Bug 155177

Summary:

[route] [panic] Panic when inject routes in kernel

Product:

Base System

Reporter:

Eduardo Schoedler <eschoedler>

Component:

kern

Assignee:

freebsd-bugs (Nobody) <bugs>

Status:

Open ---

Severity:

Affects Only Me

Keywords:

crash

Priority:

Normal

Version:

8.2-STABLE

Hardware:

Any

OS:

Any

Attachments:

Description	Flags
radix_remove_gateway.diff	none
file.dat	none

Description Eduardo Schoedler 2011-03-02 05:20:10 UTC

I'm using Quagga 0.99.17 peering with bgpsimple tool in another machine.
Bgpsimple injects full-routing table in this bgp session.
When the bgpsimple terminates the injection (or when I cancel by pressing
CTRL+C), an kernel panic occurs in the router.

Kernel debugging:

# kgdb kernel.debug /var/crash/vmcore.1
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "amd64-marcel-freebsd"...

Unread portion of the kernel message buffer:
panic: rtfree 2
cpuid = 0
Uptime: 4m38s
Physical memory: 8170 MB
Dumping 566 MB: 551 535 519 503 487 471 455 439 423 407 391 375 359 343 327 311 295 279 263 247 231 215 199 183 167 151 135 119 103 87 71 55 39 23 7

#0  doadump () at pcpu.h:224
224             __asm("movq %%gs:0,%0" : "=r" (td));
(kgdb) quit



