Re: panic: mb_dtor_pack: ref_cnt != 1

From: Andre Oppermann <andre_at_freebsd.org>
Date: Fri, 04 Nov 2005 15:32:26 +0100
Kris Kennaway wrote:
> I got this panic shortly after boot on a freshly-updated amd64
> machine:
> 
> FreeBSD/amd64 (fbsd-amd64.isc.org) (ttyd0)
> 
> login: panic: mb_dtor_pack: ref_cnt != 1
> cpuid = 3
> KDB: enter: panic
> [thread pid 1021 tid 100131 ]
> Stopped at      kdb_enter+0x31: leave
> db> wh
> Tracing pid 1021 tid 100131 td 0xffffff0323816a40
> kdb_enter() at kdb_enter+0x31
> panic() at panic+0x1e6
> mb_dtor_pack() at mb_dtor_pack+0x103
> uma_zfree_arg() at uma_zfree_arg+0x34
> mb_free_ext() at mb_free_ext+0xe9
> soreceive() at soreceive+0xafb
> soo_read() at soo_read+0x5e
> dofileread() at dofileread+0x9e
> kern_readv() at kern_readv+0x4f
> read() at read+0x4b
> syscall() at syscall+0x350
> Xfast_syscall() at Xfast_syscall+0xa8
> --- syscall (3, FreeBSD ELF64, read), rip = 0x800b7e23c, rsp = 0x7fffffffe1a8, rbp = 0x400 ---

This should fix it.  Commit in half an hour.

-- 
Andre


Index: kern/uipc_mbuf.c
===================================================================
RCS file: /home/ncvs/src/sys/kern/uipc_mbuf.c,v
retrieving revision 1.156
diff -u -p -r1.156 uipc_mbuf.c
--- kern/uipc_mbuf.c    2 Nov 2005 16:20:35 -0000       1.156
+++ kern/uipc_mbuf.c    4 Nov 2005 14:28:31 -0000
_at__at_ -215,9 +215,11 _at__at_ mb_free_ext(struct mbuf *m)

         /* Free attached storage if this mbuf is the only reference to it. */
         if (*(m->m_ext.ref_cnt) == 1 ||
-           atomic_fetchadd_int(m->m_ext.ref_cnt, -1) == 1) {
+           atomic_fetchadd_int(m->m_ext.ref_cnt, -1) == 0) {
                 switch (m->m_ext.ext_type) {
-               case EXT_CLUSTER:
+               case EXT_CLUSTER:       /* The packet zone is special. */
+                       if (*(m->m_ext.ref_cnt) == 0)
+                               *(m->m_ext.ref_cnt) = 1;
                         uma_zfree(zone_pack, m);
                         return;         /* Job done. */
                         break;
Index: kern/kern_mbuf.c
===================================================================
RCS file: /home/ncvs/src/sys/kern/kern_mbuf.c,v
retrieving revision 1.12
diff -u -p -r1.12 kern_mbuf.c
--- kern/kern_mbuf.c    2 Nov 2005 16:20:35 -0000       1.12
+++ kern/kern_mbuf.c    4 Nov 2005 14:28:31 -0000
_at__at_ -395,11 +395,10 _at__at_ mb_ctor_clust(void *mem, int size, void
  static void
  mb_dtor_clust(void *mem, int size, void *arg)
  {
-       u_int *refcnt;

-       refcnt = uma_find_refcnt(zone_clust, mem);
-       KASSERT(*refcnt == 1, ("%s: refcnt incorrect %u", __func__, *refcnt));
-       *refcnt = 0;
+       KASSERT(*(uma_find_refcnt(zone_clust, mem)) == 0 &&
+               *(uma_find_refcnt(zone_clust, mem)) == 1,
+               ("%s: refcnt incorrect %u", __func__, *refcnt));
  #ifdef INVARIANTS
         trash_dtor(mem, size, arg);
  #endif
Received on Fri Nov 04 2005 - 13:31:41 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:47 UTC