-CURRENT panic (Backtrace included. recent ip_input changes related?)

From: Xin LI/ÀîöÎ <delphij_at_frontfree.net>
Date: Mon, 1 Dec 2003 10:20:22 +0800
Hi,

On a recently compiled -CURRENT kernel, I have triggered a panic when
turning fxp0 into promisc mode than turning it off and then turning it on.
My boxes are connected through a hub and some of them (not the panic'ed one)
have heavy network load.

Hope this backtrace is useful. For more information, please contact me.
Thanks in advance!

GNU gdb 5.2.1 (FreeBSD)
Copyright 2002 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-undermydesk-freebsd"...
panic: m_copym, offset > size of mbuf chain panic messages:
---
panic: m_copym, offset > size of mbuf chain

syncing disks, buffers remaining... 892 892 892 892 892 892 892 892 892 892
892 892 892 892 892 892 892 892 892 892 giving up on 794 buffers
Uptime: 12h15m26s
Dumping 63 MB
 16 32 48
---
#0  doadump () at /usr/src/sys/kern/kern_shutdown.c:240
240		dumping++;
(kgdb) bt full
#0  doadump () at /usr/src/sys/kern/kern_shutdown.c:240
No locals.
#1  0xc04eb791 in boot (howto=256) at /usr/src/sys/kern/kern_shutdown.c:372
No locals.
#2  0xc04ebb27 in panic () at /usr/src/sys/kern/kern_shutdown.c:550
	td = (struct thread *) 0xc0e00000
	bootopt = 256
	newpanic = 1
	ap = 0xc62f3850 "p8/Æ\004±P?
	buf = "m_copym, offset > size of mbuf chain", '\0' <repeats 219
times>
#3  0xc05296f5 in m_copym (m=0x0, off0=1500, len=1480, wait=4) at
/usr/src/sys/kern/uipc_mbuf.c:211
	n = (struct mbuf *) 0xc0e24540
	np = (struct mbuf **) 0x4
	off = 1428
	top = (struct mbuf *) 0x2
	copyhdr = 0
#4  0xc0580141 in ip_fragment (ip=0xc1015020, m_frag=0xc62f390c,
mtu=-1058912960, if_hwassist_flags=0, 
    sw_csum=1) at /usr/src/sys/netinet/ip_output.c:1225
	error = 0
	hlen = 20
	len = 1480
	off = 1500
	m0 = (struct mbuf *) 0xc0e16a00
	firstlen = 1480
	mnext = (struct mbuf **) 0xc0e16a04
	nfrags = 1
#5  0xc057fd2c in ip_output (m0=0x1, opt=0xc1015020, ro=0xc62f3988, flags=1,
imo=0x0, inp=0x0)
    at /usr/src/sys/netinet/ip_output.c:1053
	ip = (struct ip *) 0xc1015020
	ifp = (struct ifnet *) 0xc161a000
	m = (struct mbuf *) 0xc0e16a00
	hlen = 20
	len = 582
	off = -1066913577
	error = 0
	dst = (struct sockaddr_in *) 0xc62f398c
	ia = (struct in_ifaddr *) 0xc169a900
	isbroadcast = 0
	sw_csum = 1
	pkt_dst = {s_addr = 16951488}
	iproute = {ro_rt = 0xc169be00, ro_dst = {sa_len = 16 '\020',
sa_family = 2 '\002', 
    sa_data = "\0\0ˬ\002\001\0\0\0\0\0\0\0"}}
	so = (struct socket *) 0x0
	sp = (struct secpolicy *) 0xc1624c80
	args = {m = 0xc06dcfc0, oif = 0x1, next_hop = 0x0, rule = 0x0, eh =
0x0, ro = 0x4, dst = 0x1,
  flags = -969983596, f_id = {dst_ip = 3226510491, src_ip = 3228422080,
dst_port = 0, src_port = 0, 
    proto = 0 '\0', flags = 106 'j'}, divert_rule = 0, retval = 3324983708}
	src_was_INADDR_ANY = 0
#6  0xc057e7b8 in ip_forward (m=0xc0e16a00, srcrt=1, next_hop=0x0) at
/usr/src/sys/netinet/ip_input.c:1929
	tag = {mh_next = 0x0, mh_nextpkt = 0xc06e6620, mh_data = 0x3(kgdb)
#0  doadump () at /usr/src/sys/kern/kern_shutdown.c:240
