[prev in list] [next in list] [prev in thread] [next in thread]
List: openbsd-bugs
Subject: kernel/5658: panic if route is deleted from previously unused routing table
From: leaman () bitbytes ! com
Date: 2007-11-25 22:44:10
Message-ID: 200711252244.lAPMi92h021484 () meredith ! bitbytes ! com
[Download RAW message or body]
> Number: 5658
> Category: kernel
> Synopsis: panic if route is deleted from previously unused routing table
> Confidential: yes
> Severity: non-critical
> Priority: low
> Responsible: bugs
> State: open
> Quarter:
> Keywords:
> Date-Required:
> Class: sw-bug
> Submitter-Id: net
> Arrival-Date: Mon Nov 26 00:00:01 GMT 2007
> Closed-Date:
> Last-Modified:
> Originator: Bryan S. Leaman
> Release: 4.2
> Organization:
net
> Environment:
System : OpenBSD 4.2
Details : OpenBSD 4.2 (GENERIC.RAID) #1: Sun Nov 18 13:57:16 EST 2007
leaman@meredith:/usr/src/sys/arch/sparc64/compile/GENERIC.RAID
Architecture: OpenBSD.sparc64
Machine : sparc64
> Description:
Kernel will panic if "route -T 1 delete default" is executed before any
routes are added to the same table. Discovered this while modifying
dhclient-script to use additional routing table for configuring default
gateway, since dhclient-script first tries to delete the default route
before adding a new one.
Using generic kernel with RAIDframe enabled.
> How-To-Repeat:
Boot system, then:
# route -T 1 show
route: route-sysctl-estimate: Invalid argument
#
# route -T 1 delete default
panic: kernel data fault: pc=11da34c addr=40003612000
kdb breakpoint at 13d27c0
Stopped at Debugger+0x4: nop
RUN AT LEAST 'trace' AND 'ps' AND INCLUDE OUTPUT WHEN REPORTING THIS PANIC!
DO NOT EVEN BOTHER REPORTING THIS WITHOUT INCLUDING THAT INFORMATION!
ddb> trace
data_access_fault(4000580f630, 30, 11da34c, 40003612000, 40003612001, 800809) a
t data_access_fault+0x31c
trapbase(0, 0, 0, 400003b2a90, 1, 145ded8) at trapbase+0x87ac
route_output(40003608300, 1, 0, 16, 400003b2a00, 0) at route_output+0x28c
raw_usrreq(2d, 9, 40003608300, 0, 0, 0) at raw_usrreq+0x114
route_usrreq(40003378c10, 9, 40003608300, 0, 0, 20a2) at route_usrreq+0x178
sosend(0, 0, 4000580fc00, 90, 0, 0) at sosend+0x37c
dofilewrite(16, 3, 400035c4a00, 7429d8, 90, 90) at dofilewrite+0x6c
sys_write(9, 4000580fdd0, 4000580fdc0, 0, 0, 18127e8) at sys_write+0x58
syscall(4000580fed0, 4, 108944, 108948, 0, 0) at syscall+0x2c4
softtrap(3, 7429d8, 90, 0, 0, 0) at softtrap+0x184
ddb> ps
PID PPID PGRP UID S FLAGS WAIT COMMAND
* 2620 3373 2620 0 7 0x4002 route
29252 9736 4315 0 3 0x80 netio tcpdump
9736 12976 4315 76 3 0x4180 bpf tcpdump
3373 1 3373 0 3 0x4082 pause ksh
16617 1 16617 0 3 0x40180 select sendmail
31845 1 31845 0 3 0x80 select cron
12976 1 4315 0 3 0x4082 pause sh
32616 1 32616 0 3 0x80 select sshd
9216 1 9216 0 3 0x180 select inetd
24156 1 24156 71 3 0x180 kqread ftp-proxy
6046 1628 1628 74 3 0x180 bpf pflogd
1628 1 1628 0 3 0x80 netio pflogd
20733 5377 5377 73 3 0x180 poll syslogd
5377 1 5377 0 3 0x88 netio syslogd
11 0 0 0 3 0x100200 crypto_wait crypto
