Kernel panic on FreeBSD 9.0-beta2

Mikolaj Golub trociny at freebsd.org
Wed Sep 28 20:00:49 UTC 2011 

On Mon, 26 Sep 2011 16:12:55 +0200 K. Macy wrote:

 KM> Sorry, didn't look at the images (limited bw), I've seen something
 KM> like this before in timewait. This "can't happen" with UDP so will be
 KM> interested in learning more about the bug.

The panic can be easily triggered by this:

-------------- next part --------------
A non-text attachment was scrubbed...
Name: test_udp.c
Type: application/octet-stream
Size: 605 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-net/attachments/20110928/f71a803c/test_udp.obj
-------------- next part --------------

The other thread at that moment is in soclose->sofree->upd_detach->in_pcbfree.

It looks for me that we should call in_pcbdrop() in udp_close() to remove
inpcb from hashed lists, like it is done for tcp_close().

With this patch I don't observe the panic.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: udp_usrreq.c.in_pcbdrop.patch
Type: text/x-patch
Size: 456 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-net/attachments/20110928/f71a803c/udp_usrreq.c.in_pcbdrop.bin
-------------- next part --------------

 KM> On Mon, Sep 26, 2011 at 4:02 PM, Arnaud Lacombe <lacombar at gmail.com> wrote:
 >> Hi,
 >>
 >> On Mon, Sep 26, 2011 at 5:12 AM, K. Macy <kmacy at freebsd.org> wrote:
 >>>
 >>>
 >>> On Monday, September 26, 2011, Adrian Chadd <adrian at freebsd.org> wrote:
 >>>> On 26 September 2011 13:41, Arnaud Lacombe <lacombar at gmail.com> wrote:
 >>>>> ?/*
 >>>>> ? * XXX
 >>>>> ? * This entire block sorely needs a rewrite.
 >>>>> ? */
 >>>>> ? ? ? ?if (t &&
 >>>>> ? ? ? ? ? ?((t->inp_flags & INP_TIMEWAIT) == 0) &&
 >>>>> ? ? ? ? ? ?(so->so_type != SOCK_STREAM ||
 >>>>> ? ? ? ? ? ? ntohl(t->inp_faddr.s_addr) == INADDR_ANY) &&
 >>>>> ? ? ? ? ? ?(ntohl(sin->sin_addr.s_addr) != INADDR_ANY ||
 >>>>> ? ? ? ? ? ? ntohl(t->inp_laddr.s_addr) != INADDR_ANY ||
 >>>>> ? ? ? ? ? ? (t->inp_socket->so_options &
 >>>>> ? ? ? ? ? SO_REUSEPORT) == 0) &&
 >>>>> ? ? ? ? ? ?(inp->inp_cred->cr_uid !=
 >>>>> ? ? ? ? ? ? t->inp_cred->cr_uid))
 >>>>> ? ? ? ? ?return (EADDRINUSE);
 >>>>> ? ? ?}
 >>>>>
 >>>>> more specifically, `t->inp_socket' is NULL. The top comment may not be
 >>>>> relevant, as it's been here for the past 8 years.
 >>>>
 >>>> Why would t->inp_socket be NULL at this point?
 >>>
 >>> TIME_WAIT ...
 >>>
 >> on UDP socket ?
 >>
 >> ?- Arnaud
 >>
 KM> _______________________________________________
 KM> freebsd-net at freebsd.org mailing list
 KM> http://lists.freebsd.org/mailman/listinfo/freebsd-net
 KM> To unsubscribe, send any mail to "freebsd-net-unsubscribe at freebsd.org"

-- 
Mikolaj Golub

More information about the freebsd-net mailing list