LOR + panic in scope6.c

Bjoern A. Zeeb bzeeb-lists at lists.zabbadoz.net
Tue Aug 9 20:50:10 GMT 2005


On Tue, 9 Aug 2005, John Baldwin wrote:

> > > > (gdb) l *0xffffffff804990a0
> > > > 0xffffffff804990a0 is in in6_setscope (sys/netinet6/scope6.c:417).
> > > > 412             u_int32_t zoneid = 0;
> > > > 413             struct scope6_id *sid;
> > > > 414
> > > > 415             IF_AFDATA_LOCK(ifp);
> > > > 416
> > > > 417             sid = SID(ifp);
> > > > 418
> > > > 419     #ifdef DIAGNOSTIC
> > > > 420             if (sid == NULL) { /* should not happen */
> > > > 421                     panic("in6_setscope: scope array is NULL");
> > >
> > > Well, SID is a macro that expands this to:
> > >
> > > 	sid = ifp->if_afdata[AF_INET6]->scope6_id
> > >
> > > If if_afdata[AF_INET6] has already been freed that could be the problem.
> > > It might have never been non-null either I guess.  You can try having
> > > in6_setscope() bail if ifp->if_afdata[AF_INET6] is NULL.
> >
> > I will. I think I found another problem with attach/detach in sk.
> > Might be a double free.
> > The above seems to happen in the "No PHY found" case (which I fixed
> > already locally and everything went away).
>
> Well, I've seen this when attach fails on de(4) as well, so I think it's some
> sort of bug where you ether_ifdetach() an interface before it's fully up or
> something.

exactly. what was the solution?

And the other question: why does this happen?

if_{a,de}ttach looked ok to me on order. Havent' had the time to go to
netinet6/ and check what's going on there...

-- 
Bjoern A. Zeeb				bzeeb at Zabbadoz dot NeT


More information about the freebsd-current mailing list