From nobody  Mon Jan 25 18:24:51 1999
Received: (from nobody@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id SAA01731;
          Mon, 25 Jan 1999 18:24:51 -0800 (PST)
          (envelope-from nobody)
Message-Id: <199901260224.SAA01731@hub.freebsd.org>
Date: Mon, 25 Jan 1999 18:24:51 -0800 (PST)
From: yasu@mrit.mei.co.jp
To: freebsd-gnats-submit@freebsd.org
Subject: panic in sbdrop(kern/uipc_socket2.c)
X-Send-Pr-Version: www-1.0

>Number:         9689
>Category:       kern
>Synopsis:       panic in sbdrop(kern/uipc_socket2.c)
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Jan 25 18:30:00 PST 1999
>Closed-Date:    Thu Jan 17 08:12:05 PST 2002
>Last-Modified:  Thu Jan 17 08:31:09 PST 2002
>Originator:     WATANABE, Yasuhiko
>Release:        FreeBSD waltz 4.0-CURRENT FreeBSD 4.0-CURRENT #3: Sat Jan 23 13:54:25 JST 1999
>Organization:
Matsushita Research Institute Tokyo, Inc.
>Environment:
FreeBSD waltz 4.0-CURRENT FreeBSD 4.0-CURRENT #3: Sat Jan 23 13:54:25 JST 1999     yasu@waltz:/usr/src/sys/compile/WALTZ  i386
>Description:
Kernel panic happend in sbdrop shown in the following dump.

Script started on Tue Jan 26 11:18:37 1999
# gdb -k keernl.g.1 vmcore.1
GDB is free software and you are welcome to distribute copies of it
 under certain conditions; type "show copying" to see the conditions.
There is absolutely no warranty for GDB; type "show warranty" for details.
GDB 4.16 (i386-unknown-freebsd), 
Copyright 1996 Free Software Foundation, Inc...
IdlePTD 2863104
initial pcb at 255e80
panicstr: from debugger
panic messages:
---
panic: sbdrop
panic: from debugger

dumping to dev 50001, offset 111824
dump 127 126 125 124 123 122 121 120 119 118 117 116 115 114 113 112 111 110 109 108 107 106 105 104 103 102 101 100 99 98 97 96 95 94 93 92 91 90 89 88 87 86 85 84 83 82 81 80 79 78 77 76 75 74 73 72 71 70 69 68 67 66 65 64 63 62 61 60 59 58 57 56 55 54 53 52 51 50 49 48 47 46 45 44 43 42 41 40 39 38 37 36 35 34 33 32 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 
---
#0  boot (howto=260) at ../../kern/kern_shutdown.c:285
285			dumppcb.pcb_cr3 = rcr3();
(kgdb) bt
#0  boot (howto=260) at ../../kern/kern_shutdown.c:285
#1  0xf01428e5 in panic (fmt=0xf021ff54 "from debugger")
    at ../../kern/kern_shutdown.c:446
#2  0xf0122d8d in db_panic (addr=-266374125, have_addr=0, count=-1, 
    modif=0xf023bb6c "") at ../../ddb/db_command.c:432
#3  0xf0122d2d in db_command (last_cmdp=0xf023e054, cmd_table=0xf023deb4, 
    aux_cmd_tablep=0xf025370c) at ../../ddb/db_command.c:332
#4  0xf0122df2 in db_command_loop () at ../../ddb/db_command.c:454
#5  0xf0125143 in db_trap (type=3, code=0) at ../../ddb/db_trap.c:71
#6  0xf01f71ee in kdb_trap (type=3, code=0, regs=0xf023bc5c)
    at ../../i386/i386/db_interface.c:157
#7  0xf0201494 in trap (frame={tf_es = 16, tf_ds = 16, tf_edi = -260786162, 
      tf_esi = 256, tf_ebp = -266093408, tf_isp = -266093436, 
      tf_ebx = -266189251, tf_edx = -266134944, tf_ecx = -267677952, 
      tf_eax = 18, tf_trapno = 3, tf_err = 0, tf_eip = -266374125, tf_cs = 8, 
      tf_eflags = 598, tf_esp = -266134960, tf_ss = -266194869})
    at ../../i386/i386/trap.c:548
#8  0xf01f7413 in Debugger (msg=0xf022304b "panic")
    at ../../i386/i386/db_interface.c:317
#9  0xf01428dc in panic (fmt=0xf022463d "sbdrop")
    at ../../kern/kern_shutdown.c:444
#10 0xf015c3a8 in sbdrop (sb=0xf590bb08, len=128)
    at ../../kern/uipc_socket2.c:739
#11 0xf018a4e5 in tcp_input (m=0xf0756c00, iphlen=20)
    at ../../netinet/tcp_input.c:1473
#12 0xf0185fb4 in ip_input (m=0xf0756c00) at ../../netinet/ip_input.c:693
#13 0xf0186013 in ipintr () at ../../netinet/ip_input.c:720
(kgdb) frame 10
#10 0xf015c3a8 in sbdrop (sb=0xf590bb08, len=128)
    at ../../kern/uipc_socket2.c:739
739					panic("sbdrop");
(kgdb) list
734	
735		next = (m = sb->sb_mb) ? m->m_nextpkt : 0;
736		while (len > 0) {
737			if (m == 0) {
738				if (next == 0)
739					panic("sbdrop");
740				m = next;
741				next = m->m_nextpkt;
742				continue;
743			}
(kgdb) up
#11 0xf018a4e5 in tcp_input (m=0xf0756c00, iphlen=20)
    at ../../netinet/tcp_input.c:1473
1473				sbdrop(&so->so_snd, acked);
(kgdb) list
1468			if (acked > so->so_snd.sb_cc) {
1469				tp->snd_wnd -= so->so_snd.sb_cc;
1470				sbdrop(&so->so_snd, (int)so->so_snd.sb_cc);
1471				ourfinisacked = 1;
1472			} else {
1473				sbdrop(&so->so_snd, acked);
1474				tp->snd_wnd -= acked;
1475				ourfinisacked = 0;
1476			}
1477			sowwakeup(so);
(kgdb) up
#12 0xf0185fb4 in ip_input (m=0xf0756c00) at ../../netinet/ip_input.c:693
693		(*inetsw[ip_protox[ip->ip_p]].pr_input)(m, hlen);
(kgdb) list
688	
689		/*
690		 * Switch out to protocol's input routine.
691		 */
692		ipstat.ips_delivered++;
693		(*inetsw[ip_protox[ip->ip_p]].pr_input)(m, hlen);
694	#ifdef	IPFIREWALL_FORWARD
695		ip_fw_fwd_addr = NULL;	/* tcp needed it */
696	#endif
697		return;
(kgdb) quit
# ls
bounds      kernel.0    kernel.1    kernel.g.1* typescript  vmcore.0    vmcore.1 
# exit

