From owner-freebsd-security  Mon Sep 18 13: 9:44 2000
Delivered-To: freebsd-security@freebsd.org
Received: from kronus.com.br (dial-bhn-C8C0B48F.bhz.zaz.com.br [200.192.180.143])
	by hub.freebsd.org (Postfix) with SMTP id 45E8037B423
	for <security@FreeBSD.ORG>; Mon, 18 Sep 2000 13:09:37 -0700 (PDT)
Received: (qmail 296 invoked by uid 1000); 18 Sep 2000 20:12:14 -0000
Date: Mon, 18 Sep 2000 17:12:14 -0300
From: Fred Souza <cseg@kronus.com.br>
To: Bosko Milekic <bmilekic@dsuper.net>
Cc: security@FreeBSD.ORG
Subject: Re: Panic when receiving packets with invalid versions
Message-ID: <20000918171214.A269@torment.secfreak.com>
References: <20000918115643.A470@torment.secfreak.com> <Pine.BSF.4.21.0009181259210.18305-100000@jehovah.technokratis.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: Your message of "Mon, Sep 18 2000 13:05:25 -0400"
	     <Pine.BSF.4.21.0009181259210.18305-100000@jehovah.technokratis.com>
X-Note: \x70\x73\x79\x63\x68
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

> 	Can you please send a complete traceback, as well as other (more
>   useful) debugging information? -- See the Handbook for more information.
>  	Looks like a NULL pointer dereference.

  Hi.  Thank you for the time, in advance.  I've read the Handbook as you
  told me to, followed its steps (I ended up having to rebuild the kernel)
  and generated the dump files, but I don't have enough knowledge to do
  much from it.

  I just did exactly how it looked like in the Handbook, and it's almost the
  same I posted before.  Anyways, here goes what I got from it.

  -----
torment:ttyp1:/usr/src/sys/compile/TORMENT# gdb -k kernel.debug /var/crash/vmcore.0 
GNU gdb 4.18
Copyright 1998 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-unknown-freebsd"...
IdlePTD 3293184
initial pcb at 2aa060
panicstr: page fault
panic messages:
---
Fatal trap 12: page fault while in kernel mode
fault virtual address	= 0x0
fault code		= supervisor read, page not present
instruction pointer	= 0x8:0xc0190b43
stack pointer	        = 0x10:0xc644dcc0
frame pointer	        = 0x10:0xc644dcec
code segment		= base 0x0, limit 0xfffff, type 0x1b
			= DPL 0, pres 1, def32 1, gran 1
processor eflags	= interrupt enabled, resume, IOPL = 0
current process		= 246 (isic)
interrupt mask		= 
trap number		= 12
panic: page fault

syncing disks... 27 27 13 2 
done
Uptime: 2m39s

dumping to dev #ad/0x40001, offset 139264
dump ata0: resetting devices .. done
60 59 58 57 56 55 54 53 52 51 50 49 48 47 46 45 44 43 42 41 40 39 38 37 36 35 34 33 32 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 
---
#0  0xc0133214 in boot ()
(kgdb) where
#0  0xc0133214 in boot ()
#1  0xc0133598 in poweroff_wait ()
#2  0xc0236e0d in trap_fatal ()
#3  0xc0236ae5 in trap_pfault ()
#4  0xc023669f in trap ()
#5  0xc0190b43 in ip_natout ()
#6  0xc018e012 in fr_check ()
#7  0xc0183fd4 in ip_output ()
#8  0xc018590b in rip_output ()
#9  0xc0185d4f in rip_send ()
#10 0xc014f44b in sosend ()
#11 0xc0152a19 in sendit ()
#12 0xc0152b0d in sendto ()
#13 0xc02370b9 in syscall2 ()
#14 0xc02294b5 in Xint0x80_syscall ()
#15 0x8049235 in ?? ()
#16 0x8048ad1 in ?? ()
(kgdb) up 10
#10 0xc014f44b in sosend ()
(kgdb) up
#11 0xc0152a19 in sendit ()
(kgdb) up
#12 0xc0152b0d in sendto ()
(kgdb) up
#13 0xc02370b9 in syscall2 ()
(kgdb) up
#14 0xc02294b5 in Xint0x80_syscall ()
(kgdb) up
#15 0x8049235 in ?? ()
(kgdb) up
#16 0x8048ad1 in ?? ()
(kgdb) up
Initial frame selected; you cannot go up.
(kgdb) list
1	/*-
2	 * Copyright (c) 2000 FreeBSD Inc.
3	 * All rights reserved.
4	 *
5	 * Redistribution and use in source and binary forms, with or without
6	 * modification, are permitted provided that the following conditions
7	 * are met:
8	 * 1. Redistributions of source code must retain the above copyright
9	 *    notice, this list of conditions and the following disclaimer.
10	 * 2. Redistributions in binary form must reproduce the above copyright
(kgdb) quit
torment:ttyp1:/usr/src/sys/compile/TORMENT# exit
exit
  -----

  Is it helpful by any chances?  If anybody knows what I should be looking for
  exactly, please tell me and I'll look for it.


Peace,
.cseg

-- 
"What upsets me is not that you lied to me,
but that from now on I can no longer believe you."
                -- Nietzsche


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message