>Number:         6658
>Category:       kern
>Synopsis:       arp traffic on the network panics current kernels
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    kern-bug-people (Kernel Bug People)
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sun Dec 27 03:20:01 1998
>Last-Modified:
>Originator:     Martin Husemann
>Organization:
>Release:        supped at Sun Dec 27 11:00
>Environment:
System: NetBSD rumolt.teuto.de 1.3I NetBSD 1.3I (RUMOLT) #4: Sun Dec 27 11:57:58 MET 1998 martin@rumolt.teuto.de:/a/usr/src/sys-i4b/arch/i386/compile/RUMOLT i386


>Description:

After booting a current kernel and receiving a few arp requests on the
network it panics (data modified on free list). The panic message is wrong,
as code inspection shows the memory pool for routing entries is intialized
twice, while the routing timer memory pool is never initialized.

>How-To-Repeat:

Read the code, notice obvious typo (copy and paste bug).

>Fix:

This fixed it for me:

*** /usr/src/sys/net/route.c	Tue Dec 22 13:16:11 1998
--- route.c	Sun Dec 27 11:57:12 1998
***************
*** 620,630 ****
  void	 
  rt_timer_init()
  {
  	assert(rt_init_done == 0);
  
! 	pool_init(&rtentry_pool, sizeof(struct rttimer), 0, 0, 0, "rttmrpl",
  	    0, NULL, NULL, M_RTABLE);
  
  	LIST_INIT(&rttimer_queue_head);
  	timeout(rt_timer_timer, NULL, hz);  /* every second */
  	rt_init_done = 1;
--- 620,630 ----
  void	 
  rt_timer_init()
  {
  	assert(rt_init_done == 0);
  
! 	pool_init(&rttimer_pool, sizeof(struct rttimer), 0, 0, 0, "rttmrpl",
  	    0, NULL, NULL, M_RTABLE);
  
  	LIST_INIT(&rttimer_queue_head);
  	timeout(rt_timer_timer, NULL, hz);  /* every second */
  	rt_init_done = 1;

>Audit-Trail:
>Unformatted: