panic in rt_check_fib()

Robert Watson rwatson at FreeBSD.org
Sat Sep 13 14:15:39 UTC 2008 

On Sat, 13 Sep 2008, Robert Watson wrote:

> On Fri, 5 Sep 2008, Giorgos Keramidas wrote:
>
>> A kernel that I built last night to test Ed's "packet mode" for ptys 
>> included all the changes up to 182743 panics with:
>
> I had an identical panic on 7-STABLE last night:
>
> db> bt
> Tracing pid 782 tid 100091 td 0xc4496440
> kdb_enter_why(c0b25ea1,c0b25ea1,c0b24c19,e6772978,0,...) at 
> kdb_enter_why+0x3a
> panic(c0b24c19,c0b32d59,c0b32d7a,633,c436c9b0,...) at panic+0x12c
> _mtx_lock_sleep(c436ddf4,c4496440,0,c0b32d7a,633,...) at _mtx_lock_sleep+0x4a
> _mtx_lock_flags(c436ddf4,0,c0b32d7a,633,c436ca14,...) at _mtx_lock_flags+0xd1

This is actually from i386/machine/pcpu.h, line 194:

static __inline struct thread *
__curthread(void)
{
         struct thread *td;

         __asm __volatile("movl %%fs:0,%0" : "=r" (td));
         return (td);
}

> rt_check_fib(e6772a0c,e6772a28,c424ea90,0,e6772a1c,...) at rt_check_fib+0x2b4

(kgdb) l *rt_check_fib+0x2b4
0xc0827104 is in rt_check_fib (/usr/src/sys/net/route.c:1587).
warning: Source file is more recent than executable.

1582			if ((rt->rt_flags & RTF_UP) == 0) {
1583				RTFREE_LOCKED(rt);	/* unlock gwroute */
1584				rt = rt0;
1585				rt0->rt_gwroute = NULL;
1586			lookup:
1587				RT_UNLOCK(rt0);
1588	/* XXX MRT link level looked up in table 0 */
1589				rt = rtalloc1_fib(rt->rt_gateway, 1, 0UL, 0);
1590				if (rt == rt0) {
1591					RT_REMREF(rt0);

> in_rt_check(e6772a0c,e6772a28,c424ea90,0,0,...) at in_rt_check+0x26

(kgdb) l *in_rt_check+0x26
0xc08576f6 is in in_rt_check (/usr/src/sys/netinet/in_rmx.c:473).
468	int
469	in_rt_check(struct rtentry **lrt, struct rtentry **lrt0,
470		struct sockaddr *dst, u_int fibnum)
471	{
472		return (rt_check_fib(lrt, lrt0, dst, fibnum));
473	}
474
475	void
476	in_rtredirect(struct sockaddr *dst,
477		struct sockaddr *gateway,

> arpresolve(c4040000,c436c9b0,c4240800,c424ea90,e6772a42,...) at 
> arpresolve+0xb9

(kgdb) l *arpresolve+0xb9
0xc084ddc9 is in arpresolve (/usr/src/sys/netinet/if_ether.c:379).
warning: Source file is more recent than executable.

374				ETHER_MAP_IP_MULTICAST(&SIN(dst)->sin_addr, 
desten);
375				return (0);
376			}
377			fibnum = M_GETFIB(m);
378		}
379
380		if (rt0 != NULL) {
381			/* Look for a cached arp (ll) entry. */
382			error = in_rt_check(&rt, &rt0, dst, fibnum);
383			if (error) {

Looks like I'm using an older version of if_ether.c than I have checked out.

> ether_output(c4040000,c4240800,c424ea90,c436c9b0,c450b9d8,...) at 
> ether_output+0x7e

(kgdb) l *ether_output+0x7e
0xc081774e is in ether_output (/usr/src/sys/net/if_ethersubr.c:175).
warning: Source file is more recent than executable.

