Date: Thu, 17 Jun 1999 01:27:28 -0700 (PDT) From: nasten@everyware.se To: freebsd-gnats-submit@freebsd.org Subject: misc/12256: Opening a socket when all interfaces are down forces a kernel panic Message-ID: <19990617082728.923DF14BD8@hub.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 12256
>Category: misc
>Synopsis: Opening a socket when all interfaces are down forces a kernel panic
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Thu Jun 17 01:30:00 PDT 1999
>Closed-Date:
>Last-Modified:
>Originator: Hans Nasten
>Release: 3.2-RELEASE
>Organization:
Everyware Mikrodata AB
>Environment:
FreeBSD Urkburk.Everyware.SE 3.2-RELEASE FreeBSD 3.2-RELEASE #0: Mon Jun 14 12:44:40 GMT 1999 root@Urkburk.Everyware.SE:/usr/src/sys/compile/merkurius i386
>Description:
When all available interfaces are removed ( using ifconfig down and
ifconfig delete ) a connection attempt forces a kernel panic.
Backtrace from a kernel dump:
-----------------------------
GNU gdb 4.18
Copyright 1998 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i386-unknown-freebsd"...
IdlePTD 2605056
initial pcb at 21d49c
panicstr: page fault
panic messages:
---
Fatal trap 12: page fault while in kernel mode
fault virtual address = 0xc
fault code = supervisor read, page not present
instruction pointer = 0x8:0xc0182fd0
stack pointer = 0x10:0xc7215ecc
frame pointer = 0x10:0xc7215ed8
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, def32 1, gran 1
processor eflags = interrupt enabled, resume, IOPL = 0
current process = 81 (newaliases)
interrupt mask =
trap number = 12
panic: page fault
syncing disks... done
dumping to dev 20001, offset 275232
dump 127 126 125 124 123 122 121 120 119 118 117 116 115 114 113 112 111 110 10\
9 108 107 106 105 104 103 102 101 100 99 98 97 96 95 94 93 92 91 90 89 88 87 86\
85 84 83 82 81 80 79 78 77 76 75 74 73 72 71 70 69 68 67 66 65 64 63 62 61 60 \
59 58 57 56 55 54 53 52 51 50 49 48 47 46 45 44 43 42 41 40 39 38 37 36 35 34 3\
3 32 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 \
5 4 3 2 1
---
#0 boot (howto=256) at ../../kern/kern_shutdown.c:285
285 ../../kern/kern_shutdown.c: No such file or directory.
(kgdb) bt
#0 boot (howto=256) at ../../kern/kern_shutdown.c:285
#1 0xc0146048 in at_shutdown (
function=0xc02021d3 <__set_sysinit_set_sym_memdev_sys_init+1115>,
arg=0xc7201780, queue=-954184256) at ../../kern/kern_shutdown.c:446
#2 0xc01d6159 in trap_fatal (frame=0xc7215e90, eva=12)
at ../../i386/i386/trap.c:942
#3 0xc01d5e37 in trap_pfault (frame=0xc7215e90, usermode=0, eva=12)
at ../../i386/i386/trap.c:835
#4 0xc01d5aae in trap (frame={tf_es = -954138608, tf_ds = -1071775728,
tf_edi = -1059496576, tf_esi = -1059496576, tf_ebp = -954114344,
tf_isp = -954114376, tf_ebx = -956215456, tf_edx = -954114212,
tf_ecx = 0, tf_eax = 0, tf_trapno = 12, tf_err = 0,
tf_eip = -1072156720, tf_cs = 8, tf_eflags = 66118, tf_esp = -956215456,
tf_ss = -1059496576}) at ../../i386/i386/trap.c:437
#5 0xc0182fd0 in in_pcbladdr (inp=0xc7014f60, nam=0xc0d95d80,
plocal_sin=0xc7215ef4) at ../../netinet/in_pcb.c:344
#6 0xc0183131 in in_pcbconnect (inp=0xc7014f60, nam=0xc0d95d80, p=0xc7201780)
at ../../netinet/in_pcb.c:445
#7 0xc018cfaf in udp_connect (so=0xc6f72a00, nam=0xc0d95d80, p=0xc7201780)
at ../../netinet/udp_usrreq.c:649
#8 0xc015b01e in soconnect (so=0xc6f72a00, nam=0xc0d95d80, p=0xc7201780)
at ../../kern/uipc_socket.c:319
#9 0xc015d9d8 in connect (p=0xc7201780, uap=0xc7215f94)
at ../../kern/uipc_syscalls.c:343
#10 0xc01d633b in syscall (frame={tf_es = 39, tf_ds = 39, tf_edi = 1,
tf_esi = -1077951060, tf_ebp = -1077953304, tf_isp = -954114076,
tf_ebx = 32, tf_edx = -1077953268, tf_ecx = 0, tf_eax = 98,
tf_trapno = 12, tf_err = 2, tf_eip = 134775668, tf_cs = 31,
tf_eflags = 582, tf_esp = -1077953944, tf_ss = 39})
at ../../i386/i386/trap.c:1100
#11 0xc01ca25c in Xint0x80_syscall ()
#12 0x8093907 in ?? ()
#13 0x8093d29 in ?? ()
#14 0x8093ac2 in ?? ()
#15 0x808dc75 in ?? ()
#16 0x808cb3d in ?? ()
#17 0x808cae3 in ?? ()
#18 0x804c315 in ?? ()
#19 0x804e4d4 in ?? ()
#20 0x805b00f in ?? ()
#21 0x80480e9 in ?? ()
(kgdb)
>How-To-Repeat:
Perform the following :
shutdown now
ifconfig ifc down
ifconfig ifc delete
..
.. Repeat for all interfaces. ( including lo0 and unused interfaces )
xntpdc -p Or any other action to open a udp socket.
Watch the pretty panic message.
>Fix:
Adding this code in sys/netinet/in_pcb.c so that in_pcbladdr returns
a error code when no interfaces are found seems to be a usable
bandaid.
***************
*** 340,345 ****
--- 340,348 ----
else if (sin->sin_addr.s_addr == (u_long)INADDR_BROADCAST &&
(in_ifaddrhead.tqh_first->ia_ifp->if_flags & IFF_BROADCAST))
sin->sin_addr = satosin(&in_ifaddrhead.tqh_first->ia_broadaddr)->sin_addr;
+ }
+ else {
+ return (ENETDOWN);
}
if (inp->inp_laddr.s_addr == INADDR_ANY) {
register struct route *ro;
>Release-Note:
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990617082728.923DF14BD8>