From nobody@FreeBSD.org  Mon Feb  4 20:01:19 2008
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 1D91616A41A
	for <freebsd-gnats-submit@FreeBSD.org>; Mon,  4 Feb 2008 20:01:19 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21])
	by mx1.freebsd.org (Postfix) with ESMTP id 0DD2413C46A
	for <freebsd-gnats-submit@FreeBSD.org>; Mon,  4 Feb 2008 20:01:19 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.14.2/8.14.2) with ESMTP id m14JxJNP026402
	for <freebsd-gnats-submit@FreeBSD.org>; Mon, 4 Feb 2008 19:59:19 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.14.2/8.14.1/Submit) id m14JxJkA026390;
	Mon, 4 Feb 2008 19:59:19 GMT
	(envelope-from nobody)
Message-Id: <200802041959.m14JxJkA026390@www.freebsd.org>
Date: Mon, 4 Feb 2008 19:59:19 GMT
From: "Matthew X. Economou" <xenophon+freebsdpr@irtnog.org>
To: freebsd-gnats-submit@FreeBSD.org
Subject: gnugk causes kernel panic when closing UDP sockets
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         120266
>Category:       kern
>Synopsis:       [udp] [panic] gnugk causes kernel panic when closing UDP sockets
>Confidential:   no
>Severity:       serious
>Priority:       low
>Responsible:    freebsd-net
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Feb 04 20:10:01 UTC 2008
>Closed-Date:    
>Last-Modified:  Thu Mar 19 04:21:15 UTC 2009
>Originator:     Matthew X. Economou
>Release:        6.3-RELEASE
>Organization:
IRTNOG
>Environment:
FreeBSD cinep001bsdgw.irtnog.org 6.3-RELEASE FreeBSD 6.3-RELEASE #1: Wed Jan 30 09:55:25 EST 2008     root@cinep001bsdgw.irtnog.org:/usr/obj/usr/src/sys/NOKIA-IP330-IRTNOG  i386

>Description:
When I stop the GNU Gatekeeper service on my FreeBSD firewall, the
firewall crashes with the following panic (dumps available upon request):

Fatal trap 12: page fault while in kernel mode
fault virtual address   = 0xdeadc138
fault code              = supervisor read, page not present
instruction pointer     = 0x20:0xc057f5c7
stack pointer           = 0x28:0xcaea4b74
frame pointer           = 0x28:0xcaea4b7c
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, def32 1, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 84343 (gnugk)
trap number             = 12
panic: page fault
KDB: stack backtrace:
kdb_backtrace(256,3270520192,40,3404352308,12,...) at 3226513105 = kdb_backtrace+41
panic(3228097368,3228290710,0,1048575,49307,...) at 3226413564 = panic+168
trap_fatal(3404352308,3735929144,3270520192,3234115584,3735928832,...) at 3227979878 = trap_fatal+678
trap_pfault(3404352308,0,3735929144) at 3227979159 = trap_pfault+391
trap(8,40,40,3264368996,3268076480,...) at 3227978209 = trap+833
calltrap() at 3227903706 = calltrap+5
--- trap 12, eip = 3226990023, esp = 3404352372, ebp = 3404352380 ---
in_delmulti(3268076480) at 3226990023 = in_delmulti+11
ip_freemoptions(3257033344,3228576832,3249980832,3264368996,0,...) at 3227027809 = ip_freemoptions+33
in_pcbdetach(3249980832,3249980976,0,3228205406,1070,...) at 3226997424 = in_pcbdetach+424
udp_detach(3264368996) at 3227095242 = udp_detach+98
soclose(3264368996) at 3226642828 = soclose+176
soo_close(3253992400,3270520192) at 3226579419 = soo_close+75
fdrop_locked(3253992400,3270520192,3247616384,0,3228135802,...) at 3226294156 = fdrop_locked+176
fdrop(3253992400,3270520192,33735840,3228385344,3404352632,...) at 3226293972 = fdrop+36
closef(3253992400,3270520192,0,3270520192,0,...) at 3226288579 = closef+871
kern_close(3270520192,26,3404352816,3227980555,3270520192,...) at 3226279062 = kern_close+450
close(3270520192,3404352772) at 3226278608 = close+16
syscall(59,59,59,136646656,136863232,...) at 3227980555 = syscall+583
Xint0x80_syscall() at 3227903791 = Xint0x80_syscall+31
--- syscall (6, FreeBSD ELF32, close), eip = 693041699, esp = 3217025020, ebp = 3217025064 ---
>How-To-Repeat:
Install GNU Gatekeeper from ports (net/gatekeeper).

env gnugk_enable=YES /usr/local/etc/rc.d/gnugk start
env gnugk_enable=YES /usr/local/etc/rc.d/gnugk stop

This causes panics on the SMP and GENERIC kernels included in the
FreeBSD 6.3-RELEASE distribution (my custom kernel only disables several
unused drivers and adds debugging options like DDB and INVARIANTS).
>Fix:


>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->freebsd-net 
Responsible-Changed-By: linimon 
Responsible-Changed-When: Tue Feb 5 02:09:50 UTC 2008 
Responsible-Changed-Why:  
Over to maintainer(s). 

http://www.freebsd.org/cgi/query-pr.cgi?pr=120266 

From: John Baldwin <jhb@FreeBSD.org>
To: bug-followup@FreeBSD.org, xenophon+freebsdpr@irtnog.org
Cc: ups@FreeBSD.org
Subject: Re: kern/120266: [panic] gnugk causes kernel panic when closing UDP sockets
Date: Mon, 25 Feb 2008 14:14:00 -0500

 Try this fix:
 
 ups         2008-02-22 19:13:57 UTC
 
   FreeBSD src repository
 
   Modified files:        (Branch: RELENG_6)
     sys/netinet          in.c 
   Log:
   Fix reference counting for already existing addresses in in_addmulti()
   
   Reviewed by:    gnn@
   
   Revision   Changes    Path
   1.85.2.10  +0 -1      src/sys/netinet/in.c
 
 -- 
 John Baldwin
>Unformatted:
