kern/84225: losing default route changing netmask on interface

Bjoern A. Zeeb bzeeb+freebsd at zabbadoz.net
Thu Jul 28 14:20:51 GMT 2005 

>Number:         84225
>Category:       kern
>Synopsis:       losing default route changing netmask on interface
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Jul 28 14:20:07 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator:     Bjoern A. Zeeb
>Release:        FreeBSD 7.0-CURRENT i386
>Organization:
Zabbadoz.NeT
>Environment:

>Description:

if you change netmask on the interface with default route
the default route will disappear.

I also got a panic while running route monitor doing such a change.

>How-To-Repeat:

HEAD from Jul 26th 2005.

foo# netstat -rn | grep defa
default            192.168.17.1        UGS         0        0    em0
foo# ifconfig em0 | grep 'inet '
        inet 192.168.17.9 netmask 0xfffffff0 broadcast 192.168.17.15
foo# ifconfig em0 192.168.17.9/24
foo# netstat -rn | grep defa
foo#



I had not gathered route monitor output the first time
so did a second pass:

session [1] (screen(1)) : route monitor running
session [2] (console) :

foo# route add default 192.168.17.1
add net default: gateway 192.168.17.1
foo# netstat -rn | grep defa
default            192.168.17.1        UGS         0        3    em0
foo# ifconfig em0 | grep 'inet '
        inet 192.168.17.9 netmask 0xffffff00 broadcast 192.168.17.255
foo#  ifconfig em0 192.168.17.9 netmask 0xfffffff0
panic: _mtx_lock_sleep: recursed on non-recursive mutex rtentry @ /u1/src/HEAD/sys/net/route.c:1292

cpuid = 0
KDB: enter: panic
[thread pid 500 tid 100090 ]
Stopped at      kdb_enter+0x2b: nop
db> where
Tracing pid 500 tid 100090 td 0xc2886a80
kdb_enter(c085677a) at kdb_enter+0x2b
panic(c0855c12,c0859ff5,c086156e,50c,c27cf2f4) at panic+0x127
_mtx_lock_sleep(c27cf2f4,c2886a80,0,c086156e,50c) at _mtx_lock_sleep+0x36
_mtx_lock_flags(c27cf2f4,0,c086156e,50c,c2868550) at _mtx_lock_flags+0x85
rt_check(e7356a6c,e7356a88,c2868550,c085a30b,32) at rt_check+0x10d
arpresolve(c2407800,c27cf294,c2586200,c2868550,e7356aa8) at arpresolve+0x21
ether_output(c2407800,c2586200,c2868550,c27cf294,c290d000) at ether_output+0x66
ip_output(c2586200,0,e7356b00,0,0) at ip_output+0x6fc
udp_output(c2732e10,c2586200,0,0,c2886a80) at udp_output+0x4a7
udp_send(c29772c8,0,c2586200,0,0) at udp_send+0x1a
sosend(c29772c8,0,e7356c3c,c2586200,0) at sosend+0x5e3
kern_sendit(c2886a80,5,e7356cbc,0,0) at kern_sendit+0x104
sendit(c2886a80,5,e7356cbc,0,bfbfd59a) at sendit+0x163
sendto(c2886a80,e7356d04,6,1,216) at sendto+0x4d
syscall(3b,3b,3b,0,28138ba4) at syscall+0x22f
Xint0x80_syscall() at Xint0x80_syscall+0x1f
--- syscall (133, FreeBSD ELF32, sendto), eip = 0x2811331f, esp = 0xbfbfce5c, ebp = 0xbfbfce88 ---
db> show alllocks
Process 506 (ifconfig) thread 0xc2991480 (100084)
exclusive sleep mutex rtentry r = 0 (0xc27cf3fc) locked @ /u1/src/HEAD/sys/net/route.c:1201
Process 500 (route) thread 0xc2886a80 (100090)
exclusive sleep mutex rtentry r = 0 (0xc27cf2f4) locked @ /u1/src/HEAD/sys/net/route.c:197
exclusive sleep mutex inp (udpinp) r = 0 (0xc2732ea0) locked @ /u1/src/HEAD/sys/netinet/udp_usrreq.c:762
db> call doadump
Dumping 1023 MB (2 chunks)
  chunk 0: 1MB (159 pages) ... ok
  chunk 1: 1023MB (261872 pages) 1007 991 975 959 943 927 911 895 879 863 847 831 815 799 783 767 751 735 719 703 687 671 655 639 623 607 591 575 559 543 527 511 495 479 463 447 431 415 399 383 367
351 335 319 303 287 271 255 239 223 207 191 175 159 143 127 111 95 79 63 47 31 15 ... ok

