Re: crash in in6_cksum

["Arne H. Juul" <arnej%pvv.ntnu.no@localhost>]

On Wed, 20 Feb 2008, Arne H. Juul wrote:
> I'm unable to boot a current kernel on my NetBSD/i386 machine, it 
> crashes with panic "in6_cksum: mbuf too short for IPv6 header" at stack:

Joerg Sonnenberger wrote:
> Can you please print m->m_len, off, len and m->m_pkthdr.len at the place 
> of the panic?

not quite, I'm not quite sure what the right gdb incantations would be. 
But here's what I managed to get:

# gdb /usr/obj/sys/arch/i386/compile/INNGANG/netbsd.gdb 
GNU gdb 6.5
Copyright (C) 2006 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386--netbsdelf"...

(gdb) target kvm /var/crash/netbsd.6.core
#0  0xc04fac12 in cpu_reboot (howto=256, bootstr=0x0) at
/usr/src/sys/arch/i386/i386/machdep.c:952
952                     dumpsys();

(gdb) bt
#0  0xc04fac12 in cpu_reboot (howto=256, bootstr=0x0) at
/usr/src/sys/arch/i386/i386/machdep.c:952
#1  0xc045600a in panic (fmt=0xc0966534 "in6_cksum: mbuf too short for
IPv6 header")
    at /usr/src/sys/kern/subr_prf.c:260
#2  0xc0189e64 in in6_cksum (m=0xc352d900, nxt=0 '\0', off=40, len=202)
    at /usr/src/sys/netinet6/in6_cksum.c:63
#3  0xc0184cbc in icmp6_input (mp=0xccaefd38, offp=0xccaefd1c, proto=58)
    at /usr/src/sys/netinet6/icmp6.c:482
#4  0xc0191812 in ip6_input (m=0xc352d900) at
/usr/src/sys/netinet6/ip6_input.c:819
#5  0xc0191b2f in ip6intr () at /usr/src/sys/netinet6/ip6_input.c:236
#6  0xc043d1f9 in softint_dispatch (pinned=0xcd570280, s=3) at
/usr/src/sys/kern/kern_softint.c:507
#7  0xc0100e4d in Xsoftintr ()
#8  0x00000000 in ?? ()

(gdb) frame 2
#2  0xc0189e64 in in6_cksum (m=0xc352d900, nxt=0 '\0', off=40, len=202)
    at /usr/src/sys/netinet6/in6_cksum.c:63
63                      panic("in6_cksum: mbuf too short for IPv6 header");

[that shows "off" and "len" at least]

(gdb) print m->m_len
There is no member named m_len.
(gdb) print m->m_pkthdr.len
There is no member named m_pkthdr.

(gdb) print m->m_hdr
$1 = {mh_next = 0xc352d800, mh_nextpkt = 0x0, mh_data = 0xc352d9d0 "`",
mh_owner = 0x3200762c, mh_len = 0,
  mh_flags = 66, mh_paddr = 1993619712, mh_type = 1}

(gdb) print *m
$3 = {m_hdr = {mh_next = 0xc352d800, mh_nextpkt = 0x0, mh_data =
0xc352d9d0 "`", mh_owner = 0x3200762c,
    mh_len = 0, mh_flags = 66, mh_paddr = 1993619712, mh_type = 1},
M_dat = {MH = {MH_pkthdr = {
        rcvif = 0xc324e400, tags = {slh_first = 0xc351db40}, len = 242,
csum_flags = 0,
        csum_data = 2621446, segsz = 16777216}, MH_dat = {MH_ext =
{ext_buf = 0x0, ext_free = 0,
          ext_arg = 0x0, ext_size = 0, ext_type = 0x0, ext_nextref =
0x0, ext_prevref = 0x0, ext_un = {
            extun_paddr = 0, extun_pgs = {0x0 <repeats 17 times>}}},
        MH_databuf = '\0' <repeats 152 times>, "`\000\000\000\000Ê:@",
'\0' <repeats 15 times>, "\001", '\0' <repeats 15 times>,
"\001\001\004\214Æ\000\000\000"}},
    M_databuf =
"\000ä$Ã@ÛQÃò\000\000\000\000\000\000\000\006\000(\000\000\000\000\001",
'\0' <repeats 152 times>, "`\000\000\000\000Ê:@", '\0' <repeats 15
times>, "\001", '\0' <repeats 15 times>,
"\001\001\004\214Æ\000\000\000"}}

Hope this helps,

  -  Arne H. J.