Re: kern/52324: assertion "(target->prt_class == class)" failed: subr_psref.c", line 285

To: "gnats-bugs%NetBSD.org@localhost" <gnats-bugs%netbsd.org@localhost>
Subject: Re: kern/52324: assertion "(target->prt_class == class)" failed: subr_psref.c", line 285
From: Ryota Ozaki <ozaki-r%netbsd.org@localhost>
Date: Fri, 23 Jun 2017 10:48:13 +0900

On Fri, Jun 23, 2017 at 10:45 AM, Ryota Ozaki <ozaki-r%netbsd.org@localhost> wrote:
> The following reply was made to PR kern/52324; it has been noted by GNATS.
>
> From: Ryota Ozaki <ozaki-r%netbsd.org@localhost>
> To: "gnats-bugs%NetBSD.org@localhost" <gnats-bugs%netbsd.org@localhost>
> Cc: kern-bug-people%netbsd.org@localhost, gnats-admin%netbsd.org@localhost, netbsd-bugs%netbsd.org@localhost
> Subject: Re: kern/52324: assertion "(target->prt_class == class)" failed:
>  subr_psref.c", line 285
> Date: Fri, 23 Jun 2017 10:42:18 +0900
>
>  On Fri, Jun 23, 2017 at 4:40 AM,  <tnn%netbsd.org@localhost> wrote:
>  >>Number:         52324
>  >>Category:       kern
>  >>Synopsis:       assertion "(target->prt_class =3D=3D class)" failed: subr=
>  _psref.c", line 285
>  >>Confidential:   no
>  >>Severity:       serious
>  >>Priority:       medium
>  >>Responsible:    kern-bug-people
>  >>State:          open
>  >>Class:          sw-bug
>  >>Submitter-Id:   net
>  >>Arrival-Date:   Thu Jun 22 19:40:00 +0000 2017
>  >>Originator:     Tobias Nygren
>  >>Release:        8.99.1 amd64
>  >>Organization:
>  >>Environment:
>  >>Description:
>  > I can reliably trigger this panic from userland by running a certain java=
>   application.
>  >
>  > panic: kernel diagnostic assertion "(target->prt_class =3D=3D class)" fai=
>  led: file "/work/src/sys/kern/subr_psref.c", line 285 mismatched psref targ=
>  et class: 0x0 (ref) !=3D 0xffffe400bfe0ed08 (expected)
>  > fatal breakpoint trap in supervisor mode
>  > trap type 1 code 0 rip 0xffffffff802249f5 cs 0x8 rflags 0x246 cr2 0x10020=
>  f000 ilevel 0x4 rsp 0xffffe40045b75b60
>  > curlwp 0xffffe400beb28200 pid 533.2 lowest kstack 0xffffe40045b722c0
>  > [0xffffffff802249f5->breakpoint][0xffffffff80226450->cpu_Debugger][0xffff=
>  ffff80742474->db_panic][0xffffffff80990401->vpanic][0xffffffff80ce36b8->ker=
>  n_assert][0xffffffff8099140b->psref_release][0xffffffff80a20d7e->if_put][0x=
>  ffffffff806f4b38->ip6_ctloutput][0xffffffff80708380->udp6_ctloutput][0xffff=
>  ffff806ea121->udp6_ctloutput_wrapper][0xffffffff809c286a->sosetopt][0xfffff=
>  fff809c6ef2->sys_setsockopt][0xffffffff80250765->syscall]
>  > dumping to dev 20,1 (offset=3D14682167, size=3D786319):
>
>  Could you try the following diff?
>
>    ozaki-r
>
>  diff --git a/sys/netinet6/ip6_output.c b/sys/netinet6/ip6_output.c
>  index f9ddeaba9ac..688327e10e6 100644
>  --- a/sys/netinet6/ip6_output.c
>  +++ b/sys/netinet6/ip6_output.c
>  @@ -2561,6 +2561,7 @@ ip6_setmoptions(const struct sockopt *sopt,
>  struct in6pcb *in6p)
>                   * Group must be a valid IP6 multicast address.
>                   */
>                  bound =3D curlwp_bind();
>  +               ifp =3D NULL;

hmm, something went wrong. ifp = NULL is correct of course.

  ozaki-r

>                  error =3D ip6_get_membership(sopt, &ifp, &psref, &ia, sizeo=
>  f(ia));
>                  if (error !=3D 0) {
>                          curlwp_bindx(bound);

References:
- Re: kern/52324: assertion "(target->prt_class == class)" failed: subr_psref.c", line 285
  - From: Ryota Ozaki

Prev by Date: Re: kern/52324: assertion "(target->prt_class == class)" failed: subr_psref.c", line 285
Next by Date: Re: kern/52324: assertion "(target->prt_class == class)" failed: subr_psref.c", line 285
Previous by Thread: Re: kern/52324: assertion "(target->prt_class == class)" failed: subr_psref.c", line 285
Next by Thread: Re: kern/52324: assertion "(target->prt_class == class)" failed: subr_psref.c", line 285
Indexes:

Home | Main Index | Thread Index | Old Index