Date: Mon, 28 Sep 2015 10:23:22 +0200 From: Julien Charbon <jch@freebsd.org> To: Palle Girgensohn <girgen@FreeBSD.org> Cc: freebsd-net@freebsd.org Subject: panic: sbsndptr: sockbuf and mbuf clashing [was: Re: Kernel panics in tcp_twclose] Message-ID: <5608F8FA.4080707@freebsd.org> In-Reply-To: <9529CF41-E4B9-4AC5-9703-945EC35924BC@FreeBSD.org> References: <26B0FF93-8AE3-4514-BDA1-B966230AAB65@FreeBSD.org> <55FC1809.3070903@freebsd.org> <20150918160605.GN67105@kib.kiev.ua> <55FFBE01.6060706@freebsd.org> <3721F099-F45D-4DCD-8AB3-84D1ABC44145@FreeBSD.org> <73856F2B-3E70-483C-9988-C84E798CEB44@FreeBSD.org> <44EBAC98-4761-4E47-8E47-5032430A1C8A@FreeBSD.org> <56019AF8.8000705@freebsd.org> <F9D29C16-502B-43A1-BE2C-D2AD30F0B9EF@FreeBSD.org> <5601CF2D.9030307@freebsd.org> <E09DF89D-AAC5-48FD-8B75-EEAB937A5C32@FreeBSD.org> <5602E90A.9050504@freebsd.org> <0931591A-23EC-40CB-A109-72E9308B1A2D@pingpong.net> <5602F044.5010606@freebsd.org> <54767991-9D3B-4ECB-A07E-CFA21A54BBDD@pingpong.net> <4E148E2E-F8D2-41C2-B232-9FD1548AA20B@pingpong.net> <30AD333B-EC8B-4EEF-8FE2-8EA8C216601E@FreeBSD.org> <5603A03B.4060002@freebsd.org> <5603ACF7.7040403@freebsd.org> <97E97774-842B-440A-BBA4-808FF821EC98@FreeBSD.org> <6BA42863-E584-4552-8D73-7471616ADC6D@FreeBSD.org> <9529CF41-E4B9-4AC5-9703-945EC35924BC@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] Hi Palle, On 25/09/15 16:19, Palle Girgensohn wrote: > [...] > Secondly, is this error related? This is *not* VIMAGE, *not* jail. > It is a binary installed GENERIC from freebsd-update. 10.1-RELEASE-p19. It > just crashed today, and we did not get any core dump, but I found this > core.txt from a crash in August that I was not aware of (I was on > holiday then... :) > > Since it is installed binary, I have no kernel.debug. > > panic: sbsndptr: sockbuf 0xfffff80312126c68 and mbuf > 0xfffff800b4a36800 clashing > > GNU gdb 6.1.1 [FreeBSD] > Copyright 2004 Free Software Foundation, Inc. > GDB is free software, covered by the GNU General Public License, and you are > welcome to change it and/or distribute copies of it under certain conditions. > Type "show copying" to see the conditions. > There is absolutely no warranty for GDB. Type "show warranty" for details. > This GDB was configured as "amd64-marcel-freebsd"... > > Unread portion of the kernel message buffer: > panic: sbsndptr: sockbuf 0xfffff80312126c68 and mbuf 0xfffff800b4a36800 clashing > cpuid = 1 > KDB: stack backtrace: > #0 0xffffffff80963000 at kdb_backtrace+0x60 > #1 0xffffffff80928125 at panic+0x155 > #2 0xffffffff8099c180 at sbdroprecord_locked+0 > #3 0xffffffff80ac8c9c at tcp_output+0xdbc > #4 0xffffffff80ac6a95 at tcp_do_segment+0x3045 > #5 0xffffffff80ac2e04 at tcp_input+0xd04 > #6 0xffffffff80a54fc7 at ip_input+0x97 > #7 0xffffffff809f4f73 at swi_net+0x143 > #8 0xffffffff808faf4b at intr_event_execute_handlers+0xab > #9 0xffffffff808fb396 at ithread_loop+0x96 > #10 0xffffffff808f8b6a at fork_exit+0x9a > #11 0xffffffff80d0b67e at fork_trampoline+0xe > Uptime: 21d0h54m53s > Dumping 