Script done on Tue Jan 26 11:19:53 1999

>How-To-Repeat:
Not known.
>Fix:

>Release-Note:
>Audit-Trail:

From: Sergiy Zhuk <serge@yahoo-inc.com>
To: freebsd-gnats-submit@freebsd.org, yasu@mrit.mei.co.jp
Cc:  
Subject: Re: kern/9689: panic in sbdrop(kern/uipc_socket2.c)
Date: Mon, 06 Dec 1999 17:53:28 -0800

 hi
 
 freebsd 3.3 stable
 
 same problem, but different source:
 
 (kgdb) bt
 #0  boot (howto=256) at ../../kern/kern_shutdown.c:285
 #1  0xc013e1f4 in at_shutdown (
     function=0xc020bf11
 <__set_sysctl__kern_ipc_sym_sysctl___kern_ipc_somaxconn+
 189>, arg=0xd821c2c4, queue=-668876160) at ../../kern/kern_shutdown.c:446
 #2  0xc0157db8 in sbdrop (sb=0xd821c2c4, len=4)
     at ../../kern/uipc_socket2.c:748
 #3  0xc0157d44 in sbflush (sb=0xd821c2c4) at ../../kern/uipc_socket2.c:727
 #4  0xc0181d3b in tcp_disconnect (tp=0xd8625cc0)
     at ../../netinet/tcp_usrreq.c:763
 #5  0xc018151a in tcp_usr_disconnect (so=0xd821c280)
     at ../../netinet/tcp_usrreq.c:268
 #6  0xc0155d34 in sodisconnect (so=0xd821c280) at ../../kern/uipc_socket.c:360
 #7  0xc0155b6a in soclose (so=0xd821c280) at ../../kern/uipc_socket.c:246
 #8  0xc014c5a7 in soo_close (fp=0xc3b31ac0, p=0xd8cfad60)
     at ../../kern/sys_socket.c:181
 #9  0xc0137020 in closef (fp=0xc3b31ac0, p=0xd8cfad60)
     at ../../kern/kern_descrip.c:1065
 #10 0xc0136671 in close (p=0xd8cfad60, uap=0xd8d9cf94)
     at ../../kern/kern_descrip.c:504
 #11 0xc01f7b5f in syscall (frame={tf_es = 39, tf_ds = -1078263769, 
       tf_edi = 32, tf_esi = 0, tf_ebp = -1077951320, tf_isp = -656814108, 
       tf_ebx = 32, tf_edx = -255, tf_ecx = 0, tf_eax = 6, tf_trapno = 7, 
       tf_err = 7, tf_eip = 1437813, tf_cs = 31, tf_eflags = 514, 
       tf_esp = -1077952520, tf_ss = 39}) at ../../i386/i386/trap.c:1100
 #12 0x15f075 in ?? ()
 #13 0x2e0f7 in ?? ()
 #14 0x2cded in ?? ()
 #15 0x1095 in ?? ()
 
 (kgdb) frame 2
 #2  0xc0157db8 in sbdrop (sb=0xd821c2c4, len=4)
     at ../../kern/uipc_socket2.c:748
 748                                     panic("sbdrop");
 
 (kgdb) list
 743
 744             next = (m = sb->sb_mb) ? m->m_nextpkt : 0;
 745             while (len > 0) {
 746                     if (m == 0) {
 747                             if (next == 0)
 748                                     panic("sbdrop");
 749                             m = next;
 750                             next = m->m_nextpkt;
 751                             continue;
 752                     }
 
 
 no idea how to repeat, but it happens pretty often
 
 --
 rgds,
 serge
 
State-Changed-From-To: open->feedback 
State-Changed-By: dd 
State-Changed-When: Sat Jun 9 16:58:28 PDT 2001 
State-Changed-Why:  
Is this still a problem with more recent releases? 

http://www.FreeBSD.org/cgi/query-pr.cgi?pr=9689 
State-Changed-From-To: feedback->closed 
State-Changed-By: sheldonh 
State-Changed-When: Thu Jan 17 08:12:05 PST 2002 
State-Changed-Why:  
Automatic feedback timeout.  If additional feedback that warrants 
the re-opening of this PR is available but not included in the 
audit trail, please include the feedback in a reply to this message 
(preserving the Subject line) and ask that the PR be re-opened. 
Automatic feedback timeout.  If additional feedback that warrants 
the re-opening of this PR is available but not included in the 
audit trail, please include the feedback in a reply to this message 
(preserving the Subject line) and ask that the PR be re-opened. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=9689 
>Unformatted:
