panic in recent RELENG_5 tcp code path

Gleb Smirnoff glebius at
Fri May 20 01:04:41 PDT 2005


On Thu, May 19, 2005 at 02:56:39PM +0200, Jeremie Le Hen wrote:
J> > Can you load a kernel.debug into gdb and do "l *(tcp_output+0xb49)"  and
J> > post the output? that offset isn't a function call in my kernel.
J> > tcp_output() doesn't call m_copypacket directly so the exact spot is
J> > difficult to find.
J> %%%
J>     (gdb) l *(tcp_output+0xb49)
J>     0xc061b63d is in tcp_output (../../../netinet/tcp_output.c:813).
J>     808                     m->m_data += max_linkhdr;
J>     809                     m->m_len = hdrlen;
J>     810                     if (len <= MHLEN - hdrlen - max_linkhdr) {
J>     811                             m_copydata(so->so_snd.sb_mb, off, (int) len,
J>     812                                 mtod(m, caddr_t) + hdrlen);
J>     813                             m->m_len += len;
J>     814                     } else {
J>     815                             m->m_next = m_copy(so->so_snd.sb_mb, off, (int) len);
J>     816                             if (m->m_next == 0) {
J>     817                                     SOCKBUF_UNLOCK(&so->so_snd);
J> %%%
J> tcp_output.c rev

according to the fact that the panic occured in dereferncing mbuf pointer
your kernel is compiled without INVARIANTS.

Please compile it with INVARIANTS. This will probably help to trigger panic
earlier, and it will be more clear.

Totus tuus, Glebius.

More information about the freebsd-stable mailing list