kern/88725: /usr/sbin/ppp panic with 2005.10.21 netinet6 changes
tinguely at casselton.net
Thu Nov 10 07:00:25 PST 2005
The following reply was made to PR kern/88725; it has been noted by GNATS.
From: Mark Tinguely <tinguely at casselton.net>
To: bug-followup at freebsd.org, snezhko at indorsoft.ru
Cc: freebsd-current at freebsd.org, Max at freebsd.org, max at love2party.net
Subject: Re: kern/88725: /usr/sbin/ppp panic with 2005.10.21 netinet6 changes
Date: Thu, 10 Nov 2005 08:50:37 -0600 (CST)
As a postscript:
The problem was a dynamic timer was freed without being stopped first.
Obviously, the printf() should be removed from the final fix.
After this discovery, I went through all of the callout_init() calls
in the kernel and looked at those that may be freed before possibly
being stopped. Beside the one in netinet6/mld6.c, I have 5 more
that initially look like the memory for the callout struction could
also be freed and still not have been stopped. These paths are problably
not traveled much (detaches for less mainstream components), but stopping
the callout is cheap and not at all risky.
I will look at the 5 cases again and suggest all of these callout at
risk be stopped under the same fix.
More information about the freebsd-bugs