# dmesg
Copyright (c) 1992-2011 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
        The Regents of the University of California. All rights reserved.
FreeBSD is a registered trademark of The FreeBSD Foundation.
FreeBSD 8.2-STABLE #5: Wed Mar  2 01:34:10 BRT 2011
    root@border01.scr:/usr/obj/usr/src/sys/BORDER-RTR amd64
WARNING: WITNESS option enabled, expect reduced performance.
Timecounter "i8254" frequency 1193182 Hz quality 0
CPU: Intel(R) Xeon(R) CPU           X3440  @ 2.53GHz (2527.00-MHz K8-class CPU)
  Origin = "GenuineIntel"  Id = 0x106e5  Family = 6  Model = 1e  Stepping = 5
  Features=0xbfebfbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CLFLUSH,DTS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE>
  Features2=0x98e3fd<SSE3,DTES64,MON,DS_CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,POPCNT>
  AMD Features=0x28100800<SYSCALL,NX,RDTSCP,LM>
  AMD Features2=0x1<LAHF>
  TSC: P-state invariant
real memory  = 8589934592 (8192 MB)
avail memory = 8229384192 (7848 MB)
ACPI APIC Table: <DELL   PE_SC3  >
FreeBSD/SMP: Multiprocessor System Detected: 8 CPUs
FreeBSD/SMP: 1 package(s) x 4 core(s) x 2 SMT threads
 cpu0 (BSP): APIC ID:  0
 cpu1 (AP): APIC ID:  1
 cpu2 (AP): APIC ID:  2
 cpu3 (AP): APIC ID:  3
 cpu4 (AP): APIC ID:  4
 cpu5 (AP): APIC ID:  5
 cpu6 (AP): APIC ID:  6
 cpu7 (AP): APIC ID:  7
ioapic0 <Version 2.0> irqs 0-23 on motherboard
netisr_init: forcing maxthreads to 1 and bindthreads to 0 for device polling
kbd1 at kbdmux0
ichwd module loaded
smbios0: <System Management BIOS> at iomem 0xfcac0-0xfcade on motherboard
smbios0: Version: 2.6, BCD Revision: 2.6
cryptosoft0: <software crypto> on motherboard
acpi0: <DELL PE_SC3> on motherboard
acpi0: [ITHREAD]
acpi0: Power Button (fixed)
unknown: I/O range not supported
Timecounter "ACPI-fast" frequency 3579545 Hz quality 1000
acpi_timer0: <24-bit timer at 3.579545MHz> port 0x808-0x80b on acpi0
cpu0: <ACPI CPU> on acpi0
cpu1: <ACPI CPU> on acpi0
cpu2: <ACPI CPU> on acpi0
cpu3: <ACPI CPU> on acpi0
cpu4: <ACPI CPU> on acpi0
cpu5: <ACPI CPU> on acpi0
cpu6: <ACPI CPU> on acpi0
cpu7: <ACPI CPU> on acpi0
pcib0: <ACPI Host-PCI bridge> port 0xcf8-0xcff on acpi0
pci0: <ACPI PCI bus> on pcib0
pcib1: <ACPI PCI-PCI bridge> at device 3.0 on pci0
pci1: <ACPI PCI bus> on pcib1
pcib2: <PCI-PCI bridge> at device 0.0 on pci1
pci2: <PCI bus> on pcib2
pcib3: <PCI-PCI bridge> at device 2.0 on pci2
pci3: <PCI bus> on pcib3
igb0: <Intel(R) PRO/1000 Network Connection version - 2.0.7> port 0xfcc0-0xfcdf mem 0xddfc0000-0xddfdffff,0xde000000-0xde3fffff,0xddfb8000-0xddfbbfff irq 18 at device 0.0 on pci3
igb0: Using MSIX interrupts with 9 vectors
igb0: [ITHREAD]
igb0: [ITHREAD]
igb0: [ITHREAD]
igb0: [ITHREAD]
igb0: [ITHREAD]
igb0: [ITHREAD]
igb0: [ITHREAD]
igb0: [ITHREAD]
igb0: [ITHREAD]
igb0: Ethernet address: 00:1b:21:42:87:e0
igb1: <Intel(R) PRO/1000 Network Connection version - 2.0.7> port 0xfce0-0xfcff mem 0xddfe0000-0xddffffff,0xde400000-0xde7fffff,0xddfbc000-0xddfbffff irq 19 at device 0.1 on pci3
igb1: Using MSIX interrupts with 9 vectors
igb1: [ITHREAD]
igb1: [ITHREAD]
igb1: [ITHREAD]
igb1: [ITHREAD]
igb1: [ITHREAD]
igb1: [ITHREAD]
igb1: [ITHREAD]
igb1: [ITHREAD]
igb1: [ITHREAD]
igb1: Ethernet address: 00:1b:21:42:87:e1
pcib4: <PCI-PCI bridge> at device 4.0 on pci2
pci4: <PCI bus> on pcib4
igb2: <Intel(R) PRO/1000 Network Connection version - 2.0.7> port 0xecc0-0xecdf mem 0xdd3c0000-0xdd3dffff,0xdd400000-0xdd7fffff,0xdd3b8000-0xdd3bbfff irq 16 at device 0.0 on pci4
igb2: Using MSIX interrupts with 9 vectors
igb2: [ITHREAD]
igb2: [ITHREAD]
igb2: [ITHREAD]
igb2: [ITHREAD]
igb2: [ITHREAD]
igb2: [ITHREAD]
igb2: [ITHREAD]
igb2: [ITHREAD]
igb2: [ITHREAD]
igb2: Ethernet address: 00:1b:21:42:87:e4
igb3: <Intel(R) PRO/1000 Network Connection version - 2.0.7> port 0xece0-0xecff mem 0xdd3e0000-0xdd3fffff,0xdd800000-0xddbfffff,0xdd3bc000-0xdd3bffff irq 17 at device 0.1 on pci4
igb3: Using MSIX interrupts with 9 vectors
igb3: [ITHREAD]
igb3: [ITHREAD]
igb3: [ITHREAD]
igb3: [ITHREAD]
igb3: [ITHREAD]
igb3: [ITHREAD]
igb3: [ITHREAD]
igb3: [ITHREAD]
igb3: [ITHREAD]
igb3: Ethernet address: 00:1b:21:42:87:e5
pci0: <base peripheral> at device 8.0 (no driver attached)
pci0: <base peripheral> at device 8.1 (no driver attached)
pci0: <base peripheral> at device 8.2 (no driver attached)
pci0: <base peripheral> at device 8.3 (no driver attached)
pci0: <base peripheral> at device 16.0 (no driver attached)
pci0: <base peripheral> at device 16.1 (no driver attached)
ehci0: <Intel PCH USB 2.0 controller USB-B> mem 0xde8fc000-0xde8fc3ff irq 22 at device 26.0 on pci0
ehci0: [ITHREAD]
usbus0: EHCI version 1.0
usbus0: <Intel PCH USB 2.0 controller USB-B> on ehci0
pcib5: <ACPI PCI-PCI bridge> at device 28.0 on pci0
pci5: <ACPI PCI bus> on pcib5
bce0: <Broadcom NetXtreme II BCM5716 1000Base-T (C0)> mem 0xd8000000-0xd9ffffff irq 16 at device 0.0 on pci5
miibus0: <MII bus> on bce0
brgphy0: <BCM5709C 10/100/1000baseTX PHY> PHY 1 on miibus0
brgphy0:  10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, 1000baseT, 1000baseT-master, 1000baseT-FDX, 1000baseT-FDX-master, auto, auto-flow
bce0: Ethernet address: 00:26:b9:7f:d4:26
bce0: [ITHREAD]
bce1: <Broadcom NetXtreme II BCM5716 1000Base-T (C0)> mem 0xda000000-0xdbffffff irq 17 at device 0.1 on pci5
miibus1: <MII bus> on bce1
brgphy1: <BCM5709C 10/100/1000baseTX PHY> PHY 1 on miibus1
brgphy1:  10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, 1000baseT, 1000baseT-master, 1000baseT-FDX, 1000baseT-FDX-master, auto, auto-flow
bce1: Ethernet address: 00:26:b9:7f:d4:27
bce1: [ITHREAD]
ehci1: <Intel PCH USB 2.0 controller USB-A> mem 0xde8fe000-0xde8fe3ff irq 22 at device 29.0 on pci0
ehci1: [ITHREAD]
usbus1: EHCI version 1.0
usbus1: <Intel PCH USB 2.0 controller USB-A> on ehci1
pcib6: <ACPI PCI-PCI bridge> at device 30.0 on pci0
pci6: <ACPI PCI bus> on pcib6
vgapci0: <VGA-compatible display> mem 0xd7800000-0xd7ffffff,0xdc7fc000-0xdc7fffff,0xdc800000-0xdcffffff irq 19 at device 3.0 on pci6
isab0: <PCI-ISA bridge> at device 31.0 on pci0
isa0: <ISA bus> on isab0
