From nobody@FreeBSD.org  Wed Jun 29 11:47:57 2011
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 2AD261065672
	for <freebsd-gnats-submit@FreeBSD.org>; Wed, 29 Jun 2011 11:47:57 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from red.freebsd.org (red.freebsd.org [IPv6:2001:4f8:fff6::22])
	by mx1.freebsd.org (Postfix) with ESMTP id 01AAB8FC12
	for <freebsd-gnats-submit@FreeBSD.org>; Wed, 29 Jun 2011 11:47:57 +0000 (UTC)
Received: from red.freebsd.org (localhost [127.0.0.1])
	by red.freebsd.org (8.14.4/8.14.4) with ESMTP id p5TBluNb094983
	for <freebsd-gnats-submit@FreeBSD.org>; Wed, 29 Jun 2011 11:47:56 GMT
	(envelope-from nobody@red.freebsd.org)
Received: (from nobody@localhost)
	by red.freebsd.org (8.14.4/8.14.4/Submit) id p5TBluNu094982;
	Wed, 29 Jun 2011 11:47:56 GMT
	(envelope-from nobody)
Message-Id: <201106291147.p5TBluNu094982@red.freebsd.org>
Date: Wed, 29 Jun 2011 11:47:56 GMT
From: Thomas <tps@vr-web.de>
To: freebsd-gnats-submit@FreeBSD.org
Subject: panic _mtx_lock_sleep: recursed on non-recursive mutex if_addr_mtx @ /usr/src/sys/netinet6/mld6.c:1676
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         158426
>Category:       kern
>Synopsis:       [e1000] [panic] _mtx_lock_sleep: recursed on non-recursive mutex if_addr_mtx @ /usr/src/sys/netinet6/mld6.c:1676
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    pluknet
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Jun 29 11:50:09 UTC 2011
>Closed-Date:    Mon Aug 22 23:43:32 UTC 2011
>Last-Modified:  Mon Aug 22 23:44:52 UTC 2011
>Originator:     Thomas
>Release:        9-Current
>Organization:
n.a.
>Environment:
Impossible - kernel debugger after panic
>Description:
Disabling IPv6 makes the error vanish --- but IPv6 too!
>How-To-Repeat:
Compile a new kernel after cvsup to the latest kernel source.
>Fix:
Remove IPv6 support

>Release-Note:
>Audit-Trail:

From: Thomas Schweikle <tps@vr-web.de>
To: FreeBSD-gnats-submit@FreeBSD.org, freebsd-bugs@FreeBSD.org
Cc:  
Subject: Re: kern/158426: panic _mtx_lock_sleep: recursed on non-recursive
 mutex if_addr_mtx @ /usr/src/sys/netinet6/mld6.c:1676
Date: Wed, 29 Jun 2011 14:12:45 +0200

 This is a MIME-formatted message.  If you see this text it means that your
 E-mail software does not support MIME-formatted messages.
 
 --=_vrwf103-27201-1309349572-0001-2
 Content-Type: text/plain; charset=ISO-8859-15
 Content-Transfer-Encoding: quoted-printable
 
 Additional information:
 
 yum# uname -a
 FreeBSD yum.fritz.box 9.0-CURRENT FreeBSD 9.0-CURRENT #13: Tue Jun
 28 19:51:20 CEST 2011
 screen@yum.fritz.box:/usr/obj/usr/src/sys/YUM  i386
 
 Problem is related to Intel-Hardware:
   e1000-10/100/1000 Ethernet Adapter.
 
 --=20
 Thomas
 
 
 --=_vrwf103-27201-1309349572-0001-2
 Content-Type: application/pgp-signature; name="signature.asc"
 Content-Transfer-Encoding: 7bit
 Content-Description: OpenPGP digital signature
 Content-Disposition: attachment; filename="signature.asc"
 
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.11 (GNU/Linux)
 Comment: GnuPT 2.9.2
 
 iEYEARECAAYFAk4LFsIACgkQJuPdOes4UCSwFwCeJqeWqRBzyfLgt2TAL3K5vmKx
 LfQAoMEnd8aCat3GlbO0QiPbBJ0Oz66t
 =UEkX
 -----END PGP SIGNATURE-----
 
 --=_vrwf103-27201-1309349572-0001-2--
Responsible-Changed-From-To: freebsd-bugs->freebsd-net 
Responsible-Changed-By: linimon 
Responsible-Changed-When: Wed Jun 29 18:44:18 UTC 2011 
Responsible-Changed-Why:  
Over to maintainer(s). 

http://www.freebsd.org/cgi/query-pr.cgi?pr=158426 

From: Sergey Kandaurov <pluknet@gmail.com>
To: bug-followup@FreeBSD.org, tps@vr-web.de
Cc:  
Subject: Re: kern/158426: [e1000] [panic] _mtx_lock_sleep: recursed on
 non-recursive mutex if_addr_mtx @ /usr/src/sys/netinet6/mld6.c:1676
Date: Thu, 30 Jun 2011 15:54:33 +0400

 --0016e64aefda827b7b04a6ec9043
 Content-Type: text/plain; charset=ISO-8859-1
 
 The problem is that locking scope in MDL6 code is too wide.
 That results in that mld_set_version() is called with if_addr_mtx
 held, and then mld_set_version() locks it itself once again.
 
