From 2eae4d808a7b86eca33b1aa70ad0f879b0e7fafa Mon Sep 17 00:00:00 2001
From: Pyun YongHyeon <yongari@FreeBSD.org>
Date: Mon, 24 May 2010 17:12:44 +0000
Subject: [PATCH] sge_encap() can sometimes return an error with m_head set to
 NULL. Make sure not to requeue freed mbuf in sge_start_locked(). This should
 fix NULL pointer dereference panic.

Reported by:	Nikolay Denev <ndenev <> gmail dot com>
Submitted by:	jhb
---
 sys/dev/sge/if_sge.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/sys/dev/sge/if_sge.c b/sys/dev/sge/if_sge.c
index db6ae16b13c0..9248da32c4b9 100644
--- a/sys/dev/sge/if_sge.c
+++ b/sys/dev/sge/if_sge.c
@@ -1588,7 +1588,8 @@ sge_start_locked(struct ifnet *ifp)
 		if (m_head == NULL)
 			break;
 		if (sge_encap(sc, &m_head)) {
-			IFQ_DRV_PREPEND(&ifp->if_snd, m_head);
+			if (m_head != NULL)
+				IFQ_DRV_PREPEND(&ifp->if_snd, m_head);
 			ifp->if_drv_flags |= IFF_DRV_OACTIVE;
 			break;
 		}