atapci0: <Intel 5 Series/3400 Series PCH SATA300 controller> port 0xdca0-0xdca7,0xdc90-0xdc93,0xdca8-0xdcaf,0xdc94-0xdc97,0xdcc0-0xdccf,0xdcd0-0xdcdf irq 20 at device 31.2 on pci0
atapci0: [ITHREAD]
ata2: <ATA channel 0> on atapci0
ata2: [ITHREAD]
ata3: <ATA channel 1> on atapci0
ata3: [ITHREAD]
atapci1: <Intel 5 Series/3400 Series PCH SATA300 controller> port 0xdcb0-0xdcb7,0xdc98-0xdc9b,0xdcb8-0xdcbf,0xdc9c-0xdc9f,0xdce0-0xdcef,0xdcf0-0xdcff irq 21 at device 31.5 on pci0
atapci1: [ITHREAD]
ata4: <ATA channel 0> on atapci1
ata4: [ITHREAD]
ata5: <ATA channel 1> on atapci1
ata5: [ITHREAD]
acpi_hpet0: <High Precision Event Timer> iomem 0xfed00000-0xfed003ff on acpi0
Timecounter "HPET" frequency 14318180 Hz quality 900
atrtc0: <AT realtime clock> port 0x70-0x7f irq 8 on acpi0
uart0: <16550 or compatible> port 0x3f8-0x3ff irq 4 flags 0x10 on acpi0
uart0: [FILTER]
uart1: <16550 or compatible> port 0x2f8-0x2ff irq 3 on acpi0
uart1: [FILTER]
orm0: <ISA Option ROMs> at iomem 0xc0000-0xc7fff,0xc8000-0xc8fff,0xec000-0xeffff on isa0
atkbd: unable to set the command byte.
sc0: <System console> at flags 0x100 on isa0
sc0: VGA <16 virtual consoles, flags=0x300>
vga0: <Generic ISA VGA> at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0
atkbdc0: <Keyboard controller (i8042)> at port 0x60,0x64 on isa0
atkbd0: <AT Keyboard> irq 1 on atkbdc0
kbd0 at atkbd0
atkbd0: [GIANT-LOCKED]
atkbd0: [ITHREAD]
coretemp0: <CPU On-Die Thermal Sensors> on cpu0
est0: <Enhanced SpeedStep Frequency Control> on cpu0
est: CPU supports Enhanced Speedstep, but is not recognized.
est: cpu_vendor GenuineIntel, msr 14
device_attach: est0 attach returned 6
p4tcc0: <CPU Frequency Thermal Control> on cpu0
coretemp1: <CPU On-Die Thermal Sensors> on cpu1
est1: <Enhanced SpeedStep Frequency Control> on cpu1
est: CPU supports Enhanced Speedstep, but is not recognized.
est: cpu_vendor GenuineIntel, msr 14
device_attach: est1 attach returned 6
p4tcc1: <CPU Frequency Thermal Control> on cpu1
coretemp2: <CPU On-Die Thermal Sensors> on cpu2
est2: <Enhanced SpeedStep Frequency Control> on cpu2
est: CPU supports Enhanced Speedstep, but is not recognized.
est: cpu_vendor GenuineIntel, msr 14
device_attach: est2 attach returned 6
p4tcc2: <CPU Frequency Thermal Control> on cpu2
coretemp3: <CPU On-Die Thermal Sensors> on cpu3
est3: <Enhanced SpeedStep Frequency Control> on cpu3
est: CPU supports Enhanced Speedstep, but is not recognized.
est: cpu_vendor GenuineIntel, msr 14
device_attach: est3 attach returned 6
p4tcc3: <CPU Frequency Thermal Control> on cpu3
coretemp4: <CPU On-Die Thermal Sensors> on cpu4
est4: <Enhanced SpeedStep Frequency Control> on cpu4
est: CPU supports Enhanced Speedstep, but is not recognized.
est: cpu_vendor GenuineIntel, msr 14
device_attach: est4 attach returned 6
p4tcc4: <CPU Frequency Thermal Control> on cpu4
coretemp5: <CPU On-Die Thermal Sensors> on cpu5
est5: <Enhanced SpeedStep Frequency Control> on cpu5
est: CPU supports Enhanced Speedstep, but is not recognized.
est: cpu_vendor GenuineIntel, msr 14
device_attach: est5 attach returned 6
p4tcc5: <CPU Frequency Thermal Control> on cpu5
coretemp6: <CPU On-Die Thermal Sensors> on cpu6
est6: <Enhanced SpeedStep Frequency Control> on cpu6
est: CPU supports Enhanced Speedstep, but is not recognized.
est: cpu_vendor GenuineIntel, msr 14
device_attach: est6 attach returned 6
p4tcc6: <CPU Frequency Thermal Control> on cpu6
coretemp7: <CPU On-Die Thermal Sensors> on cpu7
est7: <Enhanced SpeedStep Frequency Control> on cpu7
est: CPU supports Enhanced Speedstep, but is not recognized.
est: cpu_vendor GenuineIntel, msr 14
device_attach: est7 attach returned 6
p4tcc7: <CPU Frequency Thermal Control> on cpu7
Timecounters tick every 1.000 msec
IPsec: Initialized Security Association Processing.
ipfw2 (+ipv6) initialized, divert enabled, nat enabled, rule-based forwarding enabled, default to accept, logging disabled
load_dn_sched dn_sched WF2Q+ loaded
load_dn_sched dn_sched FIFO loaded
load_dn_sched dn_sched PRIO loaded
load_dn_sched dn_sched QFQ loaded
load_dn_sched dn_sched RR loaded
usbus0: 480Mbps High Speed USB v2.0
usbus1: 480Mbps High Speed USB v2.0
ad4: 238418MB <WDC WD2502ABYS-18B7A0 02.03B04> at ata2-master UDMA100 SATA 3Gb/s
ugen0.1: <Intel> at usbus0
uhub0: <Intel EHCI root HUB, class 9/0, rev 2.00/1.00, addr 1> on usbus0
ugen1.1: <Intel> at usbus1
uhub1: <Intel EHCI root HUB, class 9/0, rev 2.00/1.00, addr 1> on usbus1
ad6: 238418MB <WDC WD2502ABYS-18B7A0 02.03B04> at ata3-master UDMA100 SATA 3Gb/s
acd0: DVDROM <TEAC DVD-ROM DV28SV/D.0L> at ata3-slave UDMA100 SATA 1.5Gb/s
SMP: AP CPU #1 Launched!
SMP: AP CPU #4 Launched!
SMP: AP CPU #3 Launched!
SMP: AP CPU #5 Launched!
SMP: AP CPU #2 Launched!
SMP: AP CPU #6 Launched!
SMP: AP CPU #7 Launched!
hwpmc: TSC/1/64/0x20<REA> IAP/4/48/0x3ff<INT,USR,SYS,EDG,THR,REA,WRI,INV,QUA,PRC> IAF/3/48/0x61<INT,REA,WRI> UCP/8/48/0x3f8<EDG,THR,REA,WRI,INV,QUA,PRC> UCF/1/48/0x60<REA,WRI>
WARNING: WITNESS option enabled, expect reduced performance.
uhub0: 2 ports with 2 removable, self powered
uhub1: 2 ports with 2 removable, self powered
ugen0.2: <vendor 0x8087> at usbus0
uhub2: <vendor 0x8087 product 0x0020, class 9/0, rev 2.00/0.00, addr 2> on usbus0
ugen1.2: <vendor 0x8087> at usbus1
uhub3: <vendor 0x8087 product 0x0020, class 9/0, rev 2.00/0.00, addr 2> on usbus1
uhub2: 6 ports with 6 removable, self powered
uhub3: 8 ports with 8 removable, self powered
ugen0.3: <Avocent> at usbus0
ukbd0: <Keyboard> on usbus0
kbd2 at ukbd0
ums0: <Mouse> on usbus0
ums0: 3 buttons and [Z] coordinates ID=0
ugen1.3: <vendor 0x0424> at usbus1
uhub4: <vendor 0x0424 product 0x2514, class 9/0, rev 2.00/0.00, addr 3> on usbus1
uhub4: 4 ports with 4 removable, self powered
ugen1.4: <CHESEN> at usbus1
ukbd1: <CHESEN USB Keyboard, class 0/0, rev 1.10/1.10, addr 4> on usbus1
kbd3 at ukbd1
uhid0: <CHESEN USB Keyboard, class 0/0, rev 1.10/1.10, addr 4> on usbus1
Trying to mount root from ufs:/dev/ad4s1a
WARNING: / was not properly dismounted
WARNING: /usr was not properly dismounted
WARNING: /var was not properly dismounted
bce0: link state changed to UP

