Skip site navigation (1)Skip section navigation (2) 
Date:      27 Feb 2003 22:03:47 -0000
From:      Pawel Malachowski <pawmal@unia.3lo.lublin.pl>
To:        FreeBSD-gnats-submit@FreeBSD.org
Subject:   kern/48758: kldunload if_{nic} can cause kernel panic
Message-ID:  <20030227220347.56539.qmail@unia.3lo.lublin.pl>
next in thread | raw e-mail | index | archive | help 


>Number:         48758
>Category:       kern
>Synopsis:       kldunload if_{nic} can cause kernel panic
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Feb 27 14:10:12 PST 2003
>Closed-Date:
>Last-Modified:
>Originator:     Paweł Małachowski
>Release:        FreeBSD 4.7-STABLE i386
>Organization:
ASK ZiN
>Environment:
System: FreeBSD unia.3lo.lublin.pl 4.7-STABLE FreeBSD 4.7-STABLE #1: Wed Nov 27 22:08:42 CET 2002 root@unia.3lo.lublin.pl:/usr/src/sys/compile/UNIA i386


	
>Description:
If I unload if_xl.ko while arpwatch or trafshow is listening on, kernel
panic happens:

xl0: promiscuous mode disabled
xlphy0: detached
miibus1: detached
xl0: detached


Fatal trap 12: page fault while in kernel mode
fault virtual address   = 0xc6f602f0
fault code              = supervisor read, page not present
instruction pointer     = 0x8:0xc6f602f0
stack pointer           = 0x10:0xd3308f7c
frame pointer           = 0x10:0xd3308f9c
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, def32 1, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 161 (darkstat)
interrupt mask          =
trap number             = 12
panic: page fault

syncing disks... 3 1
done
Uptime: 24m43s


I've tried this on two different machines running 4.7-RELEASE and
4.8-PRELEASE, with if_fxp and if_xl. It *always* crashes here:
#6  0xc6f602f0 in ?? ()
#7  0xc02d4403 in doreti_swi ()

When I try this with tcpdump instead of arpwatch, it hangs
(only Caps/Num/Scroll Lock LED-s are working) without kernel panic.

	
>How-To-Repeat:
Let's say, we have 3Com 905B NIC and xl is not compiled in kernel but acts
as a module.

kldload if_xl
ifconfig xl0 inet add 192.168.0.1/24
 (now run trafshow, arpwatch or tcpdump with -i xl0)
kldunload if_xl

And system will crash.
	
>Fix:
Unknown.
	


>Release-Note:
>Audit-Trail:
>Unformatted:

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030227220347.56539.qmail>