El Capitan: mbuf validity check with kext and IPv6

App & System Services Core OS
BAshby OP
Created Oct ’15
Replies 1
Boosts 0
Views 1.2k
Participants 1

Our product utilizes a ipf kext for traffic filtering. In short, the kext manipulates packets for DNAT/SNAT to/from a daemon proxy in userspace. This has worked perfectly from OS X 10.8 to 10.10. As of 10.11 however, if IPv6 is enabled, a kernel panic occurs. The temporary workaround for this is to disable IPv6:


networksetup -setv6off <Interface>


The exact panic is as follows (addresses vary of course):

panic(cpu 1 caller 0xffffff80003f3a72c): Failed mbuf validity check: mbuf 0xffffff807b9e1d00 len 0 type 0 flags 0x0 data 0xffffff807b9f9010 rcvif l0 ifflags 0x8049


This appears to be MBUF_INPUT_CHECK() failing it's checks (type 0, etc.). When I attach a debugger using the .development kernel, I get the following trace:


* thread #1: tid = 0x0001, 0xffffff8003da549e kernel.development`Debugger(message=<unavailable>) + 782 at model_dep.c:1018, stop reason = signal SIGSTOP
    frame #0: 0xffffff8003da549e kernel.development`Debugger(message=<unavailable>) + 782 at model_dep.c:1018
(lldb) bt
* thread #1: tid = 0x0001, 0xffffff8003da549e kernel.development`Debugger(message=<unavailable>) + 782 at model_dep.c:1018, stop reason = signal SIGSTOP
  * frame #0: 0xffffff8003da549e kernel.development`Debugger(message=<unavailable>) + 782 at model_dep.c:1018
    frame #1: 0xffffff8003c8e307 kernel.development`panic(str=<unavailable>) + 231 at debug.c:395
    frame #2: 0xffffff8003f3a72c kernel.development`dlil_input_packet_list_common(ifp_param=0xffffff800c021258, m=0xffffff807b9e1d00, cnt=<unavailable>, mode=<unavailable>, ext=<unavailable>) + 988 at dlil.c:3460
    frame #3: 0xffffff8003f3c20e kernel.development`dlil_main_input_thread_func [inlined] dlil_input_packet_list_extended(ifp=<unavailable>, m=<unavailable>, cnt=2, mode=<unavailable>) + 494 at dlil.c:3424
    frame #4: 0xffffff8003f3c203 kernel.development`dlil_main_input_thread_func(v=0xffffff80044d90c0, w=<unavailable>) + 483 at dlil.c:1835
    frame #5: 0xffffff8003d9a677 kernel.development`call_continuation + 23


As you can see, this is outside of our code and I'm at a loss as to what is causing the problem. Any ideas? Again, this works with either:

  • Pre El Capitan OS X
  • ipv6 disabled


Our kext does "hook" both IPv4 and IPv6. I can attach .panic files or provide whatever other information may be helfpul.

Replies  1
Boosts  0
Views  1.2k
Participants  1
BAshby OP
Oct ’15

I should also add: The same driver seem also work on El Capitan previews. It only fails on the official releases.

0
El Capitan: mbuf validity check with kext and IPv6
First post date Last post date
 
 
Q