netbsd-bugs: kern/2733: route change default -mtu 1500 crashes system.

Subject: kern/2733: route change default -mtu 1500 crashes system.
To: None <gnats-bugs@NetBSD.ORG>
From: Bill Sommerfeld <sommerfeld@orchard.medford.ma.us>
List: netbsd-bugs
Date: 09/04/1996 15:56:23

>Number:         2733
>Category:       kern
>Synopsis:       route change default -mtu 1500 crashes system.
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    kern-bug-people (Kernel Bug People)
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Wed Sep  4 09:20:01 1996
>Last-Modified:
>Originator:     Bill Sommerfeld
>Organization:
none
>Release:        960705
>Environment:

System: NetBSD orchard.medford.ma.us 1.2_BETA NetBSD 1.2_BETA (ORCHARD) #18: Mon Aug 12 14:40:46 EDT 1996 sommerfeld@orchard.medford.ma.us:/home/src/netbsd-krb5/sys/arch/i386/compile/ORCHARD i386


>Description:
	`route change default -mtu 1500' causes a crash inside

	ifa_ifwithdstaddr+0x26
		called from
	ifa_ifwithroute
		called from
	route_output

5-minute crash analysis (all I have time for at the moment..)

The faulting point *appears* to be while fetching
ifa->ifa_addr->sa_family in:

			if (ifa->ifa_addr->sa_family != addr->sa_family ||
			    ifa->ifa_dstaddr == NULL)
				continue;

ifa->ifa_addr appears to be a NULL pointer.

Interfaces on the system include
	ep0
	lo0
	sl0, sl1
	ppp0, ppp1
	tun0, tun1

Note that my /sbin/route binary is somewhat old (built about 2 years
ago).

>How-To-Repeat:

	as root, run 
		`route change default -mtu 1500'

	watch system crash.

>Fix:
	???
>Audit-Trail:
>Unformatted: