tech-net archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: panic: sbdrop
On Thu, Apr 02, 2009 at 02:43:32PM -0600, Herb Peyerl wrote:
>
> On 2-Apr-09, at 2:33 PM, Manuel Bouyer wrote:
> >on this netbsd-5 box (test NFS server with 2 fast linux clients) I got
> >(after fixing m_split() to handle 0 len, see previous mail):
> >
> >panic: sbdrop
> >fatal breakpoint trap in supervisor mode
> >trap type 1 code 0 eip c03faa4c cs 8 eflags 246 cr2 cdb59000 ilevel 4
> >Stopped in pid 0.3 (system) at netbsd:breakpoint+0x4: popl %ebp
> >db{0}> tr
> >breakpoint
> >(c065149e,cd13bbac,c06adc00,c0361439,6,c3c14500,cd13bba0,c0388770,5043
> >5051,ffffffff) at netbsd:breakpoint+0x4
> >panic
> >(c0655801,c3c14500,ffffffff,c035dc93,50435851,c06adc00,0,e8,c3ba07e0,c
> >3c14400) at netbsd:panic+0x1b0
> >sbdrop(c3ba07e0,e8,c3c1446c,14,20,0,c3b40d00,14,cd13bca8,ce320030)
> >at netbsd:sbdrop+0x2f8
> >tcp_input(c3c14400,14,6,1,c01280ea,cbf87a00,0,0,14,cbf87a00) at
> >netbsd:tcp_input+0x24b7
> >ip_input(c3c14400,0,7,cbf87a00,cd137154,cd1371ec,cd13bd80,c03433ed,
> >0,cd130010) at netbsd:ip_input+0x61f
> >ipintr
> >(0,cd130010,cbf80030,cbf80010,c2da0010,0,f87c80,c2da3780,0,cd13bda0) a
> >t netbsd:ipintr+0x4d
> >softint_dispatch(cbf87c80,4,0,0,0,0,cd13bd90,cd13ba68,cd13bac0,18)
> >at netbsd:softint_dispatch+0xcd
> >DDB lost frame for netbsd:Xsoftintr+0x3d, trying 0xcd13bd88
> >Xsoftintr() at netbsd:Xsoftintr+0x3d
>
> I've had an equivalent panic and traceback that I eventually narrowed
> down to a duplicate mfree... ie: a UDP packet was encountered in the
> TCP stack.
Did you have NFS server active when you encountered this ?
I got another panic:
panic: tcp_output
fatal breakpoint trap in supervisor mode
trap type 1 code 0 eip c03faa4c cs 8 eflags 246 cr2 cdbd1000 ilevel 4
Stopped in pid 251.1 (nfsd) at netbsd:breakpoint+0x4: popl %ebp
db{1}> tr
breakpoint(c065149e,ce8bd9d8,c2d07800,c0388a96,4,1,2,c035dc93,34,c3c2abbc) at
netbsd:breakpoint+0x4
panic(c0624d8a,c06a1780,ce8bd9fc,c035dc93,504354a1,c2d07800,0,c06a80a0,b50,6a80a0)
at netbsd:panic+0x1b0
tcp_output(c3c2abbc,0,0,0,0,0,0,0,0,c3c2abbc) at netbsd:tcp_output+0x196e
tcp_usrreq(c3ba48c8,7,0,0,0,0,0,2,c3ba48c8,0) at netbsd:tcp_usrreq+0x168
tcp_usrreq_wrapper(c3ba48c8,7,0,0,0,0,0,c3ba48c8,0,ce79e200) at
netbsd:tcp_usrreq_wrapper+0x41
soshutdown(c3ba48c8,2,c0712e18,c0331e5a,80,0,c3bbc600,ce79e200,ce9b87d4,ce9b87e0)
at netbsd:soshutdown+0x89
nfsrv_zapsock(ce79e200,4,ce8bdbd4,ce8bdbda,cbf7ab40,c0712e18,0,c2d07918,c0712e18,0)
at netbsd:nfsrv_zapsock+0x9f
nfssvc_nfsd(ce8bdc38,804a2e0,ce9cf040,0,0,0,0,0,0,ffffffff) at
netbsd:nfssvc_nfsd+0x820
sys_nfssvc(ce9cf040,ce8bdd00,ce8bdd28,bfbff000,ce49a0d4,ce49a0d4,2,4,804a2e0,bfbfee94)
