From owner-freebsd-stable@FreeBSD.ORG  Fri May 15 15:37:12 2009
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 997D5106570B;
	Fri, 15 May 2009 15:37:12 +0000 (UTC) (envelope-from nakal@web.de)
Received: from fmmailgate02.web.de (fmmailgate02.web.de [217.72.192.227])
	by mx1.freebsd.org (Postfix) with ESMTP id 3FE638FC2B;
	Fri, 15 May 2009 15:37:12 +0000 (UTC) (envelope-from nakal@web.de)
Received: from smtp07.web.de (fmsmtp07.dlan.cinetic.de [172.20.5.215])
	by fmmailgate02.web.de (Postfix) with ESMTP id CEB3CFF216E6;
	Fri, 15 May 2009 17:36:19 +0200 (CEST)
Received: from [217.236.8.179] (helo=zelda.local)
	by smtp07.web.de with asmtp (TLSv1:AES128-SHA:128)
	(WEB.DE 4.110 #277)
	id 1M4zSN-0007p8-00; Fri, 15 May 2009 17:36:19 +0200
Date: Fri, 15 May 2009 17:36:18 +0200
From: Martin <nakal@web.de>
To: John Baldwin <jhb@freebsd.org>
Message-ID: <20090515173618.78cca743@zelda.local>
In-Reply-To: <200905150815.19452.jhb@freebsd.org>
References: <1696198956@web.de> <200905140916.40594.jhb@freebsd.org>
	<20090514191026.0a90dbfc@zelda.local>
	<200905150815.19452.jhb@freebsd.org>
X-Mailer: Claws Mail 3.7.1 (GTK+ 2.16.1; amd64-portbld-freebsd8.0)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: nakal@web.de
X-Sender: nakal@web.de
X-Provags-ID: V01U2FsdGVkX1+QZGiuobyGrcTrMVrdsSpYZjfCw79966r7nvp9
	STCzYlYLeX/FJdCNfS578BfVAZe8G5LKBaL0WrvIlv6TdxHUcF Z90n+Anh8=
Cc: freebsd-stable@freebsd.org
Subject: Re: kernel trap 12 with interrupts disabled [bge0 on 7.2R]
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>, 
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 15 May 2009 15:37:13 -0000


Hi John,

one more thing that I noticed. It seems that the netmask passed to the
procedure rt_maskedcopy is invalid. Cannot dereference the pointer.

I went one frame up and I've looked at the control flow of the parent
routine rtrequest1_fib. This routine passes the netmask, but before it
does that it went with req=11 (RTM_RESOLVE) through this piece of code:

/usr/src/sys/net/route.c:985

case RTM_RESOLVE:
        if (ret_nrt == NULL || (rt = *ret_nrt) == NULL)
                  senderr(EINVAL);
        ifa = rt->rt_ifa;
        /* XXX locking? */
        flags = rt->rt_flags &
                ~(RTF_CLONING | RTF_STATIC);
        flags |= RTF_WASCLONED;
        gateway = rt->rt_gateway;
        if ((netmask = rt->rt_genmask) == NULL)
                flags |= RTF_HOST;
        goto makeroute;

Is this a locking problem?

--
Martin