kern/60120: Stopping mrouted crashes the kernel

To: kern-bug-people%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost
Subject: kern/60120: Stopping mrouted crashes the kernel
From: "alnsn%protonmail.ch@localhost via gnats" <gnats-admin%NetBSD.org@localhost>
Date: Sun, 22 Mar 2026 23:50:00 +0000 (UTC)

>Number:         60120
>Category:       kern
>Synopsis:       Stopping mrouted crashes the kernel
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sun Mar 22 23:50:00 +0000 2026
>Originator:     Alex Nasonov
>Release:        10.1
>Organization:
N/A
>Environment:
NetBSD nebeda 10.1_STABLE NetBSD 10.1_STABLE (GENERIC) #0: Thu Mar 19 00:17:47 GMT 2026  alnsn@nebeda:/scratch/alnsn/netbsd-usrsrc/obj/sys/arch/amd64/compile/GENERIC 
>Description:
Kernel compiled with MROUTING crashes in reset_vif -> encap_detach when I stop mrouted. It's a simple NULL-pointer dereference.
>How-To-Repeat:
1. Compile GENERIC wtih MROUTING
2. Setup two network interfaces with multicast enabled
3. Run 'service mrouted onestart'
4. Run 'service mrouted onestop'
5. Boom!
>Fix:
This fix seems to fix the issue but I'm not familiar with those protocols to commit it myself without a review:


        if (vifp->v_flags & VIFF_TUNNEL) {
                /* detach this vif from decapsulator dispatch table */
                encap_lock_enter();
                encap_detach(vifp->v_encap_cookie);
                encap_lock_exit();
                vifp->v_encap_cookie = NULL;
        }

Prev by Date: Re: bin/60099 (/bin/sh (unquoted) $* expansion problem(s))
Previous by Thread: PR/60099 CVS commit: src/bin/sh
Indexes:

Home | Main Index | Thread Index | Old Index