From owner-freebsd-current@FreeBSD.ORG  Wed May 21 01:19:14 2003
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 38F5637B401
	for <current@freebsd.org>; Wed, 21 May 2003 01:19:14 -0700 (PDT)
Received: from birch.ripe.net (birch.ripe.net [193.0.1.96])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 5CD7F43F3F
	for <current@freebsd.org>; Wed, 21 May 2003 01:19:13 -0700 (PDT)
	(envelope-from marks@ripe.net)
Received: from laptop.6bone.nl (cow.ripe.net [193.0.1.239])
	by birch.ripe.net (8.12.9/8.11.6) with SMTP id h4L8JCVn020317;
	Wed, 21 May 2003 10:19:12 +0200
Received: (nullmailer pid 772 invoked by uid 1000);
	Wed, 21 May 2003 06:51:53 -0000
Date: Wed, 21 May 2003 08:51:52 +0200
From: Mark Santcroos <marks@ripe.net>
To: Craig Boston <craig@xfoil.gank.org>
Message-ID: <20030521065152.GA725@laptop.6bone.nl>
References: <1053466303.815.22.camel@owen1492.uf.corelab.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <1053466303.815.22.camel@owen1492.uf.corelab.com>
User-Agent: Mutt/1.4.1i
X-Handles: MS6-6BONE, MS18417-RIPE
cc: current@freebsd.org
Subject: Re: Reproducable panic in in6_pcbbind
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 21 May 2003 08:19:14 -0000

On Tue, May 20, 2003 at 04:31:44PM -0500, Craig Boston wrote:
> td=0x0 looks bad, and it seems really weird that nam and td change in
> the call to tcp6_usr_bind since sobind just calls it with the same
> arguments it was given.  Stack corruption maybe?  sobind should have
> choked on the null pointer long before it ever got to tcp6_usr_bind...

I had something similar some weeks/months ago. It also happened with
closing and reopening an ssh forwarding session (no socks however afaik).

I'm running with some debugging statements in my tree for the event that
it happens again. Are you running -current as of recent or an older one?

My stack was also corrupted as that code can't be reached at all with
td==0.

Mark

-- 
Mark Santcroos                    RIPE Network Coordination Centre
http://www.ripe.net/home/mark/    New Projects Group/TTM