Date: Mon, 20 Dec 2004 14:19:53 -0600 From: Alan Cox <alc@cs.rice.edu> To: Brian Fundakowski Feldman <green@freebsd.org>, rwatson@freebsd.org Cc: current@freebsd.org Subject: Re: panic: sbflush_locked Message-ID: <20041220201953.GI1362@cs.rice.edu> In-Reply-To: <20041214000620.GA94951@green.homeunix.org> References: <20041211224850.GV17820@cs.rice.edu> <20041214000620.GA94951@green.homeunix.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--Yylu36WmvOXNoKYn
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
On Mon, Dec 13, 2004 at 07:06:20PM -0500, Brian Fundakowski Feldman wrote:
> On Sat, Dec 11, 2004 at 04:48:50PM -0600, Alan Cox wrote:
> > I just got the following panic for a second time in the last three days
> > doing a "make -jN buildworld". This is a with a recent copy of HEAD.
> > If anyone wants more detail, let me know.
> >
> > panic: sbflush_locked: cc 4 || mb 0xffffff0052afa400 || mbcnt 0
> > cpuid = 1
> > KDB: enter: panic
> > [thread pid 12163 tid 100188 ]
> > Stopped at kdb_enter+0x2f: nop
> > db> trace
> > Tracing pid 12163 tid 100188 td 0xffffff008d169500
> > kdb_enter() at kdb_enter+0x2f
> > panic() at panic+0x291
> > sbflush_locked() at sbflush_locked+0x64
> > sbrelease_locked() at sbrelease_locked+0x1c
> > sbrelease() at sbrelease+0x48
> > sorflush() at sorflush+0x15c
> > sofree() at sofree+0x204
> > soclose() at soclose+0x3af
> > fifo_cleanup() at fifo_cleanup+0x38
> > fifo_close() at fifo_close+0x79
> > ufsfifo_close() at ufsfifo_close+0x7d
> > vn_close() at vn_close+0x8e
> > vn_closefile() at vn_closefile+0x65
> > fdrop_locked() at fdrop_locked+0xc0
> > closef() at closef+0x39
> > close() at close+0x1a5
> > syscall() at syscall+0x51e
> > Xfast_syscall() at Xfast_syscall+0xa8
> > --- syscall (6, FreeBSD ELF64, close), rip = 0x41e2c0, rsp = 0x7fffffffded8, rbp = 0x57a540 ---
>
> I haven't seen this in a very long time, but I've definitely tried to
> track it down before with zero luck.
>
With the attached change, I've had no more crashes.
I speculate uipc_send() is missing needed synchronization on so_snd.
Robert, can you verify the patch?
Alan
--Yylu36WmvOXNoKYn
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename="patch-uipc_usrreq.c"
Index: kern/uipc_usrreq.c
===================================================================
RCS file: /home/ncvs/src/sys/kern/uipc_usrreq.c,v
retrieving revision 1.143
diff -u -r1.143 uipc_usrreq.c
--- kern/uipc_usrreq.c 1 Dec 2004 09:22:26 -0000 1.143
+++ kern/uipc_usrreq.c 19 Dec 2004 03:22:50 -0000
@@ -452,7 +452,9 @@
}
}
+ SOCKBUF_LOCK(&so->so_snd);
if (so->so_snd.sb_state & SBS_CANTSENDMORE) {
+ SOCKBUF_UNLOCK(&so->so_snd);
error = EPIPE;
break;
}
@@ -478,6 +480,7 @@
(so2->so_rcv.sb_cc - unp->unp_conn->unp_cc);
(void)chgsbsize(so->so_cred->cr_uidinfo, &so->so_snd.sb_hiwat,
newhiwat, RLIM_INFINITY);
+ SOCKBUF_UNLOCK(&so->so_snd);
unp->unp_conn->unp_cc = so2->so_rcv.sb_cc;
sorwakeup_locked(so2);
m = NULL;
--Yylu36WmvOXNoKYn--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20041220201953.GI1362>