From owner-freebsd-net@FreeBSD.ORG  Sat Nov 17 21:31:19 2012
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
 by hub.freebsd.org (Postfix) with ESMTP id 3F052A31;
 Sat, 17 Nov 2012 21:31:19 +0000 (UTC)
 (envelope-from rwatson@FreeBSD.org)
Received: from cyrus.watson.org (cyrus.watson.org [65.122.17.42])
 by mx1.freebsd.org (Postfix) with ESMTP id E904D8FC12;
 Sat, 17 Nov 2012 21:31:18 +0000 (UTC)
Received: from fledge.watson.org (fledge.watson.org [65.122.17.41])
 by cyrus.watson.org (Postfix) with ESMTPS id 481E746B0D;
 Sat, 17 Nov 2012 16:31:18 -0500 (EST)
Date: Sat, 17 Nov 2012 21:31:18 +0000 (GMT)
From: Robert Watson <rwatson@FreeBSD.org>
X-X-Sender: robert@fledge.watson.org
To: Adrian Chadd <adrian@freebsd.org>
Subject: Re: netisr panic?
In-Reply-To: <CAJ-VmonGWFc3W528BJby_C+-J3B0Eb2D06GGLTajbgsHvHTfiA@mail.gmail.com>
Message-ID: <alpine.BSF.2.00.1211172130300.94966@fledge.watson.org>
References: <E1TZjzu-0000R1-HA@clue.co.za>
 <CAJ-Vmon_AJCcatduf7c70wpCvHYm=v8ytsUwfzBwf0u65r0FwA@mail.gmail.com>
 <E1TZmtO-0000Xg-Cv@clue.co.za>
 <CAJ-VmonGWFc3W528BJby_C+-J3B0Eb2D06GGLTajbgsHvHTfiA@mail.gmail.com>
User-Agent: Alpine 2.00 (BSF 1167 2008-08-23)
MIME-Version: 1.0
Content-Type: MULTIPART/MIXED;
 BOUNDARY="621616949-1601276811-1353187878=:94966"
Cc: FreeBSD Net <freebsd-net@freebsd.org>, Ian FREISLICH <ianf@clue.co.za>,
 freebsd-current@freebsd.org
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 17 Nov 2012 21:31:19 -0000

  This message is in MIME format.  The first part should be readable text,
  while the remaining parts are likely unreadable without MIME-aware tools.

--621616949-1601276811-1353187878=:94966
Content-Type: TEXT/PLAIN; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8BIT

Panics along these lines often occur if there is a concurrency bug in a device 
driver such that it modifies an mbuf after dispatching to the network stack. 
E.g., by freeing it, reusing it, an errant dereference, etc.  Not guaranteed, 
but that is where I'd start.

Robert

On Sat, 17 Nov 2012, Adrian Chadd wrote:

> Check what mtod() is doing.
>
> mbuf.h:#define	mtod(m, t)	((t)((m)->m_data))
>
> .. so if m->m_data is NULL, bam.
>
> The question is why is m_data NULL here.  Someone mbuf cluey is going
> to have to answer that. I don't know whether the MH_dat stuff is being
> treated as valid but m_data isn't being updated, or something.
>
>
> Adrian
>
> On 17 November 2012 10:13, Ian FREISLICH <ianf@clue.co.za> wrote:
>> Adrian Chadd wrote:
>>> It's a NULL ponter deref. This is my line 484 in if_ethersubr.c:
>>>
>>>         eh = mtod(m, struct ether_header *);
>>>
>>>
>>> .. if that's yours, see if eh is NULL?
>>
>> (kgdb) frame 7
>> #7  0xffffffff8050f534 in ether_nh_input (m=0xfffffe012521e700)
>>     at /usr/src/sys/net/if_ethersubr.c:484
>> 484             eh = mtod(m, struct ether_header *);
>> (kgdb) print eh
>> No symbol "eh" in current context.
>> (kgdb) print *m
>> $2 = {m_hdr = {mh_next = 0x100000000000000, mh_nextpkt = 0x10000000000,
>>     mh_data = 0x0, mh_len = 60, mh_flags = 4259842, mh_type = 0,
>>     pad = "\000\000\000\000\000"}, M_dat = {MH = {MH_pkthdr = {
>>         rcvif = 0xfffffe000a1c2000, header = 0xffffffff, len = 60, flowid = 0,
>>         csum_flags = 3840, csum_data = 65535, tso_segsz = 0, PH_vt = {
>>           vt_vtag = 4, vt_nrecs = 4}, tags = {slh_first = 0x3c000000}},
>>       MH_dat = {MH_ext = {
>>           ext_buf = 0x69e5498600000000 <Address 0x69e5498600000000 out of bounds>, ext_free = 0x10602, ext_arg1 = 0xc000000070000, ext_arg2 = 0x100,
>>           ext_size = 2048, ref_cnt = 0xfffffe0125236d8c, ext_type = 6},
>>         MH_databuf = "\000\000\000\000\206Iеi\002\006\001\000\000\000\000\000\000\000\a\000\000\000\f\000\000\001\000\000\000\000\000\000\000\b\000\000\000\000\000\000\214m#%\001юяя\006", '\0' <repeats 118 times>}},
>>     M_databuf = "\000 \034\n\000юяяяяяя\000\000\000\000<\000\000\000\000\000\000\000\000\017\000\000яя\000\000\000\000\004\000\000\000\000\000\000\000\000<\000\000\000\000\000\000\000\000\206Iеi\002\006\001\000\000\000\000\000\000\000\a\000\000\000\f\000\000\001\000\000\000\000\000\000\000\b\000\000\000\000\000\000\214m#%\001юяя\006", '\0' <repeats 118 times>}}
>>
>>
>> Ian
>>
>> --
>> Ian Freislich
>>
>> _______________________________________________
>> freebsd-current@freebsd.org mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-current
>> To unsubscribe, send any mail to "freebsd-current-unsubscribe@freebsd.org"
> _______________________________________________
> freebsd-current@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-current
> To unsubscribe, send any mail to "freebsd-current-unsubscribe@freebsd.org"
--621616949-1601276811-1353187878=:94966--