panic: mtx_lock() of destroyed mutex @ ../../../net/route.c:1306
Kris Kennaway
kris at obsecurity.org
Wed May 2 18:24:55 UTC 2007
One of my 7.0 systems has a flaky gateway, and when it goes down the
node often goes down with this panic:
panic: mtx_lock() of destroyed mutex @ ../../../net/route.c:1306
cpuid = 0
KDB: enter: panic
[thread pid 28619 tid 100074 ]
Stopped at kdb_enter+0x68: ta %xcc, 1
db> wh
Tracing pid 28619 tid 100074 td 0xfffff800140e87e0
panic() at panic+0x248
_mtx_lock_flags() at _mtx_lock_flags+0x8c
rt_check() at rt_check+0x128
arpresolve() at arpresolve+0x98
ether_output() at ether_output+0x94
ip_output() at ip_output+0xc64
udp_output() at udp_output+0x680
udp_send() at udp_send+0x38
sosend_dgram() at sosend_dgram+0x3e0
sosend() at sosend+0x74
kern_sendit() at kern_sendit+0x14c
sendit() at sendit+0x1d4
sendto() at sendto+0x48
syscall() at syscall+0x2f8
-- syscall (133, FreeBSD ELF64, sendto) %o7=0x40aa68ac --
I suspect locking is broken in an error case. net/route.c:1306 is in
the senderr() macro in rt_check():
/* XXX BSD/OS checks dst->sa_family != AF_NS */
if (rt->rt_flags & RTF_GATEWAY) {
if (rt->rt_gwroute == NULL)
goto lookup;
rt = rt->rt_gwroute;
bewm --> RT_LOCK(rt); /* NB: gwroute */
if ((rt->rt_flags & RTF_UP) == 0) {
rtfree(rt); /* unlock gwroute */
rt = rt0;
Kris
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-net/attachments/20070502/2a649fc2/attachment.pgp
More information about the freebsd-net
mailing list