[Bug 273890] accessing freed inpcb in udp6_bind

In reply to: bugzilla-noreply_a_freebsd.org: "[Bug 273890] Fatal trap 12: page fault while in kernel mode"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Tue, 19 Dec 2023 17:15:04 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=273890

--- Comment #15 from Gleb Smirnoff <glebius@FreeBSD.org> ---
I see the problem. The inpcb destruction order has a flaw. We first clear
inp_socket, then set INP_FREED flag, then call in_pcbremhash(). This isn't
compatible with inpcb_lookup_local() which doesn't use inpcb lock. Coming with
a patch soon.

-- 
You are receiving this mail because:
You are the assignee for the bug.