From owner-freebsd-net@FreeBSD.ORG  Mon Oct 15 18:10:04 2007
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 8160B16A468
	for <freebsd-net@hub.freebsd.org>; Mon, 15 Oct 2007 18:10:04 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
	[IPv6:2001:4f8:fff6::28])
	by mx1.freebsd.org (Postfix) with ESMTP id 6D36D13C45D
	for <freebsd-net@hub.freebsd.org>; Mon, 15 Oct 2007 18:10:04 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1])
	by freefall.freebsd.org (8.14.1/8.14.1) with ESMTP id l9FIA4Dg018426
	for <freebsd-net@freefall.freebsd.org>; Mon, 15 Oct 2007 18:10:04 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.14.1/8.14.1/Submit) id l9FIA42P018424;
	Mon, 15 Oct 2007 18:10:04 GMT (envelope-from gnats)
Date: Mon, 15 Oct 2007 18:10:04 GMT
Message-Id: <200710151810.l9FIA42P018424@freefall.freebsd.org>
To: freebsd-net@FreeBSD.org
From: "Jerry Toung" <jrytoung@gmail.com>
Cc: 
Subject: Re: kern/116077: 6.2-STABLE panic during use of multi-cast
	networking client
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: Jerry Toung <jrytoung@gmail.com>
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Oct 2007 18:10:04 -0000

The following reply was made to PR kern/116077; it has been noted by GNATS.

From: "Jerry Toung" <jrytoung@gmail.com>
To: bug-followup@FreeBSD.org, rse@FreeBSD.org
Cc:  
Subject: Re: kern/116077: 6.2-STABLE panic during use of multi-cast networking client
Date: Mon, 15 Oct 2007 10:34:45 -0700

 ------=_Part_38048_24391589.1192469685796
 Content-Type: text/plain; charset=ISO-8859-1
 Content-Transfer-Encoding: 7bit
 Content-Disposition: inline
 
 I have experienced the same crash. Please try this patch, it works for me. I
 am running 6.2 STABLE.
 Jerry
 
 
 
 diff -u ip_output.c.orig ip_output.c
 --- ip_output.c.orig    Thu Mar  8 05:19:03 2007
 +++ ip_output.c Fri Oct 12 10:23:32 2007
 @@ -58,6 +58,7 @@
  #include <netinet/in_var.h>
  #include <netinet/ip_var.h>
 
 @@ -1669,7 +1672,7 @@
 
         INP_UNLOCK(inp);
 
 -       imo = (struct ip_moptions*)malloc(sizeof(*imo), M_IPMOPTS,
 M_WAITOK);
 +       imo = (struct ip_moptions*)malloc(sizeof(*imo), M_IPMOPTS,
 M_WAITOK|M_ZERO);
 
         imo->imo_multicast_ifp = NULL;
         imo->imo_multicast_addr.s_addr = INADDR_ANY;
 
 @@ -1957,6 +1960,9 @@
                  * membership points.
                  */
                 in_delmulti(imo->imo_membership[i]);
 +               imo->imo_membership[i]->inm_ifma = NULL;
 +               imo->imo_membership[i]->inm_ifp = NULL;
 +               imo->imo_membership[i]->inm_addr.s_addr = 0;
                 /*
                  * Remove the gap in the membership array.
                  */
 
 
 
 
 
 diff -u ~tester/in.c.orig in.c
 --- /home/tester/in.c.orig      Mon Oct 15 10:21:45 2007
 +++ in.c        Fri Oct 12 08:24:18 2007
 @@ -1058,14 +1058,29 @@
  in_delmulti(inm)
         register struct in_multi *inm;
  {
 -       struct ifnet *ifp;
 +       struct ifnet *ifp, *it_ifp;
 +       int found = 0;
 
         ifp = inm->inm_ifp;
 +       if (ifp == NULL)
 +               return;
 +
 +       TAILQ_FOREACH(it_ifp, &ifnet, if_link) {
 +                if (ifp == it_ifp) {
 +                        found = 1;
 +                        break;
 +                }
 +       }
 +
 +       if (found == 0)
 +               return;
 +
         IFF_LOCKGIANT(ifp);
         IN_MULTI_LOCK();
         in_delmulti_locked(inm, 0);
         IN_MULTI_UNLOCK();
         IFF_UNLOCKGIANT(ifp);
 +
  }
 
 ------=_Part_38048_24391589.1192469685796
 Content-Type: text/html; charset=ISO-8859-1
 Content-Transfer-Encoding: 7bit
 Content-Disposition: inline
 
 I have experienced the same crash. Please try this patch, it works for me. I am running 6.2 STABLE.<br>
 Jerry<br>
 <br>
 <br>
 <br>
 <pre>diff -u ip_output.c.orig ip_output.c<br>--- ip_output.c.orig    Thu Mar  8 05:19:03 2007<br>+++ ip_output.c Fri Oct 12 10:23:32 2007<br>@@ -58,6 +58,7 @@<br> #include &lt;netinet/in_var.h&gt;<br> #include &lt;netinet/ip_var.h&gt;
 <br><br>@@ -1669,7 +1672,7 @@<br><br>        INP_UNLOCK(inp);<br><br>-       imo = (struct ip_moptions*)malloc(sizeof(*imo), M_IPMOPTS, <br>M_WAITOK);<br>+       imo = (struct ip_moptions*)malloc(sizeof(*imo), M_IPMOPTS, 
 <br>M_WAITOK|M_ZERO);<br><br>        imo-&gt;imo_multicast_ifp = NULL;<br>        imo-&gt;imo_multicast_addr.s_addr = INADDR_ANY;<br><br>@@ -1957,6 +1960,9 @@<br>                 * membership points.<br>                 */
 <br>                in_delmulti(imo-&gt;imo_membership[i]);<br>+               imo-&gt;imo_membership[i]-&gt;inm_ifma = NULL;<br>+               imo-&gt;imo_membership[i]-&gt;inm_ifp = NULL;<br>+               imo-&gt;imo_membership[i]-&gt;inm_addr.s_addr = 0;
 <br>                /*<br>                 * Remove the gap in the membership array.<br>                 */<br><br><br><br><br><br>diff -u ~tester/in.c.orig in.c<br>--- /home/tester/in.c.orig      Mon Oct 15 10:21:45 2007
 <br>+++ in.c        Fri Oct 12 08:24:18 2007<br>@@ -1058,14 +1058,29 @@<br> in_delmulti(inm)<br>        register struct in_multi *inm;<br> {<br>-       struct ifnet *ifp;<br>+       struct ifnet *ifp, *it_ifp;<br>+       int found = 0;
 <br><br>        ifp = inm-&gt;inm_ifp;<br>+       if (ifp == NULL)<br>+               return;<br>+<br>+       TAILQ_FOREACH(it_ifp, &amp;ifnet, if_link) {<br>+                if (ifp == it_ifp) {<br>+                        found = 1;
 <br>+                        break;<br>+                }<br>+       }<br>+<br>+       if (found == 0)<br>+               return;<br>+<br>        IFF_LOCKGIANT(ifp);<br>        IN_MULTI_LOCK();<br>        in_delmulti_locked(inm, 0);
 <br>        IN_MULTI_UNLOCK();<br>        IFF_UNLOCKGIANT(ifp);<br>+<br> }</pre>
 <br>
 
 ------=_Part_38048_24391589.1192469685796--