Date: Tue, 25 Jun 2019 13:25:02 +0000 From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 238789] panic: mutex so_rcv not owned at /usr/src/sys/kern/uipc_socket.c:2359 Message-ID: <bug-238789-7501-Jgx78ViWZR@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-238789-7501@https.bugs.freebsd.org/bugzilla/> References: <bug-238789-7501@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D238789 --- Comment #5 from Greg Becker <greg@codeconcepts.com> --- Sure Kubilay, here's my backtrace. It's from a kernel module I am working = on that I have not yet published. I hit this easily with GENERIC, but never h= it it when running with the patch I supplied: panic: mutex so_rcv not owned at /usr/src/sys/kern/uipc_socket.c:2359 cpuid =3D 11 time =3D 1561372118 KDB: stack backtrace: db_trace_self_wrapper() at db_trace_self_wrapper+0x2c/frame 0xfffffe012015e= 5b0 kdb_backtrace() at kdb_backtrace+0x53/frame 0xfffffe012015e660 vpanic() at vpanic+0x265/frame 0xfffffe012015e720 doadump() at doadump/frame 0xfffffe012015e780 __mtx_assert() at __mtx_assert+0x145/frame 0xfffffe012015e800 soreceive_stream() at soreceive_stream+0x963/frame 0xfffffe012015e8b0 soreceive() at soreceive+0x102/frame 0xfffffe012015e910 krpc_recv_tcp() at krpc_recv_tcp+0x55/frame 0xfffffe012015e9a0 svc_rcv_receive() at svc_rcv_receive+0x1c/frame 0xfffffe012015e9e0 tpool_run() at tpool_run+0x92/frame 0xfffffe012015ea30 fork_exit() at fork_exit+0x13b/frame 0xfffffe012015eab0 fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe012015eab0 --- trap 0, rip =3D 0, rsp =3D 0, rbp =3D 0 --- KDB: enter: panic [ thread pid 0 tid 101260 ] Stopped at breakpoint+0x5: popq %rbp I think what is happening is that I am post-processing a rcv soupcall, but = the non-blocking call to sblock() in soreceive() loses due to a race with an asynchronously running call to soshutdown(SHUT_RD) from my module unload co= de.=20 But I have not yet verified that... I'm using GENERIC with the following options: options CONSPEED=3D115200 options BREAK_TO_DEBUGGER options DDB options SOCKBUF_DEBUG options INVARIANTS options INVARIANT_SUPPORT FreeBSD sm1.cc.codeconcepts.com 12.0-STABLE FreeBSD 12.0-STABLE #31 r349288= M: Tue Jun 25 07:19:16 CDT 2019=20=20=20=20 greg@sm1.cc.codeconcepts.com:/usr/obj/usr/src/amd64.amd64/sys/SM1 amd64 --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-238789-7501-Jgx78ViWZR>