deadlock every 15-20 min

Christian S.J. Peron csjp at
Sun May 14 08:25:22 PDT 2006

This is very similar to the UID/GID filtering problem. What appears to 
be happening is on the inbound path, we pickup the pfil lock and attempt 
to pickup the inp info lock, while on the outbound path, we hold the inp 
info lock across ip_output which will try to pickup the pfil lock.

This problem is the result of a layering violation, in reality the 
firewall should not be picking up layer 4 related locks. Myself and a 
few others have been discussing this problem for quite some time now, 
and hopefully it won't be long before we can come up with a solution 
that will make everyone happy.

For now, you should be able to set debug.mpsafenet to  0 which will 
re-enable Giant in the network stack, in theory preventing the deadlock.


in your loader.conf

Let me know if this helps

sekes wrote:
> On 5/14/06, Bjoern A. Zeeb <bzeeb-lists at> wrote:
>> On Sun, 14 May 2006, sekes wrote:
>> > lock order reversal:
>> > 1st 0xc2b8b090 inp (divinp) @
>> > /usr/src/sys/modules/ipdivert/../../netinet/ip_divert.c:336
>> > 2nd 0xc0a44db8 PFil hook read/write mutex (PFil hook read/write 
>> mutex) @
>> > /usr/src/sys/net/pfil.c:73
>> looks almost the same as LOR #181:
>> but without the div_output().
>> -- 
>> Bjoern A. Zeeb                          bzeeb at Zabbadoz dot NeT
> yes, it is similar to my situation. may i know when it could be fixed?
> _______________________________________________
> freebsd-current at mailing list
> To unsubscribe, send any mail to 
> "freebsd-current-unsubscribe at"
Christian S.J. Peron
csjp at FreeBSD.ORG
FreeBSD Committer
FreeBSD Security Team

More information about the freebsd-current mailing list