Date: Fri, 12 Apr 2013 22:49:03 -0400 From: suraj sandhu <surajsandhu.bsd@gmail.com> To: freebsd-net@freebsd.org Subject: Race condition inside if_detach_internal() leads to a crash while running "jail -r" Message-ID: <CAAFvPEFCJ7dh6HDjwFCPT0h4BqAnuoV2S%2Bj5AScMfid92f4anw@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
I am running FreeBsd 8.2 and hitting this panic: kdb_backtrace() at kdb_backtrace+0x3e panic() at panic+0x479 trap_fatal() at trap_fatal+0x4f4 trap() at trap+0x8fe calltrap() at calltrap+0x8 --- trap 0x9, rip = 0xffffffff80518f4d, rsp = 0xffffff805fa1d9e0, rbp = 0xffffff805fa1da30 --- raw_input() at raw_input+0x4d rts_input() at rts_input+0x70 netisr_process_workstream_proto() at netisr_process_workstream_proto+0x1ea swi_net() at swi_net+0xad intr_event_execute_handlers() at intr_event_execute_handlers+0x21c ithread_execute_handlers() at ithread_execute_handlers+0x73 ithread_loop() at ithread_loop+0x10f fork_exit() at fork_exit+0x180 fork_trampoline() at fork_trampoline+0xe --- trap 0, rip = 0, rsp = 0xffffff805fa1dd30, rbp = 0 --- Uptime: 20h23m27s I looked into the code and issue seems to be that in if_detach_internal(), if_down() is called which leads to netisr_queue() call in rt_dispatch() with an mbuf which has the interface being detached as rcvif, subsequently if_detach_internal() calls if_dead() on the interface. And, then at time of processing the work, this panic is seen since mbuf has a dead interface. Seems like the issue was reported on the virtualization mailing list earlier: http://lists.freebsd.org/pipermail/freebsd-virtualization/2012-April/000885.html I am looking for patch(es) to fix this issue. Thanks for any help. -Suraj Sandhu
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAAFvPEFCJ7dh6HDjwFCPT0h4BqAnuoV2S%2Bj5AScMfid92f4anw>