Date: Mon, 29 Mar 2021 23:23:04 +0000 From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 254303] Fatal trap 12: page fault while in kernel mode ((frr 7.5_1 + Freebsd 13 Beta3) zebra crashes server when routes are populated) Message-ID: <bug-254303-7501-xjYkAIzRcv@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-254303-7501@https.bugs.freebsd.org/bugzilla/> References: <bug-254303-7501@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D254303 --- Comment #19 from Alexander V. Chernikov <melifaro@FreeBSD.org> --- So, it looks like it is a combination of 3 bugs: The actual thing corrupting memory is https://cgit.freebsd.org/src/commit/?id=3D42f997d9b721ce5b64c37958f21fa8163= 0f5a224 (in 13.0-RC4). We get to this codepath by having 127 hexthop groups (number when we trigger array resize). This is addressed in https://cgit.freebsd.org/src/commit/?id=3D9095dc7da4cf0c484fb1160b2180b7329= b09b107 (only in HEAD atm). We get that amount of nexthop groups (should be only one) because of non-zeroing all of the memory in the comparison part of nexthop group. This= is address in https://cgit.freebsd.org/src/commit/?id=3D823a80f4f9037b6b9611aaceb21f53115= d1e64f1 (in 13-S, not sure if it lands in 13.0-R). --=20 You are receiving this mail because: You are on the CC list for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-254303-7501-xjYkAIzRcv>