From owner-freebsd-stable@FreeBSD.ORG Tue Apr 8 14:26:54 2008 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id BC0F21065670 for ; Tue, 8 Apr 2008 14:26:54 +0000 (UTC) (envelope-from jhb@freebsd.org) Received: from elvis.mu.org (elvis.mu.org [192.203.228.196]) by mx1.freebsd.org (Postfix) with ESMTP id A8D358FC30 for ; Tue, 8 Apr 2008 14:26:54 +0000 (UTC) (envelope-from jhb@freebsd.org) Received: from zion.baldwin.cx (66-23-211-162.clients.speedfactory.net [66.23.211.162]) by elvis.mu.org (Postfix) with ESMTP id 0E3931A4D82; Tue, 8 Apr 2008 07:26:54 -0700 (PDT) From: John Baldwin To: freebsd-stable@freebsd.org Date: Tue, 8 Apr 2008 09:57:30 -0400 User-Agent: KMail/1.9.7 References: <01ab01c898ca$ce4763e0$6ad62ba0$@muni.cz> In-Reply-To: <01ab01c898ca$ce4763e0$6ad62ba0$@muni.cz> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-2" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200804080957.30738.jhb@freebsd.org> Cc: Petr Holub , re@FreeBSD.org Subject: Re: panics on 6.3-RELEASE in IP stack X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Apr 2008 14:26:54 -0000 On Monday 07 April 2008 12:16:53 pm Petr Holub wrote: > Hi all, > > I started to play with RAT application (ports: mbone/rat + an SVN version) > and > it seems to crash my 6.3-RELEASE-p1 box in rather deterministic way. Crash > details are shown below. Has anyone seen a problem like this? Yes, there's an off-by-one reference count bug in the multicast stuff. You need 1.85.2.10 of sys/netinet/in.c: Index: in.c =================================================================== RCS file: /host/cvs/usr/cvs/src/sys/netinet/in.c,v retrieving revision 1.85.2.9 retrieving revision 1.85.2.10 diff -u -r1.85.2.9 -r1.85.2.10 --- in.c 7 Jul 2007 00:54:46 -0000 1.85.2.9 +++ in.c 22 Feb 2008 19:13:56 -0000 1.85.2.10 @@ -991,7 +991,6 @@ * a new record. Otherwise, we are done. */ if (ifma->ifma_protospec != NULL) { - if_delmulti_ent(ifma); /* We don't need another reference */ IN_MULTI_UNLOCK(); IFF_UNLOCKGIANT(ifp); return ifma->ifma_protospec; Given how simple the patch is and that if fixes a known panic this might be worthy of an errata notice or errata candidate. (At least a note in the errata pointing to the 1.85.2.10 commit if not an actual patch to RELENG_6_3.) -- John Baldwin