Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 10 Apr 2009 09:23:26 +0200 (CEST)
From:      Helge Oldach <netinet-ip-output-apr09@oldach.net>
To:        FreeBSD-gnats-submit@FreeBSD.org
Cc:        rwatson@FreeBSD.org, obrien@FreeBSD.org
Subject:   kern/133561: panic in sys/netinet/ip_output.c after r190369
Message-ID:  <200904100723.n3A7NQ6P003584@sep.oldach.net>
Resent-Message-ID: <200904100740.n3A7e14w042293@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 

>Number:         133561
>Category:       kern
>Synopsis:       panic in sys/netinet/ip_output.c after r190369
>Confidential:   no
>Severity:       critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Apr 10 07:40:00 UTC 2009
>Closed-Date:
>Last-Modified:
>Originator:     Helge Oldach
>Release:        FreeBSD 6.4-1439 i386
>Organization:
>Environment:

System: FreeBSD localhost 6.4-1439 FreeBSD 6.4-1439 #1: Fri Apr 10 08:55:22 CEST 2009 root@localhost:/usr/obj/usr/src/sys/HMO i386

This is a recent RELENG_6 system. In particular, SVN r190369 (from
obrien, reviewed by rwatson) is applied.

>Description:

System panic:

	Sleeping thread (tid 100071, pid 1003) owns a non-sleepable lock
	panic: sleeping thread

After some fiddling I discovered that this may be related to IPSEC. The
box does not crash with IPSEC disabled.

After browsing through the changes I inspected the code in
sys/netinet/ip_output.c. SVN r190369 did add three lines to lock/unlock
pcbinfo at apparently appropriate places.

I think the last two additions (case IP_IPSEC_POLICY in
ip_ctloutput_pcbinfo()) are just wrong. IMHO there is no need to lock
pcbinfo as we do not need INP_LOCK(inp) here.

Please also note that INP_INFO_WUNLOCK only happens *within* the if
clause, but not if the if clause is not met, so the pbcinfo is kept
locked, which is likely not intended.

Anyway, I decided to remove the two additional lines. Testing showed
that my box did not crash any longer (of course with IPSEC enabled).

>How-To-Repeat:

>Fix:

--- sys/netinet/ip_output.c.ctm	2009-03-24 22:24:19.000000000 +0100
+++ sys/netinet/ip_output.c	2009-04-10 08:52:12.000000000 +0200
@@ -1369,9 +1369,7 @@
 			req = mtod(m, caddr_t);
 			len = m->m_len;
 			optname = sopt->sopt_name;
-			INP_INFO_WLOCK(pcbinfo);
 			if (so->so_pcb == NULL) {
-				INP_INFO_WUNLOCK(pcbinfo);
 				m_free(m);
 				error = EINVAL;
 				break;


>Release-Note:
>Audit-Trail:
>Unformatted:

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200904100723.n3A7NQ6P003584>