From owner-freebsd-hackers Fri Aug 2 21:49:34 1996 Return-Path: owner-hackers Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id VAA26197 for hackers-outgoing; Fri, 2 Aug 1996 21:49:34 -0700 (PDT) Received: from rah.star-gate.com (rah.star-gate.com [204.188.121.18]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id VAA26190 for ; Fri, 2 Aug 1996 21:49:31 -0700 (PDT) Received: from rah.star-gate.com (localhost.v-site.net [127.0.0.1]) by rah.star-gate.com (8.7.5/8.7.3) with ESMTP id VAA00378 for ; Fri, 2 Aug 1996 21:49:30 -0700 (PDT) Message-Id: <199608030449.VAA00378@rah.star-gate.com> X-Mailer: exmh version 1.6.5 12/11/95 to: hackers@freebsd.org Subject: Help! (Re: m_copym crash ) In-reply-to: Your message of "Fri, 02 Aug 1996 06:54:27 PDT." <199608021354.GAA00394@rah.star-gate.com> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable Date: Fri, 02 Aug 1996 21:49:29 -0700 From: Amancio Hasty Sender: owner-hackers@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Here is stack trace dump {root} gdb -k GDB is free software and you are welcome to distribute copies of it under certain conditions; type "show copying" to see the conditions. There is absolutely no warranty for GDB; type "show warranty" for details= =2E GDB 4.13 (i386-unknown-freebsd), Copyright 1994 Free Software Foundation,= Inc. (kgdb) pwd Working directory /usr/src/sys/compile/STAR-GATE. (kgdb) ls Undefined command: "ls". Try "help". (kgdb) symbol-file kernel.debug Reading symbols from kernel.debug...done. (kgdb) exec-file /var/crash/kernel.0 /var/crash/kernel.0: No such file or directory. (kgdb) exec-file /usr/crash/kernel.0 (kgdb) core-file /var/crash/vmcore.0 /var/crash/vmcore.0: No such file or directory. (kgdb) core-file /usr/crash/vmcore.0 IdlePTD ab9000 current pcb at 223184 panic: m_copym 3 #0 boot (howto=3D260) at ../../i386/i386/machdep.c:750 750 dumppcb.pcb_cr3 =3D rcr3(); (kgdb) bt #0 boot (howto=3D260) at ../../i386/i386/machdep.c:750 #1 0xf0119a67 in panic (fmt=3D0x0) at ../../kern/subr_prf.c:127 #2 0xf01014fa in db_fncall (dummy1=3D-267280555, dummy2=3D0, dummy3=3D-2= 72630584, = dummy4=3D0xefbffc88 "") at ../../ddb/db_command.c:493 #3 0xf010122e in db_command (last_cmdp=3D0xf020bb34, cmd_table=3D0xf020b= 994) at ../../ddb/db_command.c:288 #4 0xf01013ad in db_command_loop () at ../../ddb/db_command.c:417 #5 0xf0103758 in db_trap (type=3D3, code=3D0) at ../../ddb/db_trap.c:73 #6 0xf01c4baa in kdb_trap (type=3D3, code=3D0, regs=3D0xefbffd78) at ../../i386/i386/db_interface.c:136 #7 0xf01cd49c in trap (frame=3D{tf_es =3D 16, tf_ds =3D 16, tf_edi =3D -= 272630280, = tf_esi =3D -267228959, tf_ebp =3D -272630340, tf_isp =3D -272630368= , = tf_ebx =3D 256, tf_edx =3D -266580571, tf_ecx =3D 2000, tf_eax =3D = 18, = tf_trapno =3D 3, tf_err =3D 0, tf_eip =3D -266580525, tf_cs =3D 8, = tf_eflags =3D 582, tf_esp =3D -266580587, tf_ss =3D -267281922}) at ../../i386/i386/trap.c:402 #8 0xf01c5421 in calltrap () #9 0xf0119a5e in panic (fmt=3D0xf01268e1 "m_copym 3") at ../../kern/subr_prf.c:125 #10 0xf012698f in m_copym (m=3D0xf1499400, off0=3D608, len=3D301, wait=3D= 1) at ../../kern/uipc_mbuf.c:363 #11 0xf0156518 in tcp_output (tp=3D0xf17e2d00) at ../../netinet/tcp_outpu= t.c:496 #12 0xf01584b4 in tcp_disconnect (tp=3D0xf17e2d00) ---Type to continue, or q to quit--- = at ../../netinet/tcp_usrreq.c:1092 #13 0xf0157a44 in tcp_usr_disconnect (so=3D0xf17e2e00) at ../../netinet/tcp_usrreq.c:590 #14 0xf0127dd8 in sodisconnect (so=3D0xf17e2e00) at ../../kern/uipc_socke= t.c:302 #15 0xf0127b86 in soclose (so=3D0xf17e2e00) at ../../kern/uipc_socket.c:1= 89 #16 0xf011c687 in soo_close (fp=3D0xf178b900, p=3D0xf17d7000) at ../../kern/sys_socket.c:206 #17 0xf010d5c4 in closef (fp=3D0xf178b900, p=3D0xf17d7000) at ../../kern/kern_descrip.c:889 #18 0xf010ccdf in close (p=3D0xf17d7000, uap=3D0xefbfff94, retval=3D0xefb= fff84) at ../../kern/kern_descrip.c:390 #19 0xf01cdef7 in syscall (frame=3D{tf_es =3D 39, tf_ds =3D 39, tf_edi =3D= 5, = tf_esi =3D 0, tf_ebp =3D -272644908, tf_isp =3D -272629788, tf_ebx = =3D 220000, = tf_edx =3D 217124, tf_ecx =3D 22, tf_eax =3D 6, tf_trapno =3D 12, t= f_err =3D 7, = tf_eip =3D 134917857, tf_cs =3D 31, tf_eflags =3D 518, tf_esp =3D -= 272644948, = tf_ss =3D 39}) at ../../i386/i386/trap.c:890 #20 0xf01c5475 in Xsyscall () #21 0x1f35a in ?? () #22 0x1f24e in ?? () #23 0x1f4cb in ?? () #24 0x1ed0d in ?? () #25 0x227f9 in ?? () #26 0xa2d4 in ?? () ---Type to continue, or q to quit--- #27 0x294cc in ?? () #28 0xa2d4 in ?? () #29 0xb251 in ?? () #30 0xa2d4 in ?? () #31 0x1f6c in ?? () #32 0x22ea in ?? () #33 0xa022 in ?? () #34 0x294cc in ?? () #35 0xa2d4 in ?? () #36 0x1f6c in ?? () #37 0x22ea in ?? () #38 0xa022 in ?? () Cannot access memory at address 0xefbfd068. a few gdb's up later... (kgdb) up #9 0xf0119a5e in panic (fmt=3D0xf01268e1 "m_copym 3") at ../../kern/subr_prf.c:125 125 Debugger ("panic"); (kgdb) up #10 0xf012698f in m_copym (m=3D0xf1499400, off0=3D608, len=3D301, wait=3D= 1) at ../../kern/uipc_mbuf.c:363 363 panic("m_copym 3"); (kgdb) print *m $1 =3D {m_hdr =3D {mh_next =3D 0x7205c766, mh_nextpkt =3D 0x34000004, = mh_data =3D 0xe5895512
, = mh_len =3D -1935867286, mh_type =3D -28968, mh_flags =3D -28960}, M_d= at =3D {MH =3D { MH_pkthdr =3D {rcvif =3D 0xc2e8e8, len =3D 12320768}, MH_dat =3D {M= H_ext =3D { ext_buf =3D 0xe80020b0
, = ext_free =3D 0x14b, ext_size =3D 588791993}, = MH_databuf =3D "=B0 \000=E8K\001\000\000=B9@\030#\000=BF\214=B4!\= 000)=F91=C0=FC=F3=AA=E8I\002\0 00\000=A1|=B0 \000\017\"=D8\017 =C0\r\001\000\000\200\017\"=C0hS\000\020=F0= =C3=BC\000\000=C0=EF1=C0\2 11=C5=A1\204=B0 =F0\2135|=B0 =F0\211p\034\2135p=B0 =F0V=E82\201\f\000^j\0= 00=FF5\f=F1\"=F0j"}}, = M_databuf =3D "=E8=E8=C2\000\000\000=BC\000=B0 \000=E8K\001\000\000=B9= @\030#\000=BF\214=B4!\000 )=F91=C0=FC=F3=AA=E8I\002\000\000=A1|=B0 \000\017\"=D8\017 =C0\r\001\000\= 000\200\017\"=C0hS\000\020=F0=C3 =BC\000\000=C0=EF1=C0\211=C5=A1\204=B0 =F0\2135|=B0 =F0\211p\034\2135p=B0= = =F0V=E82\201\f\000^j\000=FF5\f=F1\"=F0j"}} > = > Has anyone seen this before on -current? > = > Tnks, > Amancio > = > ---- > = > struct mbuf * > m_copym(m, off0, len, wait) > register struct mbuf *m; > int off0, wait; > register int len; > { > register struct mbuf *n, **np; > register int off =3D off0; > struct mbuf *top; > int copyhdr =3D 0; > = > if (off < 0 || len < 0) > panic("m_copym 1"); > if (off =3D=3D 0 && m->m_flags & M_PKTHDR) > copyhdr =3D 1; > while (off > 0) { > if (m =3D=3D 0) > panic("m_copym 2"); > if (off < m->m_len) > break; > off -=3D m->m_len; > m =3D m->m_next; > } > np =3D ⊤ > top =3D 0; > while (len > 0) { > if (m =3D=3D 0) { > if (len !=3D M_COPYALL) > panic("m_copym 3"); > **** crash site ***** > break; > } > = > = > = > =