# cat /boot/loader.conf
net.inet.tcp.syncache.hashsize=1024
net.inet.tcp.syncache.bucketlimit=512
net.inet.tcp.syncache.cachelimit=65536
net.inet.tcp.hostcache.hashsize="16384"
net.inet.tcp.hostcache.bucketlimit="100"
net.inet.tcp.tcbhashsize=4096
net.isr.direct=1
net.isr.bindthreads=1
net.isr.numthreads=4
net.isr.defaultqlimit=4096
kern.ipc.nmbclusters=65536
net.fibs=2
kern.hz=1000

# cat /etc/sysctl.conf
kern.securelevel=1
kern.ipc.nmbjumbo9=69000
kern.timecounter.hardware=HPET
security.bsd.see_other_uids=0
security.bsd.see_other_gids=0
net.inet.ip.sourceroute=0
net.inet.ip.accept_sourceroute=0
net.inet.carp.log=0
net.inet.ip.forwarding=1
net.inet6.ip6.forwarding=1
net.inet.ip.fastforwarding=1
net.inet.ip.fw.verbose_limit=0
kern.ipc.somaxconn=8192
kern.maxfilesperproc=57636
net.inet.tcp.delayed_ack=0
net.inet.tcp.sendspace=65535
net.inet.udp.recvspace=65535
net.inet.udp.maxdgram=57344
net.local.stream.recvspace=65535
net.local.stream.sendspace=65535
kern.ipc.shmmax=2147483648
kern.maxfiles=204800
kern.maxfilesperproc=200000
kern.maxvnodes=200000
net.inet.tcp.rfc1323=1
net.inet.ip.portrange.first=1024
net.inet.ip.portrange.last=65535
net.inet.ip.ttl=128
net.inet.tcp.maxtcptw=200000
net.inet.tcp.fast_finwait2_recycle=1
net.inet.tcp.msl=5000
net.inet.ip.dummynet.io_fast=1
net.inet.udp.blackhole=1
net.inet.tcp.blackhole=2
net.inet.icmp.maskrepl=0
net.inet.icmp.drop_redirect=1
net.inet.icmp.log_redirect=1
net.inet.tcp.drop_synfin=1
net.inet.tcp.log_in_vain=1
net.inet.udp.log_in_vain=1
net.inet.tcp.icmp_may_rst=0
net.inet.icmp.icmplim=50
net.inet.ip.redirect=0
net.inet6.ip6.redirect=0
net.inet.icmp.bmcastecho=0
kern.polling.burst_max=1000
kern.polling.each_burst=1000
kern.polling.reg_frac=100
kern.polling.user_frac=1
kern.polling.idle_poll=0
net.link.ether.inet.max_age=14400
net.inet6.icmp6.rediraccept=0
net.inet6.ip6.accept_rtadv=0

