From owner-freebsd-bugs@FreeBSD.ORG  Sat Oct 30 21:40:26 2004
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
Delivered-To: freebsd-bugs@hub.freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id C04C716A4CE
	for <freebsd-bugs@hub.freebsd.org>;
	Sat, 30 Oct 2004 21:40:26 +0000 (GMT)
Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21])
	by mx1.FreeBSD.org (Postfix) with ESMTP id AD6D043D2D
	for <freebsd-bugs@hub.freebsd.org>;
	Sat, 30 Oct 2004 21:40:26 +0000 (GMT)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1])
	by freefall.freebsd.org (8.12.11/8.12.11) with ESMTP id i9ULeQue093598
	for <freebsd-bugs@freefall.freebsd.org>; Sat, 30 Oct 2004 21:40:26 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.12.11/8.12.11/Submit) id i9ULeQO6093597;
	Sat, 30 Oct 2004 21:40:26 GMT
	(envelope-from gnats)
Date: Sat, 30 Oct 2004 21:40:26 GMT
Message-Id: <200410302140.i9ULeQO6093597@freefall.freebsd.org>
To: freebsd-bugs@FreeBSD.org
From: Stefan =?iso-8859-1?Q?E=DFer?= <se@FreeBSD.org>
Subject: Re: kern/73321: Reproducible Panic (LOR: I4B / INET6)
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
Reply-To: Stefan =?iso-8859-1?Q?E=DFer?= <se@FreeBSD.org>
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 30 Oct 2004 21:40:26 -0000

The following reply was made to PR kern/73321; it has been noted by GNATS.

From: Stefan =?iso-8859-1?Q?E=DFer?= <se@FreeBSD.org>
To: freebsd-gnats-submit@FreeBSD.org
Cc:  
Subject: Re: kern/73321: Reproducible Panic (LOR: I4B / INET6)
Date: Sat, 30 Oct 2004 23:36:59 +0200

 According to a message sent to the -current list by Jan Srzednicki
 in September, Robert Watson has added a check for a NULL pointer to
 the netperf branch:
 
 ==== //depot/user/rwatson/netperf/sys/netinet6/nd6.c#9 - /home/rwatson/p4/rwatson_netperf/sys/netinet6/nd6.c ====
 @@ -1779,6 +1779,8 @@                          
 	    nd6_slowtimo, NULL);
  	IFNET_RLOCK();         
  	for (ifp = TAILQ_FIRST(&ifnet); ifp; ifp = TAILQ_NEXT(ifp, if_list)) {
 +		if (ifp->if_afdata[AF_INET6] == NULL)
 + 			continue;
  		nd6if = ND_IFINFO(ifp);
  		if (nd6if->basereachable && /* already initialized */ 
 		    (nd6if->recalctm -= ND6_SLOWTIMER_INTERVAL) <= 0) {
 
 I have verified that this patch fixes the problem (or at least works
 around it) reliably. There could still be a race, if "NULL" is assigned
 to "ifp->if_afdata[AF_INET6]" immediately after the test and before the
 ND_IFINFO macro tries to use that pointer.
 
 I think this patch should be applied to -current and brought into 5.3
 since it fixes a real problem.