FreeBSD Mail Archives

Date:      Tue, 28 Nov 2006 14:27:10 +0100
From:      Pav Lucistnik <pav@FreeBSD.org>
To:        freebsd-net@FreeBSD.org
Subject:   panic in tcp_discardcb()
Message-ID:  <1164720430.26541.24.camel@pav.hide.vol.cz>

next in thread | raw e-mail | index | archive | help


--=-HSS59GCfXRccLZImgW8J
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

Hey,

Can anyone make anything out of this panic? It's SMP 6.1-RELEASE on
i386. (Yes I know 6.1 is ooold, but it's the latest available release
currently, so, it's what we have in production.)

kernel trap 12 with interrupts disabled


Fatal trap 12: page fault while in kernel mode
cpuid =3D 0; apic id =3D 00
fault virtual address   =3D 0x0
fault code              =3D supervisor write, page not present
instruction pointer     =3D 0x20:0xc056b627
stack pointer           =3D 0x28:0xd440ab24
frame pointer           =3D 0x28:0xd440ab30
code segment            =3D base 0x0, limit 0xfffff, type 0x1b
                        =3D DPL 0, pres 1, def32 1, gran 1
processor eflags        =3D resume, IOPL =3D 0
current process         =3D 13 (swi1: net)
trap number             =3D 12
panic: page fault
cpuid =3D 0
Uptime: 73d21h24m3s

(kgdb) bt
#0  doadump () at pcpu.h:165
#1  0xc055e50d in boot (howto=3D260) at /usr/src/sys/kern/kern_shutdown.c:4=
02
#2  0xc055e835 in panic (fmt=3D0xc0706511 "%s") at /usr/src/sys/kern/kern_s=
hutdown.c:558
#3  0xc06dee30 in trap_fatal (frame=3D0xd440aae4, eva=3D0) at /usr/src/sys/=
i386/i386/trap.c:836
#4  0xc06de5e6 in trap (frame=3D
      {tf_fs =3D -1067909112, tf_es =3D -996671448, tf_ds =3D -734003160, t=
f_edi =3D 0, tf_esi =3D -998460540, tf_ebp =3D -733959376, tf_isp =3D -7339=
59408, tf_ebx =3D -1020302720, tf_edx =3D 0, tf_ecx =3D 0, tf_eax =3D 0, tf=
_trapno =3D 12, tf_err =3D 2, tf_eip =3D -1068059097, tf_cs =3D 32, tf_efla=
gs =3D 65538, tf_esp =3D 0, tf_ss =3D -998460976}) at /usr/src/sys/i386/i38=
6/trap.c:269
#5  0xc06cc0ca in calltrap () at /usr/src/sys/i386/i386/exception.s:139
#6  0xc056b627 in _callout_stop_safe (c=3D0xc47cb384, safe=3D0) at /usr/src=
/sys/kern/kern_timeout.c:553
#7  0xc05f3723 in tcp_discardcb (tp=3D0xc47cb1d0) at /usr/src/sys/netinet/t=
cp_subr.c:689
#8  0xc05f4e9d in tcp_twstart (tp=3D0xc47cb1d0) at /usr/src/sys/netinet/tcp=
_subr.c:1708
#9  0xc05f0724 in tcp_input (m=3D0xc4e3e600, off0=3D20) at /usr/src/sys/net=
inet/tcp_input.c:2432
#10 0xc05e770d in ip_input (m=3D0xc4e3e600) at /usr/src/sys/netinet/ip_inpu=
t.c:786
#11 0xc05d6717 in netisr_processqueue (ni=3D0xc07842f8) at /usr/src/sys/net=
/netisr.c:236
#12 0xc05d6916 in swi_net (dummy=3D0x0) at /usr/src/sys/net/netisr.c:349
#13 0xc05492d5 in ithread_execute_handlers (p=3D0xc32f5624, ie=3D0xc3337b80=
) at /usr/src/sys/kern/kern_intr.c:684
#14 0xc05493f1 in ithread_loop (arg=3D0xc32bb8a0) at /usr/src/sys/kern/kern=
_intr.c:767
#15 0xc0548071 in fork_exit (callout=3D0xc054939c <ithread_loop>, arg=3D0xc=
32bb8a0, frame=3D0xd440ad38) at /usr/src/sys/kern/kern_fork.c:805
#16 0xc