From owner-freebsd-bugs Mon Apr 29 14:24:20 2002 Delivered-To: freebsd-bugs@freebsd.org Received: from spidey.speakeasy.net (webmail.speakeasy.net [216.254.0.16]) by hub.freebsd.org (Postfix) with ESMTP id E2E4D37B404 for ; Mon, 29 Apr 2002 14:24:08 -0700 (PDT) Received: (from nobody@localhost) by spidey.speakeasy.net (8.11.6/8.11.2) id g3TL2iu18268; Mon, 29 Apr 2002 14:02:44 -0700 Message-Id: <200204292102.g3TL2iu18268@spidey.speakeasy.net> Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: text/plain MIME-Version: 1.0 Date: Mon, 29 Apr 2002 14:02:44 -0700 From: Qing To: freebsd-bugs@freebsd.org Subject: genmask , rt_fixchange and kernel panic X-Sender: qingli@speakeasy.net X-Originating-Ip: [147.11.38.42] X-Mailer: Speakeasy Network Webmail 2.1.0 Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Creating a route entry with -cloning flag and the -genmask option causes a kernel panic on 4.5-STABLE. To recreate the problem, do the following: route add -net 10.2.10.5 -netmask 255.255.0.0 -cloning -genmask 255.255.255.0 64.81.55.1 ping 10.2.10.6 The cloned entry created is a network route. The problem appears to be in route.c, in "rtrequest1" function, where if (!(rt->rt_flags & RTF_HOST) && (rt_mask(rt) !=0) rnh->rnh_walktree_from(..,rt_fixchange,.) This newly created entry is immediately removed inside rt_fixchange. This invalid "rt" pointer is returned back to the caller. This problem did not show up in the previous version of the code apparently due to the missing flag check on RTF_CLONING in the code above, if (cmd == RTM_RESOLVE) if ((*ret_nrt)->rt_flags & RTF_PRCLONING) (old version) new version if ((*ret_nrt)->rt_flags & (RTF_CLONING & RTF_PRCLONING) The rt_parent is not assigned so rt_fixchange returned immediately in the previous version. I am also not sure why rt_fixchange is needed if cmd is RTM_RESOLVE. Has anyone else seen this? -- Qing To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message