From owner-freebsd-bugs@freebsd.org  Sat Feb 18 21:35:06 2017
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id BBAC7CE4157
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Sat, 18 Feb 2017 21:35:06 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id AB7CDBF2
 for <freebsd-bugs@FreeBSD.org>; Sat, 18 Feb 2017 21:35:06 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id v1ILZ6FQ031434
 for <freebsd-bugs@FreeBSD.org>; Sat, 18 Feb 2017 21:35:06 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 217214] frequent panics in tcp_output/sbsndptr
Date: Sat, 18 Feb 2017 21:35:06 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: new
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 11.0-STABLE
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Many People
X-Bugzilla-Who: p-fbsd-bugs@ziemba.us
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform
 op_sys bug_status bug_severity priority component assigned_to reporter
Message-ID: <bug-217214-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 18 Feb 2017 21:35:06 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D217214

            Bug ID: 217214
           Summary: frequent panics in tcp_output/sbsndptr
           Product: Base System
           Version: 11.0-STABLE
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Many People
          Priority: ---
         Component: kern
          Assignee: freebsd-bugs@FreeBSD.org
          Reporter: p-fbsd-bugs@ziemba.us

11.0-Stable r313801M

Panics in sbsndptr when called from tcp_output, not always the same place. =
kgdb
traces from two different core dumps follow.

I tried rebuilding kernel with optimization disabled (/etc/src.conf:=20
COPTFLAGS=3D-pipe) so I could examine variable values in kgdb, but that ker=
nel
crashed before fully coming up (i.e., reboot loop).

Not sure how to proceed from here.

Trace #1

(kgdb) where
#0  doadump (textdump=3D<value optimized out>) at pcpu.h:222
#1  0xffffffff80abc999 in kern_reboot (howto=3D260)
    at /usr/src/sys/kern/kern_shutdown.c:366
#2  0xffffffff80abcf50 in vpanic (fmt=3D<value optimized out>,=20
    ap=3D<value optimized out>) at /usr/src/sys/kern/kern_shutdown.c:759
#3  0xffffffff80abcd83 in panic (fmt=3D<value optimized out>)
    at /usr/src/sys/kern/kern_shutdown.c:690
#4  0xffffffff80b5317a in sbsndptr (sb=3D<value optimized out>,=20
    off=3D<value optimized out>, len=3D<value optimized out>,=20
    moff=3D<value optimized out>) at /usr/src/sys/kern/uipc_sockbuf.c:1196
#5  0xffffffff80cddeb8 in tcp_output (tp=3D<value optimized out>)
    at /usr/src/sys/netinet/tcp_output.c:1047
#6  0xffffffff80cdabd2 in tcp_do_segment (m=3D0xfffff80023bc4300,=20
    th=3D<value optimized out>, so=3D0xfffff8026e26b000, tp=3D0xfffff801947=
0a820,=20
    drop_hdrlen=3D52, tlen=3D<value optimized out>, iptos=3D<value optimize=
d out>,=20
    ti_locked=3DCannot access memory at address 0x1
) at /usr/src/sys/netinet/tcp_input.c:3173
#7  0xffffffff80cd7d5a in tcp_input (mp=3D<value optimized out>,=20
    offp=3D<value optimized out>, proto=3D<value optimized out>)
    at /usr/src/sys/netinet/tcp_input.c:1453
#8  0xffffffff80c4a6d9 in ip_input (m=3D<value optimized out>)
    at /usr/src/sys/netinet/ip_input.c:820
#9  0xffffffff80be6fd5 in netisr_dispatch_src (proto=3D1,=20
    source=3D<value optimized out>, m=3D<value optimized out>)
    at /usr/src/sys/net/netisr.c:1120
#10 0xffffffff80bd0169 in ether_demux (ifp=3D<value optimized out>,=20
    m=3D<value optimized out>) at /usr/src/sys/net/if_ethersubr.c:850
#11 0xffffffff830825fc in vboxNetFltFreeBSDinput ()
   from /boot/modules/vboxnetflt.ko
#12 0xffffffff80b18e7a in taskqueue_run_locked (queue=3D<value optimized ou=
t>)
    at /usr/src/sys/kern/subr_taskqueue.c:454
#13 0xffffffff80b18c6f in taskqueue_run (queue=3D0xfffff8000a3a9900)
    at /usr/src/sys/kern/subr_taskqueue.c:473
#14 0xffffffff80a780ef in intr_event_execute_handlers (
    p=3D<value optimized out>, ie=3D<value optimized out>)
    at /usr/src/sys/kern/kern_intr.c:1262
#15 0xffffffff80a78356 in ithread_loop (arg=3D<value optimized out>)
    at /usr/src/sys/kern/kern_intr.c:1275
#16 0xffffffff80a74db5 in fork_exit (
    callout=3D0xffffffff80a78290 <ithread_loop>, arg=3D0xfffff8000a37d4e0,=
=20
    frame=3D0xfffffe07c72baac0) at /usr/src/sys/kern/kern_fork.c:1040
#17 0xffffffff80f9218e in fork_trampoline ()
    at /usr/src/sys/amd64/amd64/exception.S:611
#18 0x0000000000000000 in ?? ()