# ifconfig
igb0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=101bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,VLAN_HWFILTER>
        ether 00:1b:21:42:87:e0
        media: Ethernet 1000baseT <full-duplex>
        status: active
igb1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=101bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,VLAN_HWFILTER>
        ether 00:1b:21:42:87:e1
        inet 172.16.x.x netmask 0xffffff00 broadcast 172.16.x.x
        media: Ethernet 1000baseT <full-duplex>
        status: active
igb2: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=101bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,VLAN_HWFILTER>
        ether 00:1b:21:42:87:e4
        media: Ethernet 1000baseT <full-duplex> (autoselect)
        status: no carrier
igb3: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=101bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,VLAN_HWFILTER>
        ether 00:1b:21:42:87:e5
        media: Ethernet 1000baseT <full-duplex> (autoselect)
        status: no carrier
bce0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=c01bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,VLAN_HWTSO,LINKSTATE>
        ether 00:26:b9:7f:d4:26
        inet 187.x.y.1 netmask 0xfffffffc broadcast 187.x.y.3
        media: Ethernet 1000baseT <full-duplex,master>
        status: active
bce1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=c01bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,VLAN_HWTSO,LINKSTATE>
        ether 00:26:b9:7f:d4:27
        media: Ethernet 1000baseT <full-duplex> (none)
        status: no carrier
ipfw0: flags=8801<UP,SIMPLEX,MULTICAST> metric 0 mtu 65536
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        options=3<RXCSUM,TXCSUM>
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x8
        inet6 ::1 prefixlen 128
        inet 127.0.0.1 netmask 0xff000000
        nd6 options=3<PERFORMNUD,ACCEPT_RTADV>
enc0: flags=0<> metric 0 mtu 1536
lo10: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        options=3<RXCSUM,TXCSUM>
        inet 187.x.x.254 netmask 0xffffffff
lo20: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        options=3<RXCSUM,TXCSUM>
        inet 187.x.x.21 netmask 0xffffffff
lo30: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        options=3<RXCSUM,TXCSUM>
        inet 187.x.x.1 netmask 0xffffffff
disc10: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 65532
        inet 192.0.2.1 netmask 0xffffffff
        inet6 2001:db8:0:dead:beef::1 prefixlen 128
        nd6 options=3<PERFORMNUD,ACCEPT_RTADV>
igb0.2000: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=3<RXCSUM,TXCSUM>
        ether 00:1b:21:xx:xx:xx
        inet 18x.x.x.x netmask 0xfffffffc broadcast 18x.x.x.x
        media: Ethernet 1000baseT <full-duplex>
        status: active
        vlan: 2000 parent interface: igb0

