From owner-freebsd-bugs Thu Jun 17 1:30: 7 1999 Delivered-To: freebsd-bugs@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by hub.freebsd.org (Postfix) with ESMTP id 5242814CE1 for ; Thu, 17 Jun 1999 01:30:01 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.9.3/8.9.2) id BAA34636; Thu, 17 Jun 1999 01:30:01 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: by hub.freebsd.org (Postfix, from userid 32767) id 923DF14BD8; Thu, 17 Jun 1999 01:27:28 -0700 (PDT) Message-Id: <19990617082728.923DF14BD8@hub.freebsd.org> Date: Thu, 17 Jun 1999 01:27:28 -0700 (PDT) From: nasten@everyware.se To: freebsd-gnats-submit@freebsd.org X-Send-Pr-Version: www-1.0 Subject: misc/12256: Opening a socket when all interfaces are down forces a kernel panic Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >Number: 12256 >Category: misc >Synopsis: Opening a socket when all interfaces are down forces a kernel panic >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Thu Jun 17 01:30:00 PDT 1999 >Closed-Date: >Last-Modified: >Originator: Hans Nasten >Release: 3.2-RELEASE >Organization: Everyware Mikrodata AB >Environment: FreeBSD Urkburk.Everyware.SE 3.2-RELEASE FreeBSD 3.2-RELEASE #0: Mon Jun 14 12:44:40 GMT 1999 root@Urkburk.Everyware.SE:/usr/src/sys/compile/merkurius i386 >Description: When all available interfaces are removed ( using ifconfig down and ifconfig delete ) a connection attempt forces a kernel panic. Backtrace from a kernel dump: ----------------------------- GNU gdb 4.18 Copyright 1998 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "i386-unknown-freebsd"... IdlePTD 2605056 initial pcb at 21d49c panicstr: page fault panic messages: --- Fatal trap 12: page fault while in kernel mode fault virtual address = 0xc fault code = supervisor read, page not present instruction pointer = 0x8:0xc0182fd0 stack pointer = 0x10:0xc7215ecc frame pointer = 0x10:0xc7215ed8 code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, def32 1, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 81 (newaliases) interrupt mask = trap number = 12 panic: page fault syncing disks... done dumping to dev 20001, offset 275232 dump 127 126 125 124 123 122 121 120 119 118 117 116 115 114 113 112 111 110 10\ 9 108 107 106 105 104 103 102 101 100 99 98 97 96 95 94 93 92 91 90 89 88 87 86\ 85 84 83 82 81 80 79 78 77 76 75 74 73 72 71 70 69 68 67 66 65 64 63 62 61 60 \ 59 58 57 56 55 54 53 52 51 50 49 48 47 46 45 44 43 42 41 40 39 38 37 36 35 34 3\ 3 32 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 \ 5 4 3 2 1 --- #0 boot (howto=256) at ../../kern/kern_shutdown.c:285 285 ../../kern/kern_shutdown.c: No such file or directory. (kgdb) bt #0 boot (howto=256) at ../../kern/kern_shutdown.c:285 #1 0xc0146048 in at_shutdown ( function=0xc02021d3 <__set_sysinit_set_sym_memdev_sys_init+1115>, arg=0xc7201780, queue=-954184256) at ../../kern/kern_shutdown.c:446 #2 0xc01d6159 in trap_fatal (frame=0xc7215e90, eva=12) at ../../i386/i386/trap.c:942 #3 0xc01d5e37 in trap_pfault (frame=0xc7215e90, usermode=0, eva=12) at ../../i386/i386/trap.c:835 #4 0xc01d5aae in trap (frame={tf_es = -954138608, tf_ds = -1071775728, tf_edi = -1059496576, tf_esi = -1059496576, tf_ebp = -954114344, tf_isp = -954114376, tf_ebx = -956215456, tf_edx = -954114212, tf_ecx = 0, tf_eax = 0, tf_trapno = 12, tf_err = 0, tf_eip = -1072156720, tf_cs = 8, tf_eflags = 66118, tf_esp = -956215456, tf_ss = -1059496576}) at ../../i386/i386/trap.c:437 #5 0xc0182fd0 in in_pcbladdr (inp=0xc7014f60, nam=0xc0d95d80, plocal_sin=0xc7215ef4) at ../../netinet/in_pcb.c:344 #6 0xc0183131 in in_pcbconnect (inp=0xc7014f60, nam=0xc0d95d80, p=0xc7201780) at ../../netinet/in_pcb.c:445 #7 0xc018cfaf in udp_connect (so=0xc6f72a00, nam=0xc0d95d80, p=0xc7201780) at ../../netinet/udp_usrreq.c:649 #8 0xc015b01e in soconnect (so=0xc6f72a00, nam=0xc0d95d80, p=0xc7201780) at ../../kern/uipc_socket.c:319 #9 0xc015d9d8 in connect (p=0xc7201780, uap=0xc7215f94) at ../../kern/uipc_syscalls.c:343 #10 0xc01d633b in syscall (frame={tf_es = 39, tf_ds = 39, tf_edi = 1, tf_esi = -1077951060, tf_ebp = -1077953304, tf_isp = -954114076, tf_ebx = 32, tf_edx = -1077953268, tf_ecx = 0, tf_eax = 98, tf_trapno = 12, tf_err = 2, tf_eip = 134775668, tf_cs = 31, tf_eflags = 582, tf_esp = -1077953944, tf_ss = 39}) at ../../i386/i386/trap.c:1100 #11 0xc01ca25c in Xint0x80_syscall () #12 0x8093907 in ?? () #13 0x8093d29 in ?? () #14 0x8093ac2 in ?? () #15 0x808dc75 in ?? () #16 0x808cb3d in ?? () #17 0x808cae3 in ?? () #18 0x804c315 in ?? () #19 0x804e4d4 in ?? () #20 0x805b00f in ?? () #21 0x80480e9 in ?? () (kgdb) >How-To-Repeat: Perform the following : shutdown now ifconfig ifc down ifconfig ifc delete .. .. Repeat for all interfaces. ( including lo0 and unused interfaces ) xntpdc -p Or any other action to open a udp socket. Watch the pretty panic message. >Fix: Adding this code in sys/netinet/in_pcb.c so that in_pcbladdr returns a error code when no interfaces are found seems to be a usable bandaid. *************** *** 340,345 **** --- 340,348 ---- else if (sin->sin_addr.s_addr == (u_long)INADDR_BROADCAST && (in_ifaddrhead.tqh_first->ia_ifp->if_flags & IFF_BROADCAST)) sin->sin_addr = satosin(&in_ifaddrhead.tqh_first->ia_broadaddr)->sin_addr; + } + else { + return (ENETDOWN); } if (inp->inp_laddr.s_addr == INADDR_ANY) { register struct route *ro; >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message