Date: Thu, 30 Oct 2003 13:33:26 -0200 From: "Daniel C. Sobral" <dcs@tcoip.com.br> To: current@freebsd.org Subject: Panic on ICMP Redirect Message-ID: <3FA12F46.9060508@tcoip.com.br>
next in thread | raw e-mail | index | archive | help
I could have stuck a LONG time on this one if I wasn't testing something =
that results in the very thing that causes the panic. I don't have the=20
exact details, but what I did is the following:
ifconfig fxp0 10.0.2.6/16 (well, that's configured during boot)
route add 10.0.14.247 10.0.2.7
ping 10.0.14.247
This results in an ICMP Redirect being returned by 10.0.2.7. Upon it's=20
receival, the machine panics. I'm using a current from yesterday (29th). =
Here are a couple of backtraces:
[0] dcs@dcs:/dos/crash$ gdb -k kernel.18 vmcore.18
GNU gdb 5.2.1 (FreeBSD)
Copyright 2002 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you =
are
welcome to change it and/or distribute copies of it under certain=20
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for detail=
s.
This GDB was configured as "i386-undermydesk-freebsd"...
panic: recurse
panic messages:
---
panic: recurse
syncing disks, buffers remaining... 2228 2228 2228 2228 2228 2228 2228=20
2228 2228 2228 2228 2228 2228 2228 2228 2228 2228 2228 2228 2228 ad0:=20
WARNING - WRITE_DMA recovered from missing interrupt
giving up on 1090 buffers
Uptime: 19h10m15s
Dumping 255 MB
16 32 48 64 80 96 112 128 144 160 176 192 208 224 240
---
Reading symbols from /boot/kernel/snd_cmi.ko...done.
Loaded symbols for /boot/kernel/snd_cmi.ko
Reading symbols from /boot/kernel/snd_pcm.ko...done.
Loaded symbols for /boot/kernel/snd_pcm.ko
Reading symbols from=20
/usr/obj/usr/src/sys/DCS/modules/usr/src/sys/modules/mac_biba/mac_biba.ko=
=2Edebug...done.
Loaded symbols for=20
/usr/obj/usr/src/sys/DCS/modules/usr/src/sys/modules/mac_biba/mac_biba.ko=
=2Edebug
Reading symbols from=20
/usr/obj/usr/src/sys/DCS/modules/usr/src/sys/modules/mac_mls/mac_mls.ko.d=
ebug...done.
Loaded symbols for=20
/usr/obj/usr/src/sys/DCS/modules/usr/src/sys/modules/mac_mls/mac_mls.ko.d=
ebug
Reading symbols from=20
/usr/obj/usr/src/sys/DCS/modules/usr/src/sys/modules/acpi/acpi.ko.debug..=
=2Edone.
Loaded symbols for=20
/usr/obj/usr/src/sys/DCS/modules/usr/src/sys/modules/acpi/acpi.ko.debug
Reading symbols from /boot/kernel/green_saver.ko...done.
Loaded symbols for /boot/kernel/green_saver.ko
Reading symbols from=20
/usr/obj/usr/src/sys/DCS/modules/usr/src/sys/modules/linux/linux.ko.debug=
=2E..done.
Loaded symbols for=20
/usr/obj/usr/src/sys/DCS/modules/usr/src/sys/modules/linux/linux.ko.debug=
#0 doadump () at /usr/src/sys/kern/kern_shutdown.c:240
240 dumping++;
(kgdb) bt full
#0 doadump () at /usr/src/sys/kern/kern_shutdown.c:240
No locals.
#1 0xc04e48d1 in boot (howto=3D256) at /usr/src/sys/kern/kern_shutdown.c=
:372
No locals.
