From owner-freebsd-current@FreeBSD.ORG  Wed Apr  5 09:35:07 2006
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
X-Original-To: freebsd-current@freebsd.org
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 20AFE16A401
	for <freebsd-current@freebsd.org>; Wed,  5 Apr 2006 09:35:07 +0000 (UTC)
	(envelope-from rwatson@FreeBSD.org)
Received: from cyrus.watson.org (cyrus.watson.org [209.31.154.42])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 2429B43D6E
	for <freebsd-current@freebsd.org>; Wed,  5 Apr 2006 09:35:03 +0000 (GMT)
	(envelope-from rwatson@FreeBSD.org)
Received: from fledge.watson.org (fledge.watson.org [209.31.154.41])
	by cyrus.watson.org (Postfix) with ESMTP id 0A24246CDE;
	Wed,  5 Apr 2006 05:35:02 -0400 (EDT)
Date: Wed, 5 Apr 2006 10:35:01 +0100 (BST)
From: Robert Watson <rwatson@FreeBSD.org>
X-X-Sender: robert@fledge.watson.org
To: Kazuaki Oda <kaakun@highway.ne.jp>
In-Reply-To: <44334F5A.9060408@highway.ne.jp>
Message-ID: <20060405103429.D82516@fledge.watson.org>
References: <4430FAAF.2040809@highway.ne.jp>
	<20060403133210.U36756@fledge.watson.org>
	<44311AB5.2010407@highway.ne.jp>
	<20060404141813.H22854@fledge.watson.org>
	<44333063.70606@highway.ne.jp> <44334F5A.9060408@highway.ne.jp>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
Cc: freebsd-current@freebsd.org
Subject: Re: kernel panic: page fault
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>, 
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Apr 2006 09:35:07 -0000


On Wed, 5 Apr 2006, Kazuaki Oda wrote:

> I've read the source code:
>
>
> 	/*
> 	 * XXXRW: Time wait state for inpcb has been recycled, but inpcb is
> 	 * still present.  This is undesirable, but temporarily necessary
> 	 * until we work out how to handle inpcb's who's timewait state has
> 	 * been removed.
> 	 */
> 	if (tw == NULL)
> 		goto drop;
>
> <snip>
>
> drop:
> 	INP_UNLOCK(tw->tw_inpcb);
> 	m_freem(m);
> 	return (0);
>
>
> Hmm, it seems to be null pointer dereference because tw is NULL...

Indeed.  I've inserted a NULL check here.  Thanks again!

Robert N M Watson