[Bug 246819] Kernel panic with ifconfig destroy
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Fri Jun 19 17:49:07 UTC 2020
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=246819
Mark Johnston <markj at FreeBSD.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|New |Open
CC| |markj at FreeBSD.org
--- Comment #3 from Mark Johnston <markj at FreeBSD.org> ---
(In reply to Ashish Gupta from comment #2)
Looks like we are panicking because the counters in the in6_ifstat block are
freed. In particular, the panic happens while executing:
790 in6_ifstat_inc(ifp, ifs6_out_request);
which expands to
545 #define in6_ifstat_inc(ifp, tag) \
546 do { \
547 if (ifp) \
548 counter_u64_add(((struct in6_ifextra *) \
549 ((ifp)->if_afdata[AF_INET6]))->in6_ifstat[ \
550 offsetof(struct in6_ifstat, tag) / sizeof(uint64_t)],
1);\
551 } while (/*CONSTCOND*/ 0)
and the fault address is 0, so it shouldn't be from the if_afdata dereference
or the in6_ifstat dereference (since ifs6_out_request is not the first counter
in the block).
So the interface is already destroyed, but we are sending TCP keepalives
through it.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-net
mailing list