Site Navigation

Date:      Fri, 02 Aug 1996 21:49:29 -0700
From:      Amancio Hasty <hasty@rah.star-gate.com>
To:        hackers@freebsd.org
Subject:   Help! (Re: m_copym crash )
Message-ID:  <199608030449.VAA00378@rah.star-gate.com>
In-Reply-To: Your message of "Fri, 02 Aug 1996 06:54:27 PDT." <199608021354.GAA00394@rah.star-gate.com> 

---

next in thread | previous in thread | raw e-mail | index | archive | help

---

Here is stack trace dump

{root} gdb -k
GDB is free software and you are welcome to distribute copies of it
 under certain conditions; type "show copying" to see the conditions.
There is absolutely no warranty for GDB; type "show warranty" for details=
=2E
GDB 4.13 (i386-unknown-freebsd), Copyright 1994 Free Software Foundation,=
 Inc.
(kgdb) pwd
Working directory /usr/src/sys/compile/STAR-GATE.
(kgdb) ls
Undefined command: "ls".  Try "help".
(kgdb)  symbol-file kernel.debug
Reading symbols from kernel.debug...done.
(kgdb)   exec-file /var/crash/kernel.0
/var/crash/kernel.0: No such file or directory.
(kgdb) exec-file /usr/crash/kernel.0
(kgdb) core-file /var/crash/vmcore.0
/var/crash/vmcore.0: No such file or directory.
(kgdb) core-file /usr/crash/vmcore.0
IdlePTD ab9000
current pcb at 223184
panic: m_copym 3
#0  boot (howto=3D260) at ../../i386/i386/machdep.c:750
750                                     dumppcb.pcb_cr3 =3D rcr3();
(kgdb) bt
#0  boot (howto=3D260) at ../../i386/i386/machdep.c:750
#1  0xf0119a67 in panic (fmt=3D0x0) at ../../kern/subr_prf.c:127
#2  0xf01014fa in db_fncall (dummy1=3D-267280555, dummy2=3D0, dummy3=3D-2=
72630584, =

    dummy4=3D0xefbffc88 "") at ../../ddb/db_command.c:493
#3  0xf010122e in db_command (last_cmdp=3D0xf020bb34, cmd_table=3D0xf020b=
994)
    at ../../ddb/db_command.c:288
#4  0xf01013ad in db_command_loop () at ../../ddb/db_command.c:417
#5  0xf0103758 in db_trap (type=3D3, code=3D0) at ../../ddb/db_trap.c:73
#6  0xf01c4baa in kdb_trap (type=3D3, code=3D0, regs=3D0xefbffd78)
    at ../../i386/i386/db_interface.c:136
#7  0xf01cd49c in trap (frame=3D{tf_es =3D 16, tf_ds =3D 16, tf_edi =3D -=
272630280, =

      tf_esi =3D -267228959, tf_ebp =3D -272630340, tf_isp =3D -272630368=
, =

      tf_ebx =3D 256, tf_edx =3D -266580571, tf_ecx =3D 2000, tf_eax =3D =
18, =

      tf_trapno =3D 3, tf_err =3D 0, tf_eip =3D -266580525, tf_cs =3D 8, =

      tf_eflags =3D 582, tf_esp =3D -266580587, tf_ss =3D -267281922})
    at ../../i386/i386/trap.c:402
#8  0xf01c5421 in calltrap ()
#9  0xf0119a5e in panic (fmt=3D0xf01268e1 "m_copym 3")
    at ../../kern/subr_prf.c:125
#10 0xf012698f in m_copym (m=3D0xf1499400, off0=3D608, len=3D301, wait=3D=
1)
    at ../../kern/uipc_mbuf.c:363
#11 0xf0156518 in tcp_output (tp=3D0xf17e2d00) at ../../netinet/tcp_outpu=
t.c:496
#12 0xf01584b4 in tcp_disconnect (tp=3D0xf17e2d00)
---Type <return> to continue, or q <return> to quit--- =

    at ../../netinet/tcp_usrreq.c:1092
#13 0xf0157a44 in tcp_usr_disconnect (so=3D0xf17e2e00)
    at ../../netinet/tcp_usrreq.c:590
#14 0xf0127dd8 in sodisconnect (so=3D0xf17e2e00) at ../../kern/uipc_socke=
t.c:302
#15 0xf0127b86 in soclose (so=3D0xf17e2e00) at ../../kern/uipc_socket.c:1=
89
#16 0xf011c687 in soo_close (fp=3D0xf178b900, p=3D0xf17d7000)
    at ../../kern/sys_socket.c:206
#17 0xf010d5c4 in closef (fp=3D0xf178b900, p=3D0xf17d7000)
    at ../../kern/kern_descrip.c:889
#18 0xf010ccdf in close (p=3D0xf17d7000, uap=3D0xefbfff94, retval=3D0xefb=
fff84)
    at ../../kern/kern_descrip.c:390
#19 0xf01cdef7 in syscall (frame=3D{tf_es =3D 39, tf_ds =3D 39, tf_edi =3D=
 5, =

