Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 15 Feb 2007 22:08:40 +0000 (GMT)
From:      Robert Watson <rwatson@FreeBSD.org>
To:        "Florian C. Smeets" <flo@kasimir.com>
Cc:        freebsd-current@freebsd.org
Subject:   Re: panic: sblastmbufchk from /usr/src/sys/kern/uipc_sockbuf.c:513
Message-ID:  <20070215220502.F16259@fledge.watson.org>
In-Reply-To: <45D4D840.1080009@kasimir.com>
References:  <45D4D840.1080009@kasimir.com>

next in thread | previous in thread | raw e-mail | index | archive | help

On Thu, 15 Feb 2007, Florian C. Smeets wrote:

> here is another panic i can reproduce quickly. The circumstances are the 
> same as for the sbflush() panic i reported earlier: 
> http://docs.freebsd.org/cgi/mid.cgi?45C64E3A.7050407
>
> This is a soekris net4801, where sis0 is connected to my lan and sis1 is 
> connected to the ADSL modem.
>
> This panic also seems to be socket buffer related.
>
> I tried to use the new show socket and show sockbuf commands where possible 
> but i did not find any sockbuf address. i'm not an expert in kernel 
> debugging, though ;-(

This looks interesting, but indeed, you didn't manage to find one of the 
socket pointers to try it "show socket" on.  The pointer you wanted was 
0xc135b3e4, the first argument to sosend(), FYI.

With a core and kgdb, the results of the following from the sosend() stack 
frame would be helpful:

   print *so
   print *so->so_proto
   print *(struct inpcb *)so->so_pcb
   print *(struct tcpcb *)(((struct inpcb *)so->so_pcb)->inp_ppcb)

The last line might need a little tweaking, I don't have kgdb in front of me.

