panic: negative refcount 0xfffffe0007f1b4d4
Andrey Zonov
andrey at zonov.org
Wed Jul 18 06:56:18 UTC 2012
On 7/17/12 1:40 AM, Andrey Zonov wrote:
> On 7/16/12 2:32 PM, Andrey Zonov wrote:
>> Hi,
>>
>> I've got about 30 machines which panic sometimes in different places but
>> with the same panic message: "negative refcount 0xfffffe0007f1b4d4".
>> They are running under 9.0-STABLE at r234600M.
>>
> [snip]
>>
>> Is this known issue? If it is not, I've got textdumps and can send to
>> anyone who wants to help me.
>>
>> Thanks in advance.
>>
>
> So, this is the one more ifa leak.
>
It happens when "goto again" is called in ip_output(), in my case under
IPFIREWALL_FORWARD. I'm doing source routing with "ipfw fwd". There
are no leaks with this patch applied:
Index: sys/netinet/ip_output.c
===================================================================
--- sys/netinet/ip_output.c (revision 234600)
+++ sys/netinet/ip_output.c (working copy)
@@ -203,6 +203,8 @@ again:
* The address family should also be checked in case of sharing the
* cache with IPv6.
*/
+ if (ia != NULL)
+ ifa_free(&ia->ia_ifa);
rte = ro->ro_rt;
if (rte && ((rte->rt_flags & RTF_UP) == 0 ||
rte->rt_ifp == NULL ||
I also want to propose this patch:
Index: sys/sys/refcount.h
===================================================================
--- sys/sys/refcount.h (revision 234600)
+++ sys/sys/refcount.h (working copy)
@@ -51,6 +51,7 @@ static __inline void
refcount_acquire(volatile u_int *count)
{
+ KASSERT(*count < 0xffffff00, ("refcount %p is overflowed", count));
atomic_add_acq_int(count, 1);
}
It will give better diagnostic when refcount is overflowed, instead of
"negative refcount".
--
Andrey Zonov
More information about the freebsd-net
mailing list