From owner-freebsd-bugs@FreeBSD.ORG Sat Aug 15 12:00:16 2009 Return-Path: Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 674CA10656A9 for ; Sat, 15 Aug 2009 12:00:16 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 3A53F8FC61 for ; Sat, 15 Aug 2009 12:00:16 +0000 (UTC) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id n7FC0Gsw019754 for ; Sat, 15 Aug 2009 12:00:16 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id n7FC0G5x019752; Sat, 15 Aug 2009 12:00:16 GMT (envelope-from gnats) Resent-Date: Sat, 15 Aug 2009 12:00:16 GMT Resent-Message-Id: <200908151200.n7FC0G5x019752@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Bruce Cran Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 04513106568C for ; Sat, 15 Aug 2009 11:50:53 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21]) by mx1.freebsd.org (Postfix) with ESMTP id E71DD8FC65 for ; Sat, 15 Aug 2009 11:50:52 +0000 (UTC) Received: from www.freebsd.org (localhost [127.0.0.1]) by www.freebsd.org (8.14.3/8.14.3) with ESMTP id n7FBoqSW057200 for ; Sat, 15 Aug 2009 11:50:52 GMT (envelope-from nobody@www.freebsd.org) Received: (from nobody@localhost) by www.freebsd.org (8.14.3/8.14.3/Submit) id n7FBoqn9057198; Sat, 15 Aug 2009 11:50:52 GMT (envelope-from nobody) Message-Id: <200908151150.n7FBoqn9057198@www.freebsd.org> Date: Sat, 15 Aug 2009 11:50:52 GMT From: Bruce Cran To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-3.1 Cc: Subject: kern/137795: [sctp] panic: mtx_lock() of destroyed mutex X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 15 Aug 2009 12:00:16 -0000 >Number: 137795 >Category: kern >Synopsis: [sctp] panic: mtx_lock() of destroyed mutex >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sat Aug 15 12:00:15 UTC 2009 >Closed-Date: >Last-Modified: >Originator: Bruce Cran >Release: 8.0-BETA2 >Organization: >Environment: FreeBSD tau.draftnet 8.0-BETA2 FreeBSD 8.0-BETA2 #0: Thu Aug 13 21:45:22 BST 2009 brucec@tau.draftnet:/usr/obj/usr/src/sys/DELL amd64 >Description: When running a shell script which does nothing but try to connect to another machine, the system eventually panics: panic: mtx_lock() of destroyed mutex @ /usr/src/sys/netinet/sctp_output.c:12767 GNU gdb 6.1.1 [FreeBSD] Copyright 2004 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "amd64-marcel-freebsd"... Unread portion of the kernel message buffer: panic: mtx_lock() of destroyed mutex @ /usr/src/sys/netinet/sctp_output.c:12767 cpuid = 1 KDB: enter: panic Uptime: 49s Physical memory: 4078 MB Dumping 1251 MB: Fatal trap 12: page fault while in kernel mode cpuid = 1; apic id = 01 fault virtual address = 0x4 1236 1220 1204 1188 1172 1156 1140 1124 1108 1092 1076 1060 1044 1028 1012 996 980 964 948 932 916 900 884 868 852 836 820 804 788 772 756 740 724 708 692 676 660 644 628 612 596 580 564 548 532 516 500 484 468 452 436 420 404 388 372 356 340 324 308 292 276 260 244 228 212 196 180 164 148 132 116 100 84 68 52 36 20 4 Reading symbols from /boot/kernel/blank_saver.ko...Reading symbols from /boot/kernel/blank_saver.ko.symbols...done. done. Loaded symbols for /boot/kernel/blank_saver.ko #0 doadump () at pcpu.h:223 223 pcpu.h: No such file or directory. in pcpu.h (kgdb) #0 doadump () at pcpu.h:223 #1 0xffffffff80582023 in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:419 #2 0xffffffff805824ac in panic (fmt=Variable "fmt" is not available. ) at /usr/src/sys/kern/kern_shutdown.c:575 #3 0xffffffff80573b75 in _mtx_lock_flags (m=0x0, opts=0, file=0xffffffff80980c58 "/usr/src/sys/netinet/sctp_output.c", line=12767) at /usr/src/sys/kern/kern_mutex.c:195 #4 0xffffffff806c8252 in sctp_lower_sosend (so=0xffffff0004d19aa0, addr=0x0, uio=0xffffff807987ca30, i_pak=Variable "i_pak" is not available. ) at /usr/src/sys/netinet/sctp_output.c:12767 #5 0xffffffff806ca749 in sctp_sosend (so=0xffffff0004d19aa0, addr=0x0, uio=0xffffff807987ca30, top=0x0, control=0x0, flags=0, p=0xffffff0004b81000) at /usr/src/sys/netinet/sctp_output.c:12336 #6 0xffffffff805f1c05 in kern_sendit (td=0xffffff0004b81000, s=3, mp=0xffffff807987cb00, flags=0, control=0x0, segflg=UIO_USERSPACE) at /usr/src/sys/kern/uipc_syscalls.c:783 #7 0xffffffff805f1e0c in sendit (td=0xffffff0004b81000, s=3, mp=0xffffff807987cb00, flags=0) at /usr/src/sys/kern/uipc_syscalls.c:719 #8 0xffffffff805f1efd in sendto (td=Variable "td" is not available. ) at /usr/src/sys/kern/uipc_syscalls.c:835 #9 0xffffffff80862d3f in syscall (frame=0xffffff807987cc80) at /usr/src/sys/amd64/amd64/trap.c:984 #10 0xffffffff80849301 in Xfast_syscall () at /usr/src/sys/amd64/amd64/exception.S:373 #11 0x0000000800c501dc in ?? () Previous frame inner to this frame (corrupt stack?) (kgdb) >How-To-Repeat: Run: cat /dev/random | ./ncat --sctp 192.168.1.80 2345 After anywhere from a few to a few hundred attempts, the system will panic. ncat is the SCTP enabled version from http://www.roe.ch/Nmap_SCTP >Fix: >Release-Note: >Audit-Trail: >Unformatted: