panic: m_copydata, length > size of mbuf chain

Tilman Linneweh arved at
Mon Mar 21 13:29:25 PST 2005


I am frequently running into this problem, when connecting from a NAT'ed
network via SSH to a host behind my IPfilter/IPnat firewall running
RELENG_5. It usually happens if i close my laptop's lid without closing the
SSH session.

DDB backtrace looks like this:

Tracing pid 27 tid 100021 td 0xc107f190
kdb_enter(c06b8a22) at kdb_enter+0x2b
panic(c06be9b5,1,c2213340,c2213300,ca8a8b34) at panic+0xbb
m_copydata(c123a600,0,38,c2213340,0) at m_copydata+0x66
ipllog(0,ca8a8be0,ca8a8b68,ca8a8b60,ca8a8b58) at ipllog+0x1f1
ipflog(19,c123a650,ca8a8be0,c123a600,0) at ipflog+0x18f
fr_check(c123a650,14,c1120000,0,ca8a8c88) at fr_check+0xc6c
fr_check_wrapper(0,ca8a8c88,c1120000,1,0) at fr_check_wrapper+0x2a
pfil_run_hooks(c074a000,ca8a8cd4,c1120000,1,0) at pfil_run_hooks+0xbd
ip_input(c123a600) at ip_input+0x231
netisr_processqueue(c0749298) at netisr_processqueue+0x6e
swi_net(0) at swi_net+0x88
ithread_loop(c1074500,ca8a8d48,c1074500,c050f198,0) at ithread_loop+0x124
fork_exit(c050f198,c1074500,ca8a8d48) at fork_exit+0xa4
fork_trampoline() at fork_trampoline+0x8

This happens even if i set debug.mpsafenet=0 in loader.conf.


PS: Before RELENG_5 was created, this box ran very stable with 5.2.1. 

More information about the freebsd-stable mailing list