Date: Fri, 05 Aug 2016 15:38:10 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-bugs@FreeBSD.org Subject: [Bug 211602] route change command for ipv6 route with bad gateway leads to deadlock/panic Message-ID: <bug-211602-8@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D211602 Bug ID: 211602 Summary: route change command for ipv6 route with bad gateway leads to deadlock/panic Product: Base System Version: 11.0-BETA3 Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: kern Assignee: freebsd-bugs@FreeBSD.org Reporter: guyyur@gmail.com When changing a route, rtrequest1_fib acquires a RIB_WLOCK. If the ifa is not found, rtalloc1_fib might be called and it does a RIB_RLO= CK. This leads to a panic if INVARIANTS is in the kernel config or to a deadloc= k if not. Example of bad gateway is forgetting the %IF when using a link local addres= s. # route add -inet6 default fe80::7 # route change -inet6 default fe80::7 Another example is changing when the route to the gateway was deleted. # route add -inet6 2001:db8:0::/64 fe80::7%lo0 # route add -inet6 2001:db8:1::/64 2001:db8:0::1 # route delete -inet6 2001:db8:0::/64 # route change -inet6 2001:db8:1::/64 2001:db8:0::1 With 12.0-CURRENT r303766: panic: rw_rlock: wlock already held for rib head lock @ /usr/src/sys/net/route.c:457 cpuid =3D 0 KDB: stack backtrace: db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe00de231= 220 vpanic() at vpanic+0x182/frame 0xfffffe00de2312a0 kassert_panic() at kassert_panic+0x126/frame 0xfffffe00de231310 __rw_rlock() at __rw_rlock+0x4a3/frame 0xfffffe00de2313b0 rtalloc1_fib() at rtalloc1_fib+0x86/frame 0xfffffe00de231470 ifa_ifwithroute() at ifa_ifwithroute+0x83/frame 0xfffffe00de2314b0 rt_getifa_fib() at rt_getifa_fib+0xe7/frame 0xfffffe00de2314d0 rtrequest1_fib() at rtrequest1_fib+0x596/frame 0xfffffe00de2315c0 route_output() at route_output+0x6ce/frame 0xfffffe00de2317c0 sosend_generic() at sosend_generic+0x436/frame 0xfffffe00de231880 soo_write() at soo_write+0x42/frame 0xfffffe00de2318b0 dofilewrite() at dofilewrite+0xa4/frame 0xfffffe00de231900 kern_writev() at kern_writev+0x68/frame 0xfffffe00de231950 sys_write() at sys_write+0x84/frame 0xfffffe00de2319a0 amd64_syscall() at amd64_syscall+0x2db/frame 0xfffffe00de231ab0 Xfast_syscall() at Xfast_syscall+0xfb/frame 0xfffffe00de231ab0 --- syscall (4, FreeBSD ELF64, sys_write), rip =3D 0x800977b1a, rsp =3D 0x7fffffffe1b8, rbp =3D 0x7fffffffea80 --- KDB: enter: panic [ thread pid 609 tid 100106 ] Stopped at kdb_enter+0x3b: movq $0,kdb_why I restored RTF_RNH_LOCKED (removed in r293829) locally as a workaround to notify rtalloc1_fib a lock is not needed until a better solution is found. https://github.com/guyyur/freebsd-src_patches/blob/master/route-change-bad-= gateway-panic.patch --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-211602-8>