panic: TCP header not in one mbuf

YONETANI Tomokazu qhwt+dragonfly-bugs at les.ath.cx
Fri Jul 16 23:53:20 PDT 2004


Hello.
Encountered this panic while downloading NetBSD source tree with CVSup.
The kernel was compiled at 12th of July, but as far as I looked at commits@
list, there's not a relavant fix yet. FWIW, the panicked DragonFly
machine is behind a FreeBSD-CURRENT ipnat box, and I'm using mssclamp
option in the ipnat rule file to workaround MTU problem. I'm going to
do some more tests to see if it's reproducible.

(kgdb) bt
#0  dumpsys () at /home/source/dragonfly/src/sys/kern/kern_shutdown.c:503
#1  0xc015db82 in boot (howto=256) at /home/source/dragonfly/src/sys/kern/kern_shutdown.c:336
#2  0xc015e046 in poweroff_wait (junk=0xc024f906, howto=0)
    at /home/source/dragonfly/src/sys/kern/kern_shutdown.c:615
#3  0xc01be24d in tcp_input (m=0xc5db2500)
    at /home/source/dragonfly/src/sys/netinet/tcp_input.c:510
#4  0xc01b8e52 in transport_processing_oncpu (m=0xc5db2500, hlen=20, ip=0xc5d9c020, nexthop=0x0)
    at /home/source/dragonfly/src/sys/netinet/ip_input.c:425
#5  0xc01b8e96 in transport_processing_handler (lmsg=0xc64eabe8)
    at /home/source/dragonfly/src/sys/netinet/ip_input.c:446
#6  0xc01ae049 in netmsg_service_loop (arg=0x0) at /home/source/dragonfly/src/sys/net/netisr.c:206
(kgdb) fra 3
#3  0xc01be24d in tcp_input (m=0xc5db2500)
    at /home/source/dragonfly/src/sys/netinet/tcp_input.c:510
510                     KASSERT(m->m_len >= sizeof(struct tcpiphdr),
(kgdb) list
505                     if (off0 > sizeof(struct ip)) {
506                             ip_stripoptions(m);
507                             off0 = sizeof(struct ip);
508                     }
509                     /* already checked and pulled up in ip_demux() */
510                     KASSERT(m->m_len >= sizeof(struct tcpiphdr),
511                         ("TCP header not in one mbuf"));
512                     ip = mtod(m, struct ip *);
513                     ipov = (struct ipovly *)ip;
514                     th = (struct tcphdr *)((caddr_t)ip + off0);
(kgdb) print *m
$1 = {
  m_hdr = {
    mh_next = 0xc5db0600,
    mh_nextpkt = 0x0,
    mh_data = 0xc5d9c012 "",
    mh_len = 0,
    mh_type = 1,
    mh_flags = 3
  },
  M_dat = {
    MH = {
      MH_pkthdr = {
        rcvif = 0x0,
        len = 1456,
        header = 0xc5d9c020,
        csum_flags = 0,
        csum_data = 64,
        tags = {
          slh_first = 0x0
        }
      },
      MH_dat = {
        MH_ext = {
          ext_buf = 0xc5d9c000 "",
          ext_free = 0,
          ext_size = 2048,
          ext_ref = 0
        },
        MH_databuf = "\000タルナ\000\000\000\000\000\b\000\000\000\000\000\000E\020\0004Q@\000@\006\2200ャ\020\000\200ャ\020\000\001\021フ\000\026\003*\005\204ツ、O\202\200\020\020F\216\000\000\001\001\b\n\000\bル?\013q\f'Lィ\210ケMハニ\022t\225U;Jメ\005\001\0261\216゜\211\201\002\000レ\0020\002\002\0008 \005\000\024\000`\000\f\000\000\000\000\000\000\000\000L\001\005\000\021\000`\000\024\000`\000\002\000\034\000    \021\00
0`\000\024\000`\000\002\000ト\000 ,`", '\000' <repeats 52 times>
      }
    },
    M_databuf = "\000\000\000\000−\005\000\000 タルナ\000\000\000\000@\000\000\000\000\000\000\000\000タ---Type <return> to continue, or q <return> to quit---
ルナ\000\000\000\000\000\b\000\000\000\000\000\000E\020\0004Q@\000@\006\2200ャ\020\000\200ャ\020\000\001\021フ\000\026\003*\005\204ツ、O\202\200\020\020F\216\000\000\001\001\b\n\000\bル?\013q\f'Lィ\210ケMハニ\022t\225U;Jメ\005\001\0261\216゜\211\201\002\000レ\0020\002\002\0008 \005\000\024\000`\000\f\000\000\000\000\000\000\000\000L\001\005\000\021\000`\000\024\000`\000\002\000\034\000    \021\000`\000\024\000`\000\002\000
$B%H\000 ,`", '\000' <repeats 52 times>
  }
}
(kgdb)
Script done on Sat Jul 17 15:34:52 2004





More information about the Bugs mailing list