From owner-freebsd-bugs  Sun Apr 21 15:10:04 1996
Return-Path: owner-bugs
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.3/8.7.3) id PAA10703
          for bugs-outgoing; Sun, 21 Apr 1996 15:10:04 -0700 (PDT)
Received: (from gnats@localhost)
          by freefall.freebsd.org (8.7.3/8.7.3) id PAA10696
          Sun, 21 Apr 1996 15:10:02 -0700 (PDT)
Resent-Date: Sun, 21 Apr 1996 15:10:02 -0700 (PDT)
Resent-Message-Id: <199604212210.PAA10696@freefall.freebsd.org>
Resent-From: gnats (GNATS Management)
Resent-To: freebsd-bugs
Resent-Reply-To: FreeBSD-gnats@freefall.FreeBSD.org,
        Received:"from solar.tlk.com (root@solar.tlk.com [194.97.84.34])
          by freefall.freebsd.org (8.7.3/8.7.3) with SMTP id PAA10350
          for" <FreeBSD-gnats-submit@freebsd.org>; Sun,
        21 Apr 1996 15:04:53.-0700 (PDT)
Received: from ramsey.UUCP by solar.tlk.com with UUCP
	id <m0uB6TR-00021lC@solar.tlk.com>; Sun, 21 Apr 96 23:15 MET DST
Received: by ramsey.tlk.com (/\oo/\ Smail3.1.29.1 #1)
	id <m0uB6Ra-0005FaC@ramsey.tlk.com>; Sun, 21 Apr 96 23:13 MET DST
Message-Id: <m0uB6Ra-0005FaC@ramsey.tlk.com>
Date: Sun, 21 Apr 96 23:13 MET DST
From: torstenb@ramsey.tlk.com
To: FreeBSD-gnats-submit@freebsd.org
X-Send-Pr-Version: 3.2
Subject: kern/1152: bpf buffer >16384 bytes cause kernel panic
Sender: owner-bugs@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk


>Number:         1152
>Category:       kern
>Synopsis:       bpf buffer >16384 cause kernel panic during close()
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    freebsd-bugs
>State:          open
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Apr 21 15:10:01 PDT 1996
>Last-Modified:
>Originator:     Torsten Blum
>Organization:
No Organization ;)
>Release:        FreeBSD 2.2-CURRENT i386
>Environment:

FreeBSD ramsey.tlk.com 2.2-CURRENT FreeBSD 2.2-CURRENT #23: Thu Apr 11 19:49:10 MET DST 1996     torstenb@ramsey.tlk.com:/usr/src/sys/compile/RAMSEY  i386

>Description:

The system panics after closing an bpf device:
panic: unwire: page not in pmap
syncing disk...
(and then it locks up)

This only happens
- if the bpf buffer is >16384 bytes
- an interface has been attached

>How-To-Repeat:

open an bpf device, set buffersize to 16385 bytes, attach an interface
(lo0 or ed0 for example) and close() the device.


#include <sys/types.h>
#include <sys/ioctl.h>
#include <sys/time.h>
#include <net/bpf.h>
#include <net/if.h>
#include <fcntl.h>
#include <unistd.h>
#include <stdio.h>
#include <string.h>

void main(void)
{
	struct	ifreq	iface;
	u_int	l=16385;
	int	fd;
	if ((fd = open("/dev/bpf0", O_RDONLY, 0)) < 0) {
		perror("open");
		exit(1);
	}
	if (ioctl(fd,BIOCSBLEN,&l) < 0) {
		perror("ioctl");
		exit(1);
	}

	bzero(&iface,sizeof(iface));
	strcpy(iface.ifr_name,"lo0");
	if (ioctl(fd,BIOCSETIF,&iface) < 0) {
		perror("ioctl");
		exit(1);
	}
	close(fd);
}

>Fix:
	
Unfortunately I don't have time to fix that bug ;(

>Audit-Trail:
>Unformatted: