kern/95699: Kernel panics with sbdrop
Konstantin Saurbier
saurbier at math.uni-bielefeld.de
Thu Apr 13 15:20:25 UTC 2006
>Number: 95699
>Category: kern
>Synopsis: Kernel panics with sbdrop
>Confidential: no
>Severity: serious
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Thu Apr 13 15:20:23 GMT 2006
>Closed-Date:
>Last-Modified:
>Originator: Konstantin Saurbier
>Release: FreeBSD 6.0-RELEASE
>Organization:
>Environment:
FreeBSD nectar.math.uni-bielefeld.de 6.0-RELEASE FreeBSD 6.0-RELEASE #0: Wed Jan 25 18:37:17 CET 2006 root at nectar.math.uni-bielefeld.de:/usr/obj/usr/src/sys/GENERIC i386
>Description:
I've encountered a strange problem while using FreeBSD 6.0 for our local
mirror (mirror.math.uni-bielefeld.de) and thus is providing access via ftp,
http, rsync and cvsup (all local and remote). The system crashes
periodically with a kernel panic (panic: sbdrop). The uptimes between two
crashes are going from a few hours to a few weeks.
The system is a i386, Intel Pentium 4 based with 512MB ram and a 3ware-7000
(twe) raid controller containig 1 raid 5 set with approx. 1.9TB. The kernel
is a GENERIC kernel without changes of the config.
This bug report is filed as requested by Robert N M Watson and is related to
http://lists.freebsd.org/pipermail/freebsd-stable/2006-April/024576.html
Now following some debugging traces:
Unread portion of the kernel message buffer:
panic: sbdrop
Uptime: 22h22m7s
Dumping 503 MB (2 chunks)
chunk 0: 1MB (159 pages) ... ok
chunk 1: 503MB (128752 pages) 487 471 455 439 423 407 391 375 359 343 327 311 295 279 263 247 231 215 199 183 167 151 135 119 103 87 71 55 39 23 7
#0 doadump () at pcpu.h:165
165 __asm __volatile("movl %%fs:0,%0" : "=r" (td));
(kgdb) backtrace
#0 doadump () at pcpu.h:165
#1 0xc068d10e in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:399
#2 0xc068d680 in panic (fmt=0xc090c16a "sbdrop")
at /usr/src/sys/kern/kern_shutdown.c:555
#3 0xc06d266c in sbdrop_locked (sb=0xc20aca84, len=1)
at /usr/src/sys/kern/uipc_socket2.c:1157
#4 0xc06d3d93 in sbdrop (sb=0xc20aca84, len=0)
at /usr/src/sys/kern/uipc_socket2.c:1208
#5 0xc0748a7d in tcp_input (m=0xc1c09100, off0=-1039845124)
at /usr/src/sys/netinet/tcp_input.c:1201
#6 0xc0740147 in ip_input (m=0xc1c09100)
at /usr/src/sys/netinet/ip_input.c:778
#7 0xc07171ff in netisr_processqueue (ni=0xc09ca4f8)
at /usr/src/sys/net/netisr.c:236
#8 0xc07174be in swi_net (dummy=0x0) at /usr/src/sys/net/netisr.c:349
#9 0xc06740e5 in ithread_loop (arg=0xc19c3280)
at /usr/src/sys/kern/kern_intr.c:547
#10 0xc0673110 in fork_exit (callout=0xc067402c <ithread_loop>, arg=0x0,
frame=0x0) at /usr/src/sys/kern/kern_fork.c:789
#11 0xc0894a1c in fork_trampoline () at /usr/src/sys/i386/i386/exception.s:208
(kgdb) bt full
#0 doadump () at pcpu.h:165
No locals.
#1 0xc068d10e in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:399
first_buf_printf = 1
#2 0xc068d680 in panic (fmt=0xc090c16a "sbdrop")
at /usr/src/sys/kern/kern_shutdown.c:555
bootopt = 260
newpanic = 0
buf = "sbdrop", '\0' <repeats 249 times>
#3 0xc06d266c in sbdrop_locked (sb=0xc20aca84, len=1)
at /usr/src/sys/kern/uipc_socket2.c:1157
m = (struct mbuf *) 0x0
next = (struct mbuf *) 0x0
#4 0xc06d3d93 in sbdrop (sb=0xc20aca84, len=0)
at /usr/src/sys/kern/uipc_socket2.c:1208
No locals.