9 0 0 0 3 0x100200 aiodoned aiodoned
8 0 0 0 3 0x100200 syncer update
7 0 0 0 3 0x100200 cleaner cleaner
6 0 0 0 3 0x100200 reaper reaper
5 0 0 0 3 0x100200 pgdaemon pagedaemon
10 0 0 0 3 0x100200 rfwcond raid0
4 0 0 0 3 0x100200 pftm pfpurge
3 0 0 0 3 0x100200 bored syswq
2 0 0 0 3 0x100200 kmalloc kmthread
1 0 1 0 3 0x4080 wait init
0 -1 0 0 3 0x80200 scheduler swapper
ddb> show registers
tstate 0x80000606
pc 0x13d27c4 Debugger+0x4
npc 0x13d27c8 Debugger+0x8
ipl 0xf
y 0
g0 0
g1 0x1814000 memname+0x248
g2 0x1
g3 0
g4 0
g5 0x10eb
g6 0
g7 0
o0 0x1
o1 0x1814000 memname+0x248
o2 0x150d720 mainbus_space_tag+0x17e0
o3 0x4000580f548
o4 0x1
o5 0x1814000 memname+0x248
o6 0x4000580ec01
o7 0x116fcc0 panic+0xa0
l0 0x1844f60 __bss_start+0x149d8
l1 0x4000359f690
l2 0
l3 0
l4 0
l5 0
l6 0
l7 0
i0 0
i1 0
i2 0
i3 0
i4 0
i5 0
i6 0
i7 0
f0 0xffffffffffffffff
f2 0xffffffffffffffff
f4 0xffffffffffffffff
f6 0xffffffffffffffff
f8 0x100000000
f10 0x3fe0000000000000
f12 0x800
f14 0xffffffffffffffff
f16 0xffffffffffffffff
f18 0xffffffffffffffff
f20 0xffffffffffffffff
f22 0xffffffffffffffff
f24 0xffffffffffffffff
f26 0xffffffffffffffff
f28 0xffffffffffffffff
f30 0xffffffffffffffff
f32 0
f34 0
f36 0
f38 0
f40 0
f42 0
f44 0
f46 0
f48 0
f50 0
f52 0
f54 0
f56 0
f58 0
f60 0
f62 0
fsr 0x21
gsr 0
Debugger+0x4: nop
ddb>
> Fix:
Workaround is to add a gateway first, before trying to delete it. Even
using an invalid gateway seems to somehow "initialize" the table and
avoid the panic:
#route -T 1 show
route: route-sysctl-estimate: Invalid argument
#
# route -T 1 add default 1.2.3.4
route: writing to routing socket: Network is unreachable
add net default: gateway 1.2.3.4: Network is unreachable
#
# route -T 1 show
Routing tables
#
# route -T 1 delete default
route: writing to routing socket: No such process
delete net default: not in table
#
OpenBSD 4.2 (GENERIC.RAID) #1: Sun Nov 18 13:57:16 EST 2007
leaman@meredith:/usr/src/sys/arch/sparc64/compile/GENERIC.RAID
real mem = 134217728 (128MB)
avail mem = 116334592 (110MB)
mainbus0 at root: Sun Ultra 5/10 UPA/PCI (UltraSPARC-IIi 300MHz)
cpu0 at mainbus0: SUNW,UltraSPARC-IIi (rev 1.3) @ 300 MHz, version 0 FPU
cpu0: physical 16K instruction (32 b/l), 16K data (32 b/l), 512K external (64 b/l)
psycho0 at mainbus0 addr 0xfffc4000: SUNW,sabre, impl 0, version 0, ign 7c0
psycho0: bus range 0-3, PCI bus 0
psycho0: dvma map c0000000-dfffffff, iotdb 470000-4f0000
pci0 at psycho0
ppb0 at pci0 dev 1 function 1 "Sun Simba PCI-PCI" rev 0x11
pci1 at ppb0 bus 1
ebus0 at pci1 dev 1 function 0 "Sun PCIO EBus2" rev 0x01
auxio0 at ebus0 addr 726000-726003, 728000-728003, 72a000-72a003, 72c000-72c003, \
72f000-72f003 power0 at ebus0 addr 724000-724003 ipl 37
"SUNW,pll" at ebus0 addr 504000-504002 not configured
sab0 at ebus0 addr 400000-40007f ipl 43: rev 3.2
sabtty0 at sab0 port 0: console i/o
sabtty1 at sab0 port 1
comkbd0 at ebus0 addr 3083f8-3083ff ipl 41: no keyboard
com0 at ebus0 addr 3062f8-3062ff ipl 42: mouse: ns16550a, 16 byte fifo