at netbsd:sys_nfssvc+0x332
syscall(ce8bdd48,b3,ab,bfbf001f,bbbd001f,d,1,bfbfee94,0,bfbffff0) at
netbsd:syscall+0xc8
db{1}> mach cpu 0
using CPU 0
db{1}> tr
x86_pause(6,c03e90a6,0,0,c034f16b,cbf87c80,7,0,0,0) at netbsd:x86_pause
_kernel_lock(1,0,0,0,cbf87c80,c2da2580,c2da3a80,c010854d,c2da2540,cd136c98)
atnetbsd:_kernel_lock+0x135
intr_biglock_wrapper(c2da2540,cd136c98,0,0,0,0,0,0,0,0) at
netbsd:intr_biglock_wrapper+0x16
DDB lost frame for netbsd:Xintr_ioapic_level9+0xad, trying 0xcd5b3f74
Xintr_ioapic_level9() at netbsd:Xintr_ioapic_level9+0xad
--- interrupt ---
--- switch to interrupt stack ---
x86_mwait(0,0,0,c033c0f2,cbf87c80,cbf84ec0,cd136d2c,c0327d76,0,0) at
netbsd:x86_mwait+0xc
x86_cpu_idle_mwait(0,0,c032da49,0,0,0,c06adc48,cbf87c80,c0327bf0,cbf87c80) at
netbsd:x86_cpu_idle_mwait+0x4e
idle_loop(cbf87c80,0,c01002a7,0,c01002a7,0,0,0,0,0) at netbsd:idle_loop+0x186
I also got a core dump. The panic would be from
if (tp->t_template->m_len < iphdrlen)
panic("tcp_output");
(gdb) print tp
$1 = (struct tcpcb *) 0xc3c2abbc
(gdb) print *tp
$2 = {t_family = 2, segq = {tqh_first = 0x0, tqh_last = 0xc3c2abc0},
t_segqlen = 0, t_timer = {{_c_store = {0xc0704400, 0xc3c2ac1c, 0xc01355e0,
0xc3c2abbc, 0xc07043a0, 0x31917, 0x100, 0x11deeba1, 0x0, 0x0}}, {
_c_store = {0x0, 0x0, 0xc0135400, 0xc3c2abbc, 0xc07043a0, 0x0, 0x100,
0x11deeba1, 0x0, 0x0}}, {_c_store = {0xc0705478, 0xc0705478,
0xc01351c0, 0xc3c2abbc, 0xc07043a0, 0xe1549, 0x102, 0x11deeba1, 0x0,
0x0}}, {_c_store = {0x0, 0x0, 0xc01350d0, 0xc3c2abbc, 0xc07043a0, 0x0,
0x100, 0x11deeba1, 0x0, 0x0}}}, t_state = 6, t_rxtshift = 0,
t_rxtcur = 3, t_dupacks = 0, t_partialacks = -1, t_peermss = 1460,
t_ourmss = 1460, t_segsz = 1448, t_force = 0 '\0', t_flags = 2532,
t_template = 0xc3b6f700, t_inpcb = 0xc2e7e72c, t_in6pcb = 0x0,
t_delack_ch = {_c_store = {0x0, 0x0, 0x0, 0x0, 0xc07043a0, 0x0, 0x100,
0x11deeba1, 0x0, 0x0}}, snd_una = 3816002330, snd_nxt = 3816002330,
snd_up = 3816002330, snd_wl1 = 1221504773, snd_wl2 = 3816002330,
iss = 3816002329, snd_wnd = 5888, snd_recover = 3816002329,
snd_high = 3816002330, rcv_wnd = 65944, rcv_nxt = 1221506221,
rcv_up = 1221504421, irs = 1221504420, rcv_adv = 1221570365,
snd_max = 3816002330, snd_cwnd = 5841, snd_ssthresh = 1073725440,
rfbuf_cnt = 0, rfbuf_ts = 1, t_rcvtime = 4056, t_rtttime = 0, t_rtseq = 0,
t_srtt = 39, t_rttvar = 3, t_rttmin = 2, max_sndwnd = 5888,
t_oobflags = 0 '\0', t_iobc = 0 '\0', t_softerror = 0, snd_scale = 7 '\a',
rcv_scale = 3 '\003', request_r_scale = 3 '\003',
requested_s_scale = 7 '\a', ts_recent = 1056925100, ts_recent_age = 4056,
ts_timebase = 4055, last_ack_sent = 1221506221, t_bytes_acked = 0,
