kern/137795: [sctp] panic: mtx_lock() of destroyed mutex

Bruce Cran bruce at cran.org.uk
Sat Aug 15 12:00:16 UTC 2009


>Number:         137795
>Category:       kern
>Synopsis:       [sctp] panic: mtx_lock() of destroyed mutex
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sat Aug 15 12:00:15 UTC 2009
>Closed-Date:
>Last-Modified:
>Originator:     Bruce Cran
>Release:        8.0-BETA2
>Organization:
>Environment:
FreeBSD tau.draftnet 8.0-BETA2 FreeBSD 8.0-BETA2 #0: Thu Aug 13 21:45:22 BST 2009     brucec at tau.draftnet:/usr/obj/usr/src/sys/DELL  amd64
>Description:
When running a shell script which does nothing but try to connect to another machine, the system eventually panics:

panic: mtx_lock() of destroyed mutex
@ /usr/src/sys/netinet/sctp_output.c:12767

GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and
you are welcome to change it and/or distribute copies of it under
certain conditions. Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for
details. This GDB was configured as "amd64-marcel-freebsd"...

Unread portion of the kernel message buffer:
panic: mtx_lock() of destroyed mutex
@ /usr/src/sys/netinet/sctp_output.c:12767 cpuid = 1
KDB: enter: panic
Uptime: 49s
Physical memory: 4078 MB
Dumping 1251 MB:

Fatal trap 12: page fault while in kernel mode
cpuid = 1; apic id = 01
fault virtual address	= 0x4 1236 1220 1204 1188 1172 1156 1140
1124 1108 1092 1076 1060 1044 1028 1012 996 980 964 948 932 916 900 884
868 852 836 820 804 788 772 756 740 724 708 692 676 660 644 628 612 596
580 564 548 532 516 500 484 468 452 436 420 404 388 372 356 340 324 308
292 276 260 244 228 212 196 180 164 148 132 116 100 84 68 52 36 20 4

Reading symbols from /boot/kernel/blank_saver.ko...Reading symbols
from /boot/kernel/blank_saver.ko.symbols...done. done.
Loaded symbols for /boot/kernel/blank_saver.ko
#0  doadump () at pcpu.h:223
223	pcpu.h: No such file or directory.
	in pcpu.h
(kgdb) #0  doadump () at pcpu.h:223
#1  0xffffffff80582023 in boot (howto=260)
    at /usr/src/sys/kern/kern_shutdown.c:419
#2  0xffffffff805824ac in panic (fmt=Variable "fmt" is not available.
)
    at /usr/src/sys/kern/kern_shutdown.c:575
#3  0xffffffff80573b75 in _mtx_lock_flags (m=0x0, opts=0, 
    file=0xffffffff80980c58 "/usr/src/sys/netinet/sctp_output.c",
line=12767) at /usr/src/sys/kern/kern_mutex.c:195
#4  0xffffffff806c8252 in sctp_lower_sosend (so=0xffffff0004d19aa0,
addr=0x0, uio=0xffffff807987ca30, i_pak=Variable "i_pak" is not
available. )
    at /usr/src/sys/netinet/sctp_output.c:12767
#5  0xffffffff806ca749 in sctp_sosend (so=0xffffff0004d19aa0, addr=0x0, 
    uio=0xffffff807987ca30, top=0x0, control=0x0, flags=0, 
    p=0xffffff0004b81000) at /usr/src/sys/netinet/sctp_output.c:12336
#6  0xffffffff805f1c05 in kern_sendit (td=0xffffff0004b81000, s=3, 
    mp=0xffffff807987cb00, flags=0, control=0x0, segflg=UIO_USERSPACE)
    at /usr/src/sys/kern/uipc_syscalls.c:783
#7  0xffffffff805f1e0c in sendit (td=0xffffff0004b81000, s=3, 
    mp=0xffffff807987cb00, flags=0)
at /usr/src/sys/kern/uipc_syscalls.c:719 #8  0xffffffff805f1efd in
sendto (td=Variable "td" is not available. )
    at /usr/src/sys/kern/uipc_syscalls.c:835
#9  0xffffffff80862d3f in syscall (frame=0xffffff807987cc80)
    at /usr/src/sys/amd64/amd64/trap.c:984
#10 0xffffffff80849301 in Xfast_syscall ()
    at /usr/src/sys/amd64/amd64/exception.S:373
#11 0x0000000800c501dc in ?? ()
Previous frame inner to this frame (corrupt stack?)
(kgdb) 
>How-To-Repeat:
Run:

cat /dev/random | ./ncat --sctp 192.168.1.80 2345

After anywhere from a few to a few hundred attempts, the system will panic.  ncat is the SCTP enabled version from http://www.roe.ch/Nmap_SCTP
>Fix:


>Release-Note:
>Audit-Trail:
>Unformatted:


More information about the freebsd-bugs mailing list