There is a race condition on sequencecheck between the main thread and the receiver thread. The main thread calls seqcheck_clear() on RFC2544_RESETTING while the receiver thread calls seqcheck_receive(). seqcheck_receive() tries to update sequence counters and seqcheck_clear() resets its counters. Unfortunately seqcheck_clear() makes a pointer sc_parent NULL transiently in its process, so seqcheck_receive() can touch the NULL pointer and cause a segmentation fault.
We know that a segmentation fault stemming from the race condition occurs on FreeBSD 13.
We probably have to synchronize the threads on RFC2544_RESETTING to avoid the race condition.
There is a race condition on
sequencecheckbetween the main thread and the receiver thread. The main thread callsseqcheck_clear()onRFC2544_RESETTINGwhile the receiver thread callsseqcheck_receive().seqcheck_receive()tries to update sequence counters andseqcheck_clear()resets its counters. Unfortunatelyseqcheck_clear()makes a pointersc_parentNULL transiently in its process, soseqcheck_receive()can touch the NULL pointer and cause a segmentation fault.We know that a segmentation fault stemming from the race condition occurs on FreeBSD 13.
We probably have to synchronize the threads on
RFC2544_RESETTINGto avoid the race condition.