svn commit: r238990 - in head/sys: net netinet netinet6

Kenneth D. Merry ken at FreeBSD.org
Tue Aug 21 18:50:16 UTC 2012 

On Thu, Aug 02, 2012 at 13:57:50 +0000, Gleb Smirnoff wrote:
> Author: glebius
> Date: Thu Aug  2 13:57:49 2012
> New Revision: 238990
> URL: http://svn.freebsd.org/changeset/base/238990
> 
> Log:
>   Fix races between in_lltable_prefix_free(), lla_lookup(),
>   llentry_free() and arptimer():
>   
>   o Use callout_init_rw() for lle timeout, this allows us safely
>     disestablish them.
>     - This allows us to simplify the arptimer() and make it
>       race safe.
>   o Consistently use ifp->if_afdata_lock to lock access to
>     linked lists in the lle hashes.
>   o Introduce new lle flag LLE_LINKED, which marks an entry that
>     is attached to the hash.
>     - Use LLE_LINKED to avoid double unlinking via consequent
>       calls to llentry_free().
>     - Mark lle with LLE_DELETED via |= operation istead of =,
>       so that other flags won't be lost.
>   o Make LLE_ADDREF(), LLE_REMREF() and LLE_FREE_LOCKED() more
>     consistent and provide more informative KASSERTs.
>   
>   The patch is a collaborative work of all submitters and myself.
>   
>   PR:		kern/165863
>   Submitted by:	Andrey Zonov <andrey zonov.org>
>   Submitted by:	Ryan Stone <rysto32 gmail.com>
>   Submitted by:	Eric van Gyzen <eric_van_gyzen dell.com>

I'm running into this on stable/9, any plan on when this will get MFCed?

Fatal trap 12: page fault while in kernel mode
cpuid = 0; apic id = 00
fault virtual address   = 0x360
fault code              = supervisor read data, page not present
instruction pointer     = 0x20:0xffffffff808c74c2
stack pointer           = 0x28:0xffffff83e3f5d140
frame pointer           = 0x28:0xffffff83e3f5d1a0
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 12 (irq265: igb0:que 0)
[ thread pid 12 tid 100047 ]
Stopped at      0xffffffff808c74c2 = _rw_rlock+0xf2:    movl    0x360(%rcx),%edi
db> bt
Tracing pid 12 tid 100047 td 0xfffffe000d57c8e0
_rw_rlock() at 0xffffffff808c74c2 = _rw_rlock+0xf2
in_lltable_lookup() at 0xffffffff809e716c = in_lltable_lookup+0x4ac
arpresolve() at 0xffffffff809dfe66 = arpresolve+0x116
ether_output() at 0xffffffff8098905f = ether_output+0x25f
ip_output() at 0xffffffff809f73a9 = ip_output+0xc79
tcp_output() at 0xffffffff80a651dd = tcp_output+0xb0d
tcp_do_segment() at 0xffffffff80a60213 = tcp_do_segment+0xb63
tcp_input() at 0xffffffff80a63148 = tcp_input+0xaf8
ip_input() at 0xffffffff809f447c = ip_input+0xac
netisr_dispatch_src() at 0xffffffff8099346b = netisr_dispatch_src+0x20b
ether_demux() at 0xffffffff8098890d = ether_demux+0x14d
ether_nh_input() at 0xffffffff80988be4 = ether_nh_input+0x1f4
netisr_dispatch_src() at 0xffffffff8099346b = netisr_dispatch_src+0x20b
igb_rxeof() at 0xffffffff8179d034 = igb_rxeof+0x394
igb_msix_que() at 0xffffffff8179d3ca = igb_msix_que+0xaa
intr_event_execute_handlers() at 0xffffffff8089bdd4 = intr_event_execute_handlers+0x104
ithread_loop() at 0xffffffff8089d594 = ithread_loop+0xa4
fork_exit() at 0xffffffff8089847f = fork_exit+0x11f
fork_trampoline() at 0xffffffff80bb970e = fork_trampoline+0xe
--- trap 0, rip = 0, rsp = 0xffffff83e3f5dbb0, rbp = 0 ---

Thanks,

Ken
-- 
Kenneth Merry
ken at FreeBSD.ORG

More information about the svn-src-all mailing list