Date: Fri, 02 Aug 1996 21:49:29 -0700 From: Amancio Hasty <hasty@rah.star-gate.com> To: hackers@freebsd.org Subject: Help! (Re: m_copym crash ) Message-ID: <199608030449.VAA00378@rah.star-gate.com> In-Reply-To: Your message of "Fri, 02 Aug 1996 06:54:27 PDT." <199608021354.GAA00394@rah.star-gate.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Here is stack trace dump
{root} gdb -k
GDB is free software and you are welcome to distribute copies of it
under certain conditions; type "show copying" to see the conditions.
There is absolutely no warranty for GDB; type "show warranty" for details.
GDB 4.13 (i386-unknown-freebsd), Copyright 1994 Free Software Foundation, Inc.
(kgdb) pwd
Working directory /usr/src/sys/compile/STAR-GATE.
(kgdb) ls
Undefined command: "ls". Try "help".
(kgdb) symbol-file kernel.debug
Reading symbols from kernel.debug...done.
(kgdb) exec-file /var/crash/kernel.0
/var/crash/kernel.0: No such file or directory.
(kgdb) exec-file /usr/crash/kernel.0
(kgdb) core-file /var/crash/vmcore.0
/var/crash/vmcore.0: No such file or directory.
(kgdb) core-file /usr/crash/vmcore.0
IdlePTD ab9000
current pcb at 223184
panic: m_copym 3
#0 boot (howto=260) at ../../i386/i386/machdep.c:750
750 dumppcb.pcb_cr3 = rcr3();
(kgdb) bt
#0 boot (howto=260) at ../../i386/i386/machdep.c:750
#1 0xf0119a67 in panic (fmt=0x0) at ../../kern/subr_prf.c:127
#2 0xf01014fa in db_fncall (dummy1=-267280555, dummy2=0, dummy3=-272630584,
dummy4=0xefbffc88 "") at ../../ddb/db_command.c:493
#3 0xf010122e in db_command (last_cmdp=0xf020bb34, cmd_table=0xf020b994)
at ../../ddb/db_command.c:288
#4 0xf01013ad in db_command_loop () at ../../ddb/db_command.c:417
#5 0xf0103758 in db_trap (type=3, code=0) at ../../ddb/db_trap.c:73
#6 0xf01c4baa in kdb_trap (type=3, code=0, regs=0xefbffd78)
at ../../i386/i386/db_interface.c:136
#7 0xf01cd49c in trap (frame={tf_es = 16, tf_ds = 16, tf_edi = -272630280,
tf_esi = -267228959, tf_ebp = -272630340, tf_isp = -272630368,
tf_ebx = 256, tf_edx = -266580571, tf_ecx = 2000, tf_eax = 18,
tf_trapno = 3, tf_err = 0, tf_eip = -266580525, tf_cs = 8,
tf_eflags = 582, tf_esp = -266580587, tf_ss = -267281922})
at ../../i386/i386/trap.c:402
#8 0xf01c5421 in calltrap ()
#9 0xf0119a5e in panic (fmt=0xf01268e1 "m_copym 3")
at ../../kern/subr_prf.c:125
#10 0xf012698f in m_copym (m=0xf1499400, off0=608, len=301, wait=1)
at ../../kern/uipc_mbuf.c:363
#11 0xf0156518 in tcp_output (tp=0xf17e2d00) at ../../netinet/tcp_output.c:496
#12 0xf01584b4 in tcp_disconnect (tp=0xf17e2d00)
---Type <return> to continue, or q <return> to quit---
at ../../netinet/tcp_usrreq.c:1092
#13 0xf0157a44 in tcp_usr_disconnect (so=0xf17e2e00)
at ../../netinet/tcp_usrreq.c:590
#14 0xf0127dd8 in sodisconnect (so=0xf17e2e00) at ../../kern/uipc_socket.c:302
#15 0xf0127b86 in soclose (so=0xf17e2e00) at ../../kern/uipc_socket.c:189
#16 0xf011c687 in soo_close (fp=0xf178b900, p=0xf17d7000)
