Subject: kern/29527: kern/uipc_socket2.c's sbdrop() panics
To: None <kern-bug-people@netbsd.org, gnats-admin@netbsd.org,>
From: None <Peter.Bex@student.kun.nl>
List: netbsd-bugs
Date: 02/25/2005 12:13:01
>Number: 29527
>Category: kern
>Synopsis: sbdrop()'s code incorrect if len > 0, m == 0
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: kern-bug-people
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Fri Feb 25 12:13:00 +0000 2005
>Originator: Peter Bex
>Release: NetBSD 2.0
>Organization:
>Environment:
System: NetBSD frohike.nvie.com 2.0 NetBSD 2.0 (FROHIKE) #0: Wed Dec 22 10:00:59 CET 2004 sjamaan@frohike.nvie.com:/usr/src/sys/arch/i386/compile/FROHIKE i386
Architecture: i386
Machine: i386
>Description:
My kernel panicked one day in sbdrop() from kern/uipc_socket2.c.
Looking at the code quickly (even though I don't _really_ understand
it) it looks like the function gets a len > 0 and sb of which
sb->sb_mb == 0 In this case we clearly get a panic.
Unfortunately, my sync request for ddb failed, causing another
problem, so I did another sync. This screwed up my core dump.
If necessary, I can provide it, though.
>How-To-Repeat:
Unknown. At the time two rather heavy bittorrent processes were
running, so I suspect it can occur on very heavy network load.
I had INET6 disabled, if it matters.
>Fix:
N/A
>Unformatted: