Date: Mon, 14 May 2018 14:46:29 +0000 From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 227720] Kernel panic in ppp server Message-ID: <bug-227720-7501-w6yHkiSuA8@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-227720-7501@https.bugs.freebsd.org/bugzilla/> References: <bug-227720-7501@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D227720 --- Comment #14 from Eugene Grosbein <eugen@freebsd.org> --- I've downloaded it, thanks. (kgdb) p *((struct rtentry *)rn)->rt_ifp $7 =3D {if_link =3D {tqe_next =3D 0xdeadc0dedeadc0de, tqe_prev =3D 0xdeadc0= dedeadc0de}, if_clones =3D { le_next =3D 0xdeadc0dedeadc0de, le_prev =3D 0xdeadc0dedeadc0de}, if_gro= ups =3D { tqh_first =3D 0xdeadc0dedeadc0de, tqh_last =3D 0xdeadc0dedeadc0de}, if_alloctype =3D 222 '=D1=87', if_softc =3D 0xdeadc0dedeadc0de, if_llsoftc =3D 0xdeadc0dedeadc0de, if_l2= com =3D 0xdeadc0dedeadc0de, if_dname =3D 0xdeadc0dedeadc0de <Address 0xdeadc0dedeadc0de out of bounds= >, etc. This means race condition in the kernel between interface removal procedure when some tunnel is being disconnected and sysctl handler for "net.routetab= le" that ppp calls, or some subroutine this handler uses. Perhaps, this is guilt of sysctl_rtsock() function that uses RIB_RLOCK() be= fore calling rnh->rnh_walktree(&rnh->head, sysctl_dumpentry, &w) but that does n= ot protect from interface destruction: https://svnweb.freebsd.org/base/release/11.1.0/sys/net/rtsock.c?annotate=3D= 321354#l1898 We need some more eyes of networking people here. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-227720-7501-w6yHkiSuA8>