Actions
Regression #14164
closedIPv6 interface configuration race condition can lead to kernel panic
Start date:
Due date:
% Done:
100%
Estimated time:
Plus Target Version:
23.05
Release Notes:
Default
Affected Version:
2.7.0
Affected Architecture:
Description
While re-configuring an interface that has an IPv6 config, such as when the link bounces, it's possible to hit a race condition triggering a kernel panic:
db:1:pfs> bt Tracing pid 4585 tid 100445 td 0xfffffe00cd4ba1e0 kdb_enter() at kdb_enter+0x32/frame 0xfffffe00cd68c790 vpanic() at vpanic+0x182/frame 0xfffffe00cd68c7e0 panic() at panic+0x43/frame 0xfffffe00cd68c840 trap_fatal() at trap_fatal+0x409/frame 0xfffffe00cd68c8a0 trap_pfault() at trap_pfault+0x4f/frame 0xfffffe00cd68c900 calltrap() at calltrap+0x8/frame 0xfffffe00cd68c900 --- trap 0xc, rip = 0xffffffff80fd9293, rsp = 0xfffffe00cd68c9d0, rbp = 0xfffffe00cd68ca20 --- in6_unlink_ifa() at in6_unlink_ifa+0x63/frame 0xfffffe00cd68ca20 in6_purgeaddr() at in6_purgeaddr+0x367/frame 0xfffffe00cd68cb40 in6_purgeifaddr() at in6_purgeifaddr+0x13/frame 0xfffffe00cd68cb60 in6_control() at in6_control+0x532/frame 0xfffffe00cd68cbc0 ifioctl() at ifioctl+0x7bc/frame 0xfffffe00cd68ccc0 kern_ioctl() at kern_ioctl+0x26d/frame 0xfffffe00cd68cd30 sys_ioctl() at sys_ioctl+0x101/frame 0xfffffe00cd68ce00 amd64_syscall() at amd64_syscall+0x10c/frame 0xfffffe00cd68cf30 fast_syscall_common() at fast_syscall_common+0xf8/frame 0xfffffe00cd68cf30 --- syscall (54, FreeBSD ELF64, sys_ioctl), rip = 0x18f47cd96e4a, rsp = 0x18f478021f28, rbp = 0x18f478021f70 ---
Tested in 23.01 amd64.
Actions