Date: Sat, 30 Oct 2004 21:40:26 GMT From: Stefan =?iso-8859-1?Q?E=DFer?= <se@FreeBSD.org> To: freebsd-bugs@FreeBSD.org Subject: Re: kern/73321: Reproducible Panic (LOR: I4B / INET6) Message-ID: <200410302140.i9ULeQO6093597@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR kern/73321; it has been noted by GNATS. From: Stefan =?iso-8859-1?Q?E=DFer?= <se@FreeBSD.org> To: freebsd-gnats-submit@FreeBSD.org Cc: Subject: Re: kern/73321: Reproducible Panic (LOR: I4B / INET6) Date: Sat, 30 Oct 2004 23:36:59 +0200 According to a message sent to the -current list by Jan Srzednicki in September, Robert Watson has added a check for a NULL pointer to the netperf branch: ==== //depot/user/rwatson/netperf/sys/netinet6/nd6.c#9 - /home/rwatson/p4/rwatson_netperf/sys/netinet6/nd6.c ==== @@ -1779,6 +1779,8 @@ nd6_slowtimo, NULL); IFNET_RLOCK(); for (ifp = TAILQ_FIRST(&ifnet); ifp; ifp = TAILQ_NEXT(ifp, if_list)) { + if (ifp->if_afdata[AF_INET6] == NULL) + continue; nd6if = ND_IFINFO(ifp); if (nd6if->basereachable && /* already initialized */ (nd6if->recalctm -= ND6_SLOWTIMER_INTERVAL) <= 0) { I have verified that this patch fixes the problem (or at least works around it) reliably. There could still be a race, if "NULL" is assigned to "ifp->if_afdata[AF_INET6]" immediately after the test and before the ND_IFINFO macro tries to use that pointer. I think this patch should be applied to -current and brought into 5.3 since it fixes a real problem.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200410302140.i9ULeQO6093597>