanner: Found to be clean
X-MailScanner-From: sebastian@struchtrup.de
cc: freebsd-stable@freebsd.org
cc: Arjan Van Leeuwen <avleeuwen@gmail.com>
Subject: Re: Panic in 5.3, related to network traffic
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Production branch of FreeBSD source code
	<freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 10 Nov 2004 11:10:59 -0000


>Hmm.  Odd.  The stack trace in your screen shot shows the same mbuf being
>passed to icmp_error() was was passed to ip_forward().  This suggests,
>given the other arguments, that it's actually the call to icmp_error() on
>line 1650, not 1879.  I wonder if addr2line is getting confused.
>
It seems that this is the usual enemy of debugging: compiler optimisation.
There's actually only one call. The call in line 1650 jumps to the one 
generated by line 1879.

(line numbers don't match, because I am runnig 6-Current on this machine)

/usr/src/sys/netinet/ip_input.c:1711  (1650)
    103a:       6a 00                   push   $0x0
    103c:       6a 00                   push   $0x0
    103e:       6a 01                   push   $0x1
    1040:       6a 03                   push   $0x3
    1042:       56                      push   %esi
    1043:       e9 fa fd ff ff          jmp    e42 <ip_forward+0x1a6>

/usr/src/sys/netinet/ip_input.c:1711   (1650)
     e41:       56                      push   %esi
/usr/src/sys/netinet/ip_input.c:1940   (1879)
     e42:       e8 fc ff ff ff          call   e43 <ip_forward+0x1a7>
     e47:       eb e8                   jmp    e31 <ip_forward+0x195>


>  If you use kgdb on the kernel.debug and do:
>
>    l *icmp_error+0x191
>    l *ip_forward+0x3d1
>
>Do you get different answers?
>  
>

Maybe it would help to compile the kernel with INVARIANTS.
Then we should get a false assertion somewhere earlier and closer to the 
problem.

I assume that their is an invalid/null mbuf somewhere. It seems that 
this comes more or less directly from the inferface driver.

Just my two cents...