From ben@phlegethon.org  Thu Jul 10 10:13:55 2003
Return-Path: <ben@phlegethon.org>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id CB1C237B401
	for <FreeBSD-gnats-submit@freebsd.org>; Thu, 10 Jul 2003 10:13:55 -0700 (PDT)
Received: from mail.phlegethon.org (ocelot.phlegethon.org [81.29.64.94])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 6756D43F85
	for <FreeBSD-gnats-submit@freebsd.org>; Thu, 10 Jul 2003 10:13:54 -0700 (PDT)
	(envelope-from ben@phlegethon.org)
Received: from ben by mail.phlegethon.org with local (Exim 3.36 #1)
	id 19aezN-0005iR-00
	for FreeBSD-gnats-submit@freebsd.org; Thu, 10 Jul 2003 17:13:49 +0000
Message-Id: <E19aezN-0005iR-00@mail.phlegethon.org>
Date: Thu, 10 Jul 2003 17:13:49 +0000
From: Ben <freebsdbug@slimyhorror.com>
Reply-To: Ben <freebsdbug@slimyhorror.com>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: shutdown() on a socket registered in a kqueue locks up the machine (test code attached)
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         54331
>Category:       kern
>Synopsis:       shutdown() on a socket registered in a kqueue locks up the machine (test code attached)
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    robert
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Jul 10 10:20:02 PDT 2003
>Closed-Date:    Sun Apr 03 19:30:28 GMT 2005
>Last-Modified:  Sun Apr 03 19:30:28 GMT 2005
>Originator:     Ben
>Release:        FreeBSD 5.1-RELEASE i386
>Organization:
none
>Environment:
System: FreeBSD demeter.cam.zeus.com 5.1-RELEASE FreeBSD 5.1-RELEASE #0: Thu Jul 10 16:59:37 BST 2003 root@demeter
.cam.zeus.com:/usr/obj/usr/src/sys/GENERIC i386

Also possibly 5.0 as well - but not able to test that now.
>Description:
When you shutdown( SHUT_RDWR ) a TCP listen socket which has been
added into a kqueue for EVFILT_READ events, the entire machine will
lock up. No error messages appear in the logs.

>How-To-Repeat:

The following code will trigger the crash on the machine (5.1-RELEASE/GENERIC,
compiled with '-O'. (Other configurations of the kernel seem to have the same
problem).

The only other FreeBSD box which I have access to is 4.2-RELEASE, and that
appears to work fine. I suspect the bug may also be present in 5.0 (similar
symptoms occured, but I had not written this test case then).

#include <stdio.h>
#include <sys/types.h>
#include <sys/event.h>
#include <unistd.h>
#include <netdb.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <netinet/tcp.h>
#include <string.h>
#include <stdlib.h>
#include <time.h>


int
main( int argc, char **argv )
{
   int queue, sock, i;
   struct sockaddr_in addr;
   struct kevent events[ 10 ];
   struct timespec ktime;

   queue = kqueue();
   if( queue == -1 ) {
      perror( "kqueue() failure" );
      exit( 1 );
   }

   sock = socket( AF_INET, SOCK_STREAM, 0 );
   /* NOTE: None of this bind() and listen() code is necessary for the crash,
    * I'm including it to show the crash in 'normal operation'
    */
   memset( &addr, 0, sizeof( addr ));
   addr.sin_family = AF_INET;
   addr.sin_port = htons( 3456 );
   addr.sin_addr.s_addr = INADDR_ANY;
   if( bind( sock, (struct sockaddr *) &addr, sizeof( addr )) < 0 ) {
      perror( "bind" );
      exit( 1 );
   }
   if( listen( sock, 32 ) < 0 ) {
      perror( "listen" );
      exit( 1 );
   }

   /* Must add the socket to the kqueue for it to crash */
   events[ 0 ].ident  = sock;
   events[ 0 ].udata  = 0;
   events[ 0 ].filter = EVFILT_READ;
   events[ 0 ].flags  = EV_ADD;

   ktime.tv_sec = 1;
   ktime.tv_nsec = 0;
   i = kevent( queue, events, 1, events, 10, &ktime );
   printf( "kevent() returned %d\n", i );

   printf( "Closing socket\n" );

   /* CRASH!!! Must be a shutdown() call, close() alone won't do it. */
   shutdown( sock, SHUT_RDWR );
   close( sock );

   /* Cleanup if we survive */
   printf( "Closing queue\n" );
   close( queue );

   return 0;
}

>Fix:
>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->robert 
Responsible-Changed-By: robert 
Responsible-Changed-When: Wed Jul 16 13:45:24 PDT 2003 
Responsible-Changed-Why:  
I think I have a fix or a work-around for this problem 
to avoid the kernel panic at least. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=54331 

From: "Krishna N. Ramachandran" <krishna@cs.ucsb.edu>
To: freebsd-gnats-submit@FreeBSD.org, freebsdbug@slimyhorror.com
Cc:  
Subject: Re: kern/54331: shutdown() on a socket registered in a kqueue locks
 up the machine (test code attached)
Date: Tue, 19 Aug 2003 11:44:58 -0700 (PDT)

 On my 5.1R installation, the same source code freezes up my box on the
 kevent function call itself. I can reproduce the problem on another
 program i wrote, so its not a one-off problem. 
 
 Here is my uname output:
 
 FreeBSD marvin 5.1-RELEASE FreeBSD 5.1-RELEASE #0: Fri Aug  1 16:14:43
 GMT 2003     root@:/usr/obj/usr/src/sys/EC5  i386
 
 Thanks,
 Krishna
 
 
 

From: Robert Drehmel <robert@zoot.drehmel.com>
To: "mailto:freebsd-gnats-submit"@FreeBSD.org,
	"Krishna N. Ramachandran" <krishna@cs.ucsb.edu>
Cc:  
Subject: Re: kern/54331: shutdown() on a socket registered in a kqueue locks up the machine (test code attached)
Date: Wed, 17 Sep 2003 16:42:28 +0200

 Hello Krishna,
 
 are you able to reproduce the problem with a recent
 FreeBSD-CURRENT installation? Can you send me a test
 program with which I am able to easily reproduce your
 mentioned problem?
 
 ciao,
 -robert
State-Changed-From-To: open->feedback 
State-Changed-By: robert 
State-Changed-When: Wed Sep 17 08:01:42 PDT 2003 
State-Changed-Why:  
I fixed this panic in -CURRENT; another problem was 
mentioned in a follow-up message. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=54331 

From: Ben <freebsdbug@slimyhorror.com>
To: freebsd-gnats-submit@FreeBSD.org
Cc:  
Subject: Re: kern/54331: shutdown() on a socket registered in a kqueue locks
 up the machine (test code attached)
Date: Tue, 13 Jan 2004 17:14:37 +0000 (GMT)

 kqueue seems to work fine now in 5.2-CURRENT. Thanks!

From: Matt Beaumont <mbeaumon@cs.hmc.edu>
To: freebsd-gnats-submit@FreeBSD.org, freebsdbug@slimyhorror.com
Cc:  
Subject: Re: kern/54331: shutdown() on a socket registered in a kqueue locks up the machine (test code attached)
Date: Wed, 10 Mar 2004 11:20:39 -0800

 --ZPt4rx8FFjLCG7dd
 Content-Type: text/plain; charset=us-ascii
 Content-Disposition: inline
 
 I can confirm that this bug exists in 5.0-RELEASE.  The symptom is an
 immediate reboot.  Also, as you may already know, the problem does not
 actually occur when shutdown() is called, but rather when the program
 is exiting.
 
 Cheers,
 Matt
 --ZPt4rx8FFjLCG7dd
 Content-Type: application/pgp-signature
 Content-Disposition: inline
 
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.2.3 (Darwin)
 
 iD8DBQFAT2qG6jbu++NtcqMRAogZAKDFuIJaES7SFI3bVkJG49WRD+kifQCgq0l2
 2jyTegaKi8TzoKkqkK8YQvc=
 =7s9Q
 -----END PGP SIGNATURE-----
 
 --ZPt4rx8FFjLCG7dd--

From: Marc Olzheim <zlo@zlo.nu>
To: freebsd-gnats-submit@FreeBSD.org, freebsdbug@slimyhorror.com
Cc:  
Subject: Re: kern/54331: shutdown() on a socket registered in a kqueue locks up the machine (test code attached)
Date: Mon, 14 Mar 2005 17:52:48 +0100

 I guess this could be closed.
 
 Marc
State-Changed-From-To: feedback->closed 
State-Changed-By: robert 
State-Changed-When: Sun Apr 3 19:28:20 GMT 2005 
State-Changed-Why:  
The originator has confirmed that the problem has been 
solved.  Thanks for submitting the PR! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=54331 
>Unformatted:
