From nobody Sat Feb 10 10:25:11 2024 X-Original-To: transport@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4TX6L03dPVz59Q48 for ; Sat, 10 Feb 2024 10:25:12 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4TX6L02bKdz4hWw for ; Sat, 10 Feb 2024 10:25:12 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1707560712; a=rsa-sha256; cv=none; b=hwmELIh/H4kbUAAnTpA/MYdloGn3W45Ly5Vk1syDhsFo1ukQp/nARwHiOl6jLuglzjNIju HMbX6Tsb8Bc4giXZqmV8tctGK3hiWFzU/yVm46f/c7HNLncio/S6xDSzEVZXlQMJYThnOQ 5SMdZ6GU29tRlDvVH6prP/IOhoKrMJI6K7Ami9P0394txsYCoYv7MukOghMLUo5faWLSHd f6gbycTZMOBNaSK8il4np1RvlhVa3c8qz+S12Bo77V4iIjrvwQeOuhjR0qKZheMnJdCcYz L9WmcxWh+Hsd7B+BDaO1gIVK6bCNLiizgWnUcFpd6XRq8Vsx+qRQf4TFWq7XIg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1707560712; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=nkpASIv9RO7ntmvgnWG0HZPiTKvaJuZcxhacpC8bMbg=; b=OaYTvR1STNK1u4DaIXcF8UZxWIhtOhRAoy7Z/Nfc/skIy00VijOBi0/7tCH3Gut79Ftvop 6S3lauDhas9jUjHukLP7N1pMhXwcPCXj14C3nNimqs+aFO9o0hpaJYybPpTEY5ZgUsNccb VQP2sVbOCIBYG1zcW/njCwYgq0Z80vrIWBYOqU7idST0gUtMHojWBv3KwUdgbequs7HGie 0BjCE/1gk8rZSo5tnHCUE9azkML1KuvzoiJY+6S95V5VD1/V0EAXr/Dss/bdg8RaLBoKSa ZMpt9buxsdfXK/1OYc1JE9vkPSRDiU4H8L8K3RteDSzEyWJN7kaf6hYXpYYnxA== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4TX6L01X0gz1BvV for ; Sat, 10 Feb 2024 10:25:12 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 41AAPC82064094 for ; Sat, 10 Feb 2024 10:25:12 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 41AAPCxp064093 for transport@FreeBSD.org; Sat, 10 Feb 2024 10:25:12 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: transport@FreeBSD.org Subject: [Bug 276761] panic: sbsndptr_noadv: sb_mb is NULL Date: Sat, 10 Feb 2024 10:25:11 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: CURRENT X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: rscheff@freebsd.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: transport@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Discussions List-Archive: https://lists.freebsd.org/archives/freebsd-transport List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-transport@freebsd.org X-BeenThere: freebsd-transport@freebsd.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D276761 --- Comment #13 from Richard Scheffenegger --- Just a summary of our findings: Under rare circumstances, tcp_close() is called without being followed up quickly - prior of any timer going off - by tcp_discardcb(). In tcp_close()= the socket buffers are relinquished, but the clean up of associated state would only be done later in tcp_discardcb().=20 The change exposing this was to no longer discard the SACK scoreboard immediately with a Retransmission timeout, in order to avoid unneccessary retransmissions in such an event. The SACK scoreboard is used for transmiss= ion selection during loss recovery or retransmission timeouts. Additionally, timers could be restarted after having sent a RST packet from tcp_drop() - while the session was already closed. In summary, it appears that there always existed the problem of inconsistent state in between tcp_close() and tcp_discardcb(), where a timer could trigg= er. However, as an RTO would previously clean the SACK scoreboard state, this w= ould not lead to external visible misbehavior or a panic. The three commits address these issues individually - clean any SACK state together with releasing the socket buffer - stop re-arming any timers in the case of sending a RST (while in CLOSED state) - stop timers in tcp_close() instead of waiting for the final clean-up of t= cpcb state in tcp_discardcb(). --=20 You are receiving this mail because: You are the assignee for the bug.=