kern/113457: Deadlock

Kena kena at vodka-pomme.net
Thu Jun 7 15:30:05 UTC 2007 

>Number:         113457
>Category:       kern
>Synopsis:       Deadlock
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Jun 07 15:30:02 GMT 2007
>Closed-Date:
>Last-Modified:
>Originator:     Kena
>Release:        7.0-CURRENT
>Organization:
>Environment:
FreeBSD fungus.kahlua 7.0-CURRENT FreeBSD 7.0-CURRENT #3: Fri Jun  1 10:49:34 CEST 2007     root at fungus.kahlua:/usr/obj/usr/src/sys/FUNGUS  i386
>Description:
Using a tunnel to access ipv6 (gw6c from www.go6.net): a deadlock occurs if the tunnel goes down while there are tcp6 connections opened.

Sample panic report on this system:

em0: watchdog timeout -- resetting
Jun 7 10:17:21 fungus gw6c: Connection timeout occured.
Jun 7 10:17:21 fungus gw6c: Disconnected. Retrying in 30 seconds.
em0: watchdog timeout -- resetting
lock order reversal:
 1st 0xc30630d8 rtentry (rtentry) @ /usr/src/sys/netinet6/nd6.c:1963
 2nd 0xc2ed977c radix node head (radix node head) @ /usr/src/sys/net/route.c:147

KDB: stack backtrace
db_trace_self_wrapper(....) at db_trace_self_wrapper+0x26
kdb_backtrace(...) at kbd_backtrace+0x29
witness_checkorder(...) at witness_checkorder+0x6b7
_mtx_lock_flags(...) at _mtx_lock_flags+0xb0
rtalloc1(...) at rtalloc1+0x60
nd6_lookup(...) at nd6_loockup+0x55
nd6_is_addr_neighbor(...) at nd6_is_addr_neighbor+0x37
nd6_output(...) at nd6_output+0x10d
ip6_output(...) at ip6_output+0x108a
tcp_output(...) at tcp_output+0x12b3
tcp_timer(...) at tcp_timer+0x2ad
softclock(...) at softclock+0x293
ithread_loop(...) at ithread_loop+0x1a8
fork_exit(...) at fork_exit+0xed
fork_trampoline() at fork_trampoline+0x8
--- trap 0, eip = 0, esp = 0xd3c81d70, ebp = 0 ---
panic: _mtx_lock_sleep: recursed on non-recursive mutex rtentry @ /usr/src/sys/net/route.c:197

cpuid = 0
KBD: enter: panic
[thread pid 11 tid 100004 ]
Stopped at   kbd_enter+0x32: leave
db>


Configuration for kernel "FUNGUS" is GENERIC from 7.0-CURRENT with cpu I486_CPU and  I586_CPU disabled.




>How-To-Repeat:
1. set up a ip6 link with gw6c (from www.go6.net), "router" mode

2. open a tcp6 connection (for example irssi -c ipv6.chat.freenode.net)

3. break the network link (pull ethernet cable)

4. wait for gw6c to timeout

A few seconds after gw6c reports the disconnect on the console the panic occurs.

Crash 100% reproducible.
>Fix:


>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-bugs mailing list