      tf_esi =3D 0, tf_ebp =3D -272644908, tf_isp =3D -272629788, tf_ebx =
=3D 220000, =

      tf_edx =3D 217124, tf_ecx =3D 22, tf_eax =3D 6, tf_trapno =3D 12, t=
f_err =3D 7, =

      tf_eip =3D 134917857, tf_cs =3D 31, tf_eflags =3D 518, tf_esp =3D -=
272644948, =

      tf_ss =3D 39}) at ../../i386/i386/trap.c:890
#20 0xf01c5475 in Xsyscall ()
#21 0x1f35a in ?? ()
#22 0x1f24e in ?? ()
#23 0x1f4cb in ?? ()
#24 0x1ed0d in ?? ()
#25 0x227f9 in ?? ()
#26 0xa2d4 in ?? ()
---Type <return> to continue, or q <return> to quit---
#27 0x294cc in ?? ()
#28 0xa2d4 in ?? ()
#29 0xb251 in ?? ()
#30 0xa2d4 in ?? ()
#31 0x1f6c in ?? ()
#32 0x22ea in ?? ()
#33 0xa022 in ?? ()
#34 0x294cc in ?? ()
#35 0xa2d4 in ?? ()
#36 0x1f6c in ?? ()
#37 0x22ea in ?? ()
#38 0xa022 in ?? ()
Cannot access memory at address 0xefbfd068.

a few gdb's up later...

(kgdb) up
#9  0xf0119a5e in panic (fmt=3D0xf01268e1 "m_copym 3")
    at ../../kern/subr_prf.c:125
125                     Debugger ("panic");
(kgdb) up
#10 0xf012698f in m_copym (m=3D0xf1499400, off0=3D608, len=3D301, wait=3D=
1)
    at ../../kern/uipc_mbuf.c:363
363                                     panic("m_copym 3");
(kgdb) print *m
$1 =3D {m_hdr =3D {mh_next =3D 0x7205c766, mh_nextpkt =3D 0x34000004, =

    mh_data =3D 0xe5895512 <Address 0xe5895512 out of bounds>, =

    mh_len =3D -1935867286, mh_type =3D -28968, mh_flags =3D -28960}, M_d=
at =3D {MH =3D {
      MH_pkthdr =3D {rcvif =3D 0xc2e8e8, len =3D 12320768}, MH_dat =3D {M=
H_ext =3D {
          ext_buf =3D 0xe80020b0 <Address 0xe80020b0 out of bounds>, =

          ext_free =3D 0x14b, ext_size =3D 588791993}, =

        MH_databuf =3D "=B0 \000=E8K\001\000\000=B9@\030#\000=BF\214=B4!\=
000)=F91=C0=FC=F3=AA=E8I\002\0
00\000=A1|=B0 \000\017\"=D8\017 =C0\r\001\000\000\200\017\"=C0hS\000\020=F0=
=C3=BC\000\000=C0=EF1=C0\2
11=C5=A1\204=B0 =F0\2135|=B0 =F0\211p\034\2135p=B0 =F0V=E82\201\f\000^j\0=
00=FF5\f=F1\"=F0j"}}, =

    M_databuf =3D "=E8=E8=C2\000\000\000=BC\000=B0 \000=E8K\001\000\000=B9=
@\030#\000=BF\214=B4!\000
)=F91=C0=FC=F3=AA=E8I\002\000\000=A1|=B0 \000\017\"=D8\017 =C0\r\001\000\=
000\200\017\"=C0hS\000\020=F0=C3
=BC\000\000=C0=EF1=C0\211=C5=A1\204=B0 =F0\2135|=B0 =F0\211p\034\2135p=B0=
 =

=F0V=E82\201\f\000^j\000=FF5\f=F1\"=F0j"}}


> =

> Has anyone seen this before on -current?
> =

> 	Tnks,
> 	Amancio
> =

> ----
> =

> struct mbuf *
> m_copym(m, off0, len, wait)
> 	register struct mbuf *m;
> 	int off0, wait;
> 	register int len;
> {
> 	register struct mbuf *n, **np;
> 	register int off =3D off0;
> 	struct mbuf *top;
> 	int copyhdr =3D 0;
> =

> 	if (off < 0 || len < 0)
> 		panic("m_copym 1");
> 	if (off =3D=3D 0 && m->m_flags & M_PKTHDR)
> 		copyhdr =3D 1;
> 	while (off > 0) {
> 		if (m =3D=3D 0)
> 			panic("m_copym 2");
> 		if (off < m->m_len)
> 			break;
> 		off -=3D m->m_len;
> 		m =3D m->m_next;
> 	}
> 	np =3D &top;
> 	top =3D 0;
> 	while (len > 0) {
> 		if (m =3D=3D 0) {
> 			if (len !=3D M_COPYALL)
> 				panic("m_copym 3");
> 			   **** crash site *****
> 			break;
> 		}
> =

> =

> =

> =

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199608030449.VAA00378>

Legal Notices | © 1995-2024 The FreeBSD Project. All rights reserved.

Contact