Crash while disconnecting notebook from dock, network related

From: Vladimir Grebenschikov <vova_at_fbsd.ru>
Date: Fri, 27 Mar 2009 13:47:24 +0300
Hi

Recent 8-CURRENT kernel crashes on disconnection notebook from dock station.

It happens sometimes.

Most probably bug actually related to network stack, on dock disconnect
following commands executed:

/opt/bin/service netif stop em0; /opt/bin/service netif start ath0

(un-configure em0, configure ath0)

all network devices are on board, so they are not disconnected for bus physically.

# uname -a
FreeBSD vbook 8.0-CURRENT FreeBSD 8.0-CURRENT #4: Wed Mar 18 17:18:28 MSK 2009 root_at_vbook:/usr/obj/usr/src/sys/VBOOK i386

# kgdb /boot/kernel/kernel /var/crash/vmcore.2
...
Unread portion of the kernel message buffer:
panic: sbflush_internal: cc 94 || mb 0 || mbcnt 0
KDB: enter: panic
KDB: stack backtrace:
Uptime: 3h5m31s
Physical memory: 2038 MB
Dumping 229 MB: 214 198 182 166 150 134 118 102 86 70 54 38 22 6
...
#0  doadump () at pcpu.h:246
246	pcpu.h: No such file or directory.
	in pcpu.h
(kgdb) bt
#0  doadump () at pcpu.h:246
#1  0xc0550573 in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:420
#2  0xc05507ad in panic (fmt=Variable "fmt" is not available.
) at /usr/src/sys/kern/kern_shutdown.c:576
#3  0xc059f58e in sbflush_internal (sb=0xc5681b08) at /usr/src/sys/kern/uipc_sockbuf.c:817
#4  0xc059f661 in sbrelease_internal (sb=0xc5681b08, so=0xc5681ab8) at /usr/src/sys/kern/uipc_sockbuf.c:329
#5  0xc059f6c8 in sbdestroy (sb=0xc5681b08, so=0xc5681ab8) at /usr/src/sys/kern/uipc_sockbuf.c:357
#6  0xc05a0f7a in sofree (so=0xc5681ab8) at /usr/src/sys/kern/uipc_socket.c:623
#7  0xc05a1fe1 in soclose (so=0xc5681ab8) at /usr/src/sys/kern/uipc_socket.c:694
#8  0xc058d669 in soo_close (fp=0xc559a6c8, td=0xc5043880) at /usr/src/sys/kern/sys_socket.c:282
#9  0xc051db13 in _fdrop (fp=0xc559a6c8, td=0xc5043880) at file.h:293
#10 0xc051f008 in closef (fp=0xc559a6c8, td=0xc5043880) at /usr/src/sys/kern/kern_descrip.c:2006
#11 0xc051f4fd in kern_close (td=0xc5043880, fd=10) at /usr/src/sys/kern/kern_descrip.c:1105
#12 0xc051f5da in close (td=0xc5043880, uap=0xe783fcf8) at /usr/src/sys/kern/kern_descrip.c:1057
#13 0xc06bb747 in syscall (frame=0xe783fd38) at /usr/src/sys/i386/i386/trap.c:1066
#14 0xc06a2dd0 in Xint0x80_syscall () at /usr/src/sys/i386/i386/exception.s:261
#15 0x00000033 in ?? ()
Previous frame inner to this frame (corrupt stack?)
(kgdb) fr 3
#3  0xc059f58e in sbflush_internal (sb=0xc5681b08) at /usr/src/sys/kern/uipc_sockbuf.c:817
817			panic("sbflush_internal: cc %u || mb %p || mbcnt %u",
(kgdb) l sbflush_internal
800	/*
801	 * Free all mbufs in a sockbuf.  Check that all resources are reclaimed.
802	 */
803	static void
804	sbflush_internal(struct sockbuf *sb)
805	{
806	
807		while (sb->sb_mbcnt) {
808			/*
809			 * Don't call sbdrop(sb, 0) if the leading mbuf is non-empty:
(kgdb) 
810			 * we would loop forever. Panic instead.
811			 */
812			if (!sb->sb_cc && (sb->sb_mb == NULL || sb->sb_mb->m_len))
813				break;
814			sbdrop_internal(sb, (int)sb->sb_cc);
815		}
816		if (sb->sb_cc || sb->sb_mb || sb->sb_mbcnt)
817			panic("sbflush_internal: cc %u || mb %p || mbcnt %u",
818			    sb->sb_cc, (void *)sb->sb_mb, sb->sb_mbcnt);
819	}
(kgdb) p sb->sb_cc
$1 = 94
(kgdb) p  sb->sb_mb
$2 = (struct mbuf *) 0x0
(kgdb) p sb->sb_mbcnt
$3 = 0
(kgdb) 

-- 
Vladimir B. Grebenschikov
vova_at_fbsd.ru
Received on Fri Mar 27 2009 - 10:26:55 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:45 UTC