No locals.
#1  0xc04eb791 in boot (howto=256) at /usr/src/sys/kern/kern_shutdown.c:372
No locals.
#2  0xc04ebb27 in panic () at /usr/src/sys/kern/kern_shutdown.c:550
	td = (struct thread *) 0xc0e00000
	bootopt = 256
	newpanic = 1
	ap = 0xc62f3850 "p8/Æ\004±P?
	buf = "m_copym, offset > size of mbuf chain", '\0' <repeats 219
times>
#3  0xc05296f5 in m_copym (m=0x0, off0=1500, len=1480, wait=4) at
/usr/src/sys/kern/uipc_mbuf.c:211
	n = (struct mbuf *) 0xc0e24540
	np = (struct mbuf **) 0x4
	off = 1428
	top = (struct mbuf *) 0x2
	copyhdr = 0
#4  0xc0580141 in ip_fragment (ip=0xc1015020, m_frag=0xc62f390c,
mtu=-1058912960, if_hwassist_flags=0, 
    sw_csum=1) at /usr/src/sys/netinet/ip_output.c:1225
	error = 0
	hlen = 20
	len = 1480
	off = 1500
	m0 = (struct mbuf *) 0xc0e16a00
	firstlen = 1480
	mnext = (struct mbuf **) 0xc0e16a04
	nfrags = 1
#5  0xc057fd2c in ip_output (m0=0x1, opt=0xc1015020, ro=0xc62f3988, flags=1,
imo=0x0, inp=0x0)
    at /usr/src/sys/netinet/ip_output.c:1053
	ip = (struct ip *) 0xc1015020
	ifp = (struct ifnet *) 0xc161a000
	m = (struct mbuf *) 0xc0e16a00
	hlen = 20
	len = 582
	off = -1066913577
	error = 0
	dst = (struct sockaddr_in *) 0xc62f398c
	ia = (struct in_ifaddr *) 0xc169a900
	isbroadcast = 0
	sw_csum = 1
	pkt_dst = {s_addr = 16951488}
	iproute = {ro_rt = 0xc169be00, ro_dst = {sa_len = 16 '\020',
sa_family = 2 '\002', 
    sa_data = "\0\0ˬ\002\001\0\0\0\0\0\0\0"}}
	so = (struct socket *) 0x0
	sp = (struct secpolicy *) 0xc1624c80
	args = {m = 0xc06dcfc0, oif = 0x1, next_hop = 0x0, rule = 0x0, eh =
0x0, ro = 0x4, dst = 0x1,
  flags = -969983596, f_id = {dst_ip = 3226510491, src_ip = 3228422080,
dst_port = 0, src_port = 0, 
    proto = 0 '\0', flags = 106 'j'}, divert_rule = 0, retval = 3324983708}
	src_was_INADDR_ANY = 0
#6  0xc057e7b8 in ip_forward (m=0xc0e16a00, srcrt=1, next_hop=0x0) at
/usr/src/sys/netinet/ip_input.c:1929
	tag = {mh_next = 0x0, mh_nextpkt = 0xc06e6620, mh_data = 0x3(kgdb)
#0  doadump () at /usr/src/sys/kern/kern_shutdown.c:240
No locals.
#1  0xc04eb791 in boot (howto=256) at /usr/src/sys/kern/kern_shutdown.c:372
No locals.
#2  0xc04ebb27 in panic () at /usr/src/sys/kern/kern_shutdown.c:550
	td = (struct thread *) 0xc0e00000
	bootopt = 256
	newpanic = 1
	ap = 0xc62f3850 "p8/Æ\004±P?
	buf = "m_copym, offset > size of mbuf chain", '\0' <repeats 219
times>
#3  0xc05296f5 in m_copym (m=0x0, off0=1500, len=1480, wait=4) at
/usr/src/sys/kern/uipc_mbuf.c:211
	n = (struct mbuf *) 0xc0e24540
	np = (struct mbuf **) 0x4
	off = 1428
	top = (struct mbuf *) 0x2
	copyhdr = 0
#4  0xc0580141 in ip_fragment (ip=0xc1015020, m_frag=0xc62f390c,
mtu=-1058912960, if_hwassist_flags=0, 
    sw_csum=1) at /usr/src/sys/netinet/ip_output.c:1225
	error = 0
	hlen = 20
	len = 1480
	off = 1500
	m0 = (struct mbuf *) 0xc0e16a00
	firstlen = 1480
	mnext = (struct mbuf **) 0xc0e16a04
	nfrags = 1
#5  0xc057fd2c in ip_output (m0=0x1, opt=0xc1015020, ro=0xc62f3988, flags=1,
imo=0x0, inp=0x0)
    at /usr/src/sys/netinet/ip_output.c:1053
	ip = (struct ip *) 0xc1015020