170
171		hlen = ETHER_HDR_LEN;
172		switch (dst->sa_family) {
173	#ifdef INET
174		case AF_INET:
175			error = arpresolve(ifp, rt0, m, dst, edst);
176			if (error)
177				return (error == EWOULDBLOCK ? 0 : error);
178			type = htons(ETHERTYPE_IP);
179			break;

Robert N M Watson
Computer Laboratory
University of Cambridge

> ip_output(c4240800,0,e6772ab0,0,0,...) at ip_output+0xa34
> udp_send(c44f74b0,0,c4240800,c4514ac0,0,...) at udp_send+0x58b
> sosend_dgram(c44f74b0,c4514ac0,e6772bd4,c4240800,0,...) at sosend_dgram+0x352
> sosend(c44f74b0,c4514ac0,e6772bd4,0,0,...) at sosend+0x54
> kern_sendit(c4496440,20,e6772c58,0,0,...) at kern_sendit+0x106
> sendit(0,1,e6772c54,28,c426a090,...) at sendit+0x162
> sendmsg(c4496440,e6772cfc,c,c4496630,c0bd53c0,...) at sendmsg+0x78
> syscall(e6772d38) at syscall+0x2b3
> Xint0x80_syscall() at Xint0x80_syscall+0x20
>
> Unfortunately, I was unable to successfully get a crashdump -- not entirely 
> sure why as it seemed to go to disk ok.
>
> Robert N M Watson
> Computer Laboratory
> University of Cambridge
>
>
>> 
>> ========================================================================
>> 
>> root at kobe:/var/crash# kgdb /boot/kernel/kernel vmcore.5
>> GNU gdb 6.1.1 [FreeBSD]
>> Copyright 2004 Free Software Foundation, Inc.
>> GDB is free software, covered by the GNU General Public License, and you 
>> are
>> welcome to change it and/or distribute copies of it under certain 
>> conditions.
>> Type "show copying" to see the conditions.
>> There is absolutely no warranty for GDB.  Type "show warranty" for details.
>> This GDB was configured as "i386-marcel-freebsd"...
>> 
>> Unread portion of the kernel message buffer:
>> panic: _mtx_lock_sleep: recursed on non-recursive mutex rtentry @ 
>> /home/build/src/sys/net/route.c:1742
>> 
>> cpuid = 0
>> Uptime: 5m26s
>> Physical memory: 2026 MB
>> Dumping 80 MB: 65 49 33 17 1
>> 
>> Reading symbols from /boot/kernel/snd_hda.ko...Reading symbols from 
>> /boot/kernel/snd_hda.ko.symbols...done.
>> done.
>> Loaded symbols for /boot/kernel/snd_hda.ko
>> Reading symbols from /boot/kernel/sound.ko...Reading symbols from 
>> /boot/kernel/sound.ko.symbols...done.
>> done.
>> Loaded symbols for /boot/kernel/sound.ko
>> Reading symbols from /boot/kernel/if_iwn.ko...Reading symbols from 
>> /boot/kernel/if_iwn.ko.symbols...done.
>> done.
>> Loaded symbols for /boot/kernel/if_iwn.ko
>> Reading symbols from /boot/kernel/acpi.ko...Reading symbols from 
>> /boot/kernel/acpi.ko.symbols...done.
>> done.
>> Loaded symbols for /boot/kernel/acpi.ko
>> Reading symbols from /boot/kernel/snake_saver.ko...Reading symbols from 
>> /boot/kernel/snake_saver.ko.symbols...done.
>> done.
>> Loaded symbols for /boot/kernel/snake_saver.ko
>> #0  doadump () at pcpu.h:221
>> 221     pcpu.h: No such file or directory.
>>        in pcpu.h
>> (kgdb) list
>> 216     in pcpu.h
>> (kgdb) bt
>> #0  doadump () at pcpu.h:221
>> #1  0xc05e13ac in boot (howto=260) at 
>> /home/build/src/sys/kern/kern_shutdown.c:418
>> #2  0xc05e1678 in panic (fmt=Variable "fmt" is not available.
>> ) at /home/build/src/sys/kern/kern_shutdown.c:572
