ng_snd_item: Panic?
Andrey V. Elsukov
bu7cher at yandex.ru
Tue Jun 25 09:21:31 UTC 2019
On 24.06.2019 23:10, Larry Rosenman wrote:
>>> #5 0xffffffff828ee5b7 in ng_snd_item (item=0xfffff8021e3b4d80, flags=0)
>>> at /usr/src/sys/netgraph/ng_base.c:2252
>>
>> It looks like you use some netgraph based ethernet interface.
>> The system got received ARP request and is going to send the reply,
>> but somehow mbuf with this ARP request has initialized m_next pointer,
>> thus it is considered as a chain of mbufs.
>>
>> in_arpinput() reuses received mbuf to construct the reply, but it
>> doesn't check that an mbut is a chain. It just sets m_len and sends it.
>> Then since you have INVARIANTS in your kernel, the netgraph code check
>> the actual length of the chain, and it doesn't match to m_len. It panics.
>
>
> so, is this a bug? Timing race? Other?
I think we should determine that my assumption is correct :)
Can you show the output of the following commands from the kgdb for this
core?
(kgdb) f 7
(kgdb) p *m
(kgdb) p *m->m_next
--
WBR, Andrey V. Elsukov
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 554 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/freebsd-current/attachments/20190625/a809945a/attachment.sig>
More information about the freebsd-current
mailing list