 Please try this patch (attached).
 
 -- 
 wbr,
 pluknet
 
 --0016e64aefda827b7b04a6ec9043
 Content-Type: text/plain; charset=US-ASCII; name="mld6.locking.txt"
 Content-Disposition: attachment; filename="mld6.locking.txt"
 Content-Transfer-Encoding: base64
 X-Attachment-Id: f_gpjnoi020
 
 SW5kZXg6IHN5cy9uZXRpbmV0Ni9tbGQ2LmMKPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09
 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gc3lzL25ldGluZXQ2L21s
 ZDYuYwkocmV2aXNpb24gMjIzMDczKQorKysgc3lzL25ldGluZXQ2L21sZDYuYwkod29ya2luZyBj
 b3B5KQpAQCAtNjgwLDcgKzY4MCw2IEBACiAKIAlJTjZfTVVMVElfTE9DSygpOwogCU1MRF9MT0NL
 KCk7Ci0JSUZfQUREUl9MT0NLKGlmcCk7CiAKIAkvKgogCSAqIFN3aXRjaCB0byBNTER2MSBob3N0
 IGNvbXBhdGliaWxpdHkgbW9kZS4KQEAgLTcwMCw2ICs2OTksNyBAQAogCQkgKi8KIAkJQ1RSMihL
 VFJfTUxELCAicHJvY2VzcyB2MSBnZW5lcmFsIHF1ZXJ5IG9uIGlmcCAlcCglcykiLAogCQkgICAg
 aWZwLCBpZnAtPmlmX3huYW1lKTsKKwkJSUZfQUREUl9MT0NLKGlmcCk7CiAJCVRBSUxRX0ZPUkVB
 Q0goaWZtYSwgJmlmcC0+aWZfbXVsdGlhZGRycywgaWZtYV9saW5rKSB7CiAJCQlpZiAoaWZtYS0+
 aWZtYV9hZGRyLT5zYV9mYW1pbHkgIT0gQUZfSU5FVDYgfHwKIAkJCSAgICBpZm1hLT5pZm1hX3By
 b3Rvc3BlYyA9PSBOVUxMKQpAQCAtNzA3LDYgKzcwNyw3IEBACiAJCQlpbm0gPSAoc3RydWN0IGlu
 Nl9tdWx0aSAqKWlmbWEtPmlmbWFfcHJvdG9zcGVjOwogCQkJbWxkX3YxX3VwZGF0ZV9ncm91cChp
 bm0sIHRpbWVyKTsKIAkJfQorCQlJRl9BRERSX1VOTE9DSyhpZnApOwogCX0gZWxzZSB7CiAJCS8q
 CiAJCSAqIE1MRHYxIEdyb3VwLVNwZWNpZmljIFF1ZXJ5LgpAQCAtNzI0LDcgKzcyNSw2IEBACiAJ
 CWluNl9jbGVhcnNjb3BlKCZtbGQtPm1sZF9hZGRyKTsKIAl9CiAKLQlJRl9BRERSX1VOTE9DSyhp
 ZnApOwogCU1MRF9VTkxPQ0soKTsKIAlJTjZfTVVMVElfVU5MT0NLKCk7CiAKQEAgLTg4OCw3ICs4
 ODgsNiBAQAogCiAJSU42X01VTFRJX0xPQ0soKTsKIAlNTERfTE9DSygpOwotCUlGX0FERFJfTE9D
 SyhpZnApOwogCiAJbWxpID0gTUxEX0lGSU5GTyhpZnApOwogCUtBU1NFUlQobWxpICE9IE5VTEws
 ICgiJXM6IG5vIG1sZF9pZmluZm8gZm9yIGlmcCAlcCIsIF9fZnVuY19fLCBpZnApKTsKQEAgLTk2
 NCw3ICs5NjMsNiBAQAogCX0KIAogb3V0X2xvY2tlZDoKLQlJRl9BRERSX1VOTE9DSyhpZnApOwog
 CU1MRF9VTkxPQ0soKTsKIAlJTjZfTVVMVElfVU5MT0NLKCk7CiAK
 --0016e64aefda827b7b04a6ec9043--
State-Changed-From-To: open->feedback 
State-Changed-By: pluknet 
State-Changed-When: Thu Jun 30 12:16:24 UTC 2011 
State-Changed-Why:  
Feedback requested. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=158426 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: kern/158426: commit references a PR
Date: Mon, 22 Aug 2011 23:39:50 +0000 (UTC)

