Date: Mon, 28 Sep 2015 10:23:22 +0200 From: Julien Charbon <jch@freebsd.org> To: Palle Girgensohn <girgen@FreeBSD.org> Cc: freebsd-net@freebsd.org Subject: panic: sbsndptr: sockbuf and mbuf clashing [was: Re: Kernel panics in tcp_twclose] Message-ID: <5608F8FA.4080707@freebsd.org> In-Reply-To: <9529CF41-E4B9-4AC5-9703-945EC35924BC@FreeBSD.org> References: <26B0FF93-8AE3-4514-BDA1-B966230AAB65@FreeBSD.org> <55FC1809.3070903@freebsd.org> <20150918160605.GN67105@kib.kiev.ua> <55FFBE01.6060706@freebsd.org> <3721F099-F45D-4DCD-8AB3-84D1ABC44145@FreeBSD.org> <73856F2B-3E70-483C-9988-C84E798CEB44@FreeBSD.org> <44EBAC98-4761-4E47-8E47-5032430A1C8A@FreeBSD.org> <56019AF8.8000705@freebsd.org> <F9D29C16-502B-43A1-BE2C-D2AD30F0B9EF@FreeBSD.org> <5601CF2D.9030307@freebsd.org> <E09DF89D-AAC5-48FD-8B75-EEAB937A5C32@FreeBSD.org> <5602E90A.9050504@freebsd.org> <0931591A-23EC-40CB-A109-72E9308B1A2D@pingpong.net> <5602F044.5010606@freebsd.org> <54767991-9D3B-4ECB-A07E-CFA21A54BBDD@pingpong.net> <4E148E2E-F8D2-41C2-B232-9FD1548AA20B@pingpong.net> <30AD333B-EC8B-4EEF-8FE2-8EA8C216601E@FreeBSD.org> <5603A03B.4060002@freebsd.org> <5603ACF7.7040403@freebsd.org> <97E97774-842B-440A-BBA4-808FF821EC98@FreeBSD.org> <6BA42863-E584-4552-8D73-7471616ADC6D@FreeBSD.org> <9529CF41-E4B9-4AC5-9703-945EC35924BC@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --qOao8OgbiATi9NtlKORhLKlkskxrBEPuT Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable Hi Palle, On 25/09/15 16:19, Palle Girgensohn wrote: > [...] > Secondly, is this error related? This is *not* VIMAGE, *not* jail. > It is a binary installed GENERIC from freebsd-update. 10.1-RELEASE-p19.= It > just crashed today, and we did not get any core dump, but I found this > core.txt from a crash in August that I was not aware of (I was on > holiday then... :) >=20 > Since it is installed binary, I have no kernel.debug. >=20 > panic: sbsndptr: sockbuf 0xfffff80312126c68 and mbuf > 0xfffff800b4a36800 clashing >=20 > GNU gdb 6.1.1 [FreeBSD] > Copyright 2004 Free Software Foundation, Inc. > GDB is free software, covered by the GNU General Public License, and yo= u are > welcome to change it and/or distribute copies of it under certain condi= tions. > Type "show copying" to see the conditions. > There is absolutely no warranty for GDB. Type "show warranty" for deta= ils. > This GDB was configured as "amd64-marcel-freebsd"... >=20 > Unread portion of the kernel message buffer: > panic: sbsndptr: sockbuf 0xfffff80312126c68 and mbuf 0xfffff800b4a36800= clashing > cpuid =3D 1 > KDB: stack backtrace: > #0 0xffffffff80963000 at kdb_backtrace+0x60 > #1 0xffffffff80928125 at panic+0x155 > #2 0xffffffff8099c180 at sbdroprecord_locked+0 > #3 0xffffffff80ac8c9c at tcp_output+0xdbc > #4 0xffffffff80ac6a95 at tcp_do_segment+0x3045 > #5 0xffffffff80ac2e04 at tcp_input+0xd04 > #6 0xffffffff80a54fc7 at ip_input+0x97 > #7 0xffffffff809f4f73 at swi_net+0x143 > #8 0xffffffff808faf4b at intr_event_execute_handlers+0xab > #9 0xffffffff808fb396 at ithread_loop+0x96 > #10 0xffffffff808f8b6a at fork_exit+0x9a > #11 0xffffffff80d0b67e at fork_trampoline+0xe > Uptime: 21d0h54m53s > Dumping 2005 out of 32709 