On Tue, 11 Apr 2006, Konstantin Saurbier wrote:
I've encountered a strange problem while using FreeBSD 6.0 for our local
mirror (mirror.math.uni-bielefeld.de) and thus is providing access via ftp,
http, rsync and cvsup (all local and remote). The system crashes
periodically with a kernel panic (panic: sbdrop). The uptimes between two
crashes are going from a few hours to a few weeks.
The system is a i386, Intel Pentium 4 based with 512MB ram and a 3ware-7000
(twe) raid controller containig 1 raid 5 set with approx. 1.9TB. The kernel
is a GENERIC kernel without changes of the config. These are the kernel
dumps:
There have been one or more long-term bugs we've been attempting to track down
that result in socket buffer corruption discovered only on socket close (hence
in sbdrop() when we flush the cover). We've had a lot of trouble tracking it
down, and it's not clear that it's actually a single bug, since the sbdrop()
panic is a sanity check that can detect a number of types of problems. We
could, for example, be looking at a network interface driver bug. There are
changes in progress in the 7.x branch to further clean up the socket code on
SMP, and they might fix some outstanding problems. There are a couple of
instances of this bug report in the PR database, but if you could file the
below details, it would be helpful. I'm on travel currently, but will take
another stab at this when back.
Robert N M Watson
Unread portion of the kernel message buffer:
panic: sbdrop
Uptime: 22h22m7s
Dumping 503 MB (2 chunks)
chunk 0: 1MB (159 pages) ... ok
chunk 1: 503MB (128752 pages) 487 471 455 439 423 407 391 375 359 343 327 311
295 279 263 247 231 215 199 183 167 151 135 119 103 87 71 55 39 23 7
#0 doadump () at pcpu.h:165
165 __asm __volatile("movl %%fs:0,%0" : "=r" (td));
(kgdb) backtrace
#0 doadump () at pcpu.h:165
#1 0xc068d10e in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:399
#2 0xc068d680 in panic (fmt=0xc090c16a "sbdrop")
at /usr/src/sys/kern/kern_shutdown.c:555
#3 0xc06d266c in sbdrop_locked (sb=0xc20aca84, len=1)
at /usr/src/sys/kern/uipc_socket2.c:1157
#4 0xc06d3d93 in sbdrop (sb=0xc20aca84, len=0)
at /usr/src/sys/kern/uipc_socket2.c:1208
#5 0xc0748a7d in tcp_input (m=0xc1c09100, off0=-1039845124)
at /usr/src/sys/netinet/tcp_input.c:1201
#6 0xc0740147 in ip_input (m=0xc1c09100)
at /usr/src/sys/netinet/ip_input.c:778
#7 0xc07171ff in netisr_processqueue (ni=0xc09ca4f8)
at /usr/src/sys/net/netisr.c:236
#8 0xc07174be in swi_net (dummy=0x0) at /usr/src/sys/net/netisr.c:349
#9 0xc06740e5 in ithread_loop (arg=0xc19c3280)
at /usr/src/sys/kern/kern_intr.c:547
#10 0xc0673110 in fork_exit (callout=0xc067402c <ithread_loop>, arg=0x0,
frame=0x0) at /usr/src/sys/kern/kern_fork.c:789
#11 0xc0894a1c in fork_trampoline () at /usr/src/sys/i386/i386/exception.s:208
Now the output of bt full:
(kgdb) bt full
#0 doadump () at pcpu.h:165
No locals.
#1 0xc068d10e in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:399
first_buf_printf = 1
#2 0xc068d680 in panic (fmt=0xc090c16a "sbdrop")
at /usr/src/sys/kern/kern_shutdown.c:555
bootopt = 260
newpanic = 0
buf = "sbdrop", '\0' <repeats 249 times>
#3 0xc06d266c in sbdrop_locked (sb=0xc20aca84, len=1)
at /usr/src/sys/kern/uipc_socket2.c:1157
m = (struct mbuf *) 0x0
next = (struct mbuf *) 0x0
#4 0xc06d3d93 in sbdrop (sb=0xc20aca84, len=0)
at /usr/src/sys/kern/uipc_socket2.c:1208
No locals.
