[Bug 211031] [panic] in ng_uncallout when argument is NULL
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Tue Jul 12 10:31:09 UTC 2016
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=211031
Bug ID: 211031
Summary: [panic] in ng_uncallout when argument is NULL
Product: Base System
Version: 11.0-BETA1
Hardware: Any
OS: Any
Status: New
Severity: Affects Only Me
Priority: ---
Component: kern
Assignee: freebsd-bugs at FreeBSD.org
Reporter: mizhka at gmail.com
Created attachment 172406
--> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=172406&action=edit
panic backtrace
Hi,
I faced panic error with 11-ALPHA6 and 12-CURRENT when I unplug ethernet cable
with active PPTP VPN connection.
uname -a:
FreeBSD gidrarium 12.0-CURRENT FreeBSD 12.0-CURRENT #1: Sat Jul 9 17:28:38 MSK
2016
jenkins at gidrarium:/builds/FreeBSD-src-head/obj/builds/FreeBSD-src-head/sys/GENERIC
amd64
Test case:
- use wired ethernet connection
- establish PPTP connection using mpd5
- unplug ethernet cable (=> panic)
db> bt
Tracing pid 902 tid 100675 td 0xfffff800169a1000
ng_uncallout() at ng_uncallout+0x3d/frame 0xfffffe04530b3580
ng_pptpgre_disconnect() at ng_pptpgre_disconnect+0xbb/frame 0xfffff*
ng_destroy_hook() at ng_destroy_hook+0xlfe/frame 8xfffffe84538b35d8
ng_ranode() at ng_ranode+0x75/frame 0xfffffe04538b3618
ng_apply_item() at ng_apply_itea+0x4ca/frame 0xfffffeB4538b36a8
ng_snd_item() at ng_snd_itea+0x3a9/frame 0xfffffeB4538b36e0
ngc_send() at ngc_send+0x21b/frame 0xfffffe04530b3790
sosend_generic() at sosend_generic+0x436/frame 0xfffffe04538b3850
kern_sendit() at kern_sendit+0x21b/frame Bxfffffe04538b390B
sendit() at sendit+0x19f/frame 0xfffffeB4530b3950
sys_sendto() at sys_sendto+0x4d/frame 0xfffffe04530b39a0
amd64_syscall() at amd64_syscall+0x2db/frame 0xfffffe04530b3ab0
Xfast_syscall() at Xfast_syscall+0xfb/frame 0xfffffeB4530b3abB
--- syscall (133, FreeBSD ELF64, sys_sendto), rip = 0x80253906a, rsp -
0x7fffdfffd72B, rbp - 0x7fffdfffd770
Panic happens due to missing check if item (c->c_arg) is NULL in ng_uncallout:
item = c->c_arg;
/* Do an extra check */
if ((rval > 0) && (c->c_func == &ng_callout_trampoline) &&
(NGI_NODE(item) == node)) {
I suppose that actual root cause may be in upper stack.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-bugs
mailing list