How-To-Repeat: Quagga on R1:

router bgp 65501
 no synchronization
 no bgp fast-external-failover
 bgp router-id 187.x.x.254
 bgp log-neighbor-changes
 no bgp default ipv4-unicast
 bgp deterministic-med
 bgp graceful-restart
 bgp network import-check
 network 187.x.y.0 mask 255.255.254.0
 neighbor 187.x.z.2 remote-as 65501
 neighbor 187.x.z.2 activate
 neighbor 187.x.z.2 next-hop-self
 no auto-summary

In the another machine:
1) http://code.google.com/p/bgpsimple/wiki/README (using data from rcc00)
2) Execute bgpsimple:
 # ./bgp_simple.pl -myas 65501 -myip 187.x.y.2 -peeras 65501 -peerip 187.x.y.1 -p myroutes -n -v
3) When bgpsimple terminates, this is the output:
 Full update sent.
 Error occured: type [Hold Timer Expired]
 Connection reset with peer 187.x.y.1, AS 65501.
 Error occured: type [Cease]
 Error occured: type [Cease]

Comment 1 Mark Linimon freebsd_committer

2011-03-02 07:33:35 UTC

Responsible Changed
From-To: freebsd-bugs->freebsd-net

Attempt to classify and reassign.

Comment 2 Eduardo Schoedler 2011-03-02 19:42:14 UTC

------=_NextPart_000_01EB_01CBD8F8.CAB2DE00--

Comment 3 lists.br 2011-03-03 11:30:55 UTC

Hello,

The culprit here is RADIX_MPATH. When the kernel is built with it, it =
crashes with the following backtrace (missing on PR):

#0  doadump () at pcpu.h:224
224	pcpu.h: No such file or directory.
	in pcpu.h
(kgdb) #0  doadump () at pcpu.h:224
#1  0xffffffff803c8bee in boot (howto=3D260)
    at /usr/src/sys/kern/kern_shutdown.c:419
#2  0xffffffff803c9021 in panic (fmt=3DVariable "fmt" is not available.
)
    at /usr/src/sys/kern/kern_shutdown.c:592
#3  0xffffffff8049cc15 in rtfree (rt=3DVariable "rt" is not available.
) at /usr/src/sys/net/route.c:446
#4  0xffffffff804a0856 in route_output (m=3D0xffffff006f14ab00,=20
    so=3D0xffffff004dfbd7f8) at /usr/src/sys/net/rtsock.c:863
#5  0xffffffff804321e1 in sosend_generic (so=3D0xffffff004dfbd7f8, =
addr=3D0x0,=20
    uio=3D0xffffff824413ca90, top=3D0xffffff006f14ab00, control=3D0x0, =
flags=3D0,=20
    td=3D0xffffff00062a6460) at /usr/src/sys/kern/uipc_socket.c:1260
#6  0xffffffff804126c2 in soo_write (fp=3DVariable "fp" is not =
available.
)
    at /usr/src/sys/kern/sys_socket.c:102
#7  0xffffffff8040b23b in dofilewrite (td=3D0xffffff00062a6460, fd=3D4,=20=

    fp=3D0xffffff00063fe2d0, auio=3D0xffffff824413ca90, offset=3DVariable =
"offset" is not available.
) at file.h:239
#8  0xffffffff8040b550 in kern_writev (td=3D0xffffff00062a6460, fd=3D4,=20=

    auio=3D0xffffff824413ca90) at /usr/src/sys/kern/sys_generic.c:447
#9  0xffffffff8040b5d5 in write (td=3DVariable "td" is not available.
) at /usr/src/sys/kern/sys_generic.c:363
#10 0xffffffff804077a5 in syscallenter (td=3D0xffffff00062a6460,=20
    sa=3D0xffffff824413cba0) at /usr/src/sys/kern/subr_trap.c:315
#11 0xffffffff8064a6ab in syscall (frame=3D0xffffff824413cc40)
    at /usr/src/sys/amd64/amd64/trap.c:944
#12 0xffffffff80632c52 in Xfast_syscall ()
    at /usr/src/sys/amd64/amd64/exception.S:381
#13 0x0000000800bc5b3c in ?? ()
Previous frame inner to this frame (corrupt stack?)
(kgdb)=20


Looks like it is leaking the 'rt->rt_refcnt' and as result it =
crashes/panic at RTFREE() on the end of route_output().

I don't have access to this live system to dig further (i.e. reduce the =
test case).

Cheers,
Luiz=

Comment 4 Eduardo Schoedler 2011-03-04 12:10:00 UTC

Hello,

I've found another (easy) way to reproduce the problem with two scripts:
routes-add.sh and routes-remove.sh.
First run routes-add.sh for a while; then execute routes-remove.sh.
Cancel with CTRL+C and execute routes-remove.sh again.

