Re: 9.99.104: panic in tcp_shutdown_wrapper

To: Michael van Elst <mlelstv%serpens.de@localhost>
Subject: Re: 9.99.104: panic in tcp_shutdown_wrapper
From: Ryota Ozaki <ozaki-r%netbsd.org@localhost>
Date: Sun, 30 Oct 2022 17:47:51 +0900

On Sun, Oct 30, 2022 at 2:52 PM Michael van Elst <mlelstv%serpens.de@localhost> wrote:
>
> ozaki-r%netbsd.org@localhost (Ryota Ozaki) writes:
>
> >I've committed a possible fix.  Could you try it?
>
> >Thanks,
> >  ozaki-r
>
>
> I just got a NULL pointer dereference in tcp_ctloutput where
> the previous check for inp == NULL is also missing.
>
> [ 24837.756043] fp ffffc0016794db70 tcp_ctloutput() at ffffc000002ec4b4 netbsd:tcp_ctloutput+0x94
> [ 24837.756043] fp ffffc0016794dcc0 tcp_ctloutput_wrapper() at ffffc000002d2680 netbsd:tcp_ctloutput_wrapper+-0x31150
> [ 24837.756043] fp ffffc0016794dcf0 sosetopt() at ffffc00000603cbc netbsd:sosetopt+0x78
> [ 24837.756043] fp ffffc0016794ddb0 sys_setsockopt() at ffffc0000060b0fc netbsd:sys_setsockopt+0x7c
> [ 24837.766041] fp ffffc0016794de20 syscall() at ffffc000000b30fc netbsd:syscall+0x19c
>
> That's:
>
> int
> tcp_ctloutput(int op, struct socket *so, struct sockopt *sopt)
> {
> ...
>         s = splsoftnet();
>         inp = sotoinpcb(so);
> ...
>         }
>         tp = intotcpcb(inp);             <---------
>
>         switch (op) {
>

Thank you for the report.  I've fixed the panic too.

  ozaki-r

References:
- 9.99.104: panic in tcp_shutdown_wrapper
  - From: Thomas Klausner
- Re: 9.99.104: panic in tcp_shutdown_wrapper
  - From: Thomas Klausner
- Re: 9.99.104: panic in tcp_shutdown_wrapper
  - From: Ryota Ozaki
- Re: 9.99.104: panic in tcp_shutdown_wrapper
  - From: Michael van Elst

Prev by Date: Re: 9.99.104: panic in tcp_shutdown_wrapper
Next by Date: Re: Automated report: NetBSD-current/i386 build failure
Previous by Thread: Re: 9.99.104: panic in tcp_shutdown_wrapper
Next by Thread: ECONNREFUSED no longer works
Indexes:

Home | Main Index | Thread Index | Old Index