Date: Sat, 09 Jan 2016 04:30:45 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-bugs@FreeBSD.org Subject: [Bug 206053] There is a bug in kqueue support code of netmap Message-ID: <bug-206053-8@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206053 Bug ID: 206053 Summary: There is a bug in kqueue support code of netmap Product: Base System Version: 11.0-CURRENT Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: kern Assignee: freebsd-bugs@FreeBSD.org Reporter: btw@mail.ustc.edu.cn It seems that there is a bug in kqueue support code of netmap which can cau= se kernel panic. And I can reproduce the kernel panic with this simple program= on -HEAD: #include <stdio.h> #include <assert.h> #include <sys/types.h> #include <sys/event.h> #include <sys/time.h> #ifndef NETMAP_WITH_LIBS #define NETMAP_WITH_LIBS #endif #include <net/netmap_user.h> static int kq_add(int kq, int fd) { struct kevent changes[1]; int ret; EV_SET(&changes[0], fd, EVFILT_READ, EV_ADD, 0, 0, NULL); ret =3D kevent(kq, changes, 1, NULL, 0, NULL); assert(ret !=3D -1); printf("[%s] success\n", __func__); return (ret); } static void kq_wait(int kq) { struct kevent events[1]; int ret; ret =3D kevent(kq, NULL, 0, events, 1, NULL); assert(ret !=3D -1); printf("[%s] success\n", __func__); } int main(void) { const char *ifname =3D "vale0:vm1"; struct nm_desc *d; int kq; d =3D nm_open(ifname, NULL, 0, 0); assert(d !=3D NULL); kq =3D kqueue(); assert(kq !=3D -1); kq_add(kq, d->fd); kq_wait(kq); return (0); } And below is part of the crash summary: freebsd dumped core - see /var/crash/vmcore.0 Fri Jan 8 22:19:39 CST 2016 FreeBSD freebsd 11.0-CURRENT FreeBSD 11.0-CURRENT #2 d1f6105(master)-dirty:= Fri Jan 8 21:55:33 CST 2016 btw@freebsd:/usr/obj/root/freebsd/sys/GENERIC= =20 amd64 ...... panic: mutex nm_kn_lock not owned at /root/freebsd/sys/kern/kern_event.c:20= 73 cpuid =3D 1 KDB: stack backtrace: db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe011744c= 420 vpanic() at vpanic+0x182/frame 0xfffffe011744c4a0 panic() at panic+0x43/frame 0xfffffe011744c500 __mtx_assert() at __mtx_assert+0xbf/frame 0xfffffe011744c510 knlist_add() at knlist_add+0x20/frame 0xfffffe011744c540 netmap_kqfilter() at netmap_kqfilter+0x101/frame 0xfffffe011744c580 devfs_kqfilter_f() at devfs_kqfilter_f+0x81/frame 0xfffffe011744c5d0 kqueue_register() at kqueue_register+0x5bf/frame 0xfffffe011744c670 kqueue_kevent() at kqueue_kevent+0xc8/frame 0xfffffe011744c840 kern_kevent_fp() at kern_kevent_fp+0x99/frame 0xfffffe011744c890 kern_kevent() at kern_kevent+0x9f/frame 0xfffffe011744c8f0 sys_kevent() at sys_kevent+0x11c/frame 0xfffffe011744c9a0 amd64_syscall() at amd64_syscall+0x2db/frame 0xfffffe011744cab0 Xfast_syscall() at Xfast_syscall+0xfb/frame 0xfffffe011744cab0 --- syscall (363, FreeBSD ELF64, sys_kevent), rip =3D 0x80095bc7a, rsp =3D 0x7fffffffe988, rbp =3D 0x7fffffffe9e0 --- KDB: enter: panic ...... --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-206053-8>