Subject: kern/29527: kern/uipc_socket2.c's sbdrop() panics
To: None <,,>
From: None <>
List: netbsd-bugs
Date: 02/25/2005 12:13:01
>Number:         29527
>Category:       kern
>Synopsis:       sbdrop()'s code incorrect if len > 0, m == 0
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Fri Feb 25 12:13:00 +0000 2005
>Originator:     Peter Bex
>Release:        NetBSD 2.0
System: NetBSD 2.0 NetBSD 2.0 (FROHIKE) #0: Wed Dec 22 10:00:59 CET 2004 i386
Architecture: i386
Machine: i386
	My kernel panicked one day in sbdrop() from kern/uipc_socket2.c.
	Looking at the code quickly (even though I don't _really_ understand
	it) it looks like the function gets a  len > 0  and  sb of which
	sb->sb_mb == 0 In this case we clearly get a panic.

	Unfortunately, my sync request for ddb failed, causing another
	problem, so I did another sync.  This screwed up my core dump.
	If necessary, I can provide it, though.
	Unknown.  At the time two rather heavy bittorrent processes were
	running, so I suspect it can occur on very heavy network load.

	I had INET6 disabled, if it matters.