From owner-freebsd-current@FreeBSD.ORG Wed Feb 16 14:30:22 2005 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D936816A4CE for ; Wed, 16 Feb 2005 14:30:22 +0000 (GMT) Received: from c00l3r.networx.ch (c00l3r.networx.ch [62.48.2.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id BD8D743D5D for ; Wed, 16 Feb 2005 14:30:21 +0000 (GMT) (envelope-from andre@freebsd.org) Received: (qmail 83833 invoked from network); 16 Feb 2005 14:07:36 -0000 Received: from dotat.atdotat.at (HELO [62.48.0.47]) ([62.48.0.47]) (envelope-sender ) by c00l3r.networx.ch (qmail-ldap-1.03) with SMTP for ; 16 Feb 2005 14:07:36 -0000 Message-ID: <421358FB.9090000@freebsd.org> Date: Wed, 16 Feb 2005 15:30:19 +0100 From: Andre Oppermann User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.8a6) Gecko/20050111 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Robert Watson References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit cc: current@freebsd.org Subject: Re: panic: tcp_input: TCPS_LISTEN in netinet/tcp_input.c:1016 X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 16 Feb 2005 14:30:23 -0000 Robert Watson wrote: > On Mon, 7 Feb 2005, Peter Holm wrote: > > >>While stress testing GENERIC HEAD from Feb 5 09:19 UTC + mpsafe_vfs = 1 >>I got: >> >>panic(c0832f7d,0,0,1,0) at panic+0x14b >>tcp_input(c27fca00,14,c27fca00,0,0) at tcp_input+0xbf6 >>ip_input(c27fca00) at ip_input+0x50d >>netisr_processqueue(c0944cd8) at netisr_processqueue+0x6e >>swi_net(0) at swi_net+0xbe >>ithread_loop(c154d180,cbc90d48,c154d180,c0601f84,0) at ithread_loop+0x120 >>fork_exit(c0601f84,c154d180,cbc90d48) at fork_exit+0xa4 >>fork_trampoline() at fork_trampoline+0x8 >> >>Details at http://www.holm.cc/stress/log/cons115.html >>A KTR dump with KTR_LOCK|KTR_BUF is available. >> >>Related reports: >> >>-rw-r--r-- 1 holm users 10641 Dec 20 16:51 cons96.html >>-rw-r--r-- 1 holm users 9906 Dec 26 15:28 cons98.html >>-rw-r--r-- 1 holm users 15189 Dec 29 22:17 cons99.html > > > This would appear to be an inter-layer race between the socket code and > the TCP code. In particular, it looks like a SYN has come in during the > call to listen() on another CPU (or perhaps a preempted thread), after the > TCP state has been set up for the listening tcpcb, but before the > SO_ACCEPTCONN flag is set in the socket state. The TCP code panics > because it expects that if a tcpcb is in TCPS_LISTEN, the matching socket > should be in SO_ACCEPTCONN. I'm working on a patch and hope to put it > together for you today. However, this patch substantially tears up the > current listen code for several protocols, so it will need a fair amount > of testing. > > If this problem should occur again, it would be very interesting to know > if ps, show threads, trace, et al, showed either a preempted thread on the > current CPU, or a thread on another CPU, in the listen() system call. > > Thanks for the (as usual) excellent bug report! I was pulling out my hair because I couldn't figure out how this can happen. I never thought about the socket layer and was only tracing and following the TCP code back and forth and back and forth... Really good catch! -- Andre