rcv_sack_flags = 0 '\0', rcv_dsack_block = {left = 0, right = 0}, timeq = {
tqh_first = 0x0, tqh_last = 0xc3c2ad48}, snd_holes = {tqh_first = 0x0,
tqh_last = 0xc3c2ad50}, snd_numholes = 0, rcv_lastsack = 0,
sack_newdata = 0, snd_fack = 0, t_sc = {lh_first = 0x0}, t_lastm = 0x0,
t_inoff = 0, t_lastoff = 0, t_lastlen = 0, t_mtudisc = 1,
t_pmtud_mss_acked = 1, t_pmtud_mtu_sent = 64, t_pmtud_th_seq = 0,
t_pmtud_nextmtu = 0, t_pmtud_ip_len = 0, t_pmtud_ip_hl = 0,
t_ecn_retries = 0 '\0', t_congctl = 0xc051535c, t_keepinit = 150,
t_keepidle = 14400, t_keepintvl = 150, t_keepcnt = 8, t_maxidle = 1200}
(gdb) print tp->t_template
$3 = (struct mbuf *) 0xc3b6f700
(gdb) print *tp->t_template
$4 = {m_hdr = {mh_next = 0x0, mh_nextpkt = 0x0,
mh_data = 0xc3b6f720 "onfdefs.h. */\n", mh_owner = 0xc06a80a0,
mh_len = 16, mh_flags = 0, mh_paddr = 2110007040, mh_type = 1}, M_dat = {
MH = {MH_pkthdr = {rcvif = 0x64666e6f, tags = {slh_first = 0x2e736665},
len = 538979944, csum_flags = 667434, csum_data = 3355443328,
segsz = 1102260095}, MH_dat = {MH_ext = {ext_ref = 0x0, ext_storage = {
ext_refcnt = 33554432, ext_flags = -1551499008,
ext_buf = 0x3000000 <Address 0x3000000 out of bounds>,
ext_free = 0x7000000, ext_arg = 0x1000000, ext_size = 536870912,
ext_type = 0xd4a95100, ext_un = {extun_paddr = 67108864,
extun_pgs = {0x4000000, 0x746f7274, 0x6b4f0000, 0x349e0000,
0x2000000, 0x284e0000, 0x349e0000, 0x0, 0x0, 0x1c000000,
0x1218, 0x78b, 0xc, 0x15bee0, 0x2dc6d753, 0x0, 0x0}},
ext_ofile = 0x0, ext_nfile = 0x0, ext_oline = 1224736768,
ext_nline = 33554432}},
MH_databuf =
"\000\000\000\000\000\000\000\002\000\001\206£\000\000\000\003\000\000\000\a\000\000\000\001\000\000\000
\000Q©Ô\000\000\000\004trot\000\000Ok\000\000\2364\000\000\000\002\000\000N(\000\000\2364",
'\0' <repeats 11 times>,
"\034\030\022\000\000\213\a\000\000\f\000\000\000à¾\025\000S×Æ-", '\0' <repeats
19 times>, "I\000\000\000\002\000\000\000Iconftest.c:80: warning: conflicting
types for built-in function 'memset'\n\000\000\000\200\000\000 "}},
M_databuf = "onfdefs.h.
*/\n\000\200\000\000È\177'³A\000\000\000\000\000\000\000\002\000\001\206£\000\000\000\003\000\000\000\a\000\000\000\001\000\000\000
\000Q©Ô\000\000\000\004trot\000\000Ok\000\000\2364\000\000\000\002\000\000N(\000\000\2364",
'\0' <repeats 11 times>,
"\034\030\022\000\000\213\a\000\000\f\000\000\000à¾\025\000S×Æ-", '\0' <repeats
19 times>, "I\000\000\000\002\000\000\000Iconftest.c:80: warning: conflicting
types for built-in function 'm"...}}
I guess it's a IPv4 packet, so iphdrlen would be 40 ...
--
Manuel Bouyer <bouyer%antioche.eu.org@localhost>
NetBSD: 26 ans d'experience feront toujours la difference
--
Home |
Main Index |
Thread Index |
Old Index