From owner-freebsd-net@FreeBSD.ORG  Sat Feb 11 07:31:37 2006
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
X-Original-To: net@FreeBSD.org
Delivered-To: freebsd-net@FreeBSD.ORG
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 2FE5C16A420
	for <net@FreeBSD.org>; Sat, 11 Feb 2006 07:31:37 +0000 (GMT)
	(envelope-from jinmei@impact.jinmei.org)
Received: from impact.jinmei.org (kame201.kame.net [203.178.141.201])
	by mx1.FreeBSD.org (Postfix) with ESMTP id CA89343D48
	for <net@FreeBSD.org>; Sat, 11 Feb 2006 07:31:36 +0000 (GMT)
	(envelope-from jinmei@impact.jinmei.org)
Received: by impact.jinmei.org (Postfix, from userid 2308)
	id AA7002E35A; Sat, 11 Feb 2006 16:31:23 +0900 (JST)
From: JINMEI Tatuya / =?ISO-2022-JP?B?GyRCP0BMQEMjOkgbKEI=?=
	<jinmei@isl.rdc.toshiba.co.jp>
To: Kris Kennaway <kris@obsecurity.org>
In-Reply-To: <20060211071411.GA82302@xor.obsecurity.org>
References: <20060116004438.GA27901@xor.obsecurity.org>
	<20060207054502.GA18560@xor.obsecurity.org>
	<y7vhd7bjwye.wl%jinmei@isl.rdc.toshiba.co.jp>
	<20060211035025.GA77114@xor.obsecurity.org>
	<y7vwtg2flhb.wl%jinmei@isl.rdc.toshiba.co.jp>
	<20060211071411.GA82302@xor.obsecurity.org>
User-Agent: Wanderlust/2.14.0 (Africa) Emacs/21.3 Mule/5.0 (SAKAKI)
Organization: Research & Development Center, Toshiba Corp., Kawasaki, Japan.
MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka")
Content-Type: text/plain; charset=US-ASCII
Message-Id: <20060211073123.AA7002E35A@impact.jinmei.org>
Date: Sat, 11 Feb 2006 16:31:23 +0900 (JST)
Cc: net@FreeBSD.org
Subject: Re: Changing time causes ipv6 panics
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 11 Feb 2006 07:31:37 -0000

>>>>> On Sat, 11 Feb 2006 02:14:11 -0500, 
>>>>> Kris Kennaway <kris@obsecurity.org> said:

>> >> Sorry, not really (we've not got a test environment to reproduce it).
>> >> But from a quick review of nd6.c, there seems to be one thing that is
>> >> obviously wrong.  The possible bug has been there since rev. 1.19
>> >> committed in April 2002.  We've been probably just lucky so far...
>> >> 
>> >> Could you try the patch attached below?  We'll probably also need to
>> >> apply this fix to 4.X and 5.X.
>> 
>> > The patch did not fix the panic.
>> 
>> Hmm, but this time the point where the panic happened should be
>> different.  Can you identify where it was?

> I reduced the hw.physmem size and was able to get a dump:

> (kgdb) frame 10

> #10 0xffffffff80333a86 in nd6_timer (ignored_arg=0xffffffff8059ab60) at ../../../netinet6/nd6.c:585
> 585                             ia6->ia6_flags |= IN6_IFF_DEPRECATED;

Are you sure you applied the patch?  In the 'patched' version of
nd6.c, line 585 is blank, so at least it doesn't match the above
backtrace.

To make it very clear, I've put a copy of 'before' and 'after' the
patch to nd6.c at:

http://www.jinmei.org/nd6.c.orig
and
http://www.jinmei.org/nd6.c
respectively.

It seems you are still using nd6.c.orig, whose line 585 sets the
IN6_IFF_DEPRECATED flag.

					JINMEI, Tatuya
					Communication Platform Lab.
					Corporate R&D Center, Toshiba Corp.
					jinmei@isl.rdc.toshiba.co.jp