#2 0xc04e4c67 in panic () at /usr/src/sys/kern/kern_shutdown.c:550
td =3D (struct thread *) 0xc12c5be0
bootopt =3D 256
newpanic =3D 1
ap =3D 0xcdb1aa0c "\032\fd=C0=B6"
buf =3D "recurse", '\0' <repeats 248 times>
#3 0xc050a853 in witness_lock (lock=3D0xc47ec090, flags=3D8,=20
file=3D0xc0640c1a "/usr/src/sys/net/route.c", line=3D565)
at /usr/src/sys/kern/subr_witness.c:722
lock_list =3D (struct lock_list_entry **) 0xc12c5c4c
lle =3D (struct lock_list_entry *) 0xc0663eac
lock1 =3D (struct lock_instance *) 0xc06b77a4
lock2 =3D (struct lock_instance *) 0x0
class =3D (struct lock_class *) 0xc0663eac
w =3D (struct witness *) 0xc0693eb0
w1 =3D (struct witness *) 0xc0693eb0
td =3D (struct thread *) 0xc06b77a4
i =3D -1
j =3D 0
go_into_ddb =3D 0
#4 0xc04dac8a in _mtx_lock_flags (m=3D0xc06b77a4, opts=3D0, file=3D0xc06=
63eac=20
"{id=C0\t", line=3D-998326128)
at /usr/src/sys/kern/kern_mutex.c:336
No locals.
#5 0xc055871e in rtrequest1 (req=3D2, info=3D0xcdb1aac8, ret_nrt=3D0x0) =
at=20
/usr/src/sys/net/route.c:565
error =3D 0
rt =3D (struct rtentry *) 0xc47ec000
rn =3D (struct radix_node *) 0xc06b77a4
rnh =3D (struct radix_node_head *) 0xc29e6400
ifa =3D (struct ifaddr *) 0x1
ndst =3D (struct sockaddr *) 0xc47ec090
#6 0xc05584fa in rtrequest (req=3D0, dst=3D0x0, gateway=3D0x0, netmask=3D=
0x0,=20
flags=3D0, ret_nrt=3D0x0)
at /usr/src/sys/net/route.c:477
info =3D {rti_addrs =3D 0, rti_info =3D {0xc3951ea0, 0xc3951eb0,=
0x0,=20
0x0, 0x0, 0x0, 0x0, 0x0},
---Type <return> to continue, or q <return> to quit---
rti_flags =3D 2087, rti_ifa =3D 0x0, rti_ifp =3D 0x0}
#7 0xc0559131 in rt_setgate (rt=3D0xc47ec000, dst=3D0xc3951ea0,=20
gate=3D0xc066d75c) at /usr/src/sys/net/route.c:938
rnh =3D (struct radix_node_head *) 0xc29e6400
new =3D 0xcdb1aac8 ""
old =3D 0xc06b84c0 "=AC>f=C0\"\005d=C0\"\005d=C0"
dlen =3D 16
glen =3D 16
#8 0xc05582df in rtredirect (dst=3D0xc066d74c, gateway=3D0xc066d75c,=20
netmask=3D0x0, flags=3D38, src=3D0xc066d76c)
at /usr/src/sys/net/route.c:369
rt =3D (struct rtentry *) 0xc47ec000
error =3D 0
stat =3D (short int *) 0xc06b8894
info =3D {rti_addrs =3D 582, rti_info =3D {0xc0663eac, 0x0,=20
0xc06931a0, 0x3f1, 0xc063a81f, 0xcdb1ab98,
0xc04d0000, 0xc06931a0}, rti_flags =3D 1, rti_ifa =3D 0xc0637b5e,=20
rti_ifp =3D 0x0}
ifa =3D (struct ifaddr *) 0xc297b600
#9 0xc05624bf in icmp_input (m=3D0xc12d8000, off=3D20) at=20
/usr/src/sys/netinet/ip_icmp.c:565
hlen =3D 20
icp =3D (struct icmp *) 0xc1745834
ip =3D (struct ip *) 0xc1745820
icmplen =3D 36
i =3D 0
ia =3D (struct in_ifaddr *) 0x0
ctlfunc =3D (void (*)(int, struct sockaddr *, void *)) 0
code =3D 1
#10 0xc05636ea in ip_input (m=3D0xc12d8000) at=20
/usr/src/sys/netinet/ip_input.c:1014
ip =3D (struct ip *) 0xc1745820
fp =3D (struct ipq *) 0xc297b600
ia =3D (struct in_ifaddr *) 0xc297b600