Dump complete
= 0xf

(gdb) l /u1/src/HEAD/sys/net/route.c:1292
1287                                    rtfree(rt);     /* unlock gwroute */
1288                                    rt = rt0;
1289                            lookup:
1290                                    RT_UNLOCK(rt0);
1291                                    rt = rtalloc1(rt->rt_gateway, 1, 0UL);
1292                                    RT_LOCK(rt0);
1293                                    rt0->rt_gwroute = rt;
1294                                    if (rt == NULL) {
1295                                            RT_UNLOCK(rt0);
1296                                            senderr(EHOSTUNREACH);

In case that helps:

(kgdb) where
#0  doadump () at pcpu.h:165
#1  0xc0468fb3 in db_fncall (dummy1=0, dummy2=0, dummy3=-415930332, dummy4=0xe7356828 "\\h5ç")
    at /u1/src/HEAD/sys/ddb/db_command.c:489
#2  0xc0468db8 in db_command (last_cmdp=0xc0904fe4, cmd_table=0x0, aux_cmd_tablep=0xc0882384,
    aux_cmd_tablep_end=0xc08823a0) at /u1/src/HEAD/sys/ddb/db_command.c:349
#3  0xc0468e80 in db_command_loop () at /u1/src/HEAD/sys/ddb/db_command.c:455
#4  0xc046aa21 in db_trap (type=3, code=0) at /u1/src/HEAD/sys/ddb/db_main.c:221
#5  0xc064a5bc in kdb_trap (type=3, code=0, tf=0xe735696c) at /u1/src/HEAD/sys/kern/subr_kdb.c:473
#6  0xc07edbf8 in trap (frame=
      {tf_fs = -415956984, tf_es = -1067188184, tf_ds = -1065025496, tf_edi = -1065001966, tf_esi = 1, tf_ebp = -415929940, tf_isp = -415929960, tf_ebx = -415929896, tf_edx = 0, tf_ecx = -1056755712, tf_eax = 18, tf_trapno = 3, tf_err = 0, tf_eip = -1067146461, tf_cs = 32, tf_eflags = 646, tf_esp = -415929908, tf_ss = -1067243749})
    at /u1/src/HEAD/sys/i386/i386/trap.c:601
#7  0xc07dbfda in calltrap () at /u1/src/HEAD/sys/i386/i386/exception.s:139
#8  0xe7350008 in ?? ()
#9  0xc0640028 in ogethostid () at /u1/src/HEAD/sys/kern/kern_xxx.c:122
#10 0xc063271b in panic (fmt=0xc0855c12 "_mtx_lock_sleep: recursed on non-recursive mutex %s @ %s:%d\n")
    at /u1/src/HEAD/sys/kern/kern_shutdown.c:537
#11 0xc062aaee in _mtx_lock_sleep (m=0xc27cf2f4, tid=3263720064, opts=0,
    file=0xc086156e "/u1/src/HEAD/sys/net/route.c", line=1292) at /u1/src/HEAD/sys/kern/kern_mutex.c:447
#12 0xc062a80d in _mtx_lock_flags (m=0xc27cf2f4, opts=0, file=0xc086156e "/u1/src/HEAD/sys/net/route.c",
    line=1292) at /u1/src/HEAD/sys/kern/kern_mutex.c:273
#13 0xc06a62c9 in rt_check (lrt=0x0, lrt0=0xe7356a88, dst=0xc2868550) at /u1/src/HEAD/sys/net/route.c:1292
#14 0xc06ba255 in arpresolve (ifp=0xc2407800, rt0=0xc27cf294, m=0xc2586200, dst=0xc2868550,