MB:..1%..11%..21%..31%..41%..51%..61%..71%..8= 1%..91% >=20 > #0 doadump (textdump=3D<value optimized out>) at pcpu.h:219 > 219 pcpu.h: No such file or directory. > in pcpu.h > (kgdb) #0 doadump (textdump=3D<value optimized out>) at pcpu.h:219 > #1 0xffffffff80927da2 in kern_reboot (howto=3D260) > at /usr/src/sys/kern/kern_shutdown.c:452 > #2 0xffffffff80928164 in panic (fmt=3D<value optimized out>) > at /usr/src/sys/kern/kern_shutdown.c:759 > #3 0xffffffff8099c180 in sbsndptr (sb=3D<value optimized out>,=20 > off=3D<value optimized out>, len=3D<value optimized out>,=20 > moff=3D<value optimized out>) at /usr/src/sys/kern/uipc_sockbuf.c:1= 011 > #4 0xffffffff80ac8c9c in tcp_output (tp=3D0xfffff80312ef5800) > at /usr/src/sys/netinet/tcp_output.c:870 > #5 0xffffffff80ac6a95 in tcp_do_segment (m=3D<value optimized out>,=20 > th=3D<value optimized out>, so=3D<value optimized out>,=20 > tp=3D<value optimized out>, drop_hdrlen=3D<value optimized out>, tl= en=3D0,=20 > iptos=3D<value optimized out>, ti_locked=3DCannot access memory at = address 0x1 > ) > at /usr/src/sys/netinet/tcp_input.c:3018 > #6 0xffffffff80ac2e04 in tcp_input (m=3D<value optimized out>,=20 > off0=3D<value optimized out>) at /usr/src/sys/netinet/tcp_input.c:1= 377 > #7 0xffffffff80a54fc7 in ip_input (m=3D0xfffff800b4516600) > at /usr/src/sys/netinet/ip_input.c:734 > #8 0xffffffff809f4f73 in swi_net (arg=3D0xffffffff81988880) > at /usr/src/sys/net/netisr.c:765 > #9 0xffffffff808faf4b in intr_event_execute_handlers ( > p=3D<value optimized out>, ie=3D0xfffff800093ac600) > at /usr/src/sys/kern/kern_intr.c:1263 > #10 0xffffffff808fb396 in ithread_loop (arg=3D0xfffff80009388e40) > at /usr/src/sys/kern/kern_intr.c:1276 > #11 0xffffffff808f8b6a in fork_exit ( > callout=3D0xffffffff808fb300 <ithread_loop>, arg=3D0xfffff80009388e= 40,=20 > frame=3D0xfffffe083c3e3ac0) at /usr/src/sys/kern/kern_fork.c:996 > #12 0xffffffff80d0b67e in fork_trampoline () > at /usr/src/sys/amd64/amd64/exception.S:606 > #13 0x0000000000000000 in ?? () > Current language: auto; currently minimal > (kgdb)=20 It is unlikely to be related as: - It happens quite far away from inp/tcptw code - As inp are allocated in their own uma zone, double free-ing a inp will corrupt only other inps Not completely impossible but unlikely. That said you can add your own information to this old (July 2010) but still relevant bug report: [panic] 8.1-RELEASE/10.1-STABLE "panic: sbdrop" and "panic: sbsndptr: sockbuf _ and mbuf _ clashing" https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D148807 My 2 cents. -- Julien --qOao8OgbiATi9NtlKORhLKlkskxrBEPuT Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQEcBAEBCgAGBQJWCPkJAAoJEKVlQ5Je6dhxT5IIAMv4L17HO2F5Qln5cC/nb9h7 0RyLT31MXypUr+x89308Sf7a/80ZL+3CUKiA7g2CBgAp27+5B89EjFkntYhZDTRs VzE6IlHGLanD57qnr07cnWIjJpWOrXgWQET8PIhxiTmZP6aaqadvS3zwVx4LvmRY iVa90XLrcBLmVIOHxhBKf7vuQhSiJYFMYzBvzQQJ6TMA3EW06PASeOHFrFGwq7t8 3J2aVtebrsl1qvXT75mLKYBUVsxgQLQDreoxQvIEd0jOIv/Vfjg5WCf1VH/eNDrO p/frOpW0kXfUBKeBtOUgZ7US3Hk5WZZWier4eghH8KsMddDdUCqjzVSSiu/XgzM= =MK1o -----END PGP SIGNATURE----- --qOao8OgbiATi9NtlKORhLKlkskxrBEPuT--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5608F8FA.4080707>