kern/128247: [panic] Fatal Trap 12 in ip6_forward
(/usr/src/sys/netinet6/ip6_forward.c:420)
Bjoern A. Zeeb
bzeeb-lists at lists.zabbadoz.net
Mon Oct 20 17:00:11 UTC 2008
The following reply was made to PR kern/128247; it has been noted by GNATS.
From: "Bjoern A. Zeeb" <bzeeb-lists at lists.zabbadoz.net>
To: bug-followup at FreeBSD.org, m.atkinson at F5.com
Cc:
Subject: Re: kern/128247: [panic] Fatal Trap 12 in ip6_forward
(/usr/src/sys/netinet6/ip6_forward.c:420)
Date: Mon, 20 Oct 2008 16:31:17 +0000 (UTC)
On Mon, 20 Oct 2008, Mark Atkinson wrote:
> #0 doadump () at pcpu.h:221
> 221 __asm __volatile("movl %%fs:0,%0" : "=3Dr" (td));
> (kgdb) l *0xc09af288
> 0xc09af288 is in ip6_forward (/usr/src/sys/netinet6/ip6_forward.c:420).
> 415 * address). We use a local copy of ip6_src, since =
> in6_setscope()
> 416 * will possibly modify its first argument.
> 417 * [draft-ietf-ipngwg-icmp-v3-04.txt, Section 3.1]
> 418 */
> 419 src_in6 =3D ip6->ip6_src;
> 420 if (in6_setscope(&src_in6, rt->rt_ifp, &outzone)) {
> 421 /* XXX: this should not happen */
> 422 V_ip6stat.ip6s_cantforward++;
> 423 V_ip6stat.ip6s_badscope++;
> 424 m_freem(m);
>
> (kgdb) frame 10
> #10 0xc09af288 in ip6_forward (m=3D0xc5ed8300, srcrt=3D0)
> at /usr/src/sys/netinet6/ip6_forward.c:420
> 420 if (in6_setscope(&src_in6, rt->rt_ifp, &outzone)) {
> (kgdb) p rt
> $3 =3D (struct rtentry *) 0x0
and rt comes from
rt = V_ip6_forward_rt.ro_rt;
which is an unprotected (no lock) single global cache in the ipv6
stack. So I guess another packet changed it while this one was
processed. The problem is well known and will hopefully be eliminated
one day along with other caches left.
/bz
--
Bjoern A. Zeeb Stop bit received. Insert coin for new game.
More information about the freebsd-bugs
mailing list