kern/158665: kernel pagefault in in6_setscope()

[Mike Cui]

The following reply was made to PR kern/158665; it has been noted by GNATS.

From: Mike Cui <cuicui at gmail.com>
To: bug-followup at FreeBSD.org, cuicui at gmail.com
Cc:  
Subject: Re: kern/158665: kernel pagefault in in6_setscope()
Date: Tue, 5 Jul 2011 03:47:53 -0700

 Got a kernel dump, here's the stack trace. Unfortunately I didn't
 build the kernel with debugging info.
 
 
 #7  0xc069cee8 in in6_setscope ()
 #8  0xc0685bb9 in in6_selectsrc ()
 #9  0xc069aa80 in rip6_output ()
 #10 0xc069b193 in rip6_send ()
 #11 0xc05a7885 in sosend_generic ()
 #12 0xc05a38cf in sosend ()
 #13 0xc05ab139 in kern_sendit ()
 #14 0xc05ab341 in sendit ()
 #15 0xc05ab3f1 in sendmsg ()
 #16 0xc0581d2c in syscallenter ()
 #17 0xc07278a4 in syscall ()
 
 From the stack trace, it looks like the call happened on in6_src.c:309:
 
         IN6_IFADDR_RLOCK();
         TAILQ_FOREACH(ia, &V_in6_ifaddrhead, ia_link) {
                 int new_scope = -1, new_matchlen = -1;
                 struct in6_addrpolicy *new_policy = NULL;
                 u_int32_t srczone, osrczone, dstzone;
                 struct in6_addr src;
                 struct ifnet *ifp1 = ia->ia_ifp;
 
                 /*
                  * We'll never take an address that breaks the scope
 zone
                  * of the destination.  We also skip an address if its
 zone
                  * does not contain the outgoing interface.
                  * XXX: we should probably use sin6_scope_id here.
                  */
                 if (in6_setscope(&dst, ifp1, &dstzone) ||  <---- HERE
                     odstzone != dstzone) {
                         continue;
                 }