2005 out of 32709 MB:..1%..11%..21%..31%..41%..51%..61%..71%..81%..91% > > #0 doadump (textdump=<value optimized out>) at pcpu.h:219 > 219 pcpu.h: No such file or directory. > in pcpu.h > (kgdb) #0 doadump (textdump=<value optimized out>) at pcpu.h:219 > #1 0xffffffff80927da2 in kern_reboot (howto=260) > at /usr/src/sys/kern/kern_shutdown.c:452 > #2 0xffffffff80928164 in panic (fmt=<value optimized out>) > at /usr/src/sys/kern/kern_shutdown.c:759 > #3 0xffffffff8099c180 in sbsndptr (sb=<value optimized out>, > off=<value optimized out>, len=<value optimized out>, > moff=<value optimized out>) at /usr/src/sys/kern/uipc_sockbuf.c:1011 > #4 0xffffffff80ac8c9c in tcp_output (tp=0xfffff80312ef5800) > at /usr/src/sys/netinet/tcp_output.c:870 > #5 0xffffffff80ac6a95 in tcp_do_segment (m=<value optimized out>, > th=<value optimized out>, so=<value optimized out>, > tp=<value optimized out>, drop_hdrlen=<value optimized out>, tlen=0, > iptos=<value optimized out>, ti_locked=Cannot access memory at address 0x1 > ) > at /usr/src/sys/netinet/tcp_input.c:3018 > #6 0xffffffff80ac2e04 in tcp_input (m=<value optimized out>, > off0=<value optimized out>) at /usr/src/sys/netinet/tcp_input.c:1377 > #7 0xffffffff80a54fc7 in ip_input (m=0xfffff800b4516600) > at /usr/src/sys/netinet/ip_input.c:734 > #8 0xffffffff809f4f73 in swi_net (arg=0xffffffff81988880) > at /usr/src/sys/net/netisr.c:765 > #9 0xffffffff808faf4b in intr_event_execute_handlers ( > p=<value optimized out>, ie=0xfffff800093ac600) > at /usr/src/sys/kern/kern_intr.c:1263 > #10 0xffffffff808fb396 in ithread_loop (arg=0xfffff80009388e40) > at /usr/src/sys/kern/kern_intr.c:1276 > #11 0xffffffff808f8b6a in fork_exit ( > callout=0xffffffff808fb300 <ithread_loop>, arg=0xfffff80009388e40, > frame=0xfffffe083c3e3ac0) at /usr/src/sys/kern/kern_fork.c:996 > #12 0xffffffff80d0b67e in fork_trampoline () > at /usr/src/sys/amd64/amd64/exception.S:606 > #13 0x0000000000000000 in ?? () > Current language: auto; currently minimal > (kgdb) It is unlikely to be related as: - It happens quite far away from inp/tcptw code - As inp are allocated in their own uma zone, double free-ing a inp will corrupt only other inps Not completely impossible but unlikely. That said you can add your own information to this old (July 2010) but still relevant bug report: [panic] 8.1-RELEASE/10.1-STABLE "panic: sbdrop" and "panic: sbsndptr: sockbuf _ and mbuf _ clashing" https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=148807 My 2 cents. -- Julien [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQEcBAEBCgAGBQJWCPkJAAoJEKVlQ5Je6dhxT5IIAMv4L17HO2F5Qln5cC/nb9h7 0RyLT31MXypUr+x89308Sf7a/80ZL+3CUKiA7g2CBgAp27+5B89EjFkntYhZDTRs VzE6IlHGLanD57qnr07cnWIjJpWOrXgWQET8PIhxiTmZP6aaqadvS3zwVx4LvmRY iVa90XLrcBLmVIOHxhBKf7vuQhSiJYFMYzBvzQQJ6TMA3EW06PASeOHFrFGwq7t8 3J2aVtebrsl1qvXT75mLKYBUVsxgQLQDreoxQvIEd0jOIv/Vfjg5WCf1VH/eNDrO p/frOpW0kXfUBKeBtOUgZ7US3Hk5WZZWier4eghH8KsMddDdUCqjzVSSiu/XgzM= =MK1o -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5608F8FA.4080707>