Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 25 Mar 2017 23:02:08 +0000 (UTC)
From:      Darren <darren780@yahoo.com>
To:        "freebsd-current@freebsd.org" <freebsd-current@freebsd.org>
Subject:   Re: r315684 panic: sleepq_add: td 0xfffff80003c01a40 to sleep on wchan 0xfffff80006f0873c with sleeping prohibited
Message-ID:  <1377533179.3728276.1490482928436@mail.yahoo.com>
In-Reply-To: <20170325094529.GH43712@kib.kiev.ua>
References:  <1824572972.3096988.1490377215756.ref@mail.yahoo.com> <1824572972.3096988.1490377215756@mail.yahoo.com> <20170325010314.GG43712@kib.kiev.ua> <20170325033142.GA23308@FreeBSD.org> <20170325094529.GH43712@kib.kiev.ua>
next in thread | previous in thread | raw e-mail | index | archive | help 
This is the new panic.=C2=A0 Just happened 6 times. Maybe as a result of fs=
ck running.Again may not be exact due to me copying it by hand.=20

Fatal trap 12: page fault while in kernel mode
cpuid =3D 0; apic id =3D 00
fault virtual address=C2=A0=C2=A0=C2=A0 =3D 0x20
fault code=C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 =C2=A0=
=C2=A0 =C2=A0 =C2=A0=C2=A0 =3D supervisor read data, page not present
instruction pointer=C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0 =3D 0x20:0xffffffff80a4c=
fdb
stack pointer=C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0 =3D 0x28:0xfffffe007c6828e0
frame pointer=C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0 =C2=A0=C2=
=A0 =3D 0x28:0xfffffe007c682910
code segment=C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0 =C2=A0 =3D b=
ase 0x0, limit 0xfffff, type 0x1b
=C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0=
 =C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0=
=C2=A0 =3D DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags=C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 =3D inter=
rupt enabled, resume, IOPL =3D 0
current process=C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 =3D=
 12 (irq256: ahci0
[ thread pid 12 tid 100038 ]
Stopped at =C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 sendfile_iodone+0x9b:=C2=
=A0=C2=A0=C2=A0 movq=C2=A0=C2=A0=C2=A0 0x20(%rbx).%rax
db>


