From owner-freebsd-bugs Sun May 14 13:05:22 1995 Return-Path: bugs-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id NAA26644 for bugs-outgoing; Sun, 14 May 1995 13:05:22 -0700 Received: from jabba.fdn.org (jabba.fdn.org [193.55.4.70]) by freefall.cdrom.com (8.6.10/8.6.6) with ESMTP id NAA26637 for ; Sun, 14 May 1995 13:05:05 -0700 Received: (from uucp@localhost) by jabba.fdn.org (8.6.8/8.6.9) with UUCP id WAA20982 for freebsd-bugs@freefall.cdrom.com; Sun, 14 May 1995 22:04:50 +0200 Received: (pb@localhost) by fasterix.frmug.fr.net (8.6.11/fasterix-941011) id WAA00794 for freebsd-bugs@freefall.cdrom.com; Sun, 14 May 1995 22:00:45 +0200 From: Pierre Beyssac Message-Id: <199505142000.WAA00794@fasterix.frmug.fr.net> Subject: rtfree() panic : more info To: freebsd-bugs@freefall.cdrom.com Date: Sun, 14 May 1995 22:00:44 +0200 (MET DST) X-Mailer: ELM [version 2.4 PL23] MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit Content-Length: 3145 Sender: bugs-owner@FreeBSD.org Precedence: bulk More on the rtfree() panic. I compiled a kernel with -g for route.c and rtsock.c. Here are the results. No interesting messages in the log before the panic. It seems to me that the panic occurs when rtfree()ing a cloned route whose parent has already (mistakenly) been freed. Not sure I understand this correctly. After having stared at route.c and rtsock.c for a while without success, I'm sending this in hopes it can help someone find the bug or tell me where to look for it. I keep looking. #1 0xf0110593 in panic () #2 0xf0135edf in rtfree (rt=0xf04b8100) at ../../net/route.c:154 #3 0xf0135f74 in rtfree (rt=0xf04a5b00) at ../../net/route.c:170 [...] (kgdb) select 3 (kgdb) print *rt $1 = {rt_nodes = {{rn_mklist = 0x0, rn_p = 0xf04a5b18, rn_b = -1, rn_bmask = 0 '\000', rn_flags = 0 '\000', rn_u = {rn_leaf = { rn_Key = 0xf05060c0 "\020\002", rn_Mask = 0x0, rn_Dupedkey = 0x0}, rn_node = {rn_Off = -263167808, rn_L = 0x0, rn_R = 0x0}}}, { rn_mklist = 0x0, rn_p = 0xf04b1018, rn_b = 58, rn_bmask = 32 ' ', rn_flags = 0 '\000', rn_u = {rn_leaf = { rn_Key = 0x7 "4\022U\211åj\002\235\214Ø\216à\216è\203}\004", rn_Mask = 0xf0521900 "", rn_Dupedkey = 0xf04a5b00}, rn_node = { rn_Off = 7, rn_L = 0xf0521900, rn_R = 0xf04a5b00}}}}, rt_gateway = 0xf05060d0, rt_filler = 0, rt_refcnt = 0, rt_flags = 131078, rt_ifp = 0xf01a4cf8, rt_ifa = 0xf055fa00, rt_genmask = 0x0, rt_llinfo = 0x0, rt_rmx = {rmx_locks = 0, rmx_mtu = 0, rmx_hopcount = 0, rmx_expire = 0, rmx_recvpipe = 0, rmx_sendpipe = 0, rmx_ssthresh = 0, rmx_rtt = 0, rmx_rttvar = 0, rmx_pksent = 1, rmx_filler = {0, 0, 0, 0}}, rt_gwroute = 0x0, rt_output = 0, rt_parent = 0xf04b8100, rt_filler2 = 0x0} ==> rt->rtflags is RTF_WASCLONED|RTF_GATEWAY|RTF_HOST (0x20006) ==> rt->rt_gateway points to 193.55.4.3 (my PPP server) ==> rt->rt_ifp is the PPP interface. ==> rt->rt_parent points to the following which looks like garbage : (kgdb) select 2 (kgdb) print *rt $2 = {rt_nodes = {{rn_mklist = 0xf0536000, rn_p = 0xb10000, rn_b = 0, rn_bmask = 0 '\000', rn_flags = 0 '\000', rn_u = {rn_leaf = { rn_Key = 0xf0195ae0 "\001", rn_Mask = 0x0, rn_Dupedkey = 0x0}, rn_node = {rn_Off = -266773792, rn_L = 0x0, rn_R = 0x0}}}, { rn_mklist = 0x0, rn_p = 0x0, rn_b = 0, rn_bmask = 0 '\000', rn_flags = 0 '\000', rn_u = {rn_leaf = {rn_Key = 0x0, rn_Mask = 0x0, rn_Dupedkey = 0x0}, rn_node = {rn_Off = 0, rn_L = 0x0, rn_R = 0x0}}}}, rt_gateway = 0x0, rt_filler = 0, rt_refcnt = 0, rt_flags = 0, rt_ifp = 0x0, rt_ifa = 0x0, rt_genmask = 0x0, rt_llinfo = 0x0, rt_rmx = {rmx_locks = 0, rmx_mtu = 0, rmx_hopcount = 0, rmx_expire = 0, rmx_recvpipe = 0, rmx_sendpipe = 0, rmx_ssthresh = 2048, rmx_rtt = 0, rmx_rttvar = 0, rmx_pksent = 0, rmx_filler = {0, 0, 0, 0}}, rt_gwroute = 0x0, rt_output = 0, rt_parent = 0x0, rt_filler2 = 0x0} -- Pierre Beyssac pb@fasterix.frmug.fr.net pb@fasterix.fdn.fr FreeBSD, NetBSD, Linux -- Il y a moins bien, mais c'est plus cher. You can also get less bang for more bucks. (translation F. Berjon)