> Am 13.07.2017 um 11:32 schrieb Axel Rau <axel....@chaos1.de>: > > Hungs show all threads in select (TlsThread). > We failed to get a backtrace via lldb on crash. > > This happens with both release 3.2.0 and recent PGP sig patch from github. > > The server is running in a FreeBSD jail in secure mode.
It seems that this FreeBSD security patch made the problem(s) happen less often (: --- sys/kern/sys_socket.c.orig +++ sys/kern/sys_socket.c @@ -675,6 +675,7 @@ { struct kaiocb *job; + CURVNET_SET(so->so_vnet); SOCKBUF_LOCK(sb); while (!TAILQ_EMPTY(&sb->sb_aiojobq) && soaio_ready(so, sb)) { job = TAILQ_FIRST(&sb->sb_aiojobq); @@ -698,6 +699,7 @@ ACCEPT_LOCK(); SOCK_LOCK(so); sorele(so); + CURVNET_RESTORE(); } void vnet implements the network separation of jails. Setting server-processes to 3 helped further to reduce the problem. Axel PS: ============================================================================= FreeBSD-EN-17:07.vnet Errata Notice The FreeBSD Project Topic: VNET kernel panic with asynchronous I/O Category: core Module: kernel Announced: 2017-08-10 Credits: Kristof Provost Affects: FreeBSD 11.0 and later. Corrected: 2017-07-28 18:09:41 UTC (stable/11, 11.1-STABLE) 2017-08-10 06:59:07 UTC (releng/11.1, 11.1-RELEASE-p1) 2017-08-10 06:59:26 UTC (releng/11.0, 11.0-RELEASE-p12) For general information regarding FreeBSD Errata Notices and Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit <URL:https://security.FreeBSD.org/>. I. Background POSIX asynchronous I/O permits applications to request asynchronous completion of I/O requests. VNET permits systems to be configured with multiple instances of the in-kernel network stack. II. Problem Description The implementation of POSIX asynchronous I/O for sockets completes I/O requests in a pool of dedicated worker threads. The VNET feature requires threads to explicitly select an active instance of the network stack before performing network operations. The function used to complete asynchronous I/O requests was not setting a network stack instance before completing I/O requests. III. Impact Using POSIX asynchronous I/O with sockets in a VNET-enabled kernel will panic. IV. Workaround No workaround is available, but systems that do not enable VNET via a custom kernel are not affected. --- PGP-Key:29E99DD6 ☀ computing @ chaos claudius