Re: r315684 panic: sleepq_add: td 0xfffff80003c01a40 to sleep on wchan 0xfffff80006f0873c with sleeping prohibited

From: Darren <darren780_at_yahoo.com> Date: Sat, 25 Mar 2017 23:02:08 +0000 (UTC) · This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:41:10 UTC

This is the new panic.  Just happened 6 times. Maybe as a result of fsck running.Again may not be exact due to me copying it by hand. 

Fatal trap 12: page fault while in kernel mode
cpuid = 0; apic id = 00
fault virtual address    = 0x20
fault code                    = supervisor read data, page not present
instruction pointer       = 0x20:0xffffffff80a4cfdb
stack pointer               = 0x28:0xfffffe007c6828e0
frame pointer              = 0x28:0xfffffe007c682910
code segment             = base 0x0, limit 0xfffff, type 0x1b
                                    = DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags          = interrupt enabled, resume, IOPL = 0
current process            = 12 (irq256: ahci0
[ thread pid 12 tid 100038 ]
Stopped at         sendfile_iodone+0x9b:    movq    0x20(%rbx).%rax
db>

      From: Konstantin Belousov <kostikbel_at_gmail.com>
 To: Gleb Smirnoff <glebius_at_FreeBSD.org> 
Cc: Darren <darren780_at_yahoo.com>; "freebsd-current_at_freebsd.org" <freebsd-current_at_freebsd.org>
 Sent: Saturday, March 25, 2017 5:45 AM
 Subject: Re: r315684 panic: sleepq_add: td 0xfffff80003c01a40 to sleep on wchan 0xfffff80006f0873c with sleeping prohibited

On Fri, Mar 24, 2017 at 08:31:42PM -0700, Gleb Smirnoff wrote:
>  Darren,
> 
> On Sat, Mar 25, 2017 at 03:03:14AM +0200, Konstantin Belousov wrote:
> K> On Fri, Mar 24, 2017 at 05:40:15PM +0000, Darren wrote:
> K> > I am getting this panic every hour to every couple of hours.
> K> > 
> K> > FreeBSD asrock 12.0-CURRENT FreeBSD 12.0-CURRENT #0 r315684: Thu Mar 23 14:56:45 EDT 2017     darren_at_asrock:/usr/obj/usr/src/sys/GENERIC  amd64
> K> > I manually typed out the following, apologize for any typos. 
> K> > 
> K> > 
> K> > panic: sleepq_add: td 0xfffff80003c01a40 to sleep on wchan 0xfffff80006f0873c with sleeping prohibited
> K> > cpuid = 0
> K> > time = 1490372797
> K> > KDB: stack backtrace:
> K> > db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe0072e33690
> K> > vpanic() at vpanic+0x19c/frame 0xfffffe0072e33710
> K> > kassert_panic() at kassert_panic+0x126/frame 0xfffffe0072e33780
> K> > sleepq_add() at sleepq_add+0x34f/frame 0xfffffe0072337d0
> K> > _sleep() at _sleep+0x28d/frame 0xfffffe0072e33870
> K> > soclose() at soclose+0xda/frame 0xfffffe0072e338b0
> K> > _fdrop() at _fdrop+0x1a/frame 0xfffffe0072e338d0
> K> > sendfile_iodone() at sendfile_iodone+0x19d/frame 0xfffffe0072e33910
> K> > vnode_pager_generic_getpages_done_async() at vnode_pager_generic_getpages_done_async+037/frame 0xfffffe0072e33930
> K> > bufdone() at bufdone+0x64/frame 0xfffffe0072e33960
> K> > g_io_deliver() at g_io_deliver+0x276/frame 0xfffffe0072e339b0
> K> > g_io_deliver() at g_io_deliver+0x276/frame 0xfffffe0072e33a00
> K> > g_disk_done() at g_disk_done+0x104/frame 0xfffffe0072e33a40
> K> > xpt_done_process() at xpt_done_process+0x35f/frame 0xfffffe0072e33a80
> K> > xpt_done_direct() at ahci_ch_intr_direct+0xd5/frame 0xfffffe0072e33af0
> K> > ahci_itr() at ahci_intr+0x102/frame 0xfffffe0072e33b20
> K> > intr_event_execute_handlers() at intr_event_execute_handlers+0x99/frame 0xfffffe0072e33b60
> K> > ithread_loop() at ithread_loop+0xb6/frame 0xfffffe0072e33bb0
> K> > fork_exit() at fork_exit+0x84/frame 0xfffffe0072e33bf0
> K> > fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe0072e33bf0
> K> > --- trap 0, rip = 0, rsp = 0, rbp = 0 ---
> K> > KDB: enter: panic
> K> > [ thread pid 12 tid 100038 ]
> K> > Stopped at      kdb_enter+0x3b: movq    $0,kdb_why
> K> > db>
> K> 
> K> Indeed, the context where sendfile_iodone() is executed, cannot call fdrop().
> 
> Can you please test the attached patch?
> 
> -- 
> Totus tuus, Glebius.

> Index: sys/kern/kern_sendfile.c
> ===================================================================
> --- sys/kern/kern_sendfile.c    (revision 315926)
> +++ sys/kern/kern_sendfile.c    (working copy)
> _at__at_ -296,8 +296,9 _at__at_ sendfile_iodone(void *arg, vm_page_t *pg, int coun
>          CURVNET_RESTORE();
>      }
>  
> -    /* XXXGL: curthread */
> -    fdrop(sfio->sock_fp, curthread);
> +    ACCEPT_LOCK();
> +    SOCK_LOCK(so);
> +    sorele(so);
>      free(sfio, M_TEMP);
>  }
>  
> _at__at_ -860,7 +861,9 _at__at_ prepend_header:
>          } else {
>              sfio->sock_fp = sock_fp;
>              sfio->npages = npages;
> -            fhold(sock_fp);
> +            SOCK_LOCK(so);
> +            soref(so);
> +            SOCK_UNLOCK(so);
>              error = (*so->so_proto->pr_usrreqs->pru_send)
>                  (so, PRUS_NOTREADY, m, NULL, NULL, td);
>              sendfile_iodone(sfio, NULL, 0, 0);

With this patch, what prevents a close of the sfio->sock_fp file, which is
needed to get the pointer to socket ?