Project

General

Profile

Actions
Copy link

Bug #16081

open

Panic accessing ``sysctl`` OID ``net.inet.ip.nhdispatch`` with an INVARIANTS kernel

Added by Steve Wheeler about 2 months ago. Updated 30 days ago.

Status:
Feedback
Priority:
Normal
Assignee:
Kristof Provost
Category:
Operating System
Target version:
2.8.0
Start date:
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
25.03
Release Notes:
Default
Affected Version:
Affected Architecture:

Description

Querying net.inet.ip.ip_direct_nh_dispatch via sysctl in a kernel with INVARIANTS set results in a panic:

db:1:pfs> bt
Tracing pid 68615 tid 104175 td 0xfffff8005838f740
kdb_enter() at kdb_enter+0x33/frame 0xfffffe0054b77b00
panic() at panic+0x43/frame 0xfffffe0054b77b60
sbuf_clear() at sbuf_clear+0xa4/frame 0xfffffe0054b77b70
sbuf_cpy() at sbuf_cpy+0x56/frame 0xfffffe0054b77b90
ip_direct_nh_rss() at ip_direct_nh_rss+0xf4/frame 0xfffffe0054b77be0
sysctl_root_handler_locked() at sysctl_root_handler_locked+0x9c/frame 0xfffffe0054b77c30
sysctl_root() at sysctl_root+0x1f9/frame 0xfffffe0054b77cb0
userland_sysctl() at userland_sysctl+0x17a/frame 0xfffffe0054b77d50
sys___sysctl() at sys___sysctl+0x65/frame 0xfffffe0054b77e00
amd64_syscall() at amd64_syscall+0x158/frame 0xfffffe0054b77f30
fast_syscall_common() at fast_syscall_common+0xf8/frame 0xfffffe0054b77f30
--- syscall (202, FreeBSD ELF64, __sysctl), rip = 0x4c69230256a, rsp = 0x4c68fdb01f8, rbp = 0x4c68fdb0240 ---

It's also possible to hit it in a non invariants build but far less likely. I was only able to trigger it once.

Tested in 25.03-Beta.

Actions
Copy link

Also available in: Atom PDF