Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 7 Jul 2004 10:01:31 +0200
From:      Daniel Lang <dl@leo.org>
To:        freebsd-current@freebsd.org
Subject:   panic: m_copym, length > size of mbuf chain
Message-ID:  <20040707080131.GA11086@atrbg11.informatik.tu-muenchen.de>

next in thread | raw e-mail | index | archive | help
Dang,

I seem to stumble from one panic to another. :(
(Yes I have changed my RAM, I did it again now, though).

Here is the latest result:

GNU gdb 20040615 [GDB v6.x for FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-portbld-freebsd5.2"...
panic: m_copym, length > size of mbuf chain
panic messages:
---
panic: m_copym, length > size of mbuf chain
cpuid = 0; 
Stack backtrace:
backtrace(100,c3510000,c6774400,0,c6774400) at 0xc0521c36 = backtrace+0x12
panic(c06b35cb,0,c39cfd00,0,1) at 0xc0521d56 = panic+0x11e
m_copym(0,22a,51e,1,c06ad14b) at 0xc0551819 = m_copym+0xa1
tcp_output(c4152540,0,0,0,1) at 0xc059ed6e = tcp_output+0xa4a
tcp_input(c3d9d900,14,0,14,17489f83) at 0xc059c8bd = tcp_input+0x1d9d
ip_input(c3d9d900) at 0xc0595732 = ip_input+0x832
netisr_processqueue(c074b398,c3522640,c351e880,e1c15d1c,c0510004) at 0xc05866be = netisr_processqueue+0x6e
swi_net(0) at 0xc0586a25 = swi_net+0x85
ithread_loop(c351e880,e1c15d48,c351e880,c050fed0,0) at 0xc0510004 = ithread_loop+0x134
fork_exit(c050fed0,c351e880,e1c15d48) at 0xc050f460 = fork_exit+0x98
fork_trampoline() at 0xc066120c = fork_trampoline+0x8
--- trap 0x1, eip = 0, esp = 0xe1c15d7c, ebp = 0 ---
Debugger("panic")
Dumping 2047 MB
 16 32 48 64 80 96 112 128 144 160 176 192 208 224 240 256 272 288 304 320 336 352 368 384 400 416 432 448 464 480 496 512 528 544 560 576 592 608 624 640 656 672 688 704 720 736 752 768 784 800 816 832 848 864 880 896 912 928 944 960 976 992 1008 1024 1040 1056 1072 1088 1104 1120 1136 1152 1168 1184 1200 1216 1232 1248 1264 1280 1296 1312 1328 1344 1360 1376 1392 1408 1424 1440 1456 1472 1488 1504 1520 1536 1552 1568 1584 1600 1616 1632 1648 1664 1680 1696 1712 1728 1744 1760 1776 1792 1808 1824 1840 1856 1872 1888 1904 1920 1936 1952 1968 1984 2000 2016 2032
---
#0  doadump () at /usr/src/sys/kern/kern_shutdown.c:236
236		dumping++;
doadump () at /usr/src/sys/kern/kern_shutdown.c:236
236		dumping++;
(kgdb) bt
#0  doadump () at /usr/src/sys/kern/kern_shutdown.c:236
#1  0xc04524e2 in db_fncall (dummy1=0, dummy2=0, dummy3=-1066031488, 
    dummy4=0xe1c158ec "\bYÁáX¢QÀF") at /usr/src/sys/ddb/db_command.c:551
#2  0xc04522f0 in db_command (last_cmdp=0xc0716a70, cmd_table=0x0, 
    aux_cmd_tablep=0xc06ceac8, aux_cmd_tablep_end=0xc06ceae0)
    at /usr/src/sys/ddb/db_command.c:348
#3  0xc04523c8 in db_command_loop () at /usr/src/sys/ddb/db_command.c:475
#4  0xc0454b4d in db_trap (type=3, code=0) at /usr/src/sys/ddb/db_trap.c:73
#5  0xc065fc11 in kdb_trap (type=3, code=0, regs=0xe1c15a18)
    at /usr/src/sys/i386/i386/db_interface.c:159
#6  0xc06720f8 in trap (frame=
      {tf_fs = -1067057128, tf_es = 16, tf_ds = 16, tf_edi = -1066715701, tf_esi = 1, tf_ebp = -507422116, tf_isp = -507422140, tf_ebx = 0, tf_edx = 0, tf_ecx = -1056882688, tf_eax = 18, tf_trapno = 3, tf_err = 0, tf_eip = -1067057458, tf_cs = 8, tf_eflags = 642, tf_esp = -507422072, tf_ss = -507422084})
    at /usr/src/sys/i386/i386/trap.c:579
#7  0xc06611aa in calltrap () at /usr/src/sys/i386/i386/exception.s:140
#8  0xc0660018 in decode_syscall (number=0, p=0x1)
    at /usr/src/sys/i386/i386/db_trace.c:187
#9  0xc0521d69 in panic (fmt=0xc06b35cb "m_copym, length > size of mbuf chain")
    at /usr/src/sys/kern/kern_shutdown.c:543
#10 0xc0551819 in m_copym (m=0x0, off0=554, len=1310, wait=1)
    at /usr/src/sys/kern/uipc_mbuf.c:380
---Type <return> to continue, or q <return> to quit---
#11 0xc059ed6e in tcp_output (tp=0xc4152540)
    at /usr/src/sys/netinet/tcp_output.c:748
#12 0xc059c8bd in tcp_input (m=0xc3d9d900, off0=20)
    at /usr/src/sys/netinet/tcp_input.c:1929
#13 0xc0595732 in ip_input (m=0xc3d9d900)
    at /usr/src/sys/netinet/ip_input.c:946
#14 0xc05866be in netisr_processqueue (ni=0xc074b398)
    at /usr/src/sys/net/netisr.c:152
#15 0xc0586a25 in swi_net (dummy=0x0) at /usr/src/sys/net/netisr.c:257
#16 0xc0510004 in ithread_loop (arg=0xc351e880)
    at /usr/src/sys/kern/kern_intr.c:544
#17 0xc050f460 in fork_exit (callout=0xc050fed0 <ithread_loop>, 
    arg=0xc351e880, frame=0xe1c15d48) at /usr/src/sys/kern/kern_fork.c:815
#18 0xc066120c in fork_trampoline () at /usr/src/sys/i386/i386/exception.s:209
(kgdb) up 10
#10 0xc0551819 in m_copym (m=0x0, off0=554, len=1310, wait=1)
    at /usr/src/sys/kern/uipc_mbuf.c:380
380				KASSERT(len == M_COPYALL, 
Current language:  auto; currently c
(kgdb) l
375		}
376		np = &top;
377		top = 0;
378		while (len > 0) {
379			if (m == NULL) {
380				KASSERT(len == M_COPYALL, 
381				    ("m_copym, length > size of mbuf chain"));
382				break;
383			}
384			if (copyhdr)
(kgdb) p len
$1 = 1310
(kgdb) quit
[..]


Unfortunately this crash-dump is no longer available.
However, the stack trace may give someone a hint, what's going on.

I'm getting rather desperate now, with the machine now
down for over 3 weeks. :(

Cheers,
 Daniel
-- 
IRCnet: Mr-Spock                         - Der Zweite Platz ist Dreck -
 Daniel Lang * dl@leo.org * +49 89 289 18532 * http://www.leo.org/~dl/



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040707080131.GA11086>