Site Navigation

Date:      Mon, 28 Sep 2015 10:23:22 +0200
From:      Julien Charbon <jch@freebsd.org>
To:        Palle Girgensohn <girgen@FreeBSD.org>
Cc:        freebsd-net@freebsd.org
Subject:   panic: sbsndptr: sockbuf and mbuf clashing [was: Re: Kernel panics in tcp_twclose]
Message-ID:  <5608F8FA.4080707@freebsd.org>
In-Reply-To: <9529CF41-E4B9-4AC5-9703-945EC35924BC@FreeBSD.org>
References:  <26B0FF93-8AE3-4514-BDA1-B966230AAB65@FreeBSD.org> <55FC1809.3070903@freebsd.org> <20150918160605.GN67105@kib.kiev.ua> <55FFBE01.6060706@freebsd.org> <3721F099-F45D-4DCD-8AB3-84D1ABC44145@FreeBSD.org> <73856F2B-3E70-483C-9988-C84E798CEB44@FreeBSD.org> <44EBAC98-4761-4E47-8E47-5032430A1C8A@FreeBSD.org> <56019AF8.8000705@freebsd.org> <F9D29C16-502B-43A1-BE2C-D2AD30F0B9EF@FreeBSD.org> <5601CF2D.9030307@freebsd.org> <E09DF89D-AAC5-48FD-8B75-EEAB937A5C32@FreeBSD.org> <5602E90A.9050504@freebsd.org> <0931591A-23EC-40CB-A109-72E9308B1A2D@pingpong.net> <5602F044.5010606@freebsd.org> <54767991-9D3B-4ECB-A07E-CFA21A54BBDD@pingpong.net> <4E148E2E-F8D2-41C2-B232-9FD1548AA20B@pingpong.net> <30AD333B-EC8B-4EEF-8FE2-8EA8C216601E@FreeBSD.org> <5603A03B.4060002@freebsd.org> <5603ACF7.7040403@freebsd.org> <97E97774-842B-440A-BBA4-808FF821EC98@FreeBSD.org> <6BA42863-E584-4552-8D73-7471616ADC6D@FreeBSD.org> <9529CF41-E4B9-4AC5-9703-945EC35924BC@FreeBSD.org>

---

next in thread | previous in thread | raw e-mail | index | archive | help

---

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--qOao8OgbiATi9NtlKORhLKlkskxrBEPuT
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: quoted-printable


