[DragonFlyBSD - Bug #2662] (New) Another NULL pointer dereference in networking code
bugtracker-admin at leaf.dragonflybsd.org
bugtracker-admin at leaf.dragonflybsd.org
Fri Apr 11 21:06:41 PDT 2014
Issue #2662 has been reported by shamaz.
----------------------------------------
Bug #2662: Another NULL pointer dereference in networking code
http://bugs.dragonflybsd.org/issues/2662
* Author: shamaz
* Status: New
* Priority: Normal
* Assignee:
* Category:
* Target version:
----------------------------------------
Hi!
I'am using the same configuration as described here:
https://bugs.dragonflybsd.org/issues/2660
After playing with my virtual machine for a while I caught a new kernel
panic caused by dereferencing a NULL pointer to network interface. As the
backtrace tells, it appears in in_broadcast():
(kgdb) bt
#0 _get_mycpu () at ./machine/thread.h:69
#1 md_dumpsys (di=di at entry=0xffffffff80f38f60 <dumper>) at
/usr/src/sys/platform/pc64/x86_64/dump_machdep.c:265
#2 0xffffffff80561832 in dumpsys () at
/usr/src/sys/kern/kern_shutdown.c:912
#3 0xffffffff802b21ac in db_fncall (dummy1=<optimized out>,
dummy2=<optimized out>, dummy3=<optimized out>, dummy4=<optimized out>)
at /usr/src/sys/ddb/db_command.c:539
#4 0xffffffff802b25e3 in db_command (aux_cmd_tablep_end=<optimized out>,
aux_cmd_tablep=<optimized out>, cmd_table=<optimized out>,
last_cmdp=0xffffffff80db5430 <db_last_command>) at
/usr/src/sys/ddb/db_command.c:401
#5 db_command_loop () at /usr/src/sys/ddb/db_command.c:467
#6 0xffffffff802b51b9 in db_trap (type=type at entry=12, code=code at entry=0)
at /usr/src/sys/ddb/db_trap.c:71
#7 0xffffffff809345ef in kdb_trap (type=type at entry=12, code=code at entry=0,
regs=regs at entry=0xffffffe05de9b7f8)
at /usr/src/sys/platform/pc64/x86_64/db_interface.c:174
#8 0xffffffff80939890 in trap_fatal (frame=frame at entry=0xffffffe05de9b7f8,
eva=<optimized out>) at /usr/src/sys/platform/pc64/x86_64/trap.c:1029
#9 0xffffffff80939ac9 in trap_pfault (frame=frame at entry=0xffffffe05de9b7f8,
usermode=usermode at entry=0) at /usr/src/sys/platform/pc64/x86_64/trap.c:934
#10 0xffffffff8093a015 in trap (frame=0xffffffe05de9b7f8) at
/usr/src/sys/platform/pc64/x86_64/trap.c:610
#11 0xffffffff809242af in calltrap () at
/usr/src/sys/platform/pc64/x86_64/exception.S:188
#12 0xffffffff8065da52 in in_broadcast (in=..., ifp=0x0) at
/usr/src/sys/netinet/in.c:1303
#13 0xffffffff8067aaa6 in tcp_input (mp=<optimized out>, offp=<optimized
out>, proto=<optimized out>) at /usr/src/sys/netinet/tcp_input.c:1147
#14 0xffffffff80671ce6 in transport_processing_oncpu (m=0x0, hlen=20,
ip=0xffffffe0f47c59c0) at /usr/src/sys/netinet/ip_input.c:390
#15 0xffffffff80671d1b in transport_processing_handler (msg=<optimized
out>) at /usr/src/sys/netinet/ip_input.c:404
#16 0xffffffff8061be6a in netmsg_service_loop (arg=<optimized out>) at
/usr/src/sys/net/netisr.c:319
#17 0xffffffff80571c57 in lwkt_deschedule_self (td=<optimized out>) at
/usr/src/sys/kern/lwkt_thread.c:327
#18 0x0000000000000000 in ?? ()
(kgdb) frame 12
#12 0xffffffff8065da52 in in_broadcast (in=..., ifp=0x0) at
/usr/src/sys/netinet/in.c:1303
warning: Source file is more recent than executable.
1303 if ((ifp->if_flags & IFF_BROADCAST) == 0)
(kgdb) quit
I don't know exactly how to reproduce the bug but it appears very often
(approx. every 10 minutes) with described configuration when machines A and
C access ftp server on machine B.
I attach a patch that checks if ipf is not NULL, which finally fixes the
problem.
I also checked sys/netinet/tcp_input.c for passing m->m_pkthdr.rcvif. Both
in_pcblookup_pkthash and in_pcblookup_hash seem to handle this argument
correctly.
Crash dump:
https://docs.google.com/uc?export=download&id=0B1NArWn4pLpxLVRCZmlld0VURGM
--
You have received this notification because you have either subscribed to it, or are involved in it.
To change your notification preferences, please click here: http://bugs.dragonflybsd.org/my/account
More information about the Bugs
mailing list