 Author: pluknet
 Date: Mon Aug 22 23:39:40 2011
 New Revision: 225096
 URL: http://svn.freebsd.org/changeset/base/225096
 
 Log:
   Fix if_addr_mtx recursion in mld6.
   
   mld_set_version() is called only from mld_v1_input_query() and
   mld_v2_input_query() both holding the if_addr_mtx lock, and then calling
   into mld_v2_cancel_link_timers() acquires it the second time, which results
   in mtx recursion. To avoid that, delay if_addr_mtx acquisition until after
   mld_set_version() is called; while here, further reduce locking scope
   to protect only the needed pieces: if_multiaddrs, in6m_lookup_locked().
   
   PR:		kern/158426
   Reported by:	Thomas <tps vr-web.de>,
   		Tom Vijlbrief <tom.vijlbrief xs4all.nl>
   Tested by:	Tom Vijlbrief
   Reviewed by:	bz
   Approved by:	re (kib)
 
 Modified:
   head/sys/netinet6/mld6.c
 
 Modified: head/sys/netinet6/mld6.c
 ==============================================================================
 --- head/sys/netinet6/mld6.c	Mon Aug 22 23:27:23 2011	(r225095)
 +++ head/sys/netinet6/mld6.c	Mon Aug 22 23:39:40 2011	(r225096)
 @@ -680,7 +680,6 @@ mld_v1_input_query(struct ifnet *ifp, co
  
  	IN6_MULTI_LOCK();
  	MLD_LOCK();
 -	IF_ADDR_LOCK(ifp);
  
  	/*
  	 * Switch to MLDv1 host compatibility mode.
 @@ -693,6 +692,7 @@ mld_v1_input_query(struct ifnet *ifp, co
  	if (timer == 0)
  		timer = 1;
  
 +	IF_ADDR_LOCK(ifp);
  	if (is_general_query) {
  		/*
  		 * For each reporting group joined on this
 @@ -888,7 +888,6 @@ mld_v2_input_query(struct ifnet *ifp, co
  
  	IN6_MULTI_LOCK();
  	MLD_LOCK();
 -	IF_ADDR_LOCK(ifp);
  
  	mli = MLD_IFINFO(ifp);
  	KASSERT(mli != NULL, ("%s: no mld_ifinfo for ifp %p", __func__, ifp));
 @@ -936,14 +935,18 @@ mld_v2_input_query(struct ifnet *ifp, co
  		 * Queries for groups we are not a member of on this
  		 * link are simply ignored.
  		 */
 +		IF_ADDR_LOCK(ifp);
  		inm = in6m_lookup_locked(ifp, &mld->mld_addr);
 -		if (inm == NULL)
 +		if (inm == NULL) {
 +			IF_ADDR_UNLOCK(ifp);
  			goto out_locked;
 +		}
  		if (nsrc > 0) {
  			if (!ratecheck(&inm->in6m_lastgsrtv,
  			    &V_mld_gsrdelay)) {
  				CTR1(KTR_MLD, "%s: GS query throttled.",
  				    __func__);
 +				IF_ADDR_UNLOCK(ifp);
  				goto out_locked;
  			}
  		}
 @@ -961,10 +964,10 @@ mld_v2_input_query(struct ifnet *ifp, co
  
  		/* XXX Clear embedded scope ID as userland won't expect it. */
  		in6_clearscope(&mld->mld_addr);
 +		IF_ADDR_UNLOCK(ifp);
  	}
  
  out_locked:
 -	IF_ADDR_UNLOCK(ifp);
  	MLD_UNLOCK();
  	IN6_MULTI_UNLOCK();
  
 _______________________________________________
 svn-src-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-src-all
 To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
 
State-Changed-From-To: feedback->closed 
State-Changed-By: pluknet 
State-Changed-When: Mon Aug 22 23:42:16 UTC 2011 
State-Changed-Why:  
A different fix was committed in svn r225096. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=158426 
Responsible-Changed-From-To: freebsd-net->pluknet 
Responsible-Changed-By: pluknet 
Responsible-Changed-When: Mon Aug 22 23:44:24 UTC 2011 
Responsible-Changed-Why:  
Track. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=158426 
>Unformatted:
