From owner-freebsd-net@FreeBSD.ORG Sun Jan 11 12:19:31 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D680C16A4CE; Sun, 11 Jan 2004 12:19:31 -0800 (PST) Received: from sizone.org (mortar.sizone.org [65.126.154.242]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8948A43D45; Sun, 11 Jan 2004 12:19:30 -0800 (PST) (envelope-from dgilbert@daveg.ca) Received: by sizone.org (Postfix, from userid 66) id 2AFCE30743; Sun, 11 Jan 2004 15:19:30 -0500 (EST) Received: by canoe.dclg.ca (Postfix, from userid 101) id E97B51D221E; Sun, 11 Jan 2004 15:19:27 -0500 (EST) From: David Gilbert MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <16385.45007.846035.687940@canoe.dclg.ca> Date: Sun, 11 Jan 2004 15:19:27 -0500 To: Andre Oppermann In-Reply-To: <40008FCD.90525A33@freebsd.org> References: <16384.14322.83258.940369@canoe.dclg.ca> <40008783.330FAFF4@freebsd.org> <40008FCD.90525A33@freebsd.org> X-Mailer: VM 7.17 under 21.4 (patch 14) "Reasonable Discussion" XEmacs Lucid cc: freebsd-net@freebsd.org cc: freebsd-current@freebsd.org cc: David Gilbert Subject: Re: off-by-one error in ip_fragment, recently. X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 11 Jan 2004 20:19:32 -0000 OK, I've created kern/61215 on this issue. The backtrace is: #0 doadump () at /usr/src/sys/kern/kern_shutdown.c:240 #1 0xc0508512 in boot (howto=256) at /usr/src/sys/kern/kern_shutdown.c:372 #2 0xc0508868 in panic () at /usr/src/sys/kern/kern_shutdown.c:550 #3 0xc0544fa5 in m_copym (m=0x0, off0=1500, len=1480, wait=4) at /usr/src/sys/kern/uipc_mbuf.c:211 #4 0xc059b941 in ip_fragment (ip=0xc1e919e8, m_frag=0xdf92c9e0, mtu=-1041688000, if_hwassist_flags=0, sw_csum=1) at /usr/src/sys/netinet/ip_output.c:1219 #5 0xc059b55f in ip_output (m0=0x1, opt=0xc1e919e8, ro=0xc5f8edfc, flags=0, imo=0x0, inp=0x0) at /usr/src/sys/netinet/ip_output.c:1047 #6 0xc611054f in gre_output (ifp=0xc5f8ec00, m=0xc1e91900, dst=0xc1e919e8, rt=0xc612ce00) at /usr/src/sys/net/if_gre.c:372 #7 0xc059b4f0 in ip_output (m0=0x1, opt=0xc2b2a00e, ro=0xdf92cb7c, flags=1, imo=0x0, inp=0x0) at /usr/src/sys/netinet/ip_output.c:1021 #8 0xc059a3c6 in ip_forward (m=0xc1e8bb00, srcrt=0, next_hop=0x0) at /usr/src/sys/netinet/ip_input.c:1929 #9 0xc0598db0 in ip_input (m=0xc1e8bb00) at /usr/src/sys/netinet/ip_input.c:739 #10 0xc057bc7e in netisr_processqueue (ni=0xc074a718) at /usr/src/sys/net/netisr.c:152 #11 0xc057c093 in swi_net (dummy=0x0) at /usr/src/sys/net/netisr.c:257 #12 0xc04f5112 in ithread_loop (arg=0xc1e74500) at /usr/src/sys/kern/kern_intr.c:544 #13 0xc04f4104 in fork_exit (callout=0xc04f4f80 , arg=0x0, frame=0x0) at /usr/src/sys/kern/kern_fork.c:796 ... it doesn't appear that udp plays a part, it does appear that stack corruption my be in play, and it likely has to do with the fact that the system on which this is occuring is operating as a router. Dave. -- ============================================================================ |David Gilbert, Independent Contractor. | Two things can only be | |Mail: dave@daveg.ca | equal if and only if they | |http://daveg.ca | are precisely opposite. | =========================================================GLO================