Re: bin/47311: rtadvd(8) crashes when RA arrives on a newly created interface

To: gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost,uwe%NetBSD.org@localhost
Subject: Re: bin/47311: rtadvd(8) crashes when RA arrives on a newly created interface
From: christos%zoulas.com@localhost (Christos Zoulas)
Date: Tue, 11 Dec 2012 17:05:03 +0000 (UTC)

The following reply was made to PR bin/47311; it has been noted by GNATS.

From: christos%zoulas.com@localhost (Christos Zoulas)
To: gnats-bugs%NetBSD.org@localhost, gnats-admin%netbsd.org@localhost, 
netbsd-bugs%netbsd.org@localhost
Cc: 
Subject: Re: bin/47311: rtadvd(8) crashes when RA arrives on a newly created 
interface
Date: Tue, 11 Dec 2012 12:02:09 -0500

 On Dec 11,  2:55pm, uwe%NetBSD.org@localhost (uwe%NetBSD.org@localhost) wrote:
 -- Subject: bin/47311: rtadvd(8) crashes when RA arrives on a newly created i

 | >Number:         47311
 | >Category:       bin
 | >Synopsis:       rtadvd(8) crashes when RA arrives on a newly created 
interface
 | >Confidential:   no
 | >Severity:       non-critical
 | >Priority:       low
 | >Responsible:    bin-bug-people
 | >State:          open
 | >Class:          sw-bug
 | >Submitter-Id:   net
 | >Arrival-Date:   Tue Dec 11 14:55:00 +0000 2012
 | >Originator:     Valery Ushakov
 | >Release:        NetBSD 6
 | >Organization:
 | >Environment:
 | NetBSD amd64 6.0_STABLE NetBSD 6.0_STABLE (GENERIC) #0: Sun Nov 18 04:21:07 
MSK 2012  
uwe@amd64:/home/uwe/work/netbsd/cvs/src-release-6/sys/arch/amd64/compile/GENERIC
 amd64
 | 
 | >Description:
 | When rtadvd(8) is up and running and a new interface is created behind
 | its back it doesn't notice that.  When later an RA arrives on a new
 | interface rtadvd(8) crashes at rtadvd.c:617 (line number as of rev. 1.38):
 | 
 |   if ((iflist[pi->ipi6_ifindex]->ifm_flags & IFF_UP) == 0) {
 | 
 | where pi->ipi6_ifindex names a new interface and it's out of bounds for 
 | iflist[] array that was populated before the new interface was created.
 | 
 | >How-To-Repeat:
 | I don't have a ready test case to reproduce it.  What I'm doing is I'm
 | playing with lwIP stack using tap(4) bridge(4)'ed to the real ethernet.
 | 
 | The system has
 | 
 | rtadvd=YES
 | rtadvd_flags="wm2"
 | 
 | in rc.conf(5) so rtadvd(8) is started at boot.  Later I create a tap 
interface bridged to wm1 and run lwIP on that tap.  When my lwIP app sends its 
first RA out on tap, rtadvd(8) crashes as described.
 | 
 | To reproduce this it's probably easiest to just create/open a tap and send 
canned ethernet frame with RA packet in it.

 should make it handle RTM_IFANNOUNCE. The FreeBSD code does it; perhaps use
 theirs?

 christos

Prev by Date: Re: bin/47311: rtadvd(8) crashes when RA arrives on a newly created interface
Next by Date: Re: kern/41112: No ACPI events on HP NC4400
Previous by Thread: Re: bin/47311: rtadvd(8) crashes when RA arrives on a newly created interface
Next by Thread: kern/47312: ACPI crash on Thinkpad T61
Indexes:

Home | Main Index | Thread Index | Old Index