On Sun, Oct 30, 2022 at 5:12 PM J. Hannken-Illjes <[email protected]> wrote: > > > On 30. Oct 2022, at 06:52, Michael van Elst <[email protected]> wrote: > > > > [email protected] (Ryota Ozaki) writes: > > > >> I've committed a possible fix. Could you try it? > > > >> Thanks, > >> ozaki-r > > > > > > I just got a NULL pointer dereference in tcp_ctloutput where > > the previous check for inp == NULL is also missing. > > > > [ 24837.756043] fp ffffc0016794db70 tcp_ctloutput() at ffffc000002ec4b4 > > netbsd:tcp_ctloutput+0x94 > > [ 24837.756043] fp ffffc0016794dcc0 tcp_ctloutput_wrapper() at > > ffffc000002d2680 netbsd:tcp_ctloutput_wrapper+-0x31150 > > [ 24837.756043] fp ffffc0016794dcf0 sosetopt() at ffffc00000603cbc > > netbsd:sosetopt+0x78 > > [ 24837.756043] fp ffffc0016794ddb0 sys_setsockopt() at ffffc0000060b0fc > > netbsd:sys_setsockopt+0x7c > > [ 24837.766041] fp ffffc0016794de20 syscall() at ffffc000000b30fc > > netbsd:syscall+0x19c > > > > That's: > > > > int > > tcp_ctloutput(int op, struct socket *so, struct sockopt *sopt) > > { > > ... > > s = splsoftnet(); > > inp = sotoinpcb(so); > > ... > > } > > tp = intotcpcb(inp); <--------- > > > > switch (op) { > > ... and Syzcaller (https://syzkaller.appspot.com/netbsd) has a > bunch of new tcp related crashes starting ~2 days before ...
It seems that all of the failures stem from the missing NULL checks. So they should be fixed now. ozaki-r
