From owner-freebsd-bugs@FreeBSD.ORG Mon Mar 17 06:20:04 2008 Return-Path: Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 03B971065677 for ; Mon, 17 Mar 2008 06:20:04 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id EA2F68FC13 for ; Mon, 17 Mar 2008 06:20:03 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.2/8.14.2) with ESMTP id m2H6K3pK031697 for ; Mon, 17 Mar 2008 06:20:03 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.2/8.14.1/Submit) id m2H6K3U5031696; Mon, 17 Mar 2008 06:20:03 GMT (envelope-from gnats) Date: Mon, 17 Mar 2008 06:20:03 GMT Message-Id: <200803170620.m2H6K3U5031696@freefall.freebsd.org> To: freebsd-bugs@FreeBSD.org From: Edwin Groothuis Cc: Subject: Re: kern/121774: 6.3 kernel panic in swi1: net X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Edwin Groothuis List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Mar 2008 06:20:04 -0000 The following reply was made to PR kern/121774; it has been noted by GNATS. From: Edwin Groothuis To: FreeBSD Gnats Submit Cc: Subject: Re: kern/121774: 6.3 kernel panic in swi1: net Date: Mon, 17 Mar 2008 17:14:44 +1100 This is from the debug kernel: #92 0x0000000000000000 in ?? () #93 0xffffffff809e0240 in ip_rsvpd () #94 0xffffffff804cdaae in pfil_run_hooks (ph=0xffffffffa5683790, mp=0x0, ifp=0xffffff0000d99800, dir=-900484366, inp=0x0) at ../../../net/pfil.c:139 #95 0xffffffff80504c7b in ip_output (m=0xffffff0003087c00, opt=0x881cecb, ro=0xffffffffa56839f0, flags=1, imo=0x0, inp=0x0) at ../../../netinet/ip_output.c:679 #96 0xffffffff80501b17 in ip_forward (m=0xffffff0003087c00, srcrt=14258176) at ../../../netinet/ip_input.c:1923 #97 0xffffffff805024dc in ip_input (m=0xffffff0003087c00) at ../../../netinet/ip_input.c:694 #98 0xffffffff804cc1ec in netisr_processqueue (ni=0xffffffff809deb30) at ../../../net/netisr.c:236 #99 0xffffffff804cc49d in swi_net (dummy=0xffffff0001a9f200) at ../../../net/netisr.c:349 #100 0xffffffff8041bd58 in ithread_loop (arg=0xffffff00000345e0) at ../../../kern/kern_intr.c:682 #101 0xffffffff8041a4f7 in fork_exit ( callout=0xffffffff8041bc10 , arg=0xffffff00000345e0, frame=0xffffffffa5683c50) at ../../../kern/kern_fork.c:788 #102 0xffffffff806a46fe in fork_trampoline () at ../../../amd64/amd64/exception.S:411 #103 0x0000000000000000 in ?? () Which is related to this function: int pfil_run_hooks(struct pfil_head *ph, struct mbuf **mp, struct ifnet *ifp, int dir, struct inpcb *inp) { struct packet_filter_hook *pfh; struct mbuf *m = *mp; int rv = 0; if (ph->ph_busy_count == -1) return (0); /* * Prevent packet filtering from starving the modification of * the packet filters. We would prefer a reader/writer locking * mechanism with guaranteed ordering, though. */ if (ph->ph_want_write) { m_freem(*mp); *mp = NULL; return (ENOBUFS); } PFIL_RLOCK(ph); for (pfh = pfil_hook_get(dir, ph); pfh != NULL; pfh = TAILQ_NEXT(pfh, pfil_link)) { if (pfh->pfil_func != NULL) { 139 -> rv = (*pfh->pfil_func)(pfh->pfil_arg, &m, ifp, dir, inp) ; if (rv != 0 || m == NULL) break; } } PFIL_RUNLOCK(ph); *mp = m; return (rv); } The value of 0x0 for m there doesn't make sense *UNLESS* it is the first packet. -- Edwin Groothuis | Personal website: http://www.mavetju.org edwin@mavetju.org | Weblog: http://www.mavetju.org/weblog/