#5 0xc0748a7d in tcp_input (m=0xc1c09100, off0=-1039845124)
at /usr/src/sys/netinet/tcp_input.c:1201
dbuf = "\024\000\000\000\000»ÀÁ?\033\bÔä¬\211ÀXº\231Á¬\033\bÔx\034\bÔÃM\211ÀG\000\000\000\b\000\000\000(\000\bÔ(\000lÀ"
sbuf = "\0003\234Ál\033\bÔ\200òÁ\0003\234Á\224\033\bÔ¿\201\211À\0003\234Á\000\000\000\000\000\000\000\000\000¹\226Á\027\000\000\000\020(ÝÁ"
th = (struct tcphdr *) 0xc1b2f824
ip = (struct ip *) 0xc1b2f810
inp = (struct inpcb *) 0xc3ec5ca8
optp = (u_char *) 0xc1b2f838 "\001\001\b\n:\r·\027\004Ì\236ò#E²W"
optlen = 12
len = 69
tlen = 0
off = 32
drop_hdrlen = 52
tp = (struct tcpcb *) 0xc20538fc
thflags = 16
so = (struct socket *) 0xc20ac9bc
todrop = 69
acked = 69
ourfinisacked = 0
needoutput = 0
tiwin = 5840
to = {to_flags = 1, to_tsval = 973977367, to_tsecr = 80518898,
to_mss = 0, to_requested_s_scale = 0 '\0', to_nsacks = 0 '\0',
to_sacks = 0x0}
headlocked = 0
rstreason = 69
ip6 = (struct ip6_hdr *) 0x0
isipv6 = 0
#6 0xc0740147 in ip_input (m=0xc1c09100)
at /usr/src/sys/netinet/ip_input.c:778
ip = (struct ip *) 0xc1b2f810
ia = (struct in_ifaddr *) 0xc1c0bb00
ifa = (struct ifaddr *) 0xc1c0bb00
checkif = 0
hlen = 20
sum = 0
dchg = 0
odst = {s_addr = 3250633472}
#7 0xc07171ff in netisr_processqueue (ni=0xc09ca4f8)
at /usr/src/sys/net/netisr.c:236
m = (struct mbuf *) 0xc1c09100
#8 0xc07174be in swi_net (dummy=0x0) at /usr/src/sys/net/netisr.c:349
ni = (struct netisr *) 0xc09ca4f8
bits = 0
i = 0
#9 0xc06740e5 in ithread_loop (arg=0xc19c3280)
at /usr/src/sys/kern/kern_intr.c:547
ih = (struct intrhand *) 0xc19c1080
p = (struct proc *) 0xc19b0624
count = 0
warned = 0
hlen = 20
sum = 0
dchg = 0
odst = {s_addr = 3250633472}
#7 0xc07171ff in netisr_processqueue (ni=0xc09ca4f8)
at /usr/src/sys/net/netisr.c:236
m = (struct mbuf *) 0xc1c09100
#8 0xc07174be in swi_net (dummy=0x0) at /usr/src/sys/net/netisr.c:349
ni = (struct netisr *) 0xc09ca4f8
bits = 0
i = 0
#9 0xc06740e5 in ithread_loop (arg=0xc19c3280)
at /usr/src/sys/kern/kern_intr.c:547
ih = (struct intrhand *) 0xc19c1080
p = (struct proc *) 0xc19b0624
count = 0
warned = 0
#10 0xc0673110 in fork_exit (callout=0xc067402c <ithread_loop>, arg=0x0,
frame=0x0) at /usr/src/sys/kern/kern_fork.c:789
p = (struct proc *) 0xc19b0624
#11 0xc0894a1c in fork_trampoline () at /usr/src/sys/i386/i386/exception.s:208
No locals.
>How-To-Repeat:
Let the system run a few day with moderate network load and it will crash.
>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list