[Bug 227720] Kernel panic in ppp server
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Mon May 14 14:46:31 UTC 2018
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=227720
--- Comment #14 from Eugene Grosbein <eugen at freebsd.org> ---
I've downloaded it, thanks.
(kgdb) p *((struct rtentry *)rn)->rt_ifp
$7 = {if_link = {tqe_next = 0xdeadc0dedeadc0de, tqe_prev = 0xdeadc0dedeadc0de},
if_clones = {
le_next = 0xdeadc0dedeadc0de, le_prev = 0xdeadc0dedeadc0de}, if_groups = {
tqh_first = 0xdeadc0dedeadc0de, tqh_last = 0xdeadc0dedeadc0de},
if_alloctype = 222 'ч',
if_softc = 0xdeadc0dedeadc0de, if_llsoftc = 0xdeadc0dedeadc0de, if_l2com =
0xdeadc0dedeadc0de,
if_dname = 0xdeadc0dedeadc0de <Address 0xdeadc0dedeadc0de out of bounds>,
etc.
This means race condition in the kernel between interface removal procedure
when some tunnel is being disconnected and sysctl handler for "net.routetable"
that ppp calls, or some subroutine this handler uses.
Perhaps, this is guilt of sysctl_rtsock() function that uses RIB_RLOCK() before
calling rnh->rnh_walktree(&rnh->head, sysctl_dumpentry, &w) but that does not
protect from interface destruction:
https://svnweb.freebsd.org/base/release/11.1.0/sys/net/rtsock.c?annotate=321354#l1898
We need some more eyes of networking people here.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-net
mailing list