Date: Thu, 15 Apr 2004 15:16:19 +0300 From: Pavel Gulchouck <gul@gul.kiev.ua> To: current@freebsd.org Subject: kernel panic in if_ppp.c Message-ID: <20040415121619.GB31043@happy.kiev.ua>
next in thread | raw e-mail | index | archive | help
Hi.
I have systematic kernel panic when use pppd, debug shows it's
in m_freem() called from ppp_inproc().
In the source code I've see that in the "input queue full"
case there is "goto bad", when m is already freed by
IF_HANDOFF() or netisr_queue(), and after this goto system
crashes by second m_freem(m).
System works correctly after fixing this bug.
Checking condition "if (m)" after label "bad:" in the
line 1594 of net/pf_ppp.c is senseless because of m is
never changed its value in the ppp_inptoc() function.
Here's the patch.
Another way is to simple add "m = NULL" before "goto bad"
in the line 1582.
RELENG_5_2 has this bug too.
--- net/if_ppp.c.orig Wed Jan 21 20:05:38 2004
+++ net/if_ppp.c Thu Apr 15 14:57:16 2004
@@ -1580,5 +1580,5 @@
if_printf(ifp, "input queue full\n");
ifp->if_iqdrops++;
- goto bad;
+ goto bad2;
}
ifp->if_ipackets++;
@@ -1592,6 +1592,6 @@
bad:
- if (m)
- m_freem(m);
+ m_freem(m);
+ bad2:
sc->sc_if.if_ierrors++;
sc->sc_stats.ppp_ierrors++;
--
Lucky carrier,
Pavel.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040415121619.GB31043>