[Bug 293548] ocserv: kernel panic with tun interfaces

Reply: bugzilla-noreply_a_freebsd.org: "[Bug 293548] ocserv: kernel panic with tun interfaces"
Reply: bugzilla-noreply_a_freebsd.org: "[Bug 293548] ocserv: kernel panic with tun interfaces"
Reply: bugzilla-noreply_a_freebsd.org: "[Bug 293548] ocserv: kernel panic with tun interfaces"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Mon, 02 Mar 2026 18:12:26 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=293548

            Bug ID: 293548
           Summary: ocserv: kernel panic with tun interfaces
           Product: Base System
           Version: 15.0-RELEASE
          Hardware: amd64
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: kern
          Assignee: bugs@FreeBSD.org
          Reporter: mcurex@yandex.ru

Created attachment 268484
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=268484&action=edit
core.1.1.txt - first halt

uname -sri
FreeBSD 15.0-RELEASE-p2 GENERIC
swapinfo
Device          1K-blocks     Used    Avail Capacity
/dev/da0p3        4194264        0  4194264     0%

Details of diagnostics in attached reports, two halts, two files.
My config are:
Two ocserv servers, with own pid files, own configs, one on socket
${INET_IF}:4444, another on ${INET_IF}:5555

After connect via client software something more, than 10 users, kernel halt on
panic with tuncreate() problem.

Short analyze:

Basic info.
Panic: page fault (page error)
Address of halt: 0x8 (read by zero point + movement)
Proccess: ocserv (PID 4055)
Place of halt: /usr/src/sys/net/if_tuntap.c:1013, function tuncreate()
Execution stack: 
tuncreate() → tun_clone_create() → if_clone_create() → tunclone() →
devfs_lookup() → namei() → vn_open_cred() → sys_openat()

Problem is, trying to create from ocserv  TUN-interface (/dev/tun34) started to
create point for the pointer, that dosen't exists tuncreate().

First crash (core.1.1.txt)
Place of halt: __mtx_lock_sleep() in tuncreate():1043
Address: 0x488
type: mutex block

Second crash core.2.txt
Place of halt: tuncreate():1013
Address:  0x8
type: Page fault (NULL deref)

Shared:
Creation of tun-interfaces via ocserv
Both crashes are on the one driver of TUN-devices, but in different places of
code — IMHO, that's the system problem in tuntap FreeBSD 15.0-RELEASE-p2.

-- 
You are receiving this mail because:
You are the assignee for the bug.