120266 – [udp] [panic] gnugk causes kernel panic when closing UDP sockets

Bug 120266 - [udp] [panic] gnugk causes kernel panic when closing UDP sockets

Summary: [udp] [panic] gnugk causes kernel panic when closing UDP sockets

Status:	Closed Overcome By Events

Alias:	None

Product:	Base System
Classification:	Unclassified
Component:	kern (show other bugs)
Version:	6.3-RELEASE
Hardware:	Any Any

Importance:	Normal Affects Only Me
Assignee:	freebsd-bugs (Nobody)

URL:
Keywords:

Depends on:
Blocks:

Reported:	2008-02-04 20:10 UTC by Matthew X. Economou
Modified:	2019-02-01 12:46 UTC (History)
CC List:	1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Matthew X. Economou 2008-02-04 20:10:01 UTC

When I stop the GNU Gatekeeper service on my FreeBSD firewall, the
firewall crashes with the following panic (dumps available upon request):

Fatal trap 12: page fault while in kernel mode
fault virtual address   = 0xdeadc138
fault code              = supervisor read, page not present
instruction pointer     = 0x20:0xc057f5c7
stack pointer           = 0x28:0xcaea4b74
frame pointer           = 0x28:0xcaea4b7c
code segment            = base rx0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, def32 1, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 84343 (gnugk)
trap number             = 12
panic: page fault
KDB: stack backtrace:
kdb_backtrace(256,3270520192,40,3404352308,12,...) at 3226513105 = kdb_backtrace+41
panic(3228097368,3228290710,0,1048575,49307,...) at 3226413564 = panic+168
trap_fatal(3404352308,3735929144,3270520192,3234115584,3735928832,...) at 3227979878 = trap_fatal+678
trap_pfault(3404352308,0,3735929144) at 3227979159 = trap_pfault+391
trap(8,40,40,3264368996,3268076480,...) at 3227978209 = trap+833
calltrap() at 3227903706 = calltrap+5
--- trap 12, eip = 3226990023, esp = 3404352372, ebp = 3404352380 ---
in_delmulti(3268076480) at 3226990023 = in_delmulti+11
ip_freemoptions(3257033344,3228576832,3249980832,3264368996,0,...) at 3227027809 = ip_freemoptions+33
in_pcbdetach(3249980832,3249980976,0,3228205406,1070,...) at 3226997424 = in_pcbdetach+424
udp_detach(3264368996) at 3227095242 = udp_detach+98
soclose(3264368996) at 3226642828 = soclose+176
soo_close(3253992400,3270520192) at 3226579419 = soo_close+75
fdrop_locked(3253992400,3270520192,3247616384,0,3228135802,...) at 3226294156 = fdrop_locked+176
fdrop(3253992400,3270520192,33735840,3228385344,3404352632,...) at 3226293972 = fdrop+36
closef(3253992400,3270520192,0,3270520192,0,...) at 3226288579 = closef+871
kern_close(3270520192,26,3404352816,3227980555,3270520192,...) at 3226279062 = kern_close+450
close(3270520192,3404352772) at 3226278608 = close+16
syscall(59,59,59,136646656,136863232,...) at 3227980555 = syscall+583
Xint0x80_syscall() at 3227903791 = Xint0x80_syscall+31
--- syscall (6, FreeBSD ELF32, close), eip = 693041699, esp = 3217025020, ebp = 3217025064 ---

How-To-Repeat: Install GNU Gatekeeper from ports (net/gatekeeper).

env gnugk_enable=YES /usr/local/etc/rc.d/gnugk start
env gnugk_enable=YES /usr/local/etc/rc.d/gnugk stop

This causes panics on the SMP and GENERIC kernels included in the
FreeBSD 6.3-RELEASE distribution (my custom kernel only disables several
unused drivers and adds debugging options like DDB and INVARIANTS).

Comment 1 Mark Linimon freebsd_committer

2008-02-05 02:09:50 UTC

Responsible Changed
From-To: freebsd-bugs->freebsd-net

Over to maintainer(s).

Comment 2 John Baldwin freebsd_committer

2008-02-25 19:14:00 UTC

Try this fix:

ups         2008-02-22 19:13:57 UTC

  FreeBSD src repository

  Modified files:        (Branch: RELENG_6)
    sys/netinet          in.c 
  Log:
  Fix reference counting for already existing addresses in in_addmulti()
  
  Reviewed by:    gnn@
  
  Revision   Changes    Path
  1.85.2.10  +0 -1      src/sys/netinet/in.c

-- 
John Baldwin

Comment 3 Eitan Adler freebsd_committer

2017-12-31 08:01:11 UTC

For bugs matching the following criteria:

Status: In Progress Changed: (is less than) 2014-06-01

Reset to default assignee and clear in-progress tags.

Mail being skipped

Comment 4 Tom Jones freebsd_committer

2019-02-01 12:46:58 UTC

This looks like it was fixed in 2008. If you can reproduce this on a recent FreeBSD version, please reopen this bug and add reproduction steps.