Project

General

Profile

Actions

Regression #14164

closed

IPv6 interface configuration race condition can lead to kernel panic

Added by Steve Wheeler about 1 year ago. Updated 10 months ago.

Status:
Resolved
Priority:
High
Assignee:
Category:
Interfaces
Target version:
Start date:
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
23.05
Release Notes:
Default
Affected Version:
2.7.0
Affected Architecture:

Description

While re-configuring an interface that has an IPv6 config, such as when the link bounces, it's possible to hit a race condition triggering a kernel panic:

db:1:pfs> bt
Tracing pid 4585 tid 100445 td 0xfffffe00cd4ba1e0
kdb_enter() at kdb_enter+0x32/frame 0xfffffe00cd68c790
vpanic() at vpanic+0x182/frame 0xfffffe00cd68c7e0
panic() at panic+0x43/frame 0xfffffe00cd68c840
trap_fatal() at trap_fatal+0x409/frame 0xfffffe00cd68c8a0
trap_pfault() at trap_pfault+0x4f/frame 0xfffffe00cd68c900
calltrap() at calltrap+0x8/frame 0xfffffe00cd68c900
--- trap 0xc, rip = 0xffffffff80fd9293, rsp = 0xfffffe00cd68c9d0, rbp = 0xfffffe00cd68ca20 ---
in6_unlink_ifa() at in6_unlink_ifa+0x63/frame 0xfffffe00cd68ca20
in6_purgeaddr() at in6_purgeaddr+0x367/frame 0xfffffe00cd68cb40
in6_purgeifaddr() at in6_purgeifaddr+0x13/frame 0xfffffe00cd68cb60
in6_control() at in6_control+0x532/frame 0xfffffe00cd68cbc0
ifioctl() at ifioctl+0x7bc/frame 0xfffffe00cd68ccc0
kern_ioctl() at kern_ioctl+0x26d/frame 0xfffffe00cd68cd30
sys_ioctl() at sys_ioctl+0x101/frame 0xfffffe00cd68ce00
amd64_syscall() at amd64_syscall+0x10c/frame 0xfffffe00cd68cf30
fast_syscall_common() at fast_syscall_common+0xf8/frame 0xfffffe00cd68cf30
--- syscall (54, FreeBSD ELF64, sys_ioctl), rip = 0x18f47cd96e4a, rsp = 0x18f478021f28, rbp = 0x18f478021f70 ---

Tested in 23.01 amd64.

Actions

Also available in: Atom PDF