NetBSD-Bugs archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: kern/49650: ping6 -mns8000 ::1 kills kernel

The following reply was made to PR kern/49650; it has been noted by GNATS.

From: Martin Husemann <>
Subject: Re: kern/49650: ping6 -mns8000 ::1 kills kernel
Date: Sun, 8 Feb 2015 12:07:31 +0100

 On sparc64 I can reproduce it:
 PING6(8048=40+8+8000 bytes) ::1 --> ::1
 panic: m_copym0 overrun 492 -1802135913
 Stopped in pid 0.3 (system) at  netbsd:cpu_Debugger+0x4:        nop
 db{0}> bt                                                          
 db{0}> mach stack
 Window 0 frame64 0x1b02633c0 locals, ins:
 1 1818b60 18196b0 17aed08 17aed40 ffffffffffffffff a 2
 1827a90 1b02635b8 1cd6c00 1cd7f20 1cd8000 104 1b0262c71=sp 14668e4=pc:netbsd:pan
 Window 1 frame64 0x1b0263470 locals, ins:
 4482000603 0 ffffffffffffffff 1 e0048000 ffffffffffffffff a 2
 1827a90 1ec ffffffff94959697 1 1c95800 103b454a0 1b0262d31=sp 150aab0=pc:netbsd:
 Window 2 frame64 0x1b0263530 locals, ins:
 1ec 1ce0000 0 9000001 fffffe 7ff6 0 1194addb0
 1173a5630 4f8 0 1 0 1194adcb0 1b0262df1=sp 124a700=pc:netbsd:ip6_output+0x1580
 Window 3 frame64 0x1b02635f0 locals, ins:                                     
 1cb5c00 10477c008 104accd68 1f70 1173a4898 10499d4e8 104accd10 0
 0 3a 28 4f8 4d0 1b0263788 1b0263021=sp 117e6b8=pc:netbsd:icmp6_reflect+0x1f8
 Window 4 frame64 0x1b0263820 locals, ins:                                   
 1f48 0 0 9000001 fffffe 7ff6 0 1173a4c30 
 104accd10 1b0263900 81 104accd70 104accd80 104accd68 1b0263161=sp 1180588=pc:net
 Window 5 frame64 0x1b0263960 locals, ins:
 80 30 1050f0824 0 1cb1000 0 0 28         
 28 1b0263bc4 1f48 104acca10 103b4d200 104acd410 1b0263311=sp 1243178=pc:netbsd:i
 and this corresponds to the following source lines:
          * To avoid a "too big" situation at an intermediate router
          * and the path MTU discovery process, specify the IPV6_MINMTU flag.
          * Note that only echo and node information replies are affected,
          * since the length of ICMP6 errors is limited to the minimum MTU.
         if (ip6_output(m, NULL, NULL, IPV6_MINMTU, NULL, NULL, &outif) != 0 &&
                 icmp6_ifstat_inc(outif, ifs6_out_error);
         if (outif)
                 icmp6_ifoutstat_inc(outif, type, code);
 in icmp6.c:icmp6_reflect.

Home | Main Index | Thread Index | Old Index