On 11/29/13 17:03, Ted Unangst wrote:
> On Fri, Nov 29, 2013 at 21:17, Stuart Henderson wrote:
>> On 2013/11/29 14:34, Ted Unangst wrote:
>>> On Fri, Nov 29, 2013 at 13:31, RD Thrush wrote:
>>>> I've tried -current (Nov 28) on two real machines (soekris and amd64
>>>> homebrew) which panic with apparently the same problem. FWIW, I have not
>>>> been able to panic a virtualbox i386 machine. The panic occurs
>>>> immediately after connecting to the darkstat port, ie. telnet localhost
>>>> 667. I've appended full sendbug details for the amd64 homebrew but can
>>>> provide the soekris info if the original report was insufficient.
>>>
>>> I've reverted bpf.c back to its original condition for now.
>>>
>>
>> It won't be enough I think (at least it wasn't enough for my similar
>> panics with ladvd).
>
> I wanted one less variable in the equation. :)
>
> if (d->bd_rtout != -1 && d->bd_rdStart == 0)
> d->bd_rdStart = ticks;
> else
> d->bd_rdStart = 0;
> ...
> if ((d->bd_rtout != -1) ||
> (d->bd_rdStart + d->bd_rtout) < ticks) {
> error = tsleep((caddr_t)d, PRINET|PCATCH, "bpf",
> d->bd_rtout);
>
>
> What does this code do with bd_rtout == -1? First conditional fails,
> so we always set rdStart = 0.
> Second if: rtout == -1, so first part fails and we go to the ||
> expression. rdStart = 0 from above, so 0 + -1 < ticks will always be
> true, right? Then we pass -1 to tsleep. I think the || should be &&.
> You should *never* call tsleep with rtout == -1.
>
> I don't know how or why this suddently decided to break, but it seems
> it's always been that way. Fix here:
>
> Index: bpf.c
> ===================================================================
> RCS file: /cvs/src/sys/net/bpf.c,v
> retrieving revision 1.89
> diff -u -p -r1.89 bpf.c
> --- bpf.c 29 Nov 2013 19:28:55 -0000 1.89
> +++ bpf.c 29 Nov 2013 21:58:06 -0000
> @@ -434,7 +434,7 @@ bpfread(dev_t dev, struct uio *uio, int
> ROTATE_BUFFERS(d);
> break;
> }
> - if ((d->bd_rtout != -1) ||
> + if ((d->bd_rtout != -1) &&
> (d->bd_rdStart + d->bd_rtout) < ticks) {
> error = tsleep((caddr_t)d, PRINET|PCATCH, "bpf",
> d->bd_rtout);
With the above patch, the reboot hung, no kbd (caps/scroll/num lock echo) and no
response to the ddb interrupt. I had to do a hardware reset. Here's the last
bits from the serial console:
starting early daemons: syslogd pflogd named ntpd.
starting RPC daemons: portmap mountd nfsd lockd.
savecore: no core dump
checking quotas: done.
clearing /tmp
starting pre-securelevel daemons:.
setting kernel security level: kern.securelevel: 0 -> 1
creating runtime link editor directory cache.
preserving editor files.
starting network daemons: sshd lpd smtpd slowcgi nginx inetd sndiod.
starting package daemons: smbd nmbd dbus_daemon apcupsd.
starting local daemons: apmd sensorsd cron wsmoused.
Fri Nov 29 17:15:21 EST 2013
[halt sent]
