Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 17 Nov 2012 15:13:41 -0800
From:      Vijay Singh <vijju.singh@gmail.com>
To:        Robert Watson <rwatson@FreeBSD.org>
Cc:        FreeBSD Net <freebsd-net@freebsd.org>, Adrian Chadd <adrian@freebsd.org>, Ian FREISLICH <ianf@clue.co.za>, "freebsd-current@freebsd.org" <freebsd-current@freebsd.org>
Subject:   Re: netisr panic?
Message-ID:  <55449D50-389B-4080-9B6F-A7CC0C0A2D1E@gmail.com>
In-Reply-To: <alpine.BSF.2.00.1211172130300.94966@fledge.watson.org>
References:  <E1TZjzu-0000R1-HA@clue.co.za> <CAJ-Vmon_AJCcatduf7c70wpCvHYm=v8ytsUwfzBwf0u65r0FwA@mail.gmail.com> <E1TZmtO-0000Xg-Cv@clue.co.za> <CAJ-VmonGWFc3W528BJby_C%2B-J3B0Eb2D06GGLTajbgsHvHTfiA@mail.gmail.com> <alpine.BSF.2.00.1211172130300.94966@fledge.watson.org>

next in thread | previous in thread | raw e-mail | index | archive | help
Or cluster allocation failed, and only the mbuf was used.

Sent from my iPhone

On Nov 17, 2012, at 1:31 PM, Robert Watson <rwatson@FreeBSD.org> wrote:

> Panics along these lines often occur if there is a concurrency bug in a de=
vice driver such that it modifies an mbuf after dispatching to the network s=
tack. E.g., by freeing it, reusing it, an errant dereference, etc.  Not guar=
anteed, but that is where I'd start.
>=20
> Robert
>=20
> On Sat, 17 Nov 2012, Adrian Chadd wrote:
>=20
>> Check what mtod() is doing.
>>=20
>> mbuf.h:#define    mtod(m, t)    ((t)((m)->m_data))
>>=20
>> .. so if m->m_data is NULL, bam.
>>=20
>> The question is why is m_data NULL here.  Someone mbuf cluey is going
>> to have to answer that. I don't know whether the MH_dat stuff is being
>> treated as valid but m_data isn't being updated, or something.
>>=20
>>=20
>> Adrian
>>=20
>> On 17 November 2012 10:13, Ian FREISLICH <ianf@clue.co.za> wrote:
>>> Adrian Chadd wrote:
>>>> It's a NULL ponter deref. This is my line 484 in if_ethersubr.c:
>>>>=20
>>>>        eh =3D mtod(m, struct ether_header *);
>>>>=20
>>>>=20
>>>> .. if that's yours, see if eh is NULL?
>>>=20
>>> (kgdb) frame 7
>>> #7  0xffffffff8050f534 in ether_nh_input (m=3D0xfffffe012521e700)
>>>    at /usr/src/sys/net/if_ethersubr.c:484
>>> 484             eh =3D mtod(m, struct ether_header *);
>>> (kgdb) print eh
>>> No symbol "eh" in current context.
>>> (kgdb) print *m
>>> $2 =3D {m_hdr =3D {mh_next =3D 0x100000000000000, mh_nextpkt =3D 0x10000=
000000,
>>>    mh_data =3D 0x0, mh_len =3D 60, mh_flags =3D 4259842, mh_type =3D 0,
>>>    pad =3D "\000\000\000\000\000"}, M_dat =3D {MH =3D {MH_pkthdr =3D {
>>>        rcvif =3D 0xfffffe000a1c2000, header =3D 0xffffffff, len =3D 60, f=
lowid =3D 0,
>>>        csum_flags =3D 3840, csum_data =3D 65535, tso_segsz =3D 0, PH_vt =3D=
 {
>>>          vt_vtag =3D 4, vt_nrecs =3D 4}, tags =3D {slh_first =3D 0x3c000=
000}},
>>>      MH_dat =3D {MH_ext =3D {
>>>          ext_buf =3D 0x69e5498600000000 <Address 0x69e5498600000000 out o=
f bounds>, ext_free =3D 0x10602, ext_arg1 =3D 0xc000000070000, ext_arg2 =3D 0=
x100,
>>>          ext_size =3D 2048, ref_cnt =3D 0xfffffe0125236d8c, ext_type =3D=
 6},
>>>        MH_databuf =3D "\000\000\000\000\206I=D0=B5i\002\006\001\000\000\=
000\000\000\000\000\a\000\000\000\f\000\000\001\000\000\000\000\000\000\000\=
b\000\000\000\000\000\000\214m#%\001=D1=8E=D1=8F=D1=8F\006", '\0' <repeats 1=
18 times>}},
>>>    M_databuf =3D "\000 \034\n\000=D1=8E=D1=8F=D1=8F=D1=8F=D1=8F=D1=8F=D1=
=8F\000\000\000\000<\000\000\000\000\000\000\000\000\017\000\000=D1=8F=D1=8F=
\000\000\000\000\004\000\000\000\000\000\000\000\000<\000\000\000\000\000\00=
0\000\000\206I=D0=B5i\002\006\001\000\000\000\000\000\000\000\a\000\000\000\=
f\000\000\001\000\000\000\000\000\000\000\b\000\000\000\000\000\000\214m#%\0=
01=D1=8E=D1=8F=D1=8F\006", '\0' <repeats 118 times>}}
>>>=20
>>>=20
>>> Ian
>>>=20
>>> --
>>> Ian Freislich
>>>=20
>>> _______________________________________________
>>> freebsd-current@freebsd.org mailing list
>>> http://lists.freebsd.org/mailman/listinfo/freebsd-current
>>> To unsubscribe, send any mail to "freebsd-current-unsubscribe@freebsd.or=
g"
>> _______________________________________________
>> freebsd-current@freebsd.org mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-current
>> To unsubscribe, send any mail to "freebsd-current-unsubscribe@freebsd.org=
"
> _______________________________________________
> freebsd-net@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?55449D50-389B-4080-9B6F-A7CC0C0A2D1E>