From owner-freebsd-current@FreeBSD.ORG Sat Aug 20 16:11:10 2005 Return-Path: X-Original-To: freebsd-current@freebsd.org Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5697A16A41F; Sat, 20 Aug 2005 16:11:10 +0000 (GMT) (envelope-from pjd@garage.freebsd.pl) Received: from mail.garage.freebsd.pl (arm132.internetdsl.tpnet.pl [83.17.198.132]) by mx1.FreeBSD.org (Postfix) with ESMTP id 99E4843D48; Sat, 20 Aug 2005 16:11:09 +0000 (GMT) (envelope-from pjd@garage.freebsd.pl) Received: by mail.garage.freebsd.pl (Postfix, from userid 65534) id 4C75952C9B; Sat, 20 Aug 2005 18:11:08 +0200 (CEST) Received: from localhost (dkd118.neoplus.adsl.tpnet.pl [83.24.7.118]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.garage.freebsd.pl (Postfix) with ESMTP id E6DF052C6F; Sat, 20 Aug 2005 18:10:58 +0200 (CEST) Date: Sat, 20 Aug 2005 18:10:43 +0200 From: Pawel Jakub Dawidek To: Andrew Thompson Message-ID: <20050820161042.GA749@garage.freebsd.pl> References: <20050817231838.GA97927@heff.fud.org.nz> <20050818210128.GD18375@garage.freebsd.pl> <20050819011734.GA4206@heff.fud.org.nz> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="IJpNTDwzlM2Ie8A6" Content-Disposition: inline In-Reply-To: <20050819011734.GA4206@heff.fud.org.nz> X-PGP-Key-URL: http://people.freebsd.org/~pjd/pjd.asc X-OS: FreeBSD 7.0-CURRENT i386 User-Agent: mutt-ng devel (FreeBSD) X-Spam-Checker-Version: SpamAssassin 3.0.4 (2005-06-05) on mail.garage.freebsd.pl X-Spam-Level: X-Spam-Status: No, score=-0.5 required=3.0 tests=BAYES_00,RCVD_IN_NJABL_DUL, RCVD_IN_SORBS_DUL autolearn=no version=3.0.4 Cc: freebsd-current@freebsd.org, rwatson@FreeBSD.org Subject: Re: [PANIC] 6.0BETA2 in l2ping flood X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 20 Aug 2005 16:11:10 -0000 --IJpNTDwzlM2Ie8A6 Content-Type: text/plain; charset=iso-8859-2 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Aug 19, 2005 at 01:17:34PM +1200, Andrew Thompson wrote: +> On Thu, Aug 18, 2005 at 11:01:29PM +0200, Pawel Jakub Dawidek wrote: +> > On Thu, Aug 18, 2005 at 11:18:38AM +1200, Andrew Thompson wrote: +> > +> Interesting... I can get exactly the same panic by doing +> > +>=20 +> > +> ifconfig bridge0 create +> > +> <'tcpdump -i bridge0' on another terminal> +> > +> ifconfig bridge0 up +> > +> ifconfig bridge0 destroy +> >=20 +> > Here, when you destroy bridge0, callout handle is also destroyed, +> > but on detach, bpf wants to turn off promiscuous mode and call +> > bridge_init(), because it doesn't have IFF_DRV_RUNNING flag set. +> >=20 +> > bridge_init() calls callout_reset() on destroyed callout handle. +> >=20 +>=20 +> Thanks for explaining this, you have saved me a lot of suffering. +>=20 +> This patch fixes the panic on destroy, is it the correct way to solve +> the problem? I need to commit something before 6.0. My explanation wasn't quite right. callout_reset() is called on a valid handle, but right after that, softc structure if freed, so when softclock calls your function, softc is already dead. Here is a patch which fix it: http://people.freebsd.org/~pjd/patches/if_bridge.c.patch If you don't want to change bridge_softc structure size, you can also verify in bridge_init() if the given 'sc' is on bridge_list list. --=20 Pawel Jakub Dawidek http://www.wheel.pl pjd@FreeBSD.org http://www.FreeBSD.org FreeBSD committer Am I Evil? Yes, I Am! --IJpNTDwzlM2Ie8A6 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (FreeBSD) iD8DBQFDB1YCForvXbEpPzQRAsQBAJ0cRNlI61i1eXMpAO600MPiJ4bragCgn9fA 5rdeujjOGPZvO9Jh3FGdDJs= =LxDD -----END PGP SIGNATURE----- --IJpNTDwzlM2Ie8A6--