Date: Mon, 17 Mar 2008 06:20:03 GMT From: Edwin Groothuis <edwin@mavetju.org> To: freebsd-bugs@FreeBSD.org Subject: Re: kern/121774: 6.3 kernel panic in swi1: net Message-ID: <200803170620.m2H6K3U5031696@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR kern/121774; it has been noted by GNATS.
From: Edwin Groothuis <edwin@mavetju.org>
To: FreeBSD Gnats Submit <freebsd-gnats-submit@freebsd.org>
Cc:
Subject: Re: kern/121774: 6.3 kernel panic in swi1: net
Date: Mon, 17 Mar 2008 17:14:44 +1100
This is from the debug kernel:
#92 0x0000000000000000 in ?? ()
#93 0xffffffff809e0240 in ip_rsvpd ()
#94 0xffffffff804cdaae in pfil_run_hooks (ph=0xffffffffa5683790, mp=0x0,
ifp=0xffffff0000d99800, dir=-900484366, inp=0x0) at ../../../net/pfil.c:139
#95 0xffffffff80504c7b in ip_output (m=0xffffff0003087c00, opt=0x881cecb,
ro=0xffffffffa56839f0, flags=1, imo=0x0, inp=0x0)
at ../../../netinet/ip_output.c:679
#96 0xffffffff80501b17 in ip_forward (m=0xffffff0003087c00, srcrt=14258176)
at ../../../netinet/ip_input.c:1923
#97 0xffffffff805024dc in ip_input (m=0xffffff0003087c00)
at ../../../netinet/ip_input.c:694
#98 0xffffffff804cc1ec in netisr_processqueue (ni=0xffffffff809deb30)
at ../../../net/netisr.c:236
#99 0xffffffff804cc49d in swi_net (dummy=0xffffff0001a9f200)
at ../../../net/netisr.c:349
#100 0xffffffff8041bd58 in ithread_loop (arg=0xffffff00000345e0)
at ../../../kern/kern_intr.c:682
#101 0xffffffff8041a4f7 in fork_exit (
callout=0xffffffff8041bc10 <ithread_loop>, arg=0xffffff00000345e0,
frame=0xffffffffa5683c50) at ../../../kern/kern_fork.c:788
#102 0xffffffff806a46fe in fork_trampoline ()
at ../../../amd64/amd64/exception.S:411
#103 0x0000000000000000 in ?? ()
Which is related to this function:
int
pfil_run_hooks(struct pfil_head *ph, struct mbuf **mp, struct ifnet *ifp,
int dir, struct inpcb *inp)
{
struct packet_filter_hook *pfh;
struct mbuf *m = *mp;
int rv = 0;
if (ph->ph_busy_count == -1)
return (0);
/*
* Prevent packet filtering from starving the modification of
* the packet filters. We would prefer a reader/writer locking
* mechanism with guaranteed ordering, though.
*/
if (ph->ph_want_write) {
m_freem(*mp);
*mp = NULL;
return (ENOBUFS);
}
PFIL_RLOCK(ph);
for (pfh = pfil_hook_get(dir, ph); pfh != NULL;
pfh = TAILQ_NEXT(pfh, pfil_link)) {
if (pfh->pfil_func != NULL) {
139 -> rv = (*pfh->pfil_func)(pfh->pfil_arg, &m, ifp, dir, inp)
;
if (rv != 0 || m == NULL)
break;
}
}
PFIL_RUNLOCK(ph);
*mp = m;
return (rv);
}
The value of 0x0 for m there doesn't make sense *UNLESS* it is the
first packet.
--
Edwin Groothuis | Personal website: http://www.mavetju.org
edwin@mavetju.org | Weblog: http://www.mavetju.org/weblog/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200803170620.m2H6K3U5031696>