Bug 30704

Summary: 4.4R and I4B: loaded NETGRAPH and ifconfig iprX down -> page fault!
Product: Base System Reporter: Boris Staeblow <balu>
Component: kernAssignee: freebsd-bugs (Nobody) <bugs>
Status: Closed FIXED    
Severity: Affects Only Me    
Priority: Normal    
Version: 4.4-RELEASE   
Hardware: Any   
OS: Any   

Description Boris Staeblow 2001-09-21 10:37:53 UTC 
>Number:         30704
>Category:       kern
>Synopsis:       4.4R and I4B: loaded NETGRAPH and ifconfig iprX down -> page fault!
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Sep 21 02:40:00 PDT 2001
>Closed-Date:
>Last-Modified:
>Originator:     Boris Staeblow
>Release:        4.4-RELEASE
>Organization:
private
>Environment:
FreeBSD 4.4-RELEASE

>Description:
If NETGRAPH is loaded and you 'ifconfig iprX down' an interface
the system will crash always with:


Fatal Trap 12: page fault while in kernel mode
fault virtual address   = 0x31727079
fault code              = supervisor read, page not present
instruction pointer     = 0x8:0xc017323d
stack pointer           = 0x10:0xd1a58df4
frame pointer           = 0x10:0xd1a58e00
code segment            = base rx0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, def32 1, gran 1
precessor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 32457 (ifconfig)
interrupt mask          = net tty
trap number             = 12
panic: page fault

syncing disks...
done

This is reproduceable. The crash will not occur when netgraph is not
loaded / defined in kernel (but I need it for pppoed!).

The system will crash too when the iprX-connection establishes
(to old an current I4B-Versions and Suse-Linux).

The system will always crash if you enter "ifconfig iprX ether x:x:x:x:x:x..."
(it doesn't matter if netgraph is loaded or not in this case).

These bugs where reproduced on a totally different 4.4R machine.
These bugs didn't occur on 4.3R _or_ with the previous i4b-Release in -STABLE.

>How-To-Repeat:
- Install 4.4-Release
- configure i4b
- configure a ipr device in i4b
- load netgraph (netgraph, netgraph-socket, netgraph-ether, netgraph-pppoe)
- ifconfig iprX down to reproduce the crash
- ifconfig iprX ether 1:2:3:4:5:6 to reproduce the crash
>Fix:
workaround: disable or unload netgraph

>Release-Note:
>Audit-Trail:
>Unformatted:

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Comment 1 Boris Staeblow 2001-09-21 10:40:00 UTC 
If NETGRAPH is loaded and you 'ifconfig iprX down' an interface
the system will crash always with:


Fatal Trap 12: page fault while in kernel mode
fault virtual address   = 0x31727079
fault code              = supervisor read, page not present
instruction pointer     = 0x8:0xc017323d
stack pointer           = 0x10:0xd1a58df4
frame pointer           = 0x10:0xd1a58e00
code segment            = base rx0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, def32 1, gran 1
precessor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 32457 (ifconfig)
interrupt mask          = net tty
trap number             = 12
panic: page fault

syncing disks...
done

This is reproduceable. The crash will not occur when netgraph is not
loaded / defined in kernel (but I need it for pppoed!).

The system will crash too when the iprX-connection establishes
(to old an current I4B-Versions and Suse-Linux).

The system will always crash if you enter "ifconfig iprX ether x:x:x:x:x:x..."
(it doesn't matter if netgraph is loaded or not in this case).

These bugs where reproduced on a totally different 4.4R machine.
These bugs didn't occur on 4.3R _or_ with the previous i4b-Release in -STABLE.

Fix: 

workaround: disable or unload netgraph
How-To-Repeat: - Install 4.4-Release
- configure i4b
- configure a ipr device in i4b
- load netgraph (netgraph, netgraph-socket, netgraph-ether, netgraph-pppoe)
- ifconfig iprX down to reproduce the crash
- ifconfig iprX ether 1:2:3:4:5:6 to reproduce the crash
Comment 2 hm freebsd_committer freebsd_triage 2001-10-27 16:49:20 UTC 
State Changed
From-To: open->closed

For reasons unknown to me, ether_attach instead of if_attach was called in  
the attach routine for the ipr driver causing several strange effects. This 
is corrected now for both -stable and -current.