Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 25 Oct 2002 18:25:44 -0400
From:      Don Bowman <don@sandvine.com>
To:        "'freebsd-stable@freebsd.org'" <freebsd-stable@freebsd.org>, "'freebsd-net@freebsd.org'" <freebsd-net@freebsd.org>
Subject:   panic in 4.7 in close / sbdrop
Message-ID:  <FE045D4D9F7AED4CBFF1B3B813C8533701022D87@mail.sandvine.com>
next in thread | raw e-mail | index | archive | help 
I have a machine running 4.7. I can panic it by sending a reasonably
high load of tcp open/close from/to it. The trace below is from
a socket from localhost to localhost (sendmail). The max number
of open file descriptors I would have had would be ~4500.
The rx buffer says it has 43008 bytes, but there are no mbufs
chained. The system was not out of mbufs or clusters.

Suggestions on what I might look @?

#0  dumpsys () at /usr/src/sys/kern/kern_shutdown.c:487
#1  0xc01c41c7 in boot (howto=256) at /usr/src/sys/kern/kern_shutdown.c:316
#2  0xc01c4639 in panic (fmt=0xc0331205 "sbdrop")
    at /usr/src/sys/kern/kern_shutdown.c:595
#3  0xc01e60e7 in sbdrop (sb=0xeaf677e8, len=43008)
    at /usr/src/sys/kern/uipc_socket2.c:877
#4  0xc01e607c in sbflush (sb=0xeaf677e8)
    at /usr/src/sys/kern/uipc_socket2.c:852
#5  0xc022697f in tcp_disconnect (tp=0xecf24a40)
    at /usr/src/sys/netinet/tcp_usrreq.c:1077
#6  0xc02260f2 in tcp_usr_disconnect (so=0xeaf677a0)
    at /usr/src/sys/netinet/tcp_usrreq.c:406
#7  0xc01e3450 in sodisconnect (so=0xeaf677a0)
    at /usr/src/sys/kern/uipc_socket.c:422
#8  0xc01e326a in soclose (so=0xeaf677a0)
    at /usr/src/sys/kern/uipc_socket.c:302
#9  0xc01d73fa in soo_close (fp=0xd049ab80, p=0xe91bd5a0)
    at /usr/src/sys/kern/sys_socket.c:195
#10 0xc01b9c37 in fdrop (fp=0xd049ab80, p=0xe91bd5a0)
    at /usr/src/sys/sys/file.h:217
#11 0xc01b9b7f in closef (fp=0xd049ab80, p=0xe91bd5a0)
    at /usr/src/sys/kern/kern_descrip.c:1277
#12 0xc01b978c in fdfree (p=0xe91bd5a0)
    at /usr/src/sys/kern/kern_descrip.c:1059
#13 0xc01bc475 in exit1 (p=0xe91bd5a0, rv=0)
    at /usr/src/sys/kern/kern_exit.c:187
#14 0xc01bc2dc in exit1 (p=0xe91bd5a0, rv=16777218)
    at /usr/src/sys/kern/kern_exit.c:103
#15 0xc02edc71 in syscall2 (frame={tf_fs = 47, tf_es = 47, tf_ds = 47, 
      tf_edi = 0, tf_esi = 15, tf_ebp = -1077950764, tf_isp = -221909036, 
      tf_ebx = 0, tf_edx = 126, tf_ecx = -1077950820, tf_eax = 1, 
      tf_trapno = 0, tf_err = 2, tf_eip = 673302376, tf_cs = 31, 
      tf_eflags = 659, tf_esp = -1077950856, tf_ss = 47})
    at /usr/src/sys/i386/i386/trap.c:1175
#16 0xc02da38b in Xint0x80_syscall ()


void
sbdrop(sb, len)
        register struct sockbuf *sb;
        register int len;
{
        register struct mbuf *m;
        struct mbuf *next;
 
        next = (m = sb->sb_mb) ? m->m_nextpkt : 0;
        while (len > 0) {
                if (m == 0) {
                        if (next == 0)
                                panic("sbdrop");<<<<<<<<<<<<<<<
                        m = next;
                        next = m->m_nextpkt;
                        continue;
                }
(kgdb) p/x *sb
$39 = {sb_cc = 0xa800, sb_hiwat = 0xe000, sb_mbcnt = 0xbd00, 
  sb_mbmax = 0x40000, sb_lowat = 0x1, sb_mb = 0x0, sb_mbtail = 0x0, 
  sb_lastrecord = 0x0, sb_sel = {si_pid = 0x0, si_note = {slh_first = 0x0}, 
    si_flags = 0x0}, sb_flags = 0x0, sb_timeo = 0x0}
called from:

void
sbflush(sb)
        register struct sockbuf *sb;
{
        KASSERT((sb->sb_flags & SB_LOCK) == 0, ("sbflush: locked"));

        while (sb->sb_mbcnt)
                sbdrop(sb, (int)sb->sb_cc);<<<<<<<<<<<<<<<<<<


called from:
static struct tcpcb *
tcp_disconnect(tp)
        register struct tcpcb *tp;
{
        struct socket *so = tp->t_inpcb->inp_socket;
 
        if (tp->t_state < TCPS_ESTABLISHED)
                tp = tcp_close(tp);
        else if ((so->so_options & SO_LINGER) && so->so_linger == 0)
                tp = tcp_drop(tp, 0);
        else {
                soisdisconnecting(so);
                sbflush(&so->so_rcv); <<<<<<<<<<<<<<<<<
                tp = tcp_usrclosed(tp);
                if (tp)
                        (void) tcp_output(tp);
        }
        return (tp);
}
(kgdb) p/x *tp
$44 = {t_segq = {lh_first = 0x0}, t_dupacks = 0x0, unused = 0x0, 
  tt_rexmt = 0xecf24b24, tt_persist = 0xecf24b3c, tt_keep = 0xecf24b54, 
  tt_2msl = 0xecf24b6c, tt_delack = 0xecf24b84, t_inpcb = 0xecf24980, 
  t_state = 0x4, t_flags = 0x801e0, t_force = 0x0, snd_una = 0x8bcbf58f, 
  snd_max = 0x8bcbf58f, snd_nxt = 0x8bcbf58f, snd_up = 0x8bcbf58f, 
  snd_wl1 = 0xab47117a, snd_wl2 = 0x8bcbf58f, iss = 0x8bcbf3cb, 
  irs = 0xab4710f2, rcv_nxt = 0xab47fea8, rcv_adv = 0xab47f17a, 
  rcv_wnd = 0xe000, rcv_up = 0xab47117a, snd_wnd = 0xe000, snd_cwnd =
0xffff, 
  snd_bwnd = 0x3fffc000, snd_ssthresh = 0x3fffc000, snd_bandwidth = 0x0, 
  snd_recover = 0x8bcbf3cb, t_maxopd = 0x3fd8, t_rcvtime = 0x101c3f1, 
  t_starttime = 0x4588, t_rtttime = 0x0, t_rtseq = 0x8bcbf52f, 
  t_bw_rtttime = 0x4588, t_bw_rtseq = 0x0, t_rxtcur = 0x4b0, 
  t_maxseg = 0x3800, t_srtt = 0x14, t_rttvar = 0xb, t_rxtshift = 0x0, 
  t_rttmin = 0x3e8, t_rttbest = 0x1f, t_rttupdated = 0x5, max_sndwnd =
0xe000, 
  t_softerror = 0x0, t_oobflags = 0x0, t_iobc = 0x0, snd_scale = 0x0, 
  rcv_scale = 0x0, request_r_scale = 0x0, requested_s_scale = 0x0, 
  ts_recent = 0x101c3f1, ts_recent_age = 0x101c3f1, 
  last_ack_sent = 0xab47fea8, cc_send = 0x0, cc_recv = 0x0, 
  snd_cwnd_prev = 0x0, snd_ssthresh_prev = 0x0, t_badrxtwin = 0x0}
(kgdb) p/x *so
$45 = {so_type = 0x1, so_options = 0xc, so_linger = 0x0, so_state = 0x3a, 
  so_pcb = 0xecf24980, so_proto = 0xc0376b28, so_head = 0x0, so_incomp = {
    tqh_first = 0x0, tqh_last = 0x0}, so_comp = {tqh_first = 0x0, 
    tqh_last = 0x0}, so_list = {tqe_next = 0x0, tqe_prev = 0xeaf67a5c}, 
  so_qlen = 0x0, so_incqlen = 0x0, so_qlimit = 0x0, so_timeo = 0x0, 
  so_error = 0x0, so_sigio = 0x0, so_oobmark = 0x0, so_aiojobq = {
    tqh_first = 0x0, tqh_last = 0xeaf677e0}, so_rcv = {sb_cc = 0xa800, 
    sb_hiwat = 0xe000, sb_mbcnt = 0xbd00, sb_mbmax = 0x40000, sb_lowat =
0x1, 
    sb_mb = 0x0, sb_mbtail = 0x0, sb_lastrecord = 0x0, sb_sel = {si_pid =
0x0, 
      si_note = {slh_first = 0x0}, si_flags = 0x0}, sb_flags = 0x0, 
    sb_timeo = 0x0}, so_snd = {sb_cc = 0x0, sb_hiwat = 0xe000, sb_mbcnt =
0x0, 
    sb_mbmax = 0x40000, sb_lowat = 0x800, sb_mb = 0x0, sb_mbtail = 0x0, 
    sb_lastrecord = 0x0, sb_sel = {si_pid = 0x0, si_note = {slh_first =
0x0}, 
      si_flags = 0x0}, sb_flags = 0x0, sb_timeo = 0x0}, so_upcall = 0x0, 
  so_upcallarg = 0x0, so_cred = 0xd0490780, so_gencnt = 0xaf, 
  so_emuldata = 0x0, so_accf = 0x0}
(kgdb) p/x *so->so_proto
$49 = {pr_type = 0x1, pr_domain = 0xc0376ce0, pr_protocol = 0x6, 
  pr_flags = 0x2c, pr_input = 0xc0220334, pr_output = 0x0, 
  pr_ctlinput = 0xc0224094, pr_ctloutput = 0xc02266c4, pr_ousrreq = 0x0, 
  pr_init = 0xc022348c, pr_fasttimo = 0x0, pr_slowtimo = 0xc0225a1c, 
  pr_drain = 0xc0223c70, pr_usrreqs = 0xc0378ca0}

--don (don@sandvine.com www.sandvine.com)

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?FE045D4D9F7AED4CBFF1B3B813C8533701022D87>