Date: Sat, 10 Aug 1996 11:51:32 +0200 (MET DST) From: J Wunsch <j@uriah.heep.sax.de> To: freebsd-current@FreeBSD.org (FreeBSD-current users), wollman@FreeBSD.org Subject: Crash in rtrequest() Message-ID: <199608100951.LAA00327@uriah.heep.sax.de>
next in thread | raw e-mail | index | archive | help
-current kernel as of about 2 weeks old, dialup PPP session active
over tun0, the system crashed at the first use of the line (the panic
message noted named_xfer to be the current process).
Here's the debugger analysis:
uriah # gdb -k kernel /tmp/crash/vmcore.1
IdlePTD 240000
current pcb at 1feb60
panic: from debugger
#0 boot (howto=256) at ../../i386/i386/machdep.c:750
750 dumppcb.pcb_cr3 = rcr3();
(kgdb) backtrace
[...]
#10 0xf01bab61 in calltrap ()
#11 0xf0143967 in rt_setgate (rt0=0xf0f39800, dst=0xf0f3a730, gate=0xf0e17450)
at ../../net/route.c:682
#12 0xf01435be in rtrequest (req=11, dst=0xf0f3a730, gateway=0x0, netmask=0x0,
flags=0, ret_nrt=0xefbffe68) at ../../net/route.c:468
#13 0xf0142f21 in rtalloc1 (dst=0xf0f3a730, report=1, ignflags=0)
at ../../net/route.c:130
#14 0xf0142e6b in rtalloc (ro=0xf0f3a72c) at ../../net/route.c:98
#15 0xf01490fd in in_pcbladdr ()
#16 0xf015197e in tcp_connect ()
#17 0xf0151363 in tcp_usr_connect ()
#18 0xf012458f in soconnect ()
#19 0xf01270ef in connect ()
[...]
(kgdb) up 9
#9 0xf01c5853 in trap (frame={tf_es = 16, tf_ds = 16, tf_edi = 0, tf_esi = 0,
tf_ebp = -272630356, tf_isp = -272630420, tf_ebx = 131079, tf_edx = 16,
tf_ecx = 0, tf_eax = -1073610752, tf_trapno = 12, tf_err = 0,
tf_eip = -267111553, tf_cs = 8, tf_eflags = 66182, tf_esp = -252471296,
tf_ss = -252471296}) at ../../i386/i386/trap.c:310
310 (void) trap_pfault(&frame, FALSE);
(kgdb) frame frame->tf_ebp frame->tf_eip
#0 0xf014337f in rtrequest (req=2, dst=0x0, gateway=0x0, netmask=0x0,
flags=131079, ret_nrt=0x0) at ../../net/route.c:388
388 if ((rnh = rt_tables[dst->sa_family]) == 0)
^^^ dst is 0
(kgdb) l
383 register struct radix_node_head *rnh;
384 struct ifaddr *ifa;
385 struct sockaddr *ndst;
386 #define senderr(x) { error = x ; goto bad; }
387
388 if ((rnh = rt_tables[dst->sa_family]) == 0)
389 senderr(ESRCH);
390 if (flags & RTF_HOST)
391 netmask = 0;
392 switch (req) {
(kgdb) up
#1 0xf0143967 in rt_setgate (rt0=0xf0f39800, dst=0xf0f3a730, gate=0xf0e17450)
at ../../net/route.c:682
682 rtrequest(RTM_DELETE, (struct sockaddr *)rt_key(rt0),
(kgdb) l
677 (bcmp(dst, gate, dst->sa_len) == 0)) {
678 /*
679 * The route might already exist if this is an RTM_CHANGE
680 * or a routing redirect, so try to delete it.
681 */
682 rtrequest(RTM_DELETE, (struct sockaddr *)rt_key(rt0),
683 rt0->rt_gateway, rt_mask(rt0), rt0->rt_flags, 0);
684 return EADDRNOTAVAIL;
685 }
686
(kgdb) quit
uriah # exit
exit
Here's my suggested fix (workaround?), if nobody objects, i'm going to
commit this within some days:
Index: net/route.c
===================================================================
RCS file: /usr/home/cvs/src/sys/net/route.c,v
retrieving revision 1.34
diff -u -u -r1.34 route.c
--- route.c 1996/07/10 01:34:35 1.34
+++ route.c 1996/08/10 09:38:06
@@ -385,7 +385,7 @@
struct sockaddr *ndst;
#define senderr(x) { error = x ; goto bad; }
- if ((rnh = rt_tables[dst->sa_family]) == 0)
+ if (dst == 0 || (rnh = rt_tables[dst->sa_family]) == 0)
senderr(ESRCH);
if (flags & RTF_HOST)
netmask = 0;
--
cheers, J"org
joerg_wunsch@uriah.heep.sax.de -- http://www.sax.de/~joerg/ -- NIC: JW11-RIPE
Never trust an operating system you don't have sources for. ;-)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199608100951.LAA00327>