From owner-freebsd-current@FreeBSD.ORG  Mon Nov 10 14:19:48 2003
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 634F016A4CE
	for <freebsd-current@freebsd.org>;
	Mon, 10 Nov 2003 14:19:48 -0800 (PST)
Received: from salmon.maths.tcd.ie (salmon.maths.tcd.ie [134.226.81.11])
	by mx1.FreeBSD.org (Postfix) with SMTP id 288C143FA3
	for <freebsd-current@freebsd.org>;
	Mon, 10 Nov 2003 14:19:47 -0800 (PST)
	(envelope-from iedowse@maths.tcd.ie)
Received: from walton.maths.tcd.ie by salmon.maths.tcd.ie with SMTP
          id <aa37575@salmon>; 10 Nov 2003 22:19:46 +0000 (GMT)
To: Sam Leffler <sam@errno.com>
In-Reply-To: Your message of "Mon, 10 Nov 2003 11:59:44 PST."
             <200311101159.44366.sam@errno.com> 
Date: Mon, 10 Nov 2003 22:19:44 +0000
From: Ian Dowse <iedowse@maths.tcd.ie>
Message-ID: <200311102219.aa37575@salmon.maths.tcd.ie>
cc: freebsd-current@freebsd.org
cc: Larry Rosenman <ler@lerctr.org>
Subject: Re: INPCB panic.... 
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Nov 2003 22:19:48 -0000

In message <200311101159.44366.sam@errno.com>, Sam Leffler writes:
>On Monday 10 November 2003 11:37 am, Larry Rosenman wrote:
>> I removed my wi0 card (with DHCLIENT running), and got the following panic
>> on a -CURRENT from yesterday:
>
>Thanks.  Working on it...

FYI, I've been using the following patch locally which seems to
trigger the printf sometimes when wi0 is ejected. Without the patch,
it used to dereference a stale struct ifnet and crash. I have an
approx 1 week old kernel, so this particular problem may have been
fixed already.

Ian

Index: in_pcb.c
===================================================================
RCS file: /dump/FreeBSD-CVS/src/sys/netinet/in_pcb.c,v
retrieving revision 1.125
diff -u -r1.125 in_pcb.c
--- in_pcb.c	1 Nov 2003 07:30:07 -0000	1.125
+++ in_pcb.c	3 Nov 2003 00:52:41 -0000
@@ -564,10 +564,12 @@
 		 * destination, in case of sharing the cache with IPv6.
 		 */
 		ro = &inp->inp_route;
-		if (ro->ro_rt &&
-		    (ro->ro_dst.sa_family != AF_INET ||
-		     satosin(&ro->ro_dst)->sin_addr.s_addr != faddr.s_addr ||
-		     inp->inp_socket->so_options & SO_DONTROUTE)) {
+		if (ro->ro_rt && ((ro->ro_rt->rt_flags & RTF_UP) == 0 ||
+		    ro->ro_dst.sa_family != AF_INET ||
+		    satosin(&ro->ro_dst)->sin_addr.s_addr != faddr.s_addr ||
+		    inp->inp_socket->so_options & SO_DONTROUTE)) {
+			if ((ro->ro_rt->rt_flags & RTF_UP) == 0)
+				printf("clearing non-RTF_UP route\n");
 			RTFREE(ro->ro_rt);
 			ro->ro_rt = (struct rtentry *)0;
 		}