DragonFly bugs List (threaded) for 2008-03
DragonFly BSD
DragonFly bugs List (threaded) for 2008-03
[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]

Re: panic: assertion: _ifac->ifa_magic == IFA_CONTAINER_MAGIC in _IFAFREE


From: Matthew Dillon <dillon@xxxxxxxxxxxxxxxxxxxx>
Date: Sun, 16 Mar 2008 12:53:31 -0700 (PDT)

:Hello.
:Just caught a panic while playing with NFS mounted git tree
:(but I cannot reliably reproduce it after that):
:
:panic: assertion: _ifac->ifa_magic == IFA_CONTAINER_MAGIC in _IFAFREE
:mp_lock = 00000001; cpuid = 1
:		:
:and the backtrace below the panic is as follows:
:
:#9  0xc032907e in rtfree (rt=0xc116ca60)
:    at /home/dfly/current/sys/net/if_var.h:469
:#10 0xc034e8ed in ip_output (m0=0xcc2fd100, opt=0x0, ro=0xc9ebde3c, 
:    flags=<value optimized out>, imo=0x0, inp=0xc9ebde00)
:    at /home/dfly/current/sys/netinet/ip_output.c:245

    I assume IFA_CONTAINER_MAGIC is a sanity check you added somewhere
    in your local tree?  Its a good idea but probably catches the
    bug too late.

    We definitely still have a use-after-free issue with IFA's.  I have
    been unable to locate where but clearly something is losing track of
    the IFA and we are winding up with a dangling pointer.

						-Matt



[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]