kern/122283: [ip6] [panic] Panic in ip_output related to IPv6 routes

Nick Sayer nsayer at kfu.com
Fri Jun 6 17:20:03 UTC 2008


The following reply was made to PR kern/122283; it has been noted by GNATS.

From: Nick Sayer <nsayer at kfu.com>
To: bug-followup at FreeBSD.org
Cc:  
Subject: Re: kern/122283: [ip6] [panic] Panic in ip_output related to IPv6 routes
Date: Fri, 6 Jun 2008 10:10:56 -0700

 That stack trace looks like one of the alternate stack traces I have  
 observed. With the debugging symbols, it turns out to be in line 518  
 of if_stf.c, which says
 
 RTFREE(sc->sc_ro.ro_rt);
 
 which, once again, points back to something being pooched in the route  
 table.
 
 The full stack trace is
 
 #0  doadump () at pcpu.h:195
 #1  0xc062e277 in boot (howto=260) at /usr/src/sys/kern/ 
 kern_shutdown.c:409
 #2  0xc062e539 in panic (fmt=Variable "fmt" is not available.
 ) at /usr/src/sys/kern/kern_shutdown.c:563
 #3  0xc084cdfc in trap_fatal (frame=0xe683e7cc, eva=76)
      at /usr/src/sys/i386/i386/trap.c:899
 #4  0xc084d080 in trap_pfault (frame=0xe683e7cc, usermode=0, eva=76)
      at /usr/src/sys/i386/i386/trap.c:812
 #5  0xc084da2c in trap (frame=0xe683e7cc) at /usr/src/sys/i386/i386/ 
 trap.c:490
 #6  0xc0833d0b in calltrap () at /usr/src/sys/i386/i386/exception.s:139
 #7  0xc06ca63b in stf_output (ifp=0xc3ef8800, m=0xc75bcc00,  
 dst=0xe683ea0c,
      rt=0xc3fbaca8) at /usr/src/sys/net/if_stf.c:518
 #8  0xc07776fd in nd6_output (ifp=0xc3ef8800, origifp=0xc3ef8800,
      m0=0xc6386700, dst=0xe683ea0c, rt0=0xc3fbaca8)
      at /usr/src/sys/netinet6/nd6.c:2123
 #9  0xc07749c2 in ip6_output (m0=0xc6386700, opt=0x0, ro=0xe683ea08,  
 flags=0,
      im6o=0x0, ifpp=0x0, inp=0xc49ddb40)
      at /usr/src/sys/netinet6/ip6_output.c:927
 #10 0xc0750bf1 in tcp_output (tp=0xc5fb2570)
      at /usr/src/sys/netinet/tcp_output.c:1114
 #11 0xc075af4a in tcp_usr_send (so=0xc4ae5948, flags=Variable "flags"  
 is not available.
 )
      at /usr/src/sys/netinet/tcp_usrreq.c:843
 #12 0xc0681755 in sosend_generic (so=0xc4ae5948, addr=0x0,  
 uio=0xe683ec60,
      top=0xc3fc4300, control=0x0, flags=0, td=0xc4679630)
      at /usr/src/sys/kern/uipc_socket.c:1240
 #13 0xc067d71f in sosend (so=0xc4ae5948, addr=0x0, uio=0xe683ec60,  
 top=0x0,
      control=0x0, flags=0, td=0xc4679630)
      at /usr/src/sys/kern/uipc_socket.c:1286
 #14 0xc0667d1b in soo_write (fp=0xc4add708, uio=0xe683ec60,
      active_cred=0xc4601d00, flags=0, td=0xc4679630)
      at /usr/src/sys/kern/sys_socket.c:103
 #15 0xc06613c7 in dofilewrite (td=0xc4679630, fd=1, fp=0xc4add708,
      auio=0xe683ec60, offset=-1, flags=0) at file.h:254
 #16 0xc06616a8 in kern_writev (td=0xc4679630, fd=1, auio=0xe683ec60)
      at /usr/src/sys/kern/sys_generic.c:401
 #17 0xc066171f in write (td=0xc4679630, uap=0xe683ecfc)
      at /usr/src/sys/kern/sys_generic.c:317
 #18 0xc084d3d5 in syscall (frame=0xe683ed38)
      at /usr/src/sys/i386/i386/trap.c:1035
 #19 0xc0833d70 in Xint0x80_syscall () at /usr/src/sys/i386/i386/ 
 exception.s:196
 #20 0x00000033 in ?? ()
 Previous frame inner to this frame (corrupt stack?)
 
 print *sc says
 
 $2 = {sc_ifp = 0xc3ef8800, __sc_ro46 = {__sc_ro4 = {ro_rt = 0xc3fba9d8,
        ro_dst = {sa_len = 16 '\020', sa_family = 2 '\002',
          sa_data = "\000\000G\215@\002\000\000\000\000\000\000\000"}},
      __sc_ro6 = {ro_rt = 0xc3fba9d8, ro_dst = {sin6_len = 16 '\020',
          sin6_family = 2 '\002', sin6_port = 0, sin6_flowinfo =  
 37784903,
          sin6_addr = {__u6_addr = {__u6_addr8 = '\0' <repeats 15 times>,
              __u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0}, __u6_addr32 = {0,  
 0, 0,
                0}}}, sin6_scope_id = 0}}}, encap_cookie = 0xc3ef7c00}
 
 but print sc->sc_ro.ro_rt says that there is no member sc_ro in sc.
 
 I'll hang on to this core dump in the hopes that someone will want to  
 examine it.
 


More information about the freebsd-bugs mailing list