Date: Sun, 14 May 1995 22:00:44 +0200 (MET DST) From: Pierre Beyssac <pb@fasterix.freenix.fr> To: freebsd-bugs@freefall.cdrom.com Subject: rtfree() panic : more info Message-ID: <199505142000.WAA00794@fasterix.frmug.fr.net>
next in thread | raw e-mail | index | archive | help
More on the rtfree() panic.
I compiled a kernel with -g for route.c and rtsock.c.
Here are the results. No interesting messages in the log before the panic.
It seems to me that the panic occurs when rtfree()ing a cloned route whose
parent has already (mistakenly) been freed. Not sure I understand this
correctly. After having stared at route.c and rtsock.c for a while without
success, I'm sending this in hopes it can help someone find the bug or tell
me where to look for it. I keep looking.
#1 0xf0110593 in panic ()
#2 0xf0135edf in rtfree (rt=0xf04b8100) at ../../net/route.c:154
#3 0xf0135f74 in rtfree (rt=0xf04a5b00) at ../../net/route.c:170
[...]
(kgdb) select 3
(kgdb) print *rt
$1 = {rt_nodes = {{rn_mklist = 0x0, rn_p = 0xf04a5b18, rn_b = -1,
rn_bmask = 0 '\000', rn_flags = 0 '\000', rn_u = {rn_leaf = {
rn_Key = 0xf05060c0 "\020\002", rn_Mask = 0x0, rn_Dupedkey = 0x0},
rn_node = {rn_Off = -263167808, rn_L = 0x0, rn_R = 0x0}}}, {
rn_mklist = 0x0, rn_p = 0xf04b1018, rn_b = 58, rn_bmask = 32 ' ',
rn_flags = 0 '\000', rn_u = {rn_leaf = {
rn_Key = 0x7 "4\022U\211åj\002\235\214Ø\216à\216è\203}\004",
rn_Mask = 0xf0521900 "", rn_Dupedkey = 0xf04a5b00}, rn_node = {
rn_Off = 7, rn_L = 0xf0521900, rn_R = 0xf04a5b00}}}},
rt_gateway = 0xf05060d0, rt_filler = 0, rt_refcnt = 0, rt_flags = 131078,
rt_ifp = 0xf01a4cf8, rt_ifa = 0xf055fa00, rt_genmask = 0x0, rt_llinfo = 0x0,
rt_rmx = {rmx_locks = 0, rmx_mtu = 0, rmx_hopcount = 0, rmx_expire = 0,
rmx_recvpipe = 0, rmx_sendpipe = 0, rmx_ssthresh = 0, rmx_rtt = 0,
rmx_rttvar = 0, rmx_pksent = 1, rmx_filler = {0, 0, 0, 0}},
rt_gwroute = 0x0, rt_output = 0, rt_parent = 0xf04b8100, rt_filler2 = 0x0}
==> rt->rtflags is RTF_WASCLONED|RTF_GATEWAY|RTF_HOST (0x20006)
==> rt->rt_gateway points to 193.55.4.3 (my PPP server)
==> rt->rt_ifp is the PPP interface.
==> rt->rt_parent points to the following which looks like garbage :
(kgdb) select 2
(kgdb) print *rt
$2 = {rt_nodes = {{rn_mklist = 0xf0536000, rn_p = 0xb10000, rn_b = 0,
rn_bmask = 0 '\000', rn_flags = 0 '\000', rn_u = {rn_leaf = {
rn_Key = 0xf0195ae0 "\001", rn_Mask = 0x0, rn_Dupedkey = 0x0},
rn_node = {rn_Off = -266773792, rn_L = 0x0, rn_R = 0x0}}}, {
rn_mklist = 0x0, rn_p = 0x0, rn_b = 0, rn_bmask = 0 '\000',
rn_flags = 0 '\000', rn_u = {rn_leaf = {rn_Key = 0x0, rn_Mask = 0x0,
rn_Dupedkey = 0x0}, rn_node = {rn_Off = 0, rn_L = 0x0,
rn_R = 0x0}}}}, rt_gateway = 0x0, rt_filler = 0, rt_refcnt = 0,
rt_flags = 0, rt_ifp = 0x0, rt_ifa = 0x0, rt_genmask = 0x0, rt_llinfo = 0x0,
rt_rmx = {rmx_locks = 0, rmx_mtu = 0, rmx_hopcount = 0, rmx_expire = 0,
rmx_recvpipe = 0, rmx_sendpipe = 0, rmx_ssthresh = 2048, rmx_rtt = 0,
rmx_rttvar = 0, rmx_pksent = 0, rmx_filler = {0, 0, 0, 0}},
rt_gwroute = 0x0, rt_output = 0, rt_parent = 0x0, rt_filler2 = 0x0}
--
Pierre Beyssac pb@fasterix.frmug.fr.net pb@fasterix.fdn.fr
FreeBSD, NetBSD, Linux -- Il y a moins bien, mais c'est plus cher.
You can also get less bang for more bucks. (translation F. Berjon)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199505142000.WAA00794>