ifa =3D (struct ifaddr *) 0x0
i =3D 0
hlen =3D 20
checkif =3D 1
sum =3D 0
pkt_dst =3D {s_addr =3D 100794378}
divert_info =3D 0
args =3D {m =3D 0xc050aafe, oif =3D 0x0, next_hop =3D 0x0, rule =
=3D 0x0,=20
eh =3D 0x0, ro =3D 0xc12c5c4c,
---Type <return> to continue, or q <return> to quit---
dst =3D 0xc06b9bf4, flags =3D 137, f_id =3D {dst_ip =3D 3227781664, sr=
c_ip =3D=20
3450973348, dst_port =3D 44352,
src_port =3D 49229, proto =3D 244 '=F4', flags =3D 155 '\233'}, dive=
rt_rule=20
=3D 0, retval =3D 3227745118}
cro =3D {ro_rt =3D 0xc0640a20, ro_dst =3D {sa_len =3D 10 '\n',=20
sa_family =3D 181 '=B5',
sa_data =3D "c=C0\003\0\0\0=E0[,=C1|=AC=B1=CD"}}
#11 0xc0555a6e in netisr_processqueue (ni=3D0xc06b8690) at=20
/usr/src/sys/net/netisr.c:140
m =3D (struct mbuf *) 0xc12d8000
#12 0xc0555ea8 in swi_net (dummy=3D0x0) at /usr/src/sys/net/netisr.c:246
ni =3D (struct netisr *) 0x0
bits =3D 262144
i =3D 0
#13 0xc04ceef2 in ithread_loop (arg=3D0xc12c2a00) at=20
/usr/src/sys/kern/kern_intr.c:540
ithd =3D (struct ithd *) 0xc12c2a00
ih =3D (struct intrhand *) 0xc12bd200
td =3D (struct thread *) 0xc12c5be0
p =3D (struct proc *) 0xc12c45ac
#14 0xc04cdeef in fork_exit (callout=3D0xc04ced60 <ithread_loop>, arg=3D0=
x0,=20
frame=3D0x0)
at /usr/src/sys/kern/kern_fork.c:796
p =3D (struct proc *) 0xc12c45ac
td =3D (struct thread *) 0x0
[0] dcs@dcs:/dos/crash$ gdb -k kernel.18 vmcore.19
GNU gdb 5.2.1 (FreeBSD)
Copyright 2002 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you =
are
welcome to change it and/or distribute copies of it under certain=20
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for detail=
s.
This GDB was configured as "i386-undermydesk-freebsd"...
panic: recurse
panic messages:
---
panic: recurse
syncing disks, buffers remaining... 2229 panic: bremfree: removing a=20
buffer not on a queue
Uptime: 2m31s
Dumping 255 MB
16 32 48 64 80 96 112 128 144 160 176 192 208 224 240
---
Reading symbols from /boot/kernel/snd_cmi.ko...done.
Loaded symbols for /boot/kernel/snd_cmi.ko
Reading symbols from /boot/kernel/snd_pcm.ko...done.
Loaded symbols for /boot/kernel/snd_pcm.ko
Reading symbols from=20
/usr/obj/usr/src/sys/DCS/modules/usr/src/sys/modules/mac_biba/mac_biba.ko=
=2Edebug...done.
Loaded symbols for=20
/usr/obj/usr/src/sys/DCS/modules/usr/src/sys/modules/mac_biba/mac_biba.ko=
=2Edebug
Reading symbols from=20
/usr/obj/usr/src/sys/DCS/modules/usr/src/sys/modules/mac_mls/mac_mls.ko.d=
ebug...done.
Loaded symbols for=20
/usr/obj/usr/src/sys/DCS/modules/usr/src/sys/modules/mac_mls/mac_mls.ko.d=
ebug
Reading symbols from=20
/usr/obj/usr/src/sys/DCS/modules/usr/src/sys/modules/acpi/acpi.ko.debug..=
=2Edone.
Loaded symbols for=20
/usr/obj/usr/src/sys/DCS/modules/usr/src/sys/modules/acpi/acpi.ko.debug
Reading symbols from /boot/kernel/green_saver.ko...done.
Loaded symbols for /boot/kernel/green_saver.ko
Reading symbols from=20
/usr/obj/usr/src/sys/DCS/modules/usr/src/sys/modules/linux/linux.ko.debug=
=2E..done.
Loaded symbols for=20
/usr/obj/usr/src/sys/DCS/modules/usr/src/sys/modules/linux/linux.ko.debug=
#0 doadump () at /usr/src/sys/kern/kern_shutdown.c:240
240 dumping++;
(kgdb) bt full
#0 doadump () at /usr/src/sys/kern/kern_shutdown.c:240
No locals.
#1 0xc04e48d1 in boot (howto=3D260) at /usr/src/sys/kern/kern_shutdown.c=
:372
No locals.
#2 0xc04e4c67 in panic () at /usr/src/sys/kern/kern_shutdown.c:550
td =3D (struct thread *) 0xc12c5be0
bootopt =3D 260
newpanic =3D 0
ap =3D 0xcdb1a4a8 "\001"
buf =3D "recurse", '\0' <repeats 248 times>
#3 0xc052bae1 in bremfreel (bp=3D0xc7c010f8) at=20
/usr/src/sys/kern/vfs_bio.c:645
old_qindex =3D 0
#4 0xc052b9b5 in bremfree (bp=3D0x0) at /usr/src/sys/kern/vfs_bio.c:627
No locals.
#5 0xc052f65e in getblk (vp=3D0xc2fae490, blkno=3D-237580, size=3D16384,=
=20
slpflag=3D0, slptimeo=3D0, flags=3D0)
at /usr/src/sys/kern/vfs_bio.c:2468
lockflags =3D -943714056
bp =3D (struct buf *) 0x0
#6 0xc052bbb2 in breadn (vp=3D0xc2fae490, blkno=3D0, size=3D0, rablkno=3D=
0x0,=20
rabsize=3D0x0, cnt=3D0, cred=3D0x0, bpp=3D0x0)
at /usr/src/sys/kern/vfs_bio.c:698
bp =3D (struct buf *) 0xc2aa2800
rabp =3D (struct buf *) 0x193e0
i =3D -1068651200
rv =3D 0
readwait =3D 0
#7 0xc052bb5c in bread (vp=3D0x0, blkno=3D0, size=3D0, cred=3D0x0, bpp=3D=
0x0) at=20
/usr/src/sys/kern/vfs_bio.c:680
No locals.
#8 0xc05877d3 in ffs_balloc_ufs2 (vp=3D0xc2fae490, startoffset=3D0,=20
size=3D16384, cred=3D0xc12b4e80, flags=3D131072,
bpp=3D0xcdb1a78c) at /usr/src/sys/ufs/ffs/ffs_balloc.c:706
ip =3D (struct inode *) 0xc2fa72bc
dp =3D (struct ufs2_dinode *) 0xc2f92700
lbn =3D 238492
lastlbn =3D 255300
fs =3D (struct fs *) 0xc2aa2800
bp =3D (struct buf *) 0xc7b992f0
nbp =3D (struct buf *) 0x1
---Type <return> to continue, or q <return> to quit---
indirs =3D {{in_lbn =3D -2061, in_off =3D 1, in_exists =3D 0}, {=
in_lbn=20
=3D -2061, in_off =3D 115, in_exists =3D 0}, {
in_lbn =3D -237580, in_off =3D 912, in_exists =3D 0}, {in_lbn =3D=20
-4589907378279700672, in_off =3D -1066856144,
in_exists =3D 0}, {in_lbn =3D 1034019891824, in_off =3D -1054057504,=
=20
in_exists =3D 0}}
nb =3D -3624935819250134048
newb =3D -4583662787045097069
bap =3D (ufs2_daddr_t *) 0xc8cb4000
pref =3D 0
allocib =3D (ufs2_daddr_t *) 0x0
blkp =3D (ufs2_daddr_t *) 0x193e0
allocblk =3D (ufs2_daddr_t *) 0xcdb1a6c4
allociblk =3D {4294967296, 1918783159134, 3228090240,=20
-4582112244565694720}
deallocated =3D -1029036032
osize =3D -1056799872
nsize =3D -843995592
num =3D 2
i =3D 2
error =3D -1023744880
unwindidx =3D -1
td =3D (struct thread *) 0xc12c5be0
#9 0xc0590325 in ffs_copyonwrite (devvp=3D0xc2ab17fc, bp=3D0xc7be83f0) a=
t=20
/usr/src/sys/ufs/ffs/ffs_snapshot.c:1992
snaphead =3D (struct snaphead *) 0xc2a3f978
ibp =3D (struct buf *) 0x0
cbp =3D (struct buf *) 0x1000
savedcbp =3D (struct buf *) 0x0
td =3D (struct thread *) 0xc12c5be0
fs =3D (struct fs *) 0xc2aa2800
ip =3D (struct inode *) 0xc2fa72bc
vp =3D (struct vnode *) 0xc2fae490
lbn =3D 238492
blkno =3D -3624935815984706560
snapblklist =3D (ufs2_daddr_t *) 0x0
lower =3D -1023774020
upper =3D -1029436416
mid =3D 0
indiroff =3D 0
snapshot_locked =3D 1
---Type <return> to continue, or q <return> to quit---
error =3D 0
#10 0xc04a7812 in spec_xstrategy (vp=3D0xc2ab17fc, bp=3D0xc7be83f0) at=20
/usr/src/sys/fs/specfs/spec_vnops.c:474
mp =3D (struct mount *) 0x0
error =3D 0
dsw =3D (struct cdevsw *) 0x0
td =3D (struct thread *) 0xc12c5be0
#11 0xc04a7962 in spec_specstrategy (ap=3D0xcdb1a844) at=20
/usr/src/sys/fs/specfs/spec_vnops.c:534
No locals.
#12 0xc04a68f8 in spec_vnoperate (ap=3D0x0) at=20
/usr/src/sys/fs/specfs/spec_vnops.c:122
No locals.
#13 0xc05ac9ec in ufs_strategy (ap=3D0x0) at vnode_if.h:1141
bp =3D (struct buf *) 0xc7be83f0
vp =3D (struct vnode *) 0xcdb1a844
ip =3D (struct inode *) 0xc2fa7000
blkno =3D -4583568765916019874
error =3D -843995068
#14 0xc05ad7a8 in ufs_vnoperate (ap=3D0x0) at=20
/usr/src/sys/ufs/ufs/ufs_vnops.c:2793
No locals.
#15 0xc052c2dd in bwrite (bp=3D0xc7be83f0) at vnode_if.h:1116
oldflags =3D 180
newbp =3D (struct buf *) 0x0
#16 0xc052cb4c in bawrite (bp=3D0x0) at /usr/src/sys/kern/vfs_bio.c:1144
No locals.
#17 0xc059d4e9 in ffs_fsync (ap=3D0xcdb1a93c) at=20
/usr/src/sys/ufs/ffs/ffs_vnops.c:247
vp =3D (struct vnode *) 0xc2fa5db0
ip =3D (struct inode *) 0xc7be83f0
bp =3D (struct buf *) 0xc7be83f0
nbp =3D (struct buf *) 0x0
error =3D 0
wait =3D 0
passes =3D 4
skipmeta =3D 0
lbn =3D 1
#18 0xc059c6d3 in ffs_sync (mp=3D0xc2a54000, waitfor=3D2, cred=3D0xc12b4e=
80,=20
td=3D0xc068c2a0) at vnode_if.h:627
nvp =3D (struct vnode *) 0xc2fa5a44
vp =3D (struct vnode *) 0xc2fa5db0
---Type <return> to continue, or q <return> to quit---
devvp =3D (struct vnode *) 0xc2fa5db0
ip =3D (struct inode *) 0x0
ump =3D (struct ufsmount *) 0xc2a40c00
fs =3D (struct fs *) 0xc2aa2800
error =3D 0
count =3D 0
lockreq =3D 65554
allerror =3D 0
restart =3D 0
#19 0xc054297b in sync (td=3D0xc068c2a0, uap=3D0x0) at=20
/usr/src/sys/kern/vfs_syscalls.c:142
mp =3D (struct mount *) 0xc2a54000
nmp =3D (struct mount *) 0x0
asyncflag =3D 0
#20 0xc04e44df in boot (howto=3D256) at /usr/src/sys/kern/kern_shutdown.c=
:306
bp =3D (struct buf *) 0xc7b26fe8
iter =3D 0
nbusy =3D 2229
pbusy =3D 2229
subiter =3D 2229
#21 0xc04e4c67 in panic () at /usr/src/sys/kern/kern_shutdown.c:550
td =3D (struct thread *) 0xc12c5be0
bootopt =3D 256
newpanic =3D 1
ap =3D 0xcdb1aa0c "\032\fd=C0=B6"
buf =3D "recurse", '\0' <repeats 248 times>
#22 0xc050a853 in witness_lock (lock=3D0xc2fadd90, flags=3D8,=20
file=3D0xc0640c1a "/usr/src/sys/net/route.c", line=3D565)
at /usr/src/sys/kern/subr_witness.c:722
lock_list =3D (struct lock_list_entry **) 0xc12c5c4c
lle =3D (struct lock_list_entry *) 0xc0663eac
lock1 =3D (struct lock_instance *) 0xc06b7734
lock2 =3D (struct lock_instance *) 0x0
class =3D (struct lock_class *) 0xc0663eac
w =3D (struct witness *) 0xc0693eb0
w1 =3D (struct witness *) 0xc0693eb0
td =3D (struct thread *) 0xc06b7734
i =3D -1
---Type <return> to continue, or q <return> to quit---
j =3D 0
go_into_ddb =3D 0
#23 0xc04dac8a in _mtx_lock_flags (m=3D0xc06b7734, opts=3D0, file=3D0xc06=
63eac=20
"{id=C0\t", line=3D-1023746672)
at /usr/src/sys/kern/kern_mutex.c:336
No locals.
#24 0xc055871e in rtrequest1 (req=3D2, info=3D0xcdb1aac8, ret_nrt=3D0x0) =
at=20
/usr/src/sys/net/route.c:565
error =3D 0
rt =3D (struct rtentry *) 0xc2fadd00
rn =3D (struct radix_node *) 0xc06b7734
rnh =3D (struct radix_node_head *) 0xc29e6400
ifa =3D (struct ifaddr *) 0x1
ndst =3D (struct sockaddr *) 0xc2fadd90
#25 0xc05584fa in rtrequest (req=3D0, dst=3D0x0, gateway=3D0x0, netmask=3D=
0x0,=20
flags=3D0, ret_nrt=3D0x0)
at /usr/src/sys/net/route.c:477
info =3D {rti_addrs =3D 0, rti_info =3D {0xc2945f00, 0xc2945f10,=
0x0,=20
0x0, 0x0, 0x0, 0x0, 0x0},
rti_flags =3D 2087, rti_ifa =3D 0x0, rti_ifp =3D 0x0}
#26 0xc0559131 in rt_setgate (rt=3D0xc2fadd00, dst=3D0xc2945f00,=20
gate=3D0xc066d75c) at /usr/src/sys/net/route.c:938
rnh =3D (struct radix_node_head *) 0xc29e6400
new =3D 0xcdb1aac8 ""
old =3D 0xc06b84c0 "=AC>f=C0\"\005d=C0\"\005d=C0"
dlen =3D 16
glen =3D 16
#27 0xc05582df in rtredirect (dst=3D0xc066d74c, gateway=3D0xc066d75c,=20
netmask=3D0x0, flags=3D38, src=3D0xc066d76c)
at /usr/src/sys/net/route.c:369
rt =3D (struct rtentry *) 0xc2fadd00
error =3D 0
stat =3D (short int *) 0xc06b8894
info =3D {rti_addrs =3D 582, rti_info =3D {0xc0663eac, 0x0,=20
0xc06931a0, 0x3f1, 0xc063a81f, 0xcdb1ab98,
0xc04d0000, 0xc06931a0}, rti_flags =3D 1, rti_ifa =3D 0xc0637b5e,=20
rti_ifp =3D 0x0}
ifa =3D (struct ifaddr *) 0xc297ba00
