off-by-one error in ip_fragment, recently.
Andre Oppermann
andre at freebsd.org
Sat Jan 10 15:15:20 PST 2004
David Gilbert wrote:
>
> I just updated a machine that uses GRE to -CURRENT. Upon rebooting,
> the debugger stopped at the following:
>
> "panic: m_copym, offset > size of mbuf chain"
There are two possible ways this can happen: The function m_copym
was called with off == 0, or off == m->m_len. Neither is supposed
to happen (obviously) so the bug must be in ip_fragment. Lets have
a look at that next...
> panic()
> m_copym()
> ip_fragment()
> ip_output()
> gre_output()
> ip_output()
> udp_output()
> upd_send()
> sosend()
> kern_sendit()
> sendit()
> sendto()
> syscall()
> xint0x80_syscall()
>
> ... now I'm not sure that the error is perfectly technically
> off-by-one, but its something similar.
Is this panic reproduceable? What kind of traffic was going on
at that time? Or was it right away when you started using the
GRE tunnel?
Could you please open a PR with this information too? It helps
keeping track of the progress.
--
Andre
More information about the freebsd-current
mailing list