panic in recent RELENG_5 tcp code path
Gleb Smirnoff
glebius at FreeBSD.org
Fri May 20 01:04:41 PDT 2005
Jeremie,
On Thu, May 19, 2005 at 02:56:39PM +0200, Jeremie Le Hen wrote:
J> > Can you load a kernel.debug into gdb and do "l *(tcp_output+0xb49)" and
J> > post the output? that offset isn't a function call in my kernel.
J> > tcp_output() doesn't call m_copypacket directly so the exact spot is
J> > difficult to find.
J>
J> %%%
J> (gdb) l *(tcp_output+0xb49)
J> 0xc061b63d is in tcp_output (../../../netinet/tcp_output.c:813).
J> 808 m->m_data += max_linkhdr;
J> 809 m->m_len = hdrlen;
J> 810 if (len <= MHLEN - hdrlen - max_linkhdr) {
J> 811 m_copydata(so->so_snd.sb_mb, off, (int) len,
J> 812 mtod(m, caddr_t) + hdrlen);
J> 813 m->m_len += len;
J> 814 } else {
J> 815 m->m_next = m_copy(so->so_snd.sb_mb, off, (int) len);
J> 816 if (m->m_next == 0) {
J> 817 SOCKBUF_UNLOCK(&so->so_snd);
J> %%%
J>
J> tcp_output.c rev 1.100.2.7.
according to the fact that the panic occured in dereferncing mbuf pointer
your kernel is compiled without INVARIANTS.
Please compile it with INVARIANTS. This will probably help to trigger panic
earlier, and it will be more clear.
--
Totus tuus, Glebius.
GLEBIUS-RIPN GLEB-RIPE
More information about the freebsd-stable
mailing list