From owner-freebsd-net@FreeBSD.ORG Wed Sep 28 20:00:48 2011 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C9C81106566C; Wed, 28 Sep 2011 20:00:48 +0000 (UTC) (envelope-from to.my.trociny@gmail.com) Received: from mail-bw0-f54.google.com (mail-bw0-f54.google.com [209.85.214.54]) by mx1.freebsd.org (Postfix) with ESMTP id 244C68FC0C; Wed, 28 Sep 2011 20:00:47 +0000 (UTC) Received: by bkbzs8 with SMTP id zs8so10354785bkb.13 for ; Wed, 28 Sep 2011 13:00:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=from:to:cc:subject:references:x-comment-to:sender:date:in-reply-to :message-id:user-agent:mime-version:content-type; bh=JXpKOQz+IH8OJ2dHN86rew5JbxdIDNnB7w9hTzFFuLI=; b=MR/Ubqb/6GYffSKGkCbKEbxynqyFZvGY/PWzGH7ZTGVFsO+yf6bXhhVCl/3Lde0E3U dBoPjiRQU9iL2xfKKJmTKR2mv40yjl1pE8S7uIm5Gc+ILhFgrd8rVHyqMh27qStORsAj rpZnaPpcKG7xV19+u06o7gBF2dR2J9WObjSf4= Received: by 10.204.137.89 with SMTP id v25mr2689841bkt.368.1317240046794; Wed, 28 Sep 2011 13:00:46 -0700 (PDT) Received: from localhost ([95.69.173.122]) by mx.google.com with ESMTPS id z7sm29374611bkt.5.2011.09.28.13.00.42 (version=TLSv1/SSLv3 cipher=OTHER); Wed, 28 Sep 2011 13:00:44 -0700 (PDT) From: Mikolaj Golub To: "K. Macy" References: X-Comment-To: K. Macy Sender: Mikolaj Golub Date: Wed, 28 Sep 2011 23:00:40 +0300 In-Reply-To: (K. Macy's message of "Mon, 26 Sep 2011 16:12:55 +0200") Message-ID: <8662kcigif.fsf@kopusha.home.net> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.2 (berkeley-unix) MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" Cc: "freebsd-net@freebsd.org" , Adrian Chadd , Arnaud Lacombe , dave jones Subject: Re: Kernel panic on FreeBSD 9.0-beta2 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 Sep 2011 20:00:49 -0000 --=-=-= On Mon, 26 Sep 2011 16:12:55 +0200 K. Macy wrote: KM> Sorry, didn't look at the images (limited bw), I've seen something KM> like this before in timewait. This "can't happen" with UDP so will be KM> interested in learning more about the bug. The panic can be easily triggered by this: --=-=-= Content-Type: application/octet-stream Content-Disposition: inline; filename=test_udp.c Content-Transfer-Encoding: base64 I2luY2x1ZGUgPHN5cy9wYXJhbS5oPgojaW5jbHVkZSA8c3lzL3NvY2tldC5oPgojaW5jbHVkZSA8 c3lzL3RpbWUuaD4KCiNpbmNsdWRlIDxuZXRpbmV0L2luLmg+CgojaW5jbHVkZSA8ZXJyLmg+CiNp bmNsdWRlIDxlcnJuby5oPgojaW5jbHVkZSA8c2lnbmFsLmg+CiNpbmNsdWRlIDxzdGRpby5oPgoj aW5jbHVkZSA8c3RkbGliLmg+CiNpbmNsdWRlIDxzdHJpbmcuaD4KI2luY2x1ZGUgPHVuaXN0ZC5o PgoKI2RlZmluZSBQT1JUCTY2NjYKCmludAptYWluKGludCBhcmdjLCBjaGFyICoqYXJndikKewoJ c3RydWN0IHNvY2thZGRyX2luIHNpbjsKCWludCBmZDsKCglpZiAoZm9yaygpID09IC0xKQoJCWVy cigxLCAiZm9yayIpOwoKCWZvciAoOzspIHsKCQlpZiAoKGZkID0gc29ja2V0KEFGX0lORVQsIFNP Q0tfREdSQU0sIDApKSA9PSAtMSkKCQkJY29udGludWU7CgoJCW1lbXNldCgmc2luLCAwLCBzaXpl b2Yoc2luKSk7CgkJc2luLnNpbl9mYW1pbHkgPSBBRl9JTkVUOwoJCXNpbi5zaW5fcG9ydCA9IGh0 b25zKFBPUlQpOwoKCQliaW5kKGZkLCAoc3RydWN0IHNvY2thZGRyICopICZzaW4sIHNpemVvZihz aW4pKTsKCgkJY2xvc2UoZmQpOwoJfQoKCWV4aXQoMCk7Cn0K --=-=-= The other thread at that moment is in soclose->sofree->upd_detach->in_pcbfree. It looks for me that we should call in_pcbdrop() in udp_close() to remove inpcb from hashed lists, like it is done for tcp_close(). With this patch I don't observe the panic. --=-=-= Content-Type: text/x-patch Content-Disposition: inline; filename=udp_usrreq.c.in_pcbdrop.patch Index: sys/netinet/udp_usrreq.c =================================================================== --- sys/netinet/udp_usrreq.c (revision 225816) +++ sys/netinet/udp_usrreq.c (working copy) @@ -1486,6 +1486,7 @@ udp_close(struct socket *so) inp = sotoinpcb(so); KASSERT(inp != NULL, ("udp_close: inp == NULL")); INP_WLOCK(inp); + in_pcbdrop(inp); if (inp->inp_faddr.s_addr != INADDR_ANY) { INP_HASH_WLOCK(&V_udbinfo); in_pcbdisconnect(inp); --=-=-= Content-Type: text/plain; charset=koi8-r Content-Transfer-Encoding: 8bit KM> On Mon, Sep 26, 2011 at 4:02 PM, Arnaud Lacombe wrote: >> Hi, >> >> On Mon, Sep 26, 2011 at 5:12 AM, K. Macy wrote: >>> >>> >>> On Monday, September 26, 2011, Adrian Chadd wrote: >>>> On 26 September 2011 13:41, Arnaud Lacombe wrote: >>>>> š/* >>>>> š * XXX >>>>> š * This entire block sorely needs a rewrite. >>>>> š */ >>>>> š š š šif (t && >>>>> š š š š š š((t->inp_flags & INP_TIMEWAIT) == 0) && >>>>> š š š š š š(so->so_type != SOCK_STREAM || >>>>> š š š š š š ntohl(t->inp_faddr.s_addr) == INADDR_ANY) && >>>>> š š š š š š(ntohl(sin->sin_addr.s_addr) != INADDR_ANY || >>>>> š š š š š š ntohl(t->inp_laddr.s_addr) != INADDR_ANY || >>>>> š š š š š š (t->inp_socket->so_options & >>>>> š š š š š SO_REUSEPORT) == 0) && >>>>> š š š š š š(inp->inp_cred->cr_uid != >>>>> š š š š š š t->inp_cred->cr_uid)) >>>>> š š š š šreturn (EADDRINUSE); >>>>> š š š} >>>>> >>>>> more specifically, `t->inp_socket' is NULL. The top comment may not be >>>>> relevant, as it's been here for the past 8 years. >>>> >>>> Why would t->inp_socket be NULL at this point? >>> >>> TIME_WAIT ... >>> >> on UDP socket ? >> >> š- Arnaud >> KM> _______________________________________________ KM> freebsd-net@freebsd.org mailing list KM> http://lists.freebsd.org/mailman/listinfo/freebsd-net KM> To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" -- Mikolaj Golub --=-=-=--