      From: Konstantin Belousov <kostikbel@gmail.com>
 To: Gleb Smirnoff <glebius@FreeBSD.org>=20
Cc: Darren <darren780@yahoo.com>; "freebsd-current@freebsd.org" <freebsd-cu=
rrent@freebsd.org>
 Sent: Saturday, March 25, 2017 5:45 AM
 Subject: Re: r315684 panic: sleepq_add: td 0xfffff80003c01a40 to sleep on =
wchan 0xfffff80006f0873c with sleeping prohibited
  =20
On Fri, Mar 24, 2017 at 08:31:42PM -0700, Gleb Smirnoff wrote:
>=C2=A0 Darren,
>=20
> On Sat, Mar 25, 2017 at 03:03:14AM +0200, Konstantin Belousov wrote:
> K> On Fri, Mar 24, 2017 at 05:40:15PM +0000, Darren wrote:
> K> > I am getting this panic every hour to every couple of hours.
> K> >=20
> K> > FreeBSD asrock 12.0-CURRENT FreeBSD 12.0-CURRENT #0 r315684: Thu Mar=
 23 14:56:45 EDT 2017=C2=A0=C2=A0=C2=A0=C2=A0 darren@asrock:/usr/obj/usr/sr=
c/sys/GENERIC=C2=A0 amd64
> K> > I manually typed out the following, apologize for any typos.=20
> K> >=20
> K> >=20
> K> > panic: sleepq_add: td 0xfffff80003c01a40 to sleep on wchan 0xfffff80=
006f0873c with sleeping prohibited
> K> > cpuid =3D 0
> K> > time =3D 1490372797
> K> > KDB: stack backtrace:
> K> > db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe=
0072e33690
> K> > vpanic() at vpanic+0x19c/frame 0xfffffe0072e33710
> K> > kassert_panic() at kassert_panic+0x126/frame 0xfffffe0072e33780
> K> > sleepq_add() at sleepq_add+0x34f/frame 0xfffffe0072337d0
> K> > _sleep() at _sleep+0x28d/frame 0xfffffe0072e33870
> K> > soclose() at soclose+0xda/frame 0xfffffe0072e338b0
> K> > _fdrop() at _fdrop+0x1a/frame 0xfffffe0072e338d0
> K> > sendfile_iodone() at sendfile_iodone+0x19d/frame 0xfffffe0072e33910
> K> > vnode_pager_generic_getpages_done_async() at vnode_pager_generic_get=
pages_done_async+037/frame 0xfffffe0072e33930
> K> > bufdone() at bufdone+0x64/frame 0xfffffe0072e33960
> K> > g_io_deliver() at g_io_deliver+0x276/frame 0xfffffe0072e339b0
> K> > g_io_deliver() at g_io_deliver+0x276/frame 0xfffffe0072e33a00
> K> > g_disk_done() at g_disk_done+0x104/frame 0xfffffe0072e33a40
> K> > xpt_done_process() at xpt_done_process+0x35f/frame 0xfffffe0072e33a8=
0
> K> > xpt_done_direct() at ahci_ch_intr_direct+0xd5/frame 0xfffffe0072e33a=
f0
> K> > ahci_itr() at ahci_intr+0x102/frame 0xfffffe0072e33b20
> K> > intr_event_execute_handlers() at intr_event_execute_handlers+0x99/fr=
ame 0xfffffe0072e33b60
> K> > ithread_loop() at ithread_loop+0xb6/frame 0xfffffe0072e33bb0
> K> > fork_exit() at fork_exit+0x84/frame 0xfffffe0072e33bf0
> K> > fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe0072e33bf0
> K> > --- trap 0, rip =3D 0, rsp =3D 0, rbp =3D 0 ---
> K> > KDB: enter: panic
> K> > [ thread pid 12 tid 100038 ]
> K> > Stopped at=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 kdb_enter+0x3b: movq=C2=A0=
=C2=A0=C2=A0 $0,kdb_why
> K> > db>
> K>=20
> K> Indeed, the context where sendfile_iodone() is executed, cannot call f=
drop().
>=20
> Can you please test the attached patch?
>=20
> --=20
> Totus tuus, Glebius.

> Index: sys/kern/kern_sendfile.c
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
> --- sys/kern/kern_sendfile.c=C2=A0=C2=A0=C2=A0 (revision 315926)
> +++ sys/kern/kern_sendfile.c=C2=A0=C2=A0=C2=A0 (working copy)
> @@ -296,8 +296,9 @@ sendfile_iodone(void *arg, vm_page_t *pg, int coun
>=C2=A0 =C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 CURVNET_RESTORE();
>=C2=A0 =C2=A0=C2=A0=C2=A0 }
>=C2=A0=20
> -=C2=A0=C2=A0=C2=A0 /* XXXGL: curthread */
> -=C2=A0=C2=A0=C2=A0 fdrop(sfio->sock_fp, curthread);
> +=C2=A0=C2=A0=C2=A0 ACCEPT_LOCK();
> +=C2=A0=C2=A0=C2=A0 SOCK_LOCK(so);
> +=C2=A0=C2=A0=C2=A0 sorele(so);
>=C2=A0 =C2=A0=C2=A0=C2=A0 free(sfio, M_TEMP);
>=C2=A0 }
>=C2=A0=20
> @@ -860,7 +861,9 @@ prepend_header:
>=C2=A0 =C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 } else {
>=C2=A0 =C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 sfio->sock=
_fp =3D sock_fp;
>=C2=A0 =C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 sfio->npag=
es =3D npages;
> -=C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 fhold(sock_fp);
> +=C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 SOCK_LOCK(so);
> +=C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 soref(so);
> +=C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 SOCK_UNLOCK(so)=
;
>=C2=A0 =C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 error =3D =
(*so->so_proto->pr_usrreqs->pru_send)
>=C2=A0 =C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 =C2=A0 =C2=
=A0 (so, PRUS_NOTREADY, m, NULL, NULL, td);
>=C2=A0 =C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 sendfile_i=
odone(sfio, NULL, 0, 0);

With this patch, what prevents a close of the sfio->sock_fp file, which is
needed to get the pointer to socket ?


  =20

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1377533179.3728276.1490482928436>