Date: Wed, 2 May 2007 14:24:54 -0400 From: Kris Kennaway <kris@obsecurity.org> To: net@FreeBSD.org Subject: panic: mtx_lock() of destroyed mutex @ ../../../net/route.c:1306 Message-ID: <20070502182454.GA41598@xor.obsecurity.org>
next in thread | raw e-mail | index | archive | help
--gBBFr7Ir9EOA20Yy Content-Type: text/plain; charset=us-ascii Content-Disposition: inline One of my 7.0 systems has a flaky gateway, and when it goes down the node often goes down with this panic: panic: mtx_lock() of destroyed mutex @ ../../../net/route.c:1306 cpuid = 0 KDB: enter: panic [thread pid 28619 tid 100074 ] Stopped at kdb_enter+0x68: ta %xcc, 1 db> wh Tracing pid 28619 tid 100074 td 0xfffff800140e87e0 panic() at panic+0x248 _mtx_lock_flags() at _mtx_lock_flags+0x8c rt_check() at rt_check+0x128 arpresolve() at arpresolve+0x98 ether_output() at ether_output+0x94 ip_output() at ip_output+0xc64 udp_output() at udp_output+0x680 udp_send() at udp_send+0x38 sosend_dgram() at sosend_dgram+0x3e0 sosend() at sosend+0x74 kern_sendit() at kern_sendit+0x14c sendit() at sendit+0x1d4 sendto() at sendto+0x48 syscall() at syscall+0x2f8 -- syscall (133, FreeBSD ELF64, sendto) %o7=0x40aa68ac -- I suspect locking is broken in an error case. net/route.c:1306 is in the senderr() macro in rt_check(): /* XXX BSD/OS checks dst->sa_family != AF_NS */ if (rt->rt_flags & RTF_GATEWAY) { if (rt->rt_gwroute == NULL) goto lookup; rt = rt->rt_gwroute; bewm --> RT_LOCK(rt); /* NB: gwroute */ if ((rt->rt_flags & RTF_UP) == 0) { rtfree(rt); /* unlock gwroute */ rt = rt0; Kris --gBBFr7Ir9EOA20Yy Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (FreeBSD) iD8DBQFGONd2Wry0BWjoQKURAkZgAJ9Rr6aYxPdsdsqYoLe1Z/V+xr0wJwCgpAI5 qj8wrx9rTPqhEx5ZcimjBcU= =BrhP -----END PGP SIGNATURE----- --gBBFr7Ir9EOA20Yy--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070502182454.GA41598>