From owner-freebsd-current@FreeBSD.ORG Mon Dec 20 20:19:55 2004 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 07B4E16A4CE; Mon, 20 Dec 2004 20:19:55 +0000 (GMT) Received: from cs.rice.edu (cs.rice.edu [128.42.1.30]) by mx1.FreeBSD.org (Postfix) with ESMTP id CAD1943D2D; Mon, 20 Dec 2004 20:19:54 +0000 (GMT) (envelope-from alc@cs.rice.edu) Received: from localhost (calypso.cs.rice.edu [128.42.1.127]) by cs.rice.edu (Postfix) with ESMTP id 767BB4A9D4; Mon, 20 Dec 2004 14:19:54 -0600 (CST) Received: from cs.rice.edu ([128.42.1.30]) by localhost (calypso.cs.rice.edu [128.42.1.127]) (amavisd-new, port 10024) with LMTP id 09618-01-8; Mon, 20 Dec 2004 14:19:54 -0600 (CST) Received: by cs.rice.edu (Postfix, from userid 19572) id 0F3B14A9C8; Mon, 20 Dec 2004 14:19:54 -0600 (CST) Date: Mon, 20 Dec 2004 14:19:53 -0600 From: Alan Cox To: Brian Fundakowski Feldman , rwatson@freebsd.org Message-ID: <20041220201953.GI1362@cs.rice.edu> References: <20041211224850.GV17820@cs.rice.edu> <20041214000620.GA94951@green.homeunix.org> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="Yylu36WmvOXNoKYn" Content-Disposition: inline In-Reply-To: <20041214000620.GA94951@green.homeunix.org> User-Agent: Mutt/1.4.2i X-Virus-Scanned: by amavis-20030616-p7 at cs.rice.edu cc: Alan Cox cc: current@freebsd.org Subject: Re: panic: sbflush_locked X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 Dec 2004 20:19:55 -0000 --Yylu36WmvOXNoKYn Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Mon, Dec 13, 2004 at 07:06:20PM -0500, Brian Fundakowski Feldman wrote: > On Sat, Dec 11, 2004 at 04:48:50PM -0600, Alan Cox wrote: > > I just got the following panic for a second time in the last three days > > doing a "make -jN buildworld". This is a with a recent copy of HEAD. > > If anyone wants more detail, let me know. > > > > panic: sbflush_locked: cc 4 || mb 0xffffff0052afa400 || mbcnt 0 > > cpuid = 1 > > KDB: enter: panic > > [thread pid 12163 tid 100188 ] > > Stopped at kdb_enter+0x2f: nop > > db> trace > > Tracing pid 12163 tid 100188 td 0xffffff008d169500 > > kdb_enter() at kdb_enter+0x2f > > panic() at panic+0x291 > > sbflush_locked() at sbflush_locked+0x64 > > sbrelease_locked() at sbrelease_locked+0x1c > > sbrelease() at sbrelease+0x48 > > sorflush() at sorflush+0x15c > > sofree() at sofree+0x204 > > soclose() at soclose+0x3af > > fifo_cleanup() at fifo_cleanup+0x38 > > fifo_close() at fifo_close+0x79 > > ufsfifo_close() at ufsfifo_close+0x7d > > vn_close() at vn_close+0x8e > > vn_closefile() at vn_closefile+0x65 > > fdrop_locked() at fdrop_locked+0xc0 > > closef() at closef+0x39 > > close() at close+0x1a5 > > syscall() at syscall+0x51e > > Xfast_syscall() at Xfast_syscall+0xa8 > > --- syscall (6, FreeBSD ELF64, close), rip = 0x41e2c0, rsp = 0x7fffffffded8, rbp = 0x57a540 --- > > I haven't seen this in a very long time, but I've definitely tried to > track it down before with zero luck. > With the attached change, I've had no more crashes. I speculate uipc_send() is missing needed synchronization on so_snd. Robert, can you verify the patch? Alan --Yylu36WmvOXNoKYn Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename="patch-uipc_usrreq.c" Index: kern/uipc_usrreq.c =================================================================== RCS file: /home/ncvs/src/sys/kern/uipc_usrreq.c,v retrieving revision 1.143 diff -u -r1.143 uipc_usrreq.c --- kern/uipc_usrreq.c 1 Dec 2004 09:22:26 -0000 1.143 +++ kern/uipc_usrreq.c 19 Dec 2004 03:22:50 -0000 @@ -452,7 +452,9 @@ } } + SOCKBUF_LOCK(&so->so_snd); if (so->so_snd.sb_state & SBS_CANTSENDMORE) { + SOCKBUF_UNLOCK(&so->so_snd); error = EPIPE; break; } @@ -478,6 +480,7 @@ (so2->so_rcv.sb_cc - unp->unp_conn->unp_cc); (void)chgsbsize(so->so_cred->cr_uidinfo, &so->so_snd.sb_hiwat, newhiwat, RLIM_INFINITY); + SOCKBUF_UNLOCK(&so->so_snd); unp->unp_conn->unp_cc = so2->so_rcv.sb_cc; sorwakeup_locked(so2); m = NULL; --Yylu36WmvOXNoKYn--