From owner-freebsd-net@FreeBSD.ORG  Wed Sep  7 23:19:47 2011
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 29EE41065675
	for <freebsd-net@freebsd.org>; Wed,  7 Sep 2011 23:19:47 +0000 (UTC)
	(envelope-from lacombar@gmail.com)
Received: from mail-pz0-f45.google.com (mail-pz0-f45.google.com
	[209.85.210.45])
	by mx1.freebsd.org (Postfix) with ESMTP id 065368FC12
	for <freebsd-net@freebsd.org>; Wed,  7 Sep 2011 23:19:46 +0000 (UTC)
Received: by pzk33 with SMTP id 33so1301935pzk.18
	for <freebsd-net@freebsd.org>; Wed, 07 Sep 2011 16:19:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
	h=mime-version:in-reply-to:references:date:message-id:subject:from:to
	:cc:content-type;
	bh=fJwSO8ed6BNNX1Z0AxSHBj4gZA5WbFT/B0Wp93Y13kg=;
	b=ofR4233Fjg2Xg4WhgF16ziCq754IaZ4g6VvDBuQBQxyJQWBNIdUBO8rWiO76W0WVLH
	6owVSWTyqiu/QMHMx25guN5098QW3H2qCKljaJLs3BAz53kXxWm+TmGshhREBbw7+eRy
	sbErpbc3vcleqafdHEdgi2H8BGXwIOe8bom9k=
MIME-Version: 1.0
Received: by 10.68.7.170 with SMTP id k10mr16142pba.176.1315437586124; Wed, 07
	Sep 2011 16:19:46 -0700 (PDT)
Received: by 10.142.232.15 with HTTP; Wed, 7 Sep 2011 16:19:46 -0700 (PDT)
In-Reply-To: <CACqU3MUs9Z9GeuGe=8iVp=MWV6eG-tO+kHb1znatsTq2uEqwvA@mail.gmail.com>
References: <CACqU3MUs9Z9GeuGe=8iVp=MWV6eG-tO+kHb1znatsTq2uEqwvA@mail.gmail.com>
Date: Wed, 7 Sep 2011 19:19:46 -0400
Message-ID: <CACqU3MXf52tLajTfVCEiGGhtCuXsesrdM65LfsoGecuZj2tNwA@mail.gmail.com>
From: Arnaud Lacombe <lacombar@gmail.com>
To: freebsd-net@freebsd.org
Content-Type: text/plain; charset=ISO-8859-1
Cc: Jack Vogel <jfvogel@gmail.com>
Subject: Re: FreeBSD 7-STABLE mbuf corruption
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Sep 2011 23:19:47 -0000

Hi,

On Mon, Sep 5, 2011 at 2:59 AM, Arnaud Lacombe <lacombar@gmail.com> wrote:
> Hi folks,
>
> We have been trying to track down a bad mbuf management for about two
> weeks on a customized 7.1 base. I have finally been able to reproduce
> it with a stock FreeBSD 7-STABLE (kernel from r225276, userland from
> 7.4).
>
> With the help of the attached patches, I have just been able to
> trigger the following panic:
>
> panic: Corrupted unused flags, expected 0xffffffff00000000, got 0x0, flags 0x3
> cpuid = 1
> Uptime: 3d10h5m3s
> Cannot dump. No dump device defined
>
General form of the crash is:

panic: Corrupted unused flags, expected 0xffffffff00000000, got
0xbabe0000000000, flags 0xbabe0000babe00
cpuid = 0
KDB: stack backtrace:
db_trace_self_wrapper(c0874e29,0,c0835757,f4574c48,0,...) at
db_trace_self_wrapper+0x26
panic(c0835757,0,ffffffff,0,babe00,...) at panic+0x10b
igb_txeof(c6a25008,0,c0837083,5ea,17c,...) at igb_txeof+0x399
igb_msix_que(c6a2b800,0,c084d367,4b6,c69dd068,...) at igb_msix_que+0x7b
ithread_loop(c6a29090,f4574d38,c084d0db,31c,c6a16828,...) at ithread_loop+0xc3
fork_exit(c061d520,c6a29090,f4574d38) at fork_exit+0xa6
fork_trampoline() at fork_trampoline+0x8
--- trap 0, eip = 0, esp = 0xf4574d70, ebp = 0 ---
Uptime: 1m42s

It happens particularly easily when the box receives wall of SYN
(about 1000 cnx attempts at once) every 5s or so.

 - Arnaud

>
> [cut stuff no one cares about...]