From nobody Wed Mar 18 18:01:45 2026 X-Original-To: current@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4fbc991P4gz6W7Sx for ; Wed, 18 Mar 2026 18:02:05 +0000 (UTC) (envelope-from kostikbel@gmail.com) Received: from kib.kiev.ua (kib.kiev.ua [IPv6:2001:470:d5e7:1::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4fbc973xqmz49xY; Wed, 18 Mar 2026 18:02:03 +0000 (UTC) (envelope-from kostikbel@gmail.com) Authentication-Results: mx1.freebsd.org; none Received: from tom.home (kib@localhost [127.0.0.1] (may be forged)) by kib.kiev.ua (8.18.1/8.18.1) with ESMTP id 62II1j7j061457; Wed, 18 Mar 2026 20:01:48 +0200 (EET) (envelope-from kostikbel@gmail.com) DKIM-Filter: OpenDKIM Filter v2.10.3 kib.kiev.ua 62II1j7j061457 Received: (from kostik@localhost) by tom.home (8.18.1/8.18.1/Submit) id 62II1jJ1061456; Wed, 18 Mar 2026 20:01:45 +0200 (EET) (envelope-from kostikbel@gmail.com) X-Authentication-Warning: tom.home: kostik set sender to kostikbel@gmail.com using -f Date: Wed, 18 Mar 2026 20:01:45 +0200 From: Konstantin Belousov To: Zhenlei Huang Cc: FreeBSD Current Subject: Re: userret: returning with the following locks held Message-ID: References: List-Id: Discussions about the use of FreeBSD-current List-Archive: https://lists.freebsd.org/archives/freebsd-current List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-current@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Spam-Status: No, score=-1.0 required=5.0 tests=ALL_TRUSTED,BAYES_00, DKIM_ADSP_CUSTOM_MED,FORGED_GMAIL_RCVD,FREEMAIL_FROM, NML_ADSP_CUSTOM_MED autolearn=no autolearn_force=no version=4.0.2 X-Spam-Checker-Version: SpamAssassin 4.0.2 (2025-08-27) on tom.home X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:6939, ipnet:2001:470::/32, country:US] X-Rspamd-Queue-Id: 4fbc973xqmz49xY X-Spamd-Bar: ---- On Wed, Mar 18, 2026 at 05:36:00PM +0800, Zhenlei Huang wrote: > Hi, > > While I'm working on the if_detach() / if_vmove() racing issue and I wrote > a test and try to repeat the race condition and got this assert panic, > > ``` > <6>epair1b: link state changed to UP > userret: returning with the following locks held: > exclusive sx ifnet_detach_sx (ifnet_detach_sx) r = 1 (0xffffffff83ab75e0) locked @ /home/zlei/freebsd-src/sys/net/if.c:1286 > panic: witness_warn > cpuid = 2 > time = 1773824038 > KDB: stack backtrace: > db_trace_self_wrapper() at db_trace_self_wrapper+0xa5/frame 0xfffffe00ec001710 > kdb_backtrace() at kdb_backtrace+0xc6/frame 0xfffffe00ec001870 > vpanic() at vpanic+0x214/frame 0xfffffe00ec001a10 > panic() at panic+0xb5/frame 0xfffffe00ec001ad0 > witness_warn() at witness_warn+0x7f7/frame 0xfffffe00ec001c30 > userret() at userret+0x11c/frame 0xfffffe00ec001d10 > amd64_syscall() at amd64_syscall+0x694/frame 0xfffffe00ec001f30 > fast_syscall_common() at fast_syscall_common+0xf8/frame 0xfffffe00ec001f30 > --- syscall (19, FreeBSD ELF64, compat.lseek), rip = 0xfd288de65ba, rsp = 0xfd284aad4b8, rbp = 0xfd284aad500 --- > Uptime: 29m8s > Dumping 1355 out of 16137 MB:..2%..11%..21%..31%..41%..51%..61%..71%..81%..91% > ``` > > The line 1286 of sys/net/if.c is ( my WIP revision ), > > ``` > 1250 static int > 1251 if_vmove_reclaim(struct thread *td, char *ifname, int jid) > 1252 { > ... > 1282 /* Get interface back from child jail/vnet. */ > 1283 found = if_unlink_ifnet(ifp, true); > 1284 MPASS(found); > 1285 sx_xlock(&ifnet_detach_sxlock); > 1286 if_vmove(ifp, vnet_dst); > 1287 sx_xunlock(&ifnet_detach_sxlock); > 1288 > 1289 /* Report the new if_xname back to the userland. */ > 1290 sprintf(ifname, "%s", ifp->if_xname); > 1291 > 1292 prison_free(pr); > 1293 CURVNET_RESTORE(); > 1294 return (0); > 1295 } > ``` > > That puzzled me a lot. The current thread only reaches to `if_vmove()` , how does it happen to userret() ? > > Is that witness warn is false report ? I doubt that this is false report. userret() is the common code that prepares thread for return from kernel to usermode. As part of the preparation, it checks that no locks is left owned by the thread. What you see is the result of the failing check. In other words, you have some syscall that locked a lock, did not released it, then returned. The layer that manages return to userspace caught the issue.