From owner-freebsd-bugs@FreeBSD.ORG Tue Jan 18 21:00:48 2005 Return-Path: Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6D05D16A4CF for ; Tue, 18 Jan 2005 21:00:48 +0000 (GMT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2165843D5E for ; Tue, 18 Jan 2005 21:00:47 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.1/8.13.1) with ESMTP id j0IL0l17062534 for ; Tue, 18 Jan 2005 21:00:47 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.13.1/8.13.1/Submit) id j0IL0lLX062532; Tue, 18 Jan 2005 21:00:47 GMT (envelope-from gnats) Resent-Date: Tue, 18 Jan 2005 21:00:47 GMT Resent-Message-Id: <200501182100.j0IL0lLX062532@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, hselasky@c2i.net Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 088E616A4CE; Tue, 18 Jan 2005 20:54:13 +0000 (GMT) Received: from mailfe06.swip.net (mailfe06.swip.net [212.247.154.161]) by mx1.FreeBSD.org (Postfix) with ESMTP id E44C243D41; Tue, 18 Jan 2005 20:54:11 +0000 (GMT) (envelope-from hselasky@c2i.net) Received: from mp-217-205-199.daxnet.no ([193.217.205.199] verified) by mailfe06.swip.net (CommuniGate Pro SMTP 4.2.7) with ESMTP id 269254563; Tue, 18 Jan 2005 21:54:10 +0100 Message-Id: <200501182154.39459.hselasky@c2i.net> Date: Tue, 18 Jan 2005 21:54:38 +0100 From: Hans Petter Selasky To: FreeBSD-gnats-submit@FreeBSD.org cc: kan@FreeBSD.org cc: csjp@FreeBSD.org Subject: kern/76432: recursive locking in the network stack X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: hselasky@c2i.net List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Jan 2005 21:00:48 -0000 >Number: 76432 >Category: kern >Synopsis: recursive locking in the network stack >Confidential: no >Severity: non-critical >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Tue Jan 18 21:00:46 GMT 2005 >Closed-Date: >Last-Modified: >Originator: hselasky@c2i.net >Release: FreeBSD 5.3-RC1 i386 >Organization: >Environment: System: FreeBSD 5.3-RC1 FreeBSD 5.3-RC1 #182: Fri Jan 14 13:45:31 CET 2005 root@ :/usr/obj/usr/src/sys/custom i386 >Description: 1) lock with name "rtentry" can recurse at line 197 in the file /usr/src/sys/net/route.c, which causes a panic Backtrace: panic() _mtx_lock_sleep() _mtx_lock_flags() rtalloc1() ifa_ifwithroute() rt_getifa() route_output() raw_usend() rts_send() sosend() soo_write() dofilewrite() write() syscall() 2) Adding flag MTX_RECURSE to mtx_init(), in the file "src/sys/net/route.h" leads to another bug: lock order reversal: 1st rtentry @ /usr/src/sys/net/rtsock.c:429 2nd radix node head @ /usr/src/sys/net/route.c:148 >How-To-Repeat: run "ppp" after "dhclient" >Fix: 1) run "route delete 0.0.0.0" before running ppp 2) patch for route.h *** /usr/src/sys/net/route.h.ref Tue Jan 18 21:16:05 2005 --- /usr/src/sys/net/route.h Tue Jan 18 21:17:32 2005 *************** *** 280,286 **** #ifdef _KERNEL #define RT_LOCK_INIT(_rt) \ ! mtx_init(&(_rt)->rt_mtx, "rtentry", NULL, MTX_DEF | MTX_DUPOK) #define RT_LOCK(_rt) mtx_lock(&(_rt)->rt_mtx) #define RT_UNLOCK(_rt) mtx_unlock(&(_rt)->rt_mtx) #define RT_LOCK_DESTROY(_rt) mtx_destroy(&(_rt)->rt_mtx) --- 280,286 ---- #ifdef _KERNEL #define RT_LOCK_INIT(_rt) \ ! mtx_init(&(_rt)->rt_mtx, "rtentry", NULL, MTX_DEF | MTX_DUPOK | MTX_RECURSE) #define RT_LOCK(_rt) mtx_lock(&(_rt)->rt_mtx) #define RT_UNLOCK(_rt) mtx_unlock(&(_rt)->rt_mtx) #define RT_LOCK_DESTROY(_rt) mtx_destroy(&(_rt)->rt_mtx) >Release-Note: >Audit-Trail: >Unformatted: