Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 11 Jan 2004 00:15:15 +0100
From:      Andre Oppermann <andre@freebsd.org>
To:        David Gilbert <dgilbert@dclg.ca>
Cc:        freebsd-current@freebsd.org
Subject:   Re: off-by-one error in ip_fragment, recently.
Message-ID:  <40008783.330FAFF4@freebsd.org>
References:  <16384.14322.83258.940369@canoe.dclg.ca>

next in thread | previous in thread | raw e-mail | index | archive | help
David Gilbert wrote:
> 
> I just updated a machine that uses GRE to -CURRENT.  Upon rebooting,
> the debugger stopped at the following:
> 
> "panic: m_copym, offset > size of mbuf chain"

There are two possible ways this can happen:  The function m_copym
was called with off == 0, or off == m->m_len.  Neither is supposed
to happen (obviously) so the bug must be in ip_fragment.  Lets have
a look at that next...

> panic()
> m_copym()
> ip_fragment()
> ip_output()
> gre_output()
> ip_output()
> udp_output()
> upd_send()
> sosend()
> kern_sendit()
> sendit()
> sendto()
> syscall()
> xint0x80_syscall()
> 
> ... now I'm not sure that the error is perfectly technically
> off-by-one, but its something similar.

Is this panic reproduceable?  What kind of traffic was going on
at that time?  Or was it right away when you started using the
GRE tunnel?

Could you please open a PR with this information too?  It helps
keeping track of the progress.

-- 
Andre



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?40008783.330FAFF4>