Thanks,

Robert N M Watson
Computer Laboratory
University of Cambridge

> sblastmbufchk: sb_mb 0xc13a6400 sb_mbtail 0xc105e400 last 0xc10fb500
> packet tree:
>        0xc13a6400 0xc10fbd00 0xc13ab300 0xc105e400 0xc0fc3b00 0xc10fb500
> panic: sblastmbufchk from /usr/src/sys/kern/uipc_sockbuf.c:513
> KDB: enter: panic
> [thread pid 1052 tid 100040 ]
> Stopped at      kdb_enter+0x2b: nop
> db> where
> Tracing pid 1052 tid 100040 td 0xc0f17cb0
> kdb_enter(c06b0fd6) at kdb_enter+0x2b
> panic(c06b5268,c06954c1,c06b52a7,201,c135b4a0,...) at panic+0xbb
> sblastmbufchk(c135b4a0,c06b52a7,201,c135b4a0,c7b6ab28,...) at
> sblastmbufchk+0xbd
> sbappendstream_locked(c135b4a0,c0fc4d00) at sbappendstream_locked+0x17
> sbappendstream(c135b4a0,c0fc4d00) at sbappendstream+0x3d
> tcp_usr_send(c135b3e4,0,c0fc4d00,0,0,...) at tcp_usr_send+0x128
> sosend_generic(c135b3e4,0,c7b6ac6c,c0fc4d00,0,...) at sosend_generic+0x421
> sosend(c135b3e4,0,c7b6ac6c,0,0,0,c0f17cb0) at sosend+0x22
> soo_write(c1297000,c7b6ac6c,c123bb00,0,c0f17cb0) at soo_write+0x5a
> dofilewrite(c0f17cb0,2c,c1297000,c7b6ac6c,ffffffff,...) at dofilewrite+0x77
> kern_writev(c0f17cb0,2c,c7b6ac6c,bfbfbf08,0,...) at kern_writev+0x36
> write(c0f17cb0,c7b6ad00) at write+0x45
> syscall(c7b6ad38) at syscall+0x2a2
> Xint0x80_syscall() at Xint0x80_syscall+0x20
> - --- syscall (0, FreeBSD ELF32, nosys), eip = 0x2, esp = 0x296, ebp =
> 0x12d0 ---
> db> show socket 0xc13a6400
> socket at 0xc13a6400
>  so_count: -1055933184   so_type: 0 (unknown)
>  so_options: 0x0 ()
>  so_linger: 24576   so_state: 0xffffc140 (SS_NBIOSS_PROTOREF)
>  so_qstate: 0x1000 (SQ_COMP)   so_pcb: 0x1   so_proto: 0x1
>  so_proto at 0x1
>
> db> show socket 0xc105e400
> socket at 0xc105e400
>  so_count: -1057211648   so_type: 0 (unknown)
>  so_options: 0x0 ()
>  so_linger: 12288   so_state: 0xffffc109 (SS_FDREF, SS_ISDISCONNECTING,
> SS_NBIOSS_PROTOREF)
>  so_qstate: 0x348 ()   so_pcb: 0x1   so_proto: 0x1
>  so_proto at 0x1
>
> db> show socket 0xc10fb500
> socket at 0xc10fb500
>  so_count: 0   so_type: 0 (unknown)
>  so_options: 0x0 ()
>  so_linger: -26624   so_state: 0xffffc111 (SS_FDREF, SS_NBIOSS_PROTOREF)
>  so_qstate: 0x2d0 ()   so_pcb: 0x1   so_proto: 0x1
>  so_proto at 0x1
>
> db> show socket 0xc10fbd00
> socket at 0xc10fbd00
>  so_count: -1053117696   so_type: 0 (unknown)
>  so_options: 0x0 ()
>  so_linger: 22528   so_state: 0xffffc112 (SS_ISCONNECTED,
> SS_NBIOSS_PROTOREF)
>  so_qstate: 0x218 ()   so_pcb: 0x1   so_proto: 0x1
>  so_proto at 0x1
>
> db> show socket 0xc13ab300
> socket at 0xc13ab300
>  so_count: -1056578560   so_type: 0 (unknown)
>  so_options: 0x0 ()
>  so_linger: 24576   so_state: 0xffffc115 (SS_FDREF, SS_ISCONNECTING,
> SS_NBIOSS_PROTOREF)
>  so_qstate: 0x1000 (SQ_COMP)   so_pcb: 0x1   so_proto: 0x1
>  so_proto at 0x1
>
> db> show socket 0xc0fc3b00
> socket at 0xc0fc3b00
>  so_count: -1055935232   so_type: 0 (unknown)
>  so_options: 0x0 ()
>  so_linger: -20480   so_state: 0xffffc140 (SS_NBIOSS_PROTOREF)
>  so_qstate: 0x1000 (SQ_COMP)   so_pcb: 0x1   so_proto: 0x1
>  so_proto at 0x1
>
> db> show allchains
> chain 1:
> thread 100005 (pid 11, swi4: clock sio) blocked on lock 0xc071d148
> (sleep mutex) "Giant"
> thread 100041 (pid 474, ppp) blocked on lock 0xc1387c60 (sleep mutex) "inp"
> thread 100040 (pid 1052, initial thread) running on CPU 0
> db> show lock 0xc071d148
> class: sleep mutex
> name: Giant
> flags: {DEF, RECURSE}
> state: {OWNED, CONTESTED}
> owner: 0xc0f17ae0 (tid 100041, pid 474, "ppp")
> db> show lock 0xc1387c60
> class: sleep mutex
> name: inp
> type: tcpinp
> flags: {DEF, RECURSE, DUPOK}
> state: {OWNED, CONTESTED}
> owner: 0xc0f17cb0 (tid 100040, pid 1052, "mlnet-real")
>
> I also have a core for this.
>
> Cheers
> Florian
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.6 (Darwin)
>
> iD8DBQFF1NhAA+1tjUZ1YScRAi84AJwJ+Z3F5uwr89o8BRqmfDBNPEIE2wCgmUmz
> UggksWzFj5yFOtCLz6BjAec=
> =5AuI
> -----END PGP SIGNATURE-----
> _______________________________________________
> freebsd-current@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-current
> To unsubscribe, send any mail to "freebsd-current-unsubscribe@freebsd.org"
>



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070215220502.F16259>