Uploaded image for project: 'Core ReactOS'
  1. Core ReactOS
  2. CORE-18982

Winsock BSOD 0x44 on connect if second application uses same listening port

    XMLWordPrintable

Details

    Description

      SYNOPSIS - two issues here, BSOD results from mishandling results of call to LWIP and assuming it always results in a pending connection. BSOD occurs because LWIP returns an uninitialized pcb for several early failures primarily no route and address in use. The second issue is that LWIP appears to mishandle the closesocket process partly as a result of not having SO_LINGER implemented. with SO_LINGER closing the client and server in rapid succession would allow both to disconnect in orderly fashion, without it a pcb is left hanging in TIME_WAIT state until it is swept up by the slow timer. so far as I can tell this version of LWIP has no functions that can be used to detect or handle this. I am working on a patch inside LWIP by adding a routine to scan pcb tables and call tcp_abandon where appropriate.

      If an application creates a TCP socket pair listening/connected on a fixed port, closes and call wsacleanup. Re-executing the same application generates an error (10068) and a BSOD for multiple IRP completions. I am trying to trace this down to its source, but it appears AFD retains callbacks for closed listening TCP sockets. I attached a simple test for this (tested with reactos-livecd-0.4.15-dev-6038-g634415c-x86-gcc-lin-dbg downloaded yesterday). The test application runs completely error free on first execution and netstat gives the impression everything is fine, but on second execution a BSOD occurs when connection is attempted.

      (added a call to shutdown(x, SD_BOTH) before the calls to closesocket to see if it affected the results, but it did not.)

      after more tracing it looks like the LWIP connection is never closed or deleted so LWIP returns the status that the address already existed (c000020a). it looks very much like the cleanup that is lacking is AFD cleaning up the TCPIP layers objects (which are global).

      Attachments

        1. BIND_TST.c
          4 kB
        2. Winsock reuse failure.png
          Winsock reuse failure.png
          564 kB
        3. Winsock reuse BSOD.png
          Winsock reuse BSOD.png
          692 kB
        4. BIND_TST.exe
          33 kB
        5. Winsock reuse BSOD-baseimg.png
          Winsock reuse BSOD-baseimg.png
          550 kB
        6. winsock-reuse-debug.log
          45 kB
        7. winsock reuse custom-tracing.log
          9.00 MB

        Activity

          People

            ThFabba ThFabba
            bugdude bugdude
            Votes:
            2 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: