|
Description
|
snst-router.east panics after a few minutes of running a recent onnv nightly build. It panics while otherwise idle when forwarding IP traffic:
> ::status
debugging crash dump vmcore.0 (64-bit) from snst-router
operating system: 5.11 onnv-gate:2008-01-29 (i86pc)
panic message:
assertion failed: ret_action != Forward_check_multirt, file: ../../common/inet/i
p/ip.c, line: 13899
dump content: kernel pages only
> $c
vpanic()
assfail+0x7e(fffffffff7be41d0, fffffffff7be62a8, 364b)
ip_fast_forward+0x78c(0, 10fd9481, ffffff02f0c337e8, ffffff030bba8f00)
ip_input+0x54a(ffffff02f0c337e8, 0, ffffff030bba8f00, ffffff000f7968b0)
i_dls_link_rx+0x2c0(ffffff02f07d8760, 0, ffffff030bba8f00)
mac_do_rx+0xba(ffffff02ec665680, 0, ffffff030bba8f00, 0)
mac_rx+0x1b(ffffff02ec665680, 0, ffffff030bba8f00)
aggr_recv_cb+0x1a7(ffffff02f13abad0, 0, ffffff030bba8f00)
mac_do_rx+0xba(ffffff02ec665cf8, 0, ffffff030bba8f00, 0)
mac_rx+0x1b(ffffff02ec665cf8, 0, ffffff030bba8f00)
nge_receive+0x47(ffffff02eca2d000)
nge_intr_handle+0x118(ffffff02eca2d000, ffffff000f796b9c)
nge_chip_intr+0xd9(ffffff02eca2d000, 0)
av_dispatch_autovect+0x8c(16)
dispatch_hardint+0x2f(16, 0)
switch_sp_and_call+0x13()
do_interrupt+0xe6(ffffff000f760b20, ffffff02ead2dbe0)
_interrupt+0x1ec()
mach_cpu_idle+0x17()
cpu_idle+0xc8()
idle+0x10e()
thread_start+8()
The x86 crash dump is located at snst-router.east:/var/crash/snst-router.East.Sun.COM/*.0, and is also attached to this bug report in case the system is inaccessible.
The ASSERT() was introduced by the recent fix to 6638327. The problem appears to be that ire_forward() doesn't set ret_action when it returns at line 897, and ip_fast_foward() then bases its ASSERT() on uninitialized stack-local garbage.
|