at ../../kern/sys_socket.c:206
#17 0xf010d5c4 in closef (fp=0xf178b900, p=0xf17d7000)
at ../../kern/kern_descrip.c:889
#18 0xf010ccdf in close (p=0xf17d7000, uap=0xefbfff94, retval=0xefbfff84)
at ../../kern/kern_descrip.c:390
#19 0xf01cdef7 in syscall (frame={tf_es = 39, tf_ds = 39, tf_edi = 5,
tf_esi = 0, tf_ebp = -272644908, tf_isp = -272629788, tf_ebx = 220000,
tf_edx = 217124, tf_ecx = 22, tf_eax = 6, tf_trapno = 12, tf_err = 7,
tf_eip = 134917857, tf_cs = 31, tf_eflags = 518, tf_esp = -272644948,
tf_ss = 39}) at ../../i386/i386/trap.c:890
#20 0xf01c5475 in Xsyscall ()
#21 0x1f35a in ?? ()
#22 0x1f24e in ?? ()
#23 0x1f4cb in ?? ()
#24 0x1ed0d in ?? ()
#25 0x227f9 in ?? ()
#26 0xa2d4 in ?? ()
---Type <return> to continue, or q <return> to quit---
#27 0x294cc in ?? ()
#28 0xa2d4 in ?? ()
#29 0xb251 in ?? ()
#30 0xa2d4 in ?? ()
#31 0x1f6c in ?? ()
#32 0x22ea in ?? ()
#33 0xa022 in ?? ()
#34 0x294cc in ?? ()
#35 0xa2d4 in ?? ()
#36 0x1f6c in ?? ()
#37 0x22ea in ?? ()
#38 0xa022 in ?? ()
Cannot access memory at address 0xefbfd068.
a few gdb's up later...
(kgdb) up
#9 0xf0119a5e in panic (fmt=0xf01268e1 "m_copym 3")
at ../../kern/subr_prf.c:125
125 Debugger ("panic");
(kgdb) up
#10 0xf012698f in m_copym (m=0xf1499400, off0=608, len=301, wait=1)
at ../../kern/uipc_mbuf.c:363
363 panic("m_copym 3");
(kgdb) print *m
$1 = {m_hdr = {mh_next = 0x7205c766, mh_nextpkt = 0x34000004,
mh_data = 0xe5895512 <Address 0xe5895512 out of bounds>,
mh_len = -1935867286, mh_type = -28968, mh_flags = -28960}, M_dat = {MH = {
MH_pkthdr = {rcvif = 0xc2e8e8, len = 12320768}, MH_dat = {MH_ext = {
ext_buf = 0xe80020b0 <Address 0xe80020b0 out of bounds>,
ext_free = 0x14b, ext_size = 588791993},
MH_databuf = "° \000èK\001\000\000¹@\030#\000¿\214´!\000)ù1ÀüóªèI\002\0
00\000¡|° \000\017\"Ø\017 À\r\001\000\000\200\017\"ÀhS\000\020ðü\000\000Àï1À\2
11Å¡\204° ð\2135|° ð\211p\034\2135p° ðVè2\201\f\000^j\000ÿ5\fñ\"ðj"}},
M_databuf = "èèÂ\000\000\000¼\000° \000èK\001\000\000¹@\030#\000¿\214´!\000
)ù1ÀüóªèI\002\000\000¡|° \000\017\"Ø\017 À\r\001\000\000\200\017\"ÀhS\000\020ðÃ
¼\000\000Àï1À\211Å¡\204° ð\2135|° ð\211p\034\2135p°
ðVè2\201\f\000^j\000ÿ5\fñ\"ðj"}}
>
> Has anyone seen this before on -current?
>
> Tnks,
> Amancio
>
> ----
>
> struct mbuf *
> m_copym(m, off0, len, wait)
> register struct mbuf *m;
> int off0, wait;
> register int len;
> {
> register struct mbuf *n, **np;
> register int off = off0;
> struct mbuf *top;
> int copyhdr = 0;
>
> if (off < 0 || len < 0)
> panic("m_copym 1");
> if (off == 0 && m->m_flags & M_PKTHDR)
> copyhdr = 1;
> while (off > 0) {
> if (m == 0)
> panic("m_copym 2");
> if (off < m->m_len)
> break;
> off -= m->m_len;
> m = m->m_next;
> }
> np = ⊤
> top = 0;
> while (len > 0) {
> if (m == 0) {
> if (len != M_COPYALL)
> panic("m_copym 3");
> **** crash site *****
> break;
> }
>
>
>
>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199608030449.VAA00378>