Reproducable panic in in6_pcbbind
AIDA Shinra
shinra at j10n.org
Wed May 21 06:17:29 PDT 2003
>
> On Tue, May 20, 2003 at 04:31:44PM -0500, Craig Boston wrote:
> > td=0x0 looks bad, and it seems really weird that nam and td change in
> > the call to tcp6_usr_bind since sobind just calls it with the same
> > arguments it was given. Stack corruption maybe? sobind should have
> > choked on the null pointer long before it ever got to tcp6_usr_bind...
>
> I had something similar some weeks/months ago. It also happened with
> closing and reopening an ssh forwarding session (no socks however afaik).
>
> I'm running with some debugging statements in my tree for the event that
> it happens again. Are you running -current as of recent or an older one?
>
> My stack was also corrupted as that code can't be reached at all with
> td==0.
>
> Mark
>
I experienced the same kgdb trace last manth. I found the crashdump
lied about where the trap occured. What DDB prints? If the true trap
point is at in6_pcbbind() in netinet6/in6_pcb.c, the problem may be
same to kern/50621.
More information about the freebsd-current
mailing list