>> #3  0xc05d3fda in _mtx_lock_sleep (m=0xc573eba4, tid=3314466816, opts=0, 
>> file=0xc08f457a "/home/build/src/sys/net/route.c", line=1742) at 
>> /home/build/src/sys/kern/kern_mutex.c:310
>> #4  0xc05d422f in _mtx_lock_flags (m=0xc573eba4, opts=0, file=0xc08f457a 
>> "/home/build/src/sys/net/route.c", line=1742) at 
>> /home/build/src/sys/kern/kern_mutex.c:182
>> #5  0xc0694ad8 in rt_check_fib (lrt=0xe7c299ec, lrt0=0xe7c29a08, 
>> dst=0xc5550710, fibnum=0) at /home/build/src/sys/net/route.c:1742
>> #6  0xc06caf36 in in_rt_check (lrt=0xe7c299ec, lrt0=0xe7c29a08, 
>> dst=0xc5550710, fibnum=0) at /home/build/src/sys/netinet/in_rmx.c:472
>> #7  0xc06c0ecd in arpresolve (ifp=0xc51fd800, rt0=0xc573eca8, m=0xc59c2200, 
>> dst=0xc5550710, desten=0xe7c29a22 "") at 
>> /home/build/src/sys/netinet/if_ether.c:388
>> #8  0xc0689a9e in ether_output (ifp=0xc51fd800, m=0xc59c2200, 
>> dst=0xc5550710, rt0=0xc573eca8) at 
>> /home/build/src/sys/net/if_ethersubr.c:183
>> #9  0xc06d1bf1 in ip_output (m=0xc59c2200, opt=0x0, ro=0xe7c29aa8, 
>> flags=Variable "flags" is not available.
>> ) at /home/build/src/sys/netinet/ip_output.c:563
>> #10 0xc073ecfb in udp_send (so=0xc573b498, flags=0, m=0xc59c2200, 
>> addr=0xc597e2f0, control=0x0, td=0xc58ec000) at 
>> /home/build/src/sys/netinet/udp_usrreq.c:1060
>> #11 0xc064530f in sosend_dgram (so=0xc573b498, addr=0xc597e2f0, 
>> uio=0xe7c29bd4, top=0xc59c2200, control=0x0, flags=Variable "flags" is not 
>> available.
>> ) at /home/build/src/sys/kern/uipc_socket.c:1059
>> #12 0xc0643054 in sosend (so=0xc573b498, addr=0xc597e2f0, uio=0xe7c29bd4, 
>> top=0x0, control=0x0, flags=0, td=0xc58ec000) at 
>> /home/build/src/sys/kern/uipc_socket.c:1292
>> #13 0xc064bf15 in kern_sendit (td=0xc58ec000, s=516, mp=0xe7c29c54, 
>> flags=0, control=0x0, segflg=UIO_USERSPACE) at 
>> /home/build/src/sys/kern/uipc_syscalls.c:782
>> #14 0xc064c121 in sendit (td=0xc58ec000, s=516, mp=0xe7c29c54, flags=0) at 
>> /home/build/src/sys/kern/uipc_syscalls.c:719
>> #15 0xc064c1d1 in sendmsg (td=0xc58ec000, uap=0xe7c29cf8) at 
>> /home/build/src/sys/kern/uipc_syscalls.c:915
>> #16 0xc0884d13 in syscall (frame=0xe7c29d38) at 
>> /home/build/src/sys/i386/i386/trap.c:1090
>> #17 0xc0869020 in Xint0x80_syscall () at 
>> /home/build/src/sys/i386/i386/exception.s:261
>> #18 0x00000033 in ?? ()
>> Previous frame inner to this frame (corrupt stack?)
>> (kgdb)
>> 
>> ========================================================================
>> 
>> From the limited testing I could do today it seems that the following
>> changes might be useful to track down why this is happening:
>> 
>> /head at 182698 -> ok so far
>> /head at 182743 -> panic
>> 
>> I don't see any rt_check_fib() changes in this commit range, so it may
>> be false that /head at 182698 is ok.  It just doesn't panic immediately
>> when I try to bring up my re0 interface and set the default route.
>> 
>> - Giorgos
>> 
>> 
> _______________________________________________
> freebsd-current at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-current
> To unsubscribe, send any mail to "freebsd-current-unsubscribe at freebsd.org"
>

More information about the freebsd-current mailing list