Re: panic: sbappendstream 1 [head/amd64 _at_r293419]

From: Jonathan T. Looney <jtl_at_freebsd.org>
Date: Fri, 8 Jan 2016 09:34:23 -0500
On 1/8/16, 9:05 AM, "David Wolfskill" <owner-freebsd-current_at_freebsd.org
on behalf of david_at_catwhisker.org> wrote:

>After the first panic, I rebuilt the kernel without -DNO_CLEAN; the
>crash dump & other diagnostic info is from the clean build.
>
>January  8, 2016 at 05:57:27 AM PST
>
>FreeBSD freebeast.catwhisker.org 11.0-CURRENT FreeBSD 11.0-CURRENT #1954
>r293419M/293420:1100093: Fri Jan  8 05:09:57 PST 2016
>root_at_freebeast.catwhisker.org:/common/S4/obj/usr/src/sys/GENERIC  amd64
>
>panic: sbappendstream 1
>
>...
>Unread portion of the kernel message buffer:
>panic: sbappendstream 1
>cpuid = 7
>KDB: stack backtrace:
>db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame
>0xfffffe085e0595b0
>vpanic() at vpanic+0x182/frame 0xfffffe085e059630
>kassert_panic() at kassert_panic+0x126/frame 0xfffffe085e0596a0
>sbappendstream_locked() at sbappendstream_locked+0xa5/frame
>0xfffffe085e0596d0
>uipc_send() at uipc_send+0x942/frame 0xfffffe085e059780
>sosend_generic() at sosend_generic+0x42f/frame 0xfffffe085e059840
>kern_sendit() at kern_sendit+0x21b/frame 0xfffffe085e0598f0
>sendit() at sendit+0x126/frame 0xfffffe085e059940
>sys_sendmsg() at sys_sendmsg+0x61/frame 0xfffffe085e0599a0
>amd64_syscall() at amd64_syscall+0x2db/frame 0xfffffe085e059ab0
>Xfast_syscall() at Xfast_syscall+0xfb/frame 0xfffffe085e059ab0


The likely suspect here looks like r293405, which changed uipc_send() to
use sbappendstream_locked() instead of sbappend_locked().

However, I can't explain *why* that change is causing this problem without
further investigation.

Can you try reverting the change to see if that solves the problem you are
seeing?

Thanks!

Jonathan


>--- syscall (28, FreeBSD ELF64, sys_sendmsg), rip = 0x801270dfa, rsp =
>0x7fffffffa098, rbp = 0x7fffffffa0d0 ---
>KDB: enter: panic
>...
>Loaded symbols for /boot/kernel/autofs.ko
>#0  doadump (textdump=0) at pcpu.h:221
>221     pcpu.h: No such file or directory.
>        in pcpu.h
>(kgdb) #0  doadump (textdump=0) at pcpu.h:221
>#1  0xffffffff8038205b in db_dump (dummy=<value optimized out>,
>dummy2=false, 
>    dummy3=0, dummy4=0x0) at /usr/src/sys/ddb/db_command.c:533
>#2  0xffffffff80381e4e in db_command (cmd_table=0x0)
>    at /usr/src/sys/ddb/db_command.c:440
>#3  0xffffffff80381be4 in db_command_loop ()
>    at /usr/src/sys/ddb/db_command.c:493
>#4  0xffffffff8038467b in db_trap (type=<value optimized out>, code=0)
>    at /usr/src/sys/ddb/db_main.c:251
>#5  0xffffffff80a5cfe3 in kdb_trap (type=3, code=0, tf=<value optimized
>out>)
>    at /usr/src/sys/kern/subr_kdb.c:654
>#6  0xffffffff80e6a2a8 in trap (frame=0xfffffe085e0594e0)
>    at /usr/src/sys/amd64/amd64/trap.c:549
>#7  0xffffffff80e4a317 in calltrap ()
>    at /usr/src/sys/amd64/amd64/exception.S:234
>#8  0xffffffff80a5c6cb in kdb_enter (why=0xffffffff8137af3c "panic",
>    msg=0x80 <Address 0x80 out of bounds>) at cpufunc.h:63
>#9  0xffffffff80a1fb8f in vpanic (fmt=<value optimized out>,
>    ap=<value optimized out>) at /usr/src/sys/kern/kern_shutdown.c:750
>#10 0xffffffff80a1f9e6 in kassert_panic (fmt=<value optimized out>)
>    at /usr/src/sys/kern/kern_shutdown.c:647
>#11 0xffffffff80aa3375 in sbappendstream_locked (sb=0xfffff80044212378,
>    m=0xfffff800108c7200, flags=0) at /usr/src/sys/kern/uipc_sockbuf.c:642
>#12 0xffffffff80ab1a42 in uipc_send (so=0xfffff80044212000, flags=0,
>    m=<value optimized out>, nam=0x0, control=<value optimized out>,
>    td=0xfffff8001078e9a0) at /usr/src/sys/kern/uipc_usrreq.c:984
>#13 0xffffffff80aa5f5f in sosend_generic (so=0xfffff80044212000,
>addr=0x0, 
>    uio=0xfffffe085e059890, top=<value optimized out>,
>    control=<value optimized out>, flags=<value optimized out>,
>    td=0xfffffe085e059880) at /usr/src/sys/kern/uipc_socket.c:1349
>#14 0xffffffff80aac36b in kern_sendit (td=0xfffff8001078e9a0, s=6,
>    mp=<value optimized out>, flags=0, control=0x0, segflg=UIO_USERSPACE)
>    at /usr/src/sys/kern/uipc_syscalls.c:906
>#15 0xffffffff80aac666 in sendit (td=0xfffff8001078e9a0,
>    s=<value optimized out>, mp=0xfffffe085e059958, flags=0)
>    at /usr/src/sys/kern/uipc_syscalls.c:833
>#16 0xffffffff80aac6f1 in sys_sendmsg (td=0xfffff8001078e9a0,
>    uap=0xfffffe085e059a40) at /usr/src/sys/kern/uipc_syscalls.c:1035
>#17 0xffffffff80e6b13b in amd64_syscall (td=0xfffff8001078e9a0, traced=0)
>    at subr_syscall.c:135
>#18 0xffffffff80e4a5fb in Xfast_syscall ()
>    at /usr/src/sys/amd64/amd64/exception.S:394
>#19 0x0000000801270dfa in ?? ()
>Previous frame inner to this frame (corrupt stack?)
>Current language:  auto; currently minimal
>(kgdb) 
>.....
>
>As indicated above, this is with a GENERIC kernel.  My laptop (running
>a kernel built with the same sources, but a slightly customized kernel
>config) gets to the point of allowing me to login (via xdm), but when I
>fire off a command that creates xterms & tries to run tmux(1) in them,
>locks up (as far as I can tell), and a power-cycle is needed to recover.
>
>I can poke at the crash dump (given hints), make the dump and core.txt
>file
>available.
>
>Peace,
>david
>-- 
>David H. Wolfskill				david_at_catwhisker.org
>Those who would murder in the name of God or prophet are blasphemous
>cowards.
>
>See http://www.catwhisker.org/~david/publickey.gpg for my public key.
Received on Fri Jan 08 2016 - 17:09:27 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:41:02 UTC