Trace #2:

(kgdb) where
#0  doadump (textdump=3D<value optimized out>) at pcpu.h:222
#1  0xffffffff80abc999 in kern_reboot (howto=3D260)
    at /usr/src/sys/kern/kern_shutdown.c:366
#2  0xffffffff80abcf50 in vpanic (fmt=3D<value optimized out>,=20
    ap=3D<value optimized out>) at /usr/src/sys/kern/kern_shutdown.c:759
#3  0xffffffff80abcd83 in panic (fmt=3D<value optimized out>)
    at /usr/src/sys/kern/kern_shutdown.c:690
#4  0xffffffff80faecd2 in trap_fatal (frame=3D0xfffffe07c72ba2f0, eva=3D24)
    at /usr/src/sys/amd64/amd64/trap.c:801
#5  0xffffffff80faee9c in trap_pfault (frame=3D0xfffffe07c72ba2f0, usermode=
=3D0)
    at /usr/src/sys/amd64/amd64/trap.c:658
#6  0xffffffff80fae550 in trap (frame=3D0xfffffe07c72ba2f0)
    at /usr/src/sys/amd64/amd64/trap.c:421
#7  0xffffffff80f91c51 in calltrap ()
    at /usr/src/sys/amd64/amd64/exception.S:236
#8  0xffffffff80b49ce3 in m_copym (m=3D0x0, off0=3D<value optimized out>,=20
    len=3D<value optimized out>, wait=3D1) at /usr/src/sys/kern/uipc_mbuf.c=
:456
#9  0xffffffff80cddee7 in tcp_output (tp=3D<value optimized out>)
    at /usr/src/sys/netinet/tcp_output.c:1054
#10 0xffffffff80cdb118 in tcp_do_segment (m=3D0xfffff800b77c0700,=20
    th=3D<value optimized out>, so=3D0xfffff800b70616c0, tp=3D0xfffff800b72=
1a410,=20
    drop_hdrlen=3D80, tlen=3D<value optimized out>, iptos=3D<value optimize=
d out>,=20
    ti_locked=3DCannot access memory at address 0x1
) at /usr/src/sys/netinet/tcp_input.c:2609
#11 0xffffffff80cd7d5a in tcp_input (mp=3D<value optimized out>,=20
    offp=3D<value optimized out>, proto=3D<value optimized out>)
    at /usr/src/sys/netinet/tcp_input.c:1453
#12 0xffffffff80c4a6d9 in ip_input (m=3D<value optimized out>)
    at /usr/src/sys/netinet/ip_input.c:820
#13 0xffffffff80be6fd5 in netisr_dispatch_src (proto=3D1,=20
    source=3D<value optimized out>, m=3D<value optimized out>)
    at /usr/src/sys/net/netisr.c:1120
#14 0xffffffff80bd0169 in ether_demux (ifp=3D<value optimized out>,=20
    m=3D<value optimized out>) at /usr/src/sys/net/if_ethersubr.c:850
#15 0xffffffff830825fc in vboxNetFltFreeBSDinput ()
   from /boot/modules/vboxnetflt.ko
#16 0xffffffff80b18e7a in taskqueue_run_locked (queue=3D<value optimized ou=
t>)
    at /usr/src/sys/kern/subr_taskqueue.c:454
#17 0xffffffff80b18c6f in taskqueue_run (queue=3D0xfffff8000a3a9900)
    at /usr/src/sys/kern/subr_taskqueue.c:473
#18 0xffffffff80a780ef in intr_event_execute_handlers (
    p=3D<value optimized out>, ie=3D<value optimized out>)
    at /usr/src/sys/kern/kern_intr.c:1262
#19 0xffffffff80a78356 in ithread_loop (arg=3D<value optimized out>)
    at /usr/src/sys/kern/kern_intr.c:1275
#20 0xffffffff80a74db5 in fork_exit (
    callout=3D0xffffffff80a78290 <ithread_loop>, arg=3D0xfffff8000a37d4c0,=
=20
    frame=3D0xfffffe07c72baac0) at /usr/src/sys/kern/kern_fork.c:1040
#21 0xffffffff80f9218e in fork_trampoline ()
    at /usr/src/sys/amd64/amd64/exception.S:611
#22 0x0000000000000000 in ?? ()

--=20
You are receiving this mail because:
You are the assignee for the bug.=