Scripts:
========

# cat routes-add.sh 
#!/usr/local/bin/bash

for a in {11..16}; do
 for b in {1..255}; do
  for c in {1..255}; do
    echo -n Adding route $a.$b.$c.0/24...
    route -q delete -net $a.$b.$c.0/24
    echo OK.
  done
 done
done


# cat routes-remove.sh
#!/usr/local/bin/bash

for a in {11..16}; do
 for b in {1..255}; do
  for c in {1..255}; do
    echo -n Removing route $a.$b.$c.0/24...
    route -q delete -net $a.$b.$c.0/24
    echo OK.
  done
 done
done


Backtrace:
==========

# cat /var/crash/core.txt.1
<snip>
Unread portion of the kernel message buffer:
panic: rtfree 2
cpuid = 4
KDB: stack backtrace:
#0 0xffffffff80416e43 at kdb_backtrace+0x5e
#1 0xffffffff803e68a8 at panic+0x182
#2 0xffffffff804b2274 at rtalloc1_fib+0
#3 0xffffffff804b5b92 at route_output+0x304
#4 0xffffffff8044b776 at sosend_generic+0x366
#5 0xffffffff8042cd5c at soo_write+0x54
#6 0xffffffff80425bee at dofilewrite+0x7a
#7 0xffffffff80425ec1 at kern_writev+0x52
#8 0xffffffff80425f3f at write+0x4e
#9 0xffffffff80422408 at syscallenter+0x186
#10 0xffffffff8065b4f7 at syscall+0x40
#11 0xffffffff806449f2 at Xfast_syscall+0xe2
Uptime: 37m16s
Physical memory: 4084 MB
Dumping 497 MB:VOP_STRATEGY: bp is not locked but should be
 482 466 450 434 418 402 386 370 354 338 322 306 290 274 258 242 226 210 194
178 162 146 130 114 98 82 66 50 34 18 2

#0  doadump () at pcpu.h:224
224     pcpu.h: No such file or directory.
        in pcpu.h
(kgdb) #0  doadump () at pcpu.h:224
#1  0xffffffff803e6425 in boot (howto=260)
    at /usr/src/sys/kern/kern_shutdown.c:419
#2  0xffffffff803e6892 in panic (fmt=Variable "fmt" is not available.
)
    at /usr/src/sys/kern/kern_shutdown.c:592
#3  0xffffffff804b2274 in rtfree (rt=Variable "rt" is not available.
) at /usr/src/sys/net/route.c:446
#4  0xffffffff804b5b92 in route_output (m=0xffffff0004790700,
    so=0xffffff00b07ead48) at /usr/src/sys/net/rtsock.c:863
#5  0xffffffff8044b776 in sosend_generic (so=0xffffff00b07ead48, addr=0x0,
    uio=0xffffff830ff98a90, top=0xffffff0004790700, control=0x0, flags=0,
    td=0xffffff0004a13000) at /usr/src/sys/kern/uipc_socket.c:1260
#6  0xffffffff8042cd5c in soo_write (fp=Variable "fp" is not available.
)
    at /usr/src/sys/kern/sys_socket.c:102
#7  0xffffffff80425bee in dofilewrite (td=0xffffff0004a13000, fd=3,
    fp=0xffffff0004977af0, auio=0xffffff830ff98a90, offset=Variable "offset"
is not available.
) at file.h:239
#8  0xffffffff80425ec1 in kern_writev (td=0xffffff0004a13000, fd=3,
    auio=0xffffff830ff98a90) at /usr/src/sys/kern/sys_generic.c:447
#9  0xffffffff80425f3f in write (td=Variable "td" is not available.
) at /usr/src/sys/kern/sys_generic.c:363
#10 0xffffffff80422408 in syscallenter (td=0xffffff0004a13000,
    sa=0xffffff830ff98ba0) at /usr/src/sys/kern/subr_trap.c:315
#11 0xffffffff8065b4f7 in syscall (frame=0xffffff830ff98c40)
    at /usr/src/sys/amd64/amd64/trap.c:944
#12 0xffffffff806449f2 in Xfast_syscall ()
    at /usr/src/sys/amd64/amd64/exception.S:381
#13 0x0000000800735afc in ?? ()
Previous frame inner to this frame (corrupt stack?)
(kgdb)
<snip>

Again, removing RADIX_MPATH from kernel, it's working fine.


Regards,

--
Eduardo Schoedler

Comment 5 lists.br 2011-03-05 13:18:56 UTC

On Mar 4, 2011, at 9:10 AM, Eduardo Schoedler wrote:
> Hello,
> 
> I've found another (easy) way to reproduce the problem with two scripts:
> routes-add.sh and routes-remove.sh.
> First run routes-add.sh for a while; then execute routes-remove.sh.
> Cancel with CTRL+C and execute routes-remove.sh again.
> 


<snip>

Hi Eduardo,

I've found another problem while trying something like you'd proposed, but it can be easily reproduced by just trying to remove a network route that is not in the table (probably what your script does when you press ctrl+c and restart it).