    desten=0xe7356aa8 "=[\205À+\001") at /u1/src/HEAD/sys/netinet/if_ether.c:374
#15 0xc069988a in ether_output (ifp=0xc2407800, m=0xc2586200, dst=0xc2868550, rt0=0x0)
    at /u1/src/HEAD/sys/net/if_ethersubr.c:173
#16 0xc06c3f74 in ip_output (m=0xc2586200, opt=0xc25862b8, ro=0xe7356b00, flags=0, imo=0x0, inp=0xc2732e10)
    at /u1/src/HEAD/sys/netinet/ip_output.c:772
#17 0xc06d511f in udp_output (inp=0xc2732e10, m=0xc2586200, addr=0x0, control=0x0, td=0xc2886a80)
    at /u1/src/HEAD/sys/netinet/udp_usrreq.c:874
#18 0xc06d568e in udp_send (so=0x0, flags=0, m=0xc2586200, addr=0x0, control=0x0, td=0xc2886a80)
    at /u1/src/HEAD/sys/netinet/udp_usrreq.c:1051
#19 0xc066b6cb in sosend (so=0xc29772c8, addr=0x0, uio=0xe7356c3c, top=0xc2586200, control=0x0, flags=0,
    td=0xc2886a80) at /u1/src/HEAD/sys/kern/uipc_socket.c:829
#20 0xc06707b8 in kern_sendit (td=0xc2886a80, s=5, mp=0xe7356cbc, flags=0, control=0x0, segflg=UIO_USERSPACE)
    at /u1/src/HEAD/sys/kern/uipc_syscalls.c:772
#21 0xc067068b in sendit (td=0xc2886a80, s=5, mp=0xe7356cbc, flags=0)
    at /u1/src/HEAD/sys/kern/uipc_syscalls.c:712
#22 0xc06708e9 in sendto (td=0xc2886a80, uap=0x0) at /u1/src/HEAD/sys/kern/uipc_syscalls.c:830
#23 0xc07ee3c3 in syscall (frame=
      {tf_fs = 59, tf_es = 59, tf_ds = 59, tf_edi = 0, tf_esi = 672369572, tf_ebp = -1077948792, tf_isp = -415928988, tf_ebx = 672376040, tf_edx = 5, tf_ecx = 672369572, tf_eax = 133, tf_trapno = 12, tf_err = 2, tf_eip = 672215839, tf_cs = 51, tf_eflags = 534, tf_esp = -1077948836, tf_ss = 59}) at /u1/src/HEAD/sys/i386/i386/trap.c:986
#24 0xc07dc02f in Xint0x80_syscall () at /u1/src/HEAD/sys/i386/i386/exception.s:200
#25 0x0000003b in ?? ()
#26 0x0000003b in ?? ()
#27 0x0000003b in ?? ()
#28 0x00000000 in ?? ()
#29 0x28138ba4 in ?? ()
#30 0xbfbfce88 in ?? ()
#31 0xe7356d64 in ?? ()
#32 0x2813a4e8 in ?? ()
#33 0x00000005 in ?? ()
#34 0x28138ba4 in ?? ()
#35 0x00000085 in ?? ()
#36 0x0000000c in ?? ()
#37 0x00000002 in ?? ()
#38 0x2811331f in ?? ()
#39 0x00000033 in ?? ()
#40 0x00000216 in ?? ()
#41 0xbfbfce5c in ?? ()
#42 0x0000003b in ?? ()
#43 0xd0d0d0d0 in ?? ()
#44 0xd0d0d0d0 in ?? ()
#45 0xd0d0d0d0 in ?? ()
#46 0xd0d0d0d0 in ?? ()
#47 0x3ea71000 in ?? ()
#48 0xc2993c48 in ?? ()
#49 0xc2886a80 in ?? ()
#50 0xe7356afc in ?? ()
#51 0xe7356ae4 in ?? ()
#52 0xc2886000 in ?? ()
#53 0xc0642ae3 in sched_switch (td=0x28138ba4, newtd=0x2813a4e8, flags=Cannot access memory at address 0xbfbfce98
)
    at /u1/src/HEAD/sys/kern/sched_4bsd.c:973


>Fix:

	N/A


>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-bugs mailing list