Date: Tue, 12 Jul 2016 10:31:09 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-bugs@FreeBSD.org Subject: [Bug 211031] [panic] in ng_uncallout when argument is NULL Message-ID: <bug-211031-8@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D211031 Bug ID: 211031 Summary: [panic] in ng_uncallout when argument is NULL Product: Base System Version: 11.0-BETA1 Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: kern Assignee: freebsd-bugs@FreeBSD.org Reporter: mizhka@gmail.com Created attachment 172406 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D172406&action= =3Dedit panic backtrace Hi, I faced panic error with 11-ALPHA6 and 12-CURRENT when I unplug ethernet ca= ble with active PPTP VPN connection.=20 uname -a: FreeBSD gidrarium 12.0-CURRENT FreeBSD 12.0-CURRENT #1: Sat Jul 9 17:28:38= MSK 2016=20=20=20=20 jenkins@gidrarium:/builds/FreeBSD-src-head/obj/builds/FreeBSD-src-head/sys/= GENERIC amd64 Test case: - use wired ethernet connection - establish PPTP connection using mpd5 - unplug ethernet cable (=3D> panic) db> bt Tracing pid 902 tid 100675 td 0xfffff800169a1000=20 ng_uncallout() at ng_uncallout+0x3d/frame 0xfffffe04530b3580 ng_pptpgre_disconnect() at ng_pptpgre_disconnect+0xbb/frame 0xfffff* ng_destroy_hook() at ng_destroy_hook+0xlfe/frame 8xfffffe84538b35d8=20 ng_ranode() at ng_ranode+0x75/frame 0xfffffe04538b3618=20 ng_apply_item() at ng_apply_itea+0x4ca/frame 0xfffffeB4538b36a8=20 ng_snd_item() at ng_snd_itea+0x3a9/frame 0xfffffeB4538b36e0=20 ngc_send() at ngc_send+0x21b/frame 0xfffffe04530b3790=20 sosend_generic() at sosend_generic+0x436/frame 0xfffffe04538b3850=20 kern_sendit() at kern_sendit+0x21b/frame Bxfffffe04538b390B=20 sendit() at sendit+0x19f/frame 0xfffffeB4530b3950=20 sys_sendto() at sys_sendto+0x4d/frame 0xfffffe04530b39a0=20 amd64_syscall() at amd64_syscall+0x2db/frame 0xfffffe04530b3ab0=20 Xfast_syscall() at Xfast_syscall+0xfb/frame 0xfffffeB4530b3abB=20 --- syscall (133, FreeBSD ELF64, sys_sendto), rip =3D 0x80253906a, rsp - 0x7fffdfffd72B, rbp - 0x7fffdfffd770=20 Panic happens due to missing check if item (c->c_arg) is NULL in ng_uncallo= ut: item =3D c->c_arg; /* Do an extra check */ if ((rval > 0) && (c->c_func =3D=3D &ng_callout_trampoline) && (NGI_NODE(item) =3D=3D node)) { I suppose that actual root cause may be in upper stack. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-211031-8>