Date: Tue, 05 Sep 2000 14:42:10 +0900 From: Seigo Tanimura <tanimura@r.dl.itc.u-tokyo.ac.jp> To: current@freebsd.org, net@freebsd.org Cc: Seigo Tanimura <tanimura@r.dl.itc.u-tokyo.ac.jp> Subject: the ifp to a removed pcmcia ethernet card is left in struct ip_moptions and struct ifmultiaddr Message-ID: <14772.34738.630468.85559N@rina>
next in thread | raw e-mail | index | archive | help
I have been suffering from this problem for almost 2 months. When I
remove a pcmcia ethernet card from my laptop PC, routed(8) announces
updated routing information by multicast, leading to a kernel
panic. The stack trace looks like this:
IdlePTD 4136960
initial pcb at 352840
panicstr: page fault
panic messages:
---
Syntax error: Unterminated quoted string
---
#0 boot (howto=256) at ../../kern/kern_shutdown.c:310
310 dumppcb.pcb_cr3 = rcr3();
(kgdb) bt
#0 boot (howto=256) at ../../kern/kern_shutdown.c:310
#1 0xc018f3e1 in panic (fmt=0xc02faf4f "page fault") at ../../kern/kern_shutdown.c:560
#2 0xc02b5043 in trap_fatal (frame=0xcb9b0d7c, eva=213493) at ../../i386/i386/trap.c:951
#3 0xc02b4ce5 in trap_pfault (frame=0xcb9b0d7c, usermode=0, eva=213493) at ../../i386/i386/trap.c:844
#4 0xc02b4877 in trap (frame={tf_fs = 16, tf_es = -969998320, tf_ds = 16, tf_edi = -1058687232, tf_esi = -1058687744,
tf_ebp = -879030772, tf_isp = -879030872, tf_ebx = -1058661888, tf_edx = -1067786268, tf_ecx = 213485, tf_eax = -1058661888,
tf_trapno = 12, tf_err = 0, tf_eip = -1071746146, tf_cs = 8, tf_eflags = 66054, tf_esp = -1067786496, tf_ss = -879030720})
at ../../i386/i386/trap.c:443
#5 0xc01e739e in ip_output (m0=0xc05adf00, opt=0x0, ro=0xcb424dc8, flags=32, imo=0xc0e5b700) at ../../netinet/ip_output.c:326
#6 0xc01e8e26 in rip_output (m=0xc05adf00, so=0xcae549c0, dst=33554656) at ../../netinet/raw_ip.c:234
#7 0xc01e9627 in rip_send (so=0xcae549c0, flags=0, m=0xc05adf00, nam=0xc0da7950, control=0x0, p=0xc62f9f60) at ../../netinet/raw_ip.c:566
#8 0xc01b281f in sosend (so=0xcae549c0, addr=0xc0da7950, uio=0xcb9b0ed4, top=0xc05adf00, control=0x0, flags=0, p=0xc62f9f60)
at ../../kern/uipc_socket.c:614
#9 0xc01b63be in sendit (p=0xc62f9f60, s=5, mp=0xcb9b0f14, flags=0) at ../../kern/uipc_syscalls.c:519
#10 0xc01b7998 in sendto (p=0xc62f9f60, uap=0xcb9b0f80) at ../../kern/uipc_syscalls.c:571
#11 0xc02b51ba in syscall2 (frame={tf_fs = 47, tf_es = 47, tf_ds = 47, tf_edi = 0, tf_esi = 134727225, tf_ebp = -1077937408,
tf_isp = -879030316, tf_ebx = 134844928, tf_edx = 2, tf_ecx = -1, tf_eax = 133, tf_trapno = 7, tf_err = 2, tf_eip = 134573992,
tf_cs = 31, tf_eflags = 659, tf_esp = -1077937484, tf_ss = 47}) at ../../i386/i386/trap.c:1150
#12 0xc02a8875 in Xint0x80_syscall ()
#13 0x8051b10 in ?? ()
#14 0x8050ff4 in ?? ()
#15 0x804c212 in ?? ()
#16 0x804813f in ?? ()
In ip_output(), imo->imo_multicast_ifp points to the removed
interface, which is passed to IN_LOOKUP_MULTI() to cause a panic. This
problem also occurs when we attempt to delete a multicast address from
a removed interface. if_delmulti() derefers an ifp to the removed
interface, ending up with a panic. The problem does not occur for
unicast.
http://people.FreeBSD.org/~tanimura/patches/mcastif.diff.gz is a
workround patch. The idea is to track all of the active ifps, confirm
an ifp to be active prior to dereferencing it, and free orphaned
ifmultiaddrs attached to a removed ifp. It would be much more elegant
if we could clean up the multicast information related to a removed
interface, though.
--
Seigo Tanimura <tanimura@r.dl.itc.u-tokyo.ac.jp> <tanimura@FreeBSD.org>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?14772.34738.630468.85559N>