Hi. I have systematic kernel panic when use pppd, debug shows it's in m_freem() called from ppp_inproc(). In the source code I've see that in the "input queue full" case there is "goto bad", when m is already freed by IF_HANDOFF() or netisr_queue(), and after this goto system crashes by second m_freem(m). System works correctly after fixing this bug. Checking condition "if (m)" after label "bad:" in the line 1594 of net/pf_ppp.c is senseless because of m is never changed its value in the ppp_inptoc() function. Here's the patch. Another way is to simple add "m = NULL" before "goto bad" in the line 1582. RELENG_5_2 has this bug too. --- net/if_ppp.c.orig Wed Jan 21 20:05:38 2004 +++ net/if_ppp.c Thu Apr 15 14:57:16 2004 _at__at_ -1580,5 +1580,5 _at__at_ if_printf(ifp, "input queue full\n"); ifp->if_iqdrops++; - goto bad; + goto bad2; } ifp->if_ipackets++; _at__at_ -1592,6 +1592,6 _at__at_ bad: - if (m) - m_freem(m); + m_freem(m); + bad2: sc->sc_if.if_ierrors++; sc->sc_stats.ppp_ierrors++; -- Lucky carrier, Pavel.Received on Thu Apr 15 2004 - 03:16:28 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:37:51 UTC