	ifp = (struct ifnet *) 0xc161a000
	m = (struct mbuf *) 0xc0e16a00
	hlen = 20
	len = 582
	off = -1066913577
	error = 0
	dst = (struct sockaddr_in *) 0xc62f398c
	ia = (struct in_ifaddr *) 0xc169a900
	isbroadcast = 0
	sw_csum = 1
	pkt_dst = {s_addr = 16951488}
	iproute = {ro_rt = 0xc169be00, ro_dst = {sa_len = 16 '\020',
sa_family = 2 '\002', 
    sa_data = "\0\0ˬ\002\001\0\0\0\0\0\0\0"}}
	so = (struct socket *) 0x0
	sp = (struct secpolicy *) 0xc1624c80
	args = {m = 0xc06dcfc0, oif = 0x1, next_hop = 0x0, rule = 0x0, eh =
0x0, ro = 0x4, dst = 0x1,
  flags = -969983596, f_id = {dst_ip = 3226510491, src_ip = 3228422080,
dst_port = 0, src_port = 0, 
    proto = 0 '\0', flags = 106 'j'}, divert_rule = 0, retval = 3324983708}
	src_was_INADDR_ANY = 0
#6  0xc057e7b8 in ip_forward (m=0xc0e16a00, srcrt=1, next_hop=0x0) at
/usr/src/sys/netinet/ip_input.c:1929
	tag = {mh_next = 0x0, mh_nextpkt = 0xc06e6620, mh_data = 0x3(kgdb)
#0  doadump () at /usr/src/sys/kern/kern_shutdown.c:240
No locals.
#1  0xc04eb791 in boot (howto=256) at /usr/src/sys/kern/kern_shutdown.c:372
No locals.
#2  0xc04ebb27 in panic () at /usr/src/sys/kern/kern_shutdown.c:550
	td = (struct thread *) 0xc0e00000
	bootopt = 256
	newpanic = 1
	ap = 0xc62f3850 "p8/Æ\004±P?
	buf = "m_copym, offset > size of mbuf chain", '\0' <repeats 219
times>
#3  0xc05296f5 in m_copym (m=0x0, off0=1500, len=1480, wait=4) at
/usr/src/sys/kern/uipc_mbuf.c:211
	n = (struct mbuf *) 0xc0e24540
	np = (struct mbuf **) 0x4
	off = 1428
	top = (struct mbuf *) 0x2
	copyhdr = 0
#4  0xc0580141 in ip_fragment (ip=0xc1015020, m_frag=0xc62f390c,
mtu=-1058912960, if_hwassist_flags=0, 
    sw_csum=1) at /usr/src/sys/netinet/ip_output.c:1225
	error = 0
	hlen = 20
	len = 1480
	off = 1500
	m0 = (struct mbuf *) 0xc0e16a00
	firstlen = 1480
	mnext = (struct mbuf **) 0xc0e16a04
	nfrags = 1
#5  0xc057fd2c in ip_output (m0=0x1, opt=0xc1015020, ro=0xc62f3988, flags=1,
imo=0x0, inp=0x0)
    at /usr/src/sys/netinet/ip_output.c:1053
	ip = (struct ip *) 0xc1015020
	ifp = (struct ifnet *) 0xc161a000
	m = (struct mbuf *) 0xc0e16a00
	hlen = 20
	len = 582
	off = -1066913577
	error = 0
	dst = (struct sockaddr_in *) 0xc62f398c
	ia = (struct in_ifaddr *) 0xc169a900
	isbroadcast = 0
	sw_csum = 1
	pkt_dst = {s_addr = 16951488}
	iproute = {ro_rt = 0xc169be00, ro_dst = {sa_len = 16 '\020',
sa_family = 2 '\002', 
    sa_data = "\0\0ˬ\002\001\0\0\0\0\0\0\0"}}
	so = (struct socket *) 0x0
	sp = (struct secpolicy *) 0xc1624c80
	args = {m = 0xc06dcfc0, oif = 0x1, next_hop = 0x0, rule = 0x0, eh =
0x0, ro = 0x4, dst = 0x1,
  flags = -969983596, f_id = {dst_ip = 3226510491, src_ip = 3228422080,
dst_port = 0, src_port = 0, 
    proto = 0 '\0', flags = 106 'j'}, divert_rule = 0, retval = 3324983708}
	src_was_INADDR_ANY = 0
#6  0xc057e7b8 in ip_forward (m=0xc0e16a00, srcrt=1, next_hop=0x0) at
/usr/src/sys/netinet/ip_input.c:1929
	tag = {mh_next = 0x0, mh_nextpkt = 0xc06e6620, mh_data = 0x3(kgdb)
Received on Sun Nov 30 2003 - 17:20:38 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:37:32 UTC