(KAME-snap 8818) Re: Weird memory exhaustion with FreeBSD
	4.10-STABLE
    JINMEI Tatuya /神明達哉 
    jinmei at isl.rdc.toshiba.co.jp
       
    Wed Sep 29 16:59:25 PDT 2004
    
    
  
>>>>> On Wed, 29 Sep 2004 11:40:23 +0300 (EEST), 
>>>>> Pekka Savola <pekkas at netcore.fi> said:
>> >> Okay.  Now I think I figure out the problem.  Those host routes were
>> >> created not deliberately, so the kernel will eventually need a fix to
>> >> this.
>> >> 
>> >> But if you are in a hurry and/or cannot replace the kernel soon, I
>> >> think setting net.inet6.ip6.rtexpire to 0 can be a workaround (with
>> >> this you even do not have to reboot the kernel - though rebooting may
>> >> also help if you can).
>> 
>> > Warning: this freezed the system immediately [all network connectivity
>> > broke, and I had to do a quick reset].  Maybe I should have set it up
>> > at reboot before the system was in a 'bad' shape..
>> 
>> Sorry for the trouble, but could you be more specific on "freeze"?
>> Does it mean the kernel hanged (you could not type anything from the
>> keyboard, etc)?
> Unfortunately, I can't.  The when my SSH session froze, and the 6to4
> SSH sessions as well, my first instinct was 'oh, crap', and knee-jerk
> push of reset button (because the box has no keyboard attached). Sorry
> for being inprecise.
Okay, I just found a bug that only happens when ip6.rtexpire is 0.
Please try the following patch (with rtexpire=0).
					JINMEI, Tatuya
					Communication Platform Lab.
					Corporate R&D Center, Toshiba Corp.
					jinmei at isl.rdc.toshiba.co.jp
Index: in6_rmx.c
===================================================================
RCS file: /home/ncvs/src/sys/netinet6/in6_rmx.c,v
retrieving revision 1.1.2.3
diff -u -r1.1.2.3 in6_rmx.c
--- in6_rmx.c	28 Apr 2002 05:40:27 -0000	1.1.2.3
+++ in6_rmx.c	29 Sep 2004 23:57:07 -0000
@@ -270,10 +270,16 @@
 		rt->rt_flags |= RTPRF_OURS;
 		rt->rt_rmx.rmx_expire = time_second + rtq_reallyold;
 	} else {
+		struct rtentry *dummy;
+
+		/*
+		 * rtrequest() would recursively call rtfree() without the
+		 * dummy entry argument, causing duplicated free.
+		 */
 		rtrequest(RTM_DELETE,
 			  (struct sockaddr *)rt_key(rt),
 			  rt->rt_gateway, rt_mask(rt),
-			  rt->rt_flags, 0);
+			  rt->rt_flags, &dummy);
 	}
 }
 
    
    
More information about the freebsd-net
mailing list