Date: Tue, 21 Aug 2012 12:50:14 -0600 From: "Kenneth D. Merry" <ken@FreeBSD.org> To: Gleb Smirnoff <glebius@FreeBSD.org> Cc: svn-src-head@FreeBSD.org, svn-src-all@FreeBSD.org, src-committers@FreeBSD.org Subject: Re: svn commit: r238990 - in head/sys: net netinet netinet6 Message-ID: <20120821185014.GA28272@nargothrond.kdm.org> In-Reply-To: <201208021357.q72DvoFJ088426@svn.freebsd.org> References: <201208021357.q72DvoFJ088426@svn.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Aug 02, 2012 at 13:57:50 +0000, Gleb Smirnoff wrote: > Author: glebius > Date: Thu Aug 2 13:57:49 2012 > New Revision: 238990 > URL: http://svn.freebsd.org/changeset/base/238990 > > Log: > Fix races between in_lltable_prefix_free(), lla_lookup(), > llentry_free() and arptimer(): > > o Use callout_init_rw() for lle timeout, this allows us safely > disestablish them. > - This allows us to simplify the arptimer() and make it > race safe. > o Consistently use ifp->if_afdata_lock to lock access to > linked lists in the lle hashes. > o Introduce new lle flag LLE_LINKED, which marks an entry that > is attached to the hash. > - Use LLE_LINKED to avoid double unlinking via consequent > calls to llentry_free(). > - Mark lle with LLE_DELETED via |= operation istead of =, > so that other flags won't be lost. > o Make LLE_ADDREF(), LLE_REMREF() and LLE_FREE_LOCKED() more > consistent and provide more informative KASSERTs. > > The patch is a collaborative work of all submitters and myself. > > PR: kern/165863 > Submitted by: Andrey Zonov <andrey zonov.org> > Submitted by: Ryan Stone <rysto32 gmail.com> > Submitted by: Eric van Gyzen <eric_van_gyzen dell.com> I'm running into this on stable/9, any plan on when this will get MFCed? Fatal trap 12: page fault while in kernel mode cpuid = 0; apic id = 00 fault virtual address = 0x360 fault code = supervisor read data, page not present instruction pointer = 0x20:0xffffffff808c74c2 stack pointer = 0x28:0xffffff83e3f5d140 frame pointer = 0x28:0xffffff83e3f5d1a0 code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, long 1, def32 0, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 12 (irq265: igb0:que 0) [ thread pid 12 tid 100047 ] Stopped at 0xffffffff808c74c2 = _rw_rlock+0xf2: movl 0x360(%rcx),%edi db> bt Tracing pid 12 tid 100047 td 0xfffffe000d57c8e0 _rw_rlock() at 0xffffffff808c74c2 = _rw_rlock+0xf2 in_lltable_lookup() at 0xffffffff809e716c = in_lltable_lookup+0x4ac arpresolve() at 0xffffffff809dfe66 = arpresolve+0x116 ether_output() at 0xffffffff8098905f = ether_output+0x25f ip_output() at 0xffffffff809f73a9 = ip_output+0xc79 tcp_output() at 0xffffffff80a651dd = tcp_output+0xb0d tcp_do_segment() at 0xffffffff80a60213 = tcp_do_segment+0xb63 tcp_input() at 0xffffffff80a63148 = tcp_input+0xaf8 ip_input() at 0xffffffff809f447c = ip_input+0xac netisr_dispatch_src() at 0xffffffff8099346b = netisr_dispatch_src+0x20b ether_demux() at 0xffffffff8098890d = ether_demux+0x14d ether_nh_input() at 0xffffffff80988be4 = ether_nh_input+0x1f4 netisr_dispatch_src() at 0xffffffff8099346b = netisr_dispatch_src+0x20b igb_rxeof() at 0xffffffff8179d034 = igb_rxeof+0x394 igb_msix_que() at 0xffffffff8179d3ca = igb_msix_que+0xaa intr_event_execute_handlers() at 0xffffffff8089bdd4 = intr_event_execute_handlers+0x104 ithread_loop() at 0xffffffff8089d594 = ithread_loop+0xa4 fork_exit() at 0xffffffff8089847f = fork_exit+0x11f fork_trampoline() at 0xffffffff80bb970e = fork_trampoline+0xe --- trap 0, rip = 0, rsp = 0xffffff83e3f5dbb0, rbp = 0 --- Thanks, Ken -- Kenneth Merry ken@FreeBSD.ORG
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120821185014.GA28272>