From owner-freebsd-current@FreeBSD.ORG Mon Jul 3 15:00:50 2006 Return-Path: X-Original-To: freebsd-current@freebsd.org Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0498E16A535 for ; Mon, 3 Jul 2006 15:00:49 +0000 (UTC) (envelope-from fli+freebsd-current@shapeshifter.se) Received: from mx1.h3q.net (manticore.shapeshifter.se [212.37.5.30]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6E38844087 for ; Mon, 3 Jul 2006 14:20:39 +0000 (GMT) (envelope-from fli+freebsd-current@shapeshifter.se) Received: from localhost (localhost [127.0.0.1]) by mx1.h3q.net (Postfix) with ESMTP id EEACF1A734 for ; Mon, 3 Jul 2006 16:20:36 +0200 (CEST) Received: from mx1.h3q.net ([127.0.0.1]) by localhost (mx1.h3q.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 89120-03 for ; Mon, 3 Jul 2006 16:20:35 +0200 (CEST) Received: from [10.0.0.50] (sto-nat.se.tangram-group.net [212.37.5.19]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.h3q.net (Postfix) with ESMTP id CF0DE1A720 for ; Mon, 3 Jul 2006 16:20:35 +0200 (CEST) Message-ID: <44A927AC.7080807@shapeshifter.se> Date: Mon, 03 Jul 2006 16:20:28 +0200 From: Fredrik Lindberg User-Agent: Thunderbird 1.5.0.2 (X11/20060423) MIME-Version: 1.0 To: freebsd-current@freebsd.org Content-Type: multipart/mixed; boundary="------------080500090504040201070603" X-Virus-Scanned: amavisd-new at h3q.net Subject: panic: knlist locked, but should not be X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Jul 2006 15:00:50 -0000 This is a multi-part message in MIME format. --------------080500090504040201070603 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Hi, I'm hitting this "knlist locked"-panic when using BPF descriptors together with kqueue/kevent. panic: knlist locked, but should not be #10 0xc051a1e3 in knlist_add (knl=0xc3b69460, kn=0xc3ad65d8, islocked=0) at /usr/src/sys/kern/kern_event.c:1571 #11 0xc059c5de in bpfkqfilter (dev=0x12, kn=0xc3ad65d8) at /usr/src/sys/net/bpf.c:1194 #12 0xc050d9e6 in giant_kqfilter (dev=0xc38f9d00, kn=0xc3ad65d8) at /usr/src/sys/kern/kern_conf.c:336 #13 0xc04e9580 in devfs_kqfilter_f (fp=0xc3ad40d8, kn=0xc3ad65d8) at /usr/src/sys/fs/devfs/devfs_vnops.c:444 #14 0xc0517e6d in filt_fileattach (kn=0x12) at file.h:305 #15 0xc0518eb0 in kqueue_register (kq=0xc3923780, kev=0xe3a67b9c, td=0xc3714a20, waitok=1) at /usr/src/sys/kern/kern_event.c:902 #16 0xc05185f4 in kern_kevent (td=0xc3714a20, fd=3, nchanges=1, nevents=0, k_ops=0xe3a67c70, timeout=0x0) at /usr/src/sys/kern/kern_event.c:640 #17 0xc0518491 in kevent (td=0xc3714a20, uap=0xe3a67d04) at /usr/src/sys/kern/kern_event.c:572 I thinks the problem is as follows, islocked is 0 which triggers the macro KNL_ASSERT_LOCK(knl, islocked); (It will only bite you if you run with INVARIANTS on) The knlist is initialized with the same mutex that protects the rest of the bpf_d structure. bpfopen(), sys/net/bpf.c:383 knlist_init(&d->bd_sel.si_note, &d->bd_mtx, NULL, NULL, NULL); In bpfkqfilter() and filt_bpfdetach() this mutex is acquired with BPFD_LOCK() before calling knlist_add()/knlist_remove() #define BPFD_LOCK(bd) mtx_lock(&(bd)->bd_mtx) Hence, the knlist lock IS locked despite being called with islocked = 0. If using the same mutex doesn't cause any additional problems, (I haven't noticed anything yet, but there could of course be issues that I've overlooked), I think knlist_add should be called with islocked = 1. A suggested patch is attached. Fredrik Lindberg --------------080500090504040201070603 Content-Type: text/plain; name="bpf.c-knlist-20060703.patch" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="bpf.c-knlist-20060703.patch" Index: bpf.c =================================================================== RCS file: /home/ncvs/src/sys/net/bpf.c,v retrieving revision 1.168 diff -u -r1.168 bpf.c --- bpf.c 15 Jun 2006 15:39:12 -0000 1.168 +++ bpf.c 3 Jul 2006 11:36:30 -0000 @@ -1152,7 +1152,7 @@ d->bd_pid = curthread->td_proc->p_pid; kn->kn_fop = &bpfread_filtops; kn->kn_hook = d; - knlist_add(&d->bd_sel.si_note, kn, 0); + knlist_add(&d->bd_sel.si_note, kn, 1); BPFD_UNLOCK(d); return (0); @@ -1164,7 +1164,7 @@ struct bpf_d *d = (struct bpf_d *)kn->kn_hook; BPFD_LOCK(d); - knlist_remove(&d->bd_sel.si_note, kn, 0); + knlist_remove(&d->bd_sel.si_note, kn, 1); BPFD_UNLOCK(d); } --------------080500090504040201070603--