RELENG_7 crash

Robert Watson rwatson at
Tue Apr 21 17:53:55 UTC 2009

On Tue, 21 Apr 2009, Mike Tancsa wrote:

> At 11:31 AM 4/21/2009, Ruslan Ermilov wrote:
>> :
>> : Note that these changes simply close races around use of ifindex_table,
>> : and make no attempt to solve the probem of disappearing ifnets.  Further
>>       ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>> : refinement of this work, including with respect to ifindex_table
>> : resizing, is still required.
>> :
>> : In a future change, the ifnet lock should be converted from a mutex to an
>> : rwlock in order to reduce contention.
>        Thanks for the info!  In the mean, time, apart from disabling 
> snmpwalking, is there anything I can do to mitigate triggering this bug ? 
> The box runs ospf/zebra for routing daemons and mpd53 for l2tp LNS 
> termination.

There are several bugs here, one difficult to fix (lack of refcounting), but 
also stuff like ifp being derived from an interface number twice, but checked 
against NULL only the first time (line 85 checked for NULL, re-queried but no 
check line 88).  Fixing the top bit of the function to only query the ifp once 
and check it for NULL then would be a good idea.  More fundamentally, we do 
need to refcount ifnets when used from the management path, which is not all 
that hard a change, but preferably to try the easy way first given where we 
are in the release cycle.

However, I wonder if your debugger is being totally honest with you.  Line 127 
is after several other dereferences of ifp, and there are calls to functions 
with locking, so the compiler really shouldn't have reordered the post-sysctl 
calls to be before the pre-sysctl calls that also dereference it.  Could you 
try using addr2line and see if it gives you a different line number, and/or 
check source and object file dates?

Robert N M Watson
Computer Laboratory
University of Cambridge

More information about the freebsd-stable mailing list