The problem i've found produces the following backtrace:

#0  doadump () at pcpu.h:244
244     pcpu.h: No such file or directory.
        in pcpu.h
(kgdb) #0  doadump () at pcpu.h:244
#1  0xc04d7de9 in db_fncall (dummy1=1, dummy2=0, dummy3=-1056933504, 
    dummy4=0xe69ee798 "") at /usr/src/sys/ddb/db_command.c:548
#2  0xc04d81e1 in db_command (last_cmdp=0xc0e303dc, cmd_table=0x0, dopager=1)
    at /usr/src/sys/ddb/db_command.c:445
#3  0xc04d833a in db_command_loop () at /usr/src/sys/ddb/db_command.c:498
#4  0xc04da25d in db_trap (type=3, code=0) at /usr/src/sys/ddb/db_main.c:229
#5  0xc0902672 in kdb_trap (type=3, code=0, tf=0xe69ee948)
    at /usr/src/sys/kern/subr_kdb.c:533
#6  0xc0c137bb in trap (frame=0xe69ee948) at /usr/src/sys/i386/i386/trap.c:717
#7  0xc0bfc7ec in calltrap () at /usr/src/sys/i386/i386/exception.s:168
#8  0xc09024fa in kdb_enter (why=0xc0ce86fa "panic", msg=0xc0ce86fa "panic")
    at cpufunc.h:71
#9  0xc08cea24 in panic (fmt=0xc0cfedcb "radix node disappeared")
    at /usr/src/sys/kern/kern_shutdown.c:574
#10 0xc0996900 in rtrequest1_fib (req=2, info=0xe69eea50, ret_nrt=0xe69eea84, 
    fibnum=Variable "fibnum" is not available.
) at /usr/src/sys/net/route.c:968
#11 0xc099abbd in route_output (m=0xc43a6b00, so=0xc48b0000)
    at /usr/src/sys/net/rtsock.c:630
#12 0xc09959da in raw_usend (so=0xc48b0000, flags=Variable "flags" is not available.
)
    at /usr/src/sys/net/raw_usrreq.c:228
#13 0xc0999275 in rts_send (so=0xc48b0000, flags=0, m=0xc43a6b00, nam=0x0, 
    control=0x0, td=0xc49d18a0) at /usr/src/sys/net/rtsock.c:354
#14 0xc093ceed in sosend_generic (so=0xc48b0000, addr=0x0, uio=0xe69eec28, 
    top=0xc43a6b00, control=0x0, flags=0, td=0xc49d18a0)
    at /usr/src/sys/kern/uipc_socket.c:1301
#15 0xc0938ddf in sosend (so=0xc48b0000, addr=0x0, uio=0xe69eec28, top=0x0, 
    control=0x0, flags=0, td=0xc49d18a0)
    at /usr/src/sys/kern/uipc_socket.c:1345
#16 0xc0920ae3 in soo_write (fp=0xc4690d58, uio=0xe69eec28, 
    active_cred=0xc47e8e00, flags=0, td=0xc49d18a0)
    at /usr/src/sys/kern/sys_socket.c:100
#17 0xc0919a65 in dofilewrite (td=0xc49d18a0, fd=3, fp=0xc4690d58, 
    auio=0xe69eec28, offset=-1, flags=0) at file.h:238
#18 0xc091b208 in kern_writev (td=0xc49d18a0, fd=3, auio=0xe69eec28)
    at /usr/src/sys/kern/sys_generic.c:447
#19 0xc091b31f in write (td=0xc49d18a0, uap=0xe69eecec)
    at /usr/src/sys/kern/sys_generic.c:363
#20 0xc090fda3 in syscallenter (td=0xc49d18a0, sa=0xe69eece4)
    at /usr/src/sys/kern/subr_trap.c:344
#21 0xc0c13064 in syscall (frame=0xe69eed28)
    at /usr/src/sys/i386/i386/trap.c:1080
#22 0xc0bfc851 in Xint0x80_syscall ()
    at /usr/src/sys/i386/i386/exception.s:266
#23 0x00000033 in ?? ()
Previous frame inner to this frame (corrupt stack?)
(kgdb) 


Are you sure that your scripts produce the backtrace you'd posted ? I cannot reproduce that here...

Well, about the problem i've found ("radix node disappeared") when removing a nonexistent route (route delete x.y.w.z/24 - where x.y.w.z/24 is _not_ in the route table), it was related to the code that check for a gateway when there are multiple gateways for a route, which clearly was not the case.

After some thought i've crafted the following patch which fix the "radix node disappeared" problem (for me obviously...), can you try your scripts with this patch ? Not sure yet if this is related to the first problem you'd reported.


Thanks,
Luiz

Comment 6 Eitan Adler freebsd_committer

2017-12-31 07:58:53 UTC

For bugs matching the following criteria:

Status: In Progress Changed: (is less than) 2014-06-01

Reset to default assignee and clear in-progress tags.

Mail being skipped

Comment 7 Graham Perrin freebsd_committer

2022-10-17 12:18:03 UTC

Keyword: 

    crash

– in lieu of summary line prefix: 

    [panic]

* bulk change for the keyword
* summary lines may be edited manually (not in bulk). 

Keyword descriptions and search interface: 

    <https://bugs.freebsd.org/bugzilla/describekeywords.cgi>