#5 0xc0748a7d in tcp_input (m=0xc1c09100, off0=-1039845124)
at /usr/src/sys/netinet/tcp_input.c:1201
dbuf =
"\024\000\000\000\000»ÀÁ?\033\bÔä¬\211ÀXº\231Á¬\033\bÔx\034\bÔÃM\211ÀG\000\000\000\b\000\000\000(\000\bÔ(\000lÀ"
sbuf =
"\0003\234Ál\033\bÔ\200òÁ\0003\234Á\224\033\bÔ¿\201\211À\0003\234Á\000\000\000\000\000\000\000\000\000¹\226Á\027\000\000\000\020(ÝÁ"
th = (struct tcphdr *) 0xc1b2f824
ip = (struct ip *) 0xc1b2f810
inp = (struct inpcb *) 0xc3ec5ca8
optp = (u_char *) 0xc1b2f838 "\001\001\b\n:\r·\027\004Ì\236ò#E²W"
optlen = 12
len = 69
tlen = 0
off = 32
drop_hdrlen = 52
tp = (struct tcpcb *) 0xc20538fc
thflags = 16
so = (struct socket *) 0xc20ac9bc
todrop = 69
acked = 69
ourfinisacked = 0
needoutput = 0
tiwin = 5840
to = {to_flags = 1, to_tsval = 973977367, to_tsecr = 80518898,
to_mss = 0, to_requested_s_scale = 0 '\0', to_nsacks = 0 '\0',
to_sacks = 0x0}
headlocked = 0
rstreason = 69
ip6 = (struct ip6_hdr *) 0x0
isipv6 = 0
#6 0xc0740147 in ip_input (m=0xc1c09100)
at /usr/src/sys/netinet/ip_input.c:778
ip = (struct ip *) 0xc1b2f810
ia = (struct in_ifaddr *) 0xc1c0bb00
ifa = (struct ifaddr *) 0xc1c0bb00
checkif = 0
hlen = 20
sum = 0
dchg = 0
odst = {s_addr = 3250633472}
#7 0xc07171ff in netisr_processqueue (ni=0xc09ca4f8)
at /usr/src/sys/net/netisr.c:236
m = (struct mbuf *) 0xc1c09100
#8 0xc07174be in swi_net (dummy=0x0) at /usr/src/sys/net/netisr.c:349
ni = (struct netisr *) 0xc09ca4f8
bits = 0
i = 0
#9 0xc06740e5 in ithread_loop (arg=0xc19c3280)
at /usr/src/sys/kern/kern_intr.c:547
ih = (struct intrhand *) 0xc19c1080
p = (struct proc *) 0xc19b0624
count = 0
warned = 0
hlen = 20
sum = 0
dchg = 0
odst = {s_addr = 3250633472}
#7 0xc07171ff in netisr_processqueue (ni=0xc09ca4f8)
at /usr/src/sys/net/netisr.c:236
m = (struct mbuf *) 0xc1c09100
#8 0xc07174be in swi_net (dummy=0x0) at /usr/src/sys/net/netisr.c:349
ni = (struct netisr *) 0xc09ca4f8
bits = 0
i = 0
#9 0xc06740e5 in ithread_loop (arg=0xc19c3280)
at /usr/src/sys/kern/kern_intr.c:547
ih = (struct intrhand *) 0xc19c1080
p = (struct proc *) 0xc19b0624
count = 0
warned = 0
#10 0xc0673110 in fork_exit (callout=0xc067402c <ithread_loop>, arg=0x0,
frame=0x0) at /usr/src/sys/kern/kern_fork.c:789
p = (struct proc *) 0xc19b0624
#11 0xc0894a1c in fork_trampoline () at /usr/src/sys/i386/i386/exception.s:208
No locals.
I hope that helps. If you need further information or if you have some hints or
directions for me, please send me a mail.
--
Best regards,
Konstantin Saurbier
------------------------------------------------------
Konstantin Saurbier Tel.: 0521 106 3861
Computerlabor Mathematik U5-138
Universitaet Bielefeld Universitaetsstr.25
33501 Bielefeld
email: [EMAIL PROTECTED]
------------------------------------------------------
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
