From owner-svn-src-all@FreeBSD.ORG Tue Aug 21 18:50:16 2012 Return-Path: Delivered-To: svn-src-all@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2B54A106566C; Tue, 21 Aug 2012 18:50:16 +0000 (UTC) (envelope-from ken@kdm.org) Received: from nargothrond.kdm.org (nargothrond.kdm.org [70.56.43.81]) by mx1.freebsd.org (Postfix) with ESMTP id D90798FC17; Tue, 21 Aug 2012 18:50:15 +0000 (UTC) Received: from nargothrond.kdm.org (localhost [127.0.0.1]) by nargothrond.kdm.org (8.14.2/8.14.2) with ESMTP id q7LIoE9j030854; Tue, 21 Aug 2012 12:50:14 -0600 (MDT) (envelope-from ken@nargothrond.kdm.org) Received: (from ken@localhost) by nargothrond.kdm.org (8.14.2/8.14.2/Submit) id q7LIoEE4030850; Tue, 21 Aug 2012 12:50:14 -0600 (MDT) (envelope-from ken) Date: Tue, 21 Aug 2012 12:50:14 -0600 From: "Kenneth D. Merry" To: Gleb Smirnoff Message-ID: <20120821185014.GA28272@nargothrond.kdm.org> References: <201208021357.q72DvoFJ088426@svn.freebsd.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <201208021357.q72DvoFJ088426@svn.freebsd.org> User-Agent: Mutt/1.4.2i Cc: svn-src-head@FreeBSD.org, svn-src-all@FreeBSD.org, src-committers@FreeBSD.org Subject: Re: svn commit: r238990 - in head/sys: net netinet netinet6 X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Aug 2012 18:50:16 -0000 On Thu, Aug 02, 2012 at 13:57:50 +0000, Gleb Smirnoff wrote: > Author: glebius > Date: Thu Aug 2 13:57:49 2012 > New Revision: 238990 > URL: http://svn.freebsd.org/changeset/base/238990 > > Log: > Fix races between in_lltable_prefix_free(), lla_lookup(), > llentry_free() and arptimer(): > > o Use callout_init_rw() for lle timeout, this allows us safely > disestablish them. > - This allows us to simplify the arptimer() and make it > race safe. > o Consistently use ifp->if_afdata_lock to lock access to > linked lists in the lle hashes. > o Introduce new lle flag LLE_LINKED, which marks an entry that > is attached to the hash. > - Use LLE_LINKED to avoid double unlinking via consequent > calls to llentry_free(). > - Mark lle with LLE_DELETED via |= operation istead of =, > so that other flags won't be lost. > o Make LLE_ADDREF(), LLE_REMREF() and LLE_FREE_LOCKED() more > consistent and provide more informative KASSERTs. > > The patch is a collaborative work of all submitters and myself. > > PR: kern/165863 > Submitted by: Andrey Zonov > Submitted by: Ryan Stone > Submitted by: Eric van Gyzen I'm running into this on stable/9, any plan on when this will get MFCed? Fatal trap 12: page fault while in kernel mode cpuid = 0; apic id = 00 fault virtual address = 0x360 fault code = supervisor read data, page not present instruction pointer = 0x20:0xffffffff808c74c2 stack pointer = 0x28:0xffffff83e3f5d140 frame pointer = 0x28:0xffffff83e3f5d1a0 code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, long 1, def32 0, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 12 (irq265: igb0:que 0) [ thread pid 12 tid 100047 ] Stopped at 0xffffffff808c74c2 = _rw_rlock+0xf2: movl 0x360(%rcx),%edi db> bt Tracing pid 12 tid 100047 td 0xfffffe000d57c8e0 _rw_rlock() at 0xffffffff808c74c2 = _rw_rlock+0xf2 in_lltable_lookup() at 0xffffffff809e716c = in_lltable_lookup+0x4ac arpresolve() at 0xffffffff809dfe66 = arpresolve+0x116 ether_output() at 0xffffffff8098905f = ether_output+0x25f ip_output() at 0xffffffff809f73a9 = ip_output+0xc79 tcp_output() at 0xffffffff80a651dd = tcp_output+0xb0d tcp_do_segment() at 0xffffffff80a60213 = tcp_do_segment+0xb63 tcp_input() at 0xffffffff80a63148 = tcp_input+0xaf8 ip_input() at 0xffffffff809f447c = ip_input+0xac netisr_dispatch_src() at 0xffffffff8099346b = netisr_dispatch_src+0x20b ether_demux() at 0xffffffff8098890d = ether_demux+0x14d ether_nh_input() at 0xffffffff80988be4 = ether_nh_input+0x1f4 netisr_dispatch_src() at 0xffffffff8099346b = netisr_dispatch_src+0x20b igb_rxeof() at 0xffffffff8179d034 = igb_rxeof+0x394 igb_msix_que() at 0xffffffff8179d3ca = igb_msix_que+0xaa intr_event_execute_handlers() at 0xffffffff8089bdd4 = intr_event_execute_handlers+0x104 ithread_loop() at 0xffffffff8089d594 = ithread_loop+0xa4 fork_exit() at 0xffffffff8089847f = fork_exit+0x11f fork_trampoline() at 0xffffffff80bb970e = fork_trampoline+0xe --- trap 0, rip = 0, rsp = 0xffffff83e3f5dbb0, rbp = 0 --- Thanks, Ken -- Kenneth Merry ken@FreeBSD.ORG