Re: off-by-one error in ip_fragment, recently.

From: David Gilbert <dgilbert_at_dclg.ca>
Date: Sun, 11 Jan 2004 15:19:27 -0500
OK, I've created kern/61215 on this issue.  The backtrace is:

#0  doadump () at /usr/src/sys/kern/kern_shutdown.c:240
#1  0xc0508512 in boot (howto=256) at /usr/src/sys/kern/kern_shutdown.c:372
#2  0xc0508868 in panic () at /usr/src/sys/kern/kern_shutdown.c:550
#3  0xc0544fa5 in m_copym (m=0x0, off0=1500, len=1480, wait=4)
    at /usr/src/sys/kern/uipc_mbuf.c:211
#4  0xc059b941 in ip_fragment (ip=0xc1e919e8, m_frag=0xdf92c9e0, 
    mtu=-1041688000, if_hwassist_flags=0, sw_csum=1)
    at /usr/src/sys/netinet/ip_output.c:1219
#5  0xc059b55f in ip_output (m0=0x1, opt=0xc1e919e8, ro=0xc5f8edfc, flags=0, 
    imo=0x0, inp=0x0) at /usr/src/sys/netinet/ip_output.c:1047
#6  0xc611054f in gre_output (ifp=0xc5f8ec00, m=0xc1e91900, dst=0xc1e919e8, 
    rt=0xc612ce00) at /usr/src/sys/net/if_gre.c:372
#7  0xc059b4f0 in ip_output (m0=0x1, opt=0xc2b2a00e, ro=0xdf92cb7c, flags=1, 
    imo=0x0, inp=0x0) at /usr/src/sys/netinet/ip_output.c:1021
#8  0xc059a3c6 in ip_forward (m=0xc1e8bb00, srcrt=0, next_hop=0x0)
    at /usr/src/sys/netinet/ip_input.c:1929
#9  0xc0598db0 in ip_input (m=0xc1e8bb00)
    at /usr/src/sys/netinet/ip_input.c:739
#10 0xc057bc7e in netisr_processqueue (ni=0xc074a718)
    at /usr/src/sys/net/netisr.c:152
#11 0xc057c093 in swi_net (dummy=0x0) at /usr/src/sys/net/netisr.c:257
#12 0xc04f5112 in ithread_loop (arg=0xc1e74500)
    at /usr/src/sys/kern/kern_intr.c:544
#13 0xc04f4104 in fork_exit (callout=0xc04f4f80 <ithread_loop>, arg=0x0, 
    frame=0x0) at /usr/src/sys/kern/kern_fork.c:796

... it doesn't appear that udp plays a part, it does appear that
stack corruption my be in play, and it likely has to do with the fact
that the system on which this is occuring is operating as a router.

Dave.

-- 
============================================================================
|David Gilbert, Independent Contractor.       | Two things can only be     |
|Mail:       dave_at_daveg.ca                    |  equal if and only if they |
|http://daveg.ca                              |   are precisely opposite.  |
=========================================================GLO================
Received on Sun Jan 11 2004 - 11:19:31 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:37:37 UTC