Andre Oppermann wrote: > Kris Kennaway wrote: > >> I got this panic shortly after boot on a freshly-updated amd64 >> machine: >> >> FreeBSD/amd64 (fbsd-amd64.isc.org) (ttyd0) >> >> login: panic: mb_dtor_pack: ref_cnt != 1 >> cpuid = 3 >> KDB: enter: panic >> [thread pid 1021 tid 100131 ] >> Stopped at kdb_enter+0x31: leave >> db> wh >> Tracing pid 1021 tid 100131 td 0xffffff0323816a40 >> kdb_enter() at kdb_enter+0x31 >> panic() at panic+0x1e6 >> mb_dtor_pack() at mb_dtor_pack+0x103 >> uma_zfree_arg() at uma_zfree_arg+0x34 >> mb_free_ext() at mb_free_ext+0xe9 >> soreceive() at soreceive+0xafb >> soo_read() at soo_read+0x5e >> dofileread() at dofileread+0x9e >> kern_readv() at kern_readv+0x4f >> read() at read+0x4b >> syscall() at syscall+0x350 >> Xfast_syscall() at Xfast_syscall+0xa8 >> --- syscall (3, FreeBSD ELF64, read), rip = 0x800b7e23c, rsp = >> 0x7fffffffe1a8, rbp = 0x400 --- > > There is some modify-after-free going on with that mbuf cluster. > The mandatory mbuf cluster refcounting bringing it to the light. > > Something is smelly in the socket buffer code and we have to out > what exactly goes wrong. Actually it's a logic bug in the mb_free_ext() code. Damn. Patch in an hour. -- AndreReceived on Fri Nov 04 2005 - 10:51:10 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:47 UTC