On 11/29/13 17:03, Ted Unangst wrote: > On Fri, Nov 29, 2013 at 21:17, Stuart Henderson wrote: >> On 2013/11/29 14:34, Ted Unangst wrote: >>> On Fri, Nov 29, 2013 at 13:31, RD Thrush wrote: >>>> I've tried -current (Nov 28) on two real machines (soekris and amd64 >>>> homebrew) which panic with apparently the same problem. FWIW, I have not >>>> been able to panic a virtualbox i386 machine. The panic occurs >>>> immediately after connecting to the darkstat port, ie. telnet localhost >>>> 667. I've appended full sendbug details for the amd64 homebrew but can >>>> provide the soekris info if the original report was insufficient. >>> >>> I've reverted bpf.c back to its original condition for now. >>> >> >> It won't be enough I think (at least it wasn't enough for my similar >> panics with ladvd). > > I wanted one less variable in the equation. :) > > if (d->bd_rtout != -1 && d->bd_rdStart == 0) > d->bd_rdStart = ticks; > else > d->bd_rdStart = 0; > ... > if ((d->bd_rtout != -1) || > (d->bd_rdStart + d->bd_rtout) < ticks) { > error = tsleep((caddr_t)d, PRINET|PCATCH, "bpf", > d->bd_rtout); > > > What does this code do with bd_rtout == -1? First conditional fails, > so we always set rdStart = 0. > Second if: rtout == -1, so first part fails and we go to the || > expression. rdStart = 0 from above, so 0 + -1 < ticks will always be > true, right? Then we pass -1 to tsleep. I think the || should be &&. > You should *never* call tsleep with rtout == -1. > > I don't know how or why this suddently decided to break, but it seems > it's always been that way. Fix here: > > Index: bpf.c > =================================================================== > RCS file: /cvs/src/sys/net/bpf.c,v > retrieving revision 1.89 > diff -u -p -r1.89 bpf.c > --- bpf.c 29 Nov 2013 19:28:55 -0000 1.89 > +++ bpf.c 29 Nov 2013 21:58:06 -0000 > @@ -434,7 +434,7 @@ bpfread(dev_t dev, struct uio *uio, int > ROTATE_BUFFERS(d); > break; > } > - if ((d->bd_rtout != -1) || > + if ((d->bd_rtout != -1) && > (d->bd_rdStart + d->bd_rtout) < ticks) { > error = tsleep((caddr_t)d, PRINET|PCATCH, "bpf", > d->bd_rtout);
With the above patch, the reboot hung, no kbd (caps/scroll/num lock echo) and no response to the ddb interrupt. I had to do a hardware reset. Here's the last bits from the serial console: starting early daemons: syslogd pflogd named ntpd. starting RPC daemons: portmap mountd nfsd lockd. savecore: no core dump checking quotas: done. clearing /tmp starting pre-securelevel daemons:. setting kernel security level: kern.securelevel: 0 -> 1 creating runtime link editor directory cache. preserving editor files. starting network daemons: sshd lpd smtpd slowcgi nginx inetd sndiod. starting package daemons: smbd nmbd dbus_daemon apcupsd. starting local daemons: apmd sensorsd cron wsmoused. Fri Nov 29 17:15:21 EST 2013 [halt sent]