 Hi Palle,

On 25/09/15 16:19, Palle Girgensohn wrote:
> [...]
> Secondly, is this error related? This is *not* VIMAGE, *not* jail.
> It is a binary installed GENERIC from freebsd-update. 10.1-RELEASE-p19.=
 It
> just crashed today, and we did not get any core dump, but I found this
> core.txt from a crash in August that I was not aware of (I was on
> holiday then... :)
>=20
> Since it is installed binary, I have no kernel.debug.
>=20
> panic: sbsndptr: sockbuf 0xfffff80312126c68 and mbuf
> 0xfffff800b4a36800 clashing
>=20
> GNU gdb 6.1.1 [FreeBSD]
> Copyright 2004 Free Software Foundation, Inc.
> GDB is free software, covered by the GNU General Public License, and yo=
u are
> welcome to change it and/or distribute copies of it under certain condi=
tions.
> Type "show copying" to see the conditions.
> There is absolutely no warranty for GDB.  Type "show warranty" for deta=
ils.
> This GDB was configured as "amd64-marcel-freebsd"...
>=20
> Unread portion of the kernel message buffer:
> panic: sbsndptr: sockbuf 0xfffff80312126c68 and mbuf 0xfffff800b4a36800=
 clashing
> cpuid =3D 1
> KDB: stack backtrace:
> #0 0xffffffff80963000 at kdb_backtrace+0x60
> #1 0xffffffff80928125 at panic+0x155
> #2 0xffffffff8099c180 at sbdroprecord_locked+0
> #3 0xffffffff80ac8c9c at tcp_output+0xdbc
> #4 0xffffffff80ac6a95 at tcp_do_segment+0x3045
> #5 0xffffffff80ac2e04 at tcp_input+0xd04
> #6 0xffffffff80a54fc7 at ip_input+0x97
> #7 0xffffffff809f4f73 at swi_net+0x143
> #8 0xffffffff808faf4b at intr_event_execute_handlers+0xab
> #9 0xffffffff808fb396 at ithread_loop+0x96
> #10 0xffffffff808f8b6a at fork_exit+0x9a
> #11 0xffffffff80d0b67e at fork_trampoline+0xe
> Uptime: 21d0h54m53s
> Dumping 2005 out of 32709 MB:..1%..11%..21%..31%..41%..51%..61%..71%..8=
1%..91%
>=20
> #0  doadump (textdump=3D<value optimized out>) at pcpu.h:219
> 219	pcpu.h: No such file or directory.
> 	in pcpu.h
> (kgdb) #0  doadump (textdump=3D<value optimized out>) at pcpu.h:219
> #1  0xffffffff80927da2 in kern_reboot (howto=3D260)
>     at /usr/src/sys/kern/kern_shutdown.c:452
> #2  0xffffffff80928164 in panic (fmt=3D<value optimized out>)
>     at /usr/src/sys/kern/kern_shutdown.c:759
> #3  0xffffffff8099c180 in sbsndptr (sb=3D<value optimized out>,=20
>     off=3D<value optimized out>, len=3D<value optimized out>,=20
>     moff=3D<value optimized out>) at /usr/src/sys/kern/uipc_sockbuf.c:1=
011
> #4  0xffffffff80ac8c9c in tcp_output (tp=3D0xfffff80312ef5800)
>     at /usr/src/sys/netinet/tcp_output.c:870
> #5  0xffffffff80ac6a95 in tcp_do_segment (m=3D<value optimized out>,=20
>     th=3D<value optimized out>, so=3D<value optimized out>,=20
>     tp=3D<value optimized out>, drop_hdrlen=3D<value optimized out>, tl=
en=3D0,=20
>     iptos=3D<value optimized out>, ti_locked=3DCannot access memory at =
address 0x1
> )
>     at /usr/src/sys/netinet/tcp_input.c:3018
> #6  0xffffffff80ac2e04 in tcp_input (m=3D<value optimized out>,=20
>     off0=3D<value optimized out>) at /usr/src/sys/netinet/tcp_input.c:1=
377
> #7  0xffffffff80a54fc7 in ip_input (m=3D0xfffff800b4516600)
>     at /usr/src/sys/netinet/ip_input.c:734
> #8  0xffffffff809f4f73 in swi_net (arg=3D0xffffffff81988880)
>     at /usr/src/sys/net/netisr.c:765
> #9  0xffffffff808faf4b in intr_event_execute_handlers (
>     p=3D<value optimized out>, ie=3D0xfffff800093ac600)
>     at /usr/src/sys/kern/kern_intr.c:1263
> #10 0xffffffff808fb396 in ithread_loop (arg=3D0xfffff80009388e40)
>     at /usr/src/sys/kern/kern_intr.c:1276
> #11 0xffffffff808f8b6a in fork_exit (
>     callout=3D0xffffffff808fb300 <ithread_loop>, arg=3D0xfffff80009388e=
40,=20
>     frame=3D0xfffffe083c3e3ac0) at /usr/src/sys/kern/kern_fork.c:996
> #12 0xffffffff80d0b67e in fork_trampoline ()
>     at /usr/src/sys/amd64/amd64/exception.S:606
> #13 0x0000000000000000 in ?? ()
> Current language:  auto; currently minimal
> (kgdb)=20

 It is unlikely to be related as:

 - It happens quite far away from inp/tcptw code
 - As inp are allocated in their own uma zone, double free-ing a inp
will corrupt only other inps

 Not completely impossible but unlikely.  That said you can add your own
information to this old (July 2010) but still relevant bug report:

[panic] 8.1-RELEASE/10.1-STABLE "panic: sbdrop" and "panic: sbsndptr:
sockbuf _ and mbuf _ clashing"
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D148807

 My 2 cents.

--
Julien


--qOao8OgbiATi9NtlKORhLKlkskxrBEPuT
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org

iQEcBAEBCgAGBQJWCPkJAAoJEKVlQ5Je6dhxT5IIAMv4L17HO2F5Qln5cC/nb9h7
0RyLT31MXypUr+x89308Sf7a/80ZL+3CUKiA7g2CBgAp27+5B89EjFkntYhZDTRs
VzE6IlHGLanD57qnr07cnWIjJpWOrXgWQET8PIhxiTmZP6aaqadvS3zwVx4LvmRY
iVa90XLrcBLmVIOHxhBKf7vuQhSiJYFMYzBvzQQJ6TMA3EW06PASeOHFrFGwq7t8
3J2aVtebrsl1qvXT75mLKYBUVsxgQLQDreoxQvIEd0jOIv/Vfjg5WCf1VH/eNDrO
p/frOpW0kXfUBKeBtOUgZ7US3Hk5WZZWier4eghH8KsMddDdUCqjzVSSiu/XgzM=
=MK1o
-----END PGP SIGNATURE-----

--qOao8OgbiATi9NtlKORhLKlkskxrBEPuT--

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5608F8FA.4080707>

Legal Notices | © 1995-2024 The FreeBSD Project. All rights reserved.

Contact