#28 0xc05624bf in icmp_input (m=3D0xc12dbd00, off=3D20) at=20
/usr/src/sys/netinet/ip_icmp.c:565
hlen =3D 20
icp =3D (struct icmp *) 0xc177a034
ip =3D (struct ip *) 0xc177a020
icmplen =3D 36
i =3D 0
---Type <return> to continue, or q <return> to quit---
ia =3D (struct in_ifaddr *) 0x0
ctlfunc =3D (void (*)(int, struct sockaddr *, void *)) 0
code =3D 1
#29 0xc05636ea in ip_input (m=3D0xc12dbd00) at=20
/usr/src/sys/netinet/ip_input.c:1014
ip =3D (struct ip *) 0xc177a020
fp =3D (struct ipq *) 0xc297ba00
ia =3D (struct in_ifaddr *) 0xc297ba00
ifa =3D (struct ifaddr *) 0x0
i =3D 0
hlen =3D 20
checkif =3D 1
sum =3D 0
pkt_dst =3D {s_addr =3D 100794378}
divert_info =3D 0
args =3D {m =3D 0xc050aafe, oif =3D 0x0, next_hop =3D 0x0, rule =
=3D 0x0,=20
eh =3D 0x0, ro =3D 0xc12c5c4c,
dst =3D 0xc06b9bf4, flags =3D 137, f_id =3D {dst_ip =3D 3227781664, sr=
c_ip =3D=20
3450973348, dst_port =3D 44352,
src_port =3D 49229, proto =3D 244 '=F4', flags =3D 155 '\233'}, dive=
rt_rule=20
=3D 0, retval =3D 3227745118}
cro =3D {ro_rt =3D 0xc0640a20, ro_dst =3D {sa_len =3D 10 '\n',=20
sa_family =3D 181 '=B5',
sa_data =3D "c=C0\003\0\0\0=E0[,=C1|=AC=B1=CD"}}
#30 0xc0555a6e in netisr_processqueue (ni=3D0xc06b8690) at=20
/usr/src/sys/net/netisr.c:140
m =3D (struct mbuf *) 0xc12dbd00
#31 0xc0555ea8 in swi_net (dummy=3D0x0) at /usr/src/sys/net/netisr.c:246
ni =3D (struct netisr *) 0x0
bits =3D 262144
i =3D 0
#32 0xc04ceef2 in ithread_loop (arg=3D0xc12c2a00) at=20
/usr/src/sys/kern/kern_intr.c:540
ithd =3D (struct ithd *) 0xc12c2a00
ih =3D (struct intrhand *) 0xc12bd200
td =3D (struct thread *) 0xc12c5be0
p =3D (struct proc *) 0xc12c45ac
#33 0xc04cdeef in fork_exit (callout=3D0xc04ced60 <ithread_loop>, arg=3D0=
x0,=20
frame=3D0x0)
at /usr/src/sys/kern/kern_fork.c:796
p =3D (struct proc *) 0xc12c45ac
td =3D (struct thread *) 0x0
I'm assuming on a preliminary basis that this one is not rwatson's=20
fault. :-)
Anyone wanting more data, or even tests, as it seems simple to=20
reproduce, please cc the e-mail to dcs@tcoip.com.br, as I'm WAY behind=20
on current@.
--=20
Daniel C. Sobral (8-DCS)
Gerencia de Operacoes
Divisao de Comunicacao de Dados
Coordenacao de Seguranca
VIVO Centro Oeste Norte
Fones: 55-61-313-7654/Cel: 55-61-9618-0904
E-mail: Daniel.Capo@tco.net.br
Daniel.Sobral@tcoip.com.br
dcs@tcoip.com.br
Outros:
dcs@newsguy.com
dcs@freebsd.org
capo@notorious.bsdconspiracy.net
The volume of paper expands to fill the available briefcases.
-- Jerry Brown
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3FA12F46.9060508>