From owner-freebsd-current@freebsd.org  Sat Aug  8 03:25:28 2015
Return-Path: <owner-freebsd-current@freebsd.org>
Delivered-To: freebsd-current@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id DE5C09B5445
 for <freebsd-current@mailman.ysv.freebsd.org>;
 Sat,  8 Aug 2015 03:25:27 +0000 (UTC)
 (envelope-from markjdb@gmail.com)
Received: from mail-pd0-x235.google.com (mail-pd0-x235.google.com
 [IPv6:2607:f8b0:400e:c02::235])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id B9AAE1182;
 Sat,  8 Aug 2015 03:25:27 +0000 (UTC)
 (envelope-from markjdb@gmail.com)
Received: by pdco4 with SMTP id o4so51541913pdc.3;
 Fri, 07 Aug 2015 20:25:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=sender:date:from:to:cc:subject:message-id:references:mime-version
 :content-type:content-disposition:in-reply-to:user-agent;
 bh=VGzqMrLovfDUTduDf8EOZWAdn8EkszzOvTWewPH7ZxM=;
 b=wZ87ePcRa5jgPVG8HaRVSunFWO0KVUh1P7FBAWiqCmhGmc6W4nOj19T+0//EL1r827
 ar/VhVXJDFJq4qT3PVrGeB5G7JJYzEZN8qmjT2fdrDlv8C0zcIomwv2WWy3V/jbZFt/R
 jD6f5wfbEUaOtI4QqdpaaKMwqcHPQ/g8ua8whNhONhmX3emjFnpXZrogPAQgmhkWBpKZ
 wUVnF/7kxewFSPVekIuNVUq7/U8ox5DIjhbKKiS0dEfxn1c+XdAMGSuGnb9nZW7rE0Fo
 5OB2jC37Fl5sXn8RX2iEUKMirG/DT+QJ5RmzGzie8P5t0+fNGJ+cR+um626mZ7utCtSe
 nr2g==
X-Received: by 10.70.42.166 with SMTP id p6mr21818258pdl.118.1439004326675;
 Fri, 07 Aug 2015 20:25:26 -0700 (PDT)
Received: from raichu ([104.232.114.184])
 by smtp.gmail.com with ESMTPSA id oc2sm11730419pdb.45.2015.08.07.20.25.25
 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Fri, 07 Aug 2015 20:25:25 -0700 (PDT)
Sender: Mark Johnston <markjdb@gmail.com>
Date: Fri, 7 Aug 2015 20:25:21 -0700
From: Mark Johnston <markj@FreeBSD.org>
To: Larry Rosenman <ler@lerctr.org>
Cc: freebsd-current@FreeBSD.org, jch@FreeBSD.org
Subject: Re: traceroute6: panic: pcb not read locked
Message-ID: <20150808032521.GA66493@raichu>
References: <20150808010324.GA1392@borg.lerctr.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="45Z9DzgjV8m4Oswq"
Content-Disposition: inline
In-Reply-To: <20150808010324.GA1392@borg.lerctr.org>
User-Agent: Mutt/1.5.23 (2014-03-12)
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
 <freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-current>, 
 <mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current/>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
 <mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 08 Aug 2015 03:25:28 -0000


--45Z9DzgjV8m4Oswq
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

On Fri, Aug 07, 2015 at 08:04:01PM -0500, Larry Rosenman wrote:
> Trying to debug TimeWarner IPV6 to my HE.NET tunnel, and running traceroute6, 
> got the following panic:
> 
> borg.lerctr.org dumped core - see /var/crash/vmcore.0
> 
> Fri Aug  7 19:58:40 CDT 2015
> 
> FreeBSD borg.lerctr.org 11.0-CURRENT FreeBSD 11.0-CURRENT #32 r286338: Wed Aug  5 15:57:55 CDT 2015     root@borg.lerctr.org:/usr/obj/usr/src/sys/VT-LER  amd64
> 
> panic: Lock tcp not read locked @ /usr/src/sys/netinet/tcp_subr.c:1189
> 
> GNU gdb 6.1.1 [FreeBSD]
> Copyright 2004 Free Software Foundation, Inc.
> GDB is free software, covered by the GNU General Public License, and you are
> welcome to change it and/or distribute copies of it under certain conditions.
> Type "show copying" to see the conditions.
> There is absolutely no warranty for GDB.  Type "show warranty" for details.
> This GDB was configured as "amd64-marcel-freebsd"...
> 
> Unread portion of the kernel message buffer:
> panic: Lock tcp not read locked @ /usr/src/sys/netinet/tcp_subr.c:1189

This appears to be fallout from r286227: the tcpinfo lock assertion in
tcp_notify() is too strong, since tcp_notify() can still be called from
tcp6_ctlinput() with the tcpinfo write lock held.

The attached patch addresses this; could you give it a try?

-Mark

--45Z9DzgjV8m4Oswq
Content-Type: text/x-diff; charset=us-ascii
Content-Disposition: attachment; filename="tcp6_lock_assert.diff"

diff --git a/sys/netinet/tcp_subr.c b/sys/netinet/tcp_subr.c
index 808eb97..6face4e 100644
--- a/sys/netinet/tcp_subr.c
+++ b/sys/netinet/tcp_subr.c
@@ -906,7 +906,7 @@ tcp_drop(struct tcpcb *tp, int errno)
 {
 	struct socket *so = tp->t_inpcb->inp_socket;
 
-	INP_INFO_RLOCK_ASSERT(&V_tcbinfo);
+	INP_INFO_LOCK_ASSERT(&V_tcbinfo);
 	INP_WLOCK_ASSERT(tp->t_inpcb);
 
 	if (TCPS_HAVERCVDSYN(tp->t_state)) {
@@ -1108,7 +1108,7 @@ tcp_close(struct tcpcb *tp)
 	struct inpcb *inp = tp->t_inpcb;
 	struct socket *so;
 
-	INP_INFO_RLOCK_ASSERT(&V_tcbinfo);
+	INP_INFO_LOCK_ASSERT(&V_tcbinfo);
 	INP_WLOCK_ASSERT(inp);
 
 #ifdef TCP_OFFLOAD
@@ -1186,7 +1186,7 @@ tcp_notify(struct inpcb *inp, int error)
 {
 	struct tcpcb *tp;
 
-	INP_INFO_RLOCK_ASSERT(&V_tcbinfo);
+	INP_INFO_LOCK_ASSERT(&V_tcbinfo);
 	INP_WLOCK_ASSERT(inp);
 
 	if ((inp->inp_flags & INP_TIMEWAIT) ||

--45Z9DzgjV8m4Oswq--