lpt0 at ebus0 addr 3043bc-3043cb, 30015c-30015d, 700000-70000f ipl 34: polled
"fdthree" at ebus0 addr 3023f0-3023f7, 706000-70600f, 720000-720003 ipl 39 not \
configured clock1 at ebus0 addr 0-1fff: mk48t59
"flashprom" at ebus0 addr 0-fffff not configured
audioce0 at ebus0 addr 200000-2000ff, 702000-70200f, 704000-70400f, 722000-722003 ipl \
35 ipl 36: nvaddrs 0 audio0 at audioce0
hme0 at pci1 dev 1 function 1 "Sun HME" rev 0x01: ivec 0x7e1, address \
08:00:20:9c:4e:0e nsphy0 at hme0 phy 1: DP83840 10/100 PHY, rev. 1
vgafb0 at pci1 dev 2 function 0 "ATI Mach64 GT" rev 0x9a
wsdisplay0 at vgafb0
wsdisplay0: screen 0 added (std, sun emulation)
pciide0 at pci1 dev 3 function 0 "CMD Technology PCI0646" rev 0x03: DMA, channel 0 \
configured to native-PCI, channel 1 configured to native-PCI
pciide0: using ivec 0x7e0 for native-PCI interrupt
pciide0: channel 0 disabled (no drives)
atapiscsi0 at pciide0 channel 1 drive 0
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0: SCSI0 5/cdrom removable
cd0(pciide0:1:0): using PIO mode 4, DMA mode 2
ppb1 at pci0 dev 1 function 0 "Sun Simba PCI-PCI" rev 0x11
pci2 at ppb1 bus 2
siop0 at pci2 dev 1 function 0 "Symbios Logic 53c875" rev 0x14: ivec 0x7d0, using 4K \
of on-board RAM scsibus1 at siop0: 16 targets
sd0 at scsibus1 targ 2 lun 0: SCSI3 0/direct fixed
sd0: 17274MB, 7508 cyl, 19 head, 248 sec, 512 bytes/sec, 35378533 sec total
sd1 at scsibus1 targ 3 lun 0: SCSI2 0/direct fixed
sd1: 17274MB, 7508 cyl, 19 head, 248 sec, 512 bytes/sec, 35378533 sec total
siop1 at pci2 dev 1 function 1 "Symbios Logic 53c875" rev 0x14: ivec 0x7d1, using 4K \
of on-board RAM scsibus2 at siop1: 16 targets
ppb2 at pci2 dev 2 function 0 "Intel S21154AE/BE PCI-PCI" rev 0x00
pci3 at ppb2 bus 3
"Sun PCIO EBus2" rev 0x01 at pci3 dev 0 function 0 not configured
hme1 at pci3 dev 0 function 1 "Sun HME" rev 0x01: ivec 0x7d5, address \
08:00:20:ec:91:88 luphy0 at hme1 phy 1: LU6612 10/100 PHY, rev. 1
"Sun PCIO EBus2" rev 0x01 at pci3 dev 1 function 0 not configured
hme2 at pci3 dev 1 function 1 "Sun HME" rev 0x01: ivec 0x7d6, address \
08:00:20:ec:91:89 luphy1 at hme2 phy 1: LU6612 10/100 PHY, rev. 1
"Sun PCIO EBus2" rev 0x01 at pci3 dev 2 function 0 not configured
hme3 at pci3 dev 2 function 1 "Sun HME" rev 0x01: ivec 0x7d7, address \
08:00:20:ec:91:8a luphy2 at hme3 phy 1: LU6612 10/100 PHY, rev. 1
"Sun PCIO EBus2" rev 0x01 at pci3 dev 3 function 0 not configured
hme4 at pci3 dev 3 function 1 "Sun HME" rev 0x01: ivec 0x7d4, address \
08:00:20:ec:91:8b luphy3 at hme4 phy 1: LU6612 10/100 PHY, rev. 1
"pcons" at mainbus0 not configured
Kernelized RAIDframe activated
siop0: target 2 now using tagged 16 bit 20.0 MHz 16 REQ/ACK offset xfers
siop0: target 3 now using tagged 16 bit 20.0 MHz 16 REQ/ACK offset xfers
raid0 at root: (RAID Level 1) total number of sectors is 30373376 (14830 MB) as root
bootpath: /pci@1f,0/pci@1,0/scsi@1,0/disk@2,0
swapmount: no device
> Release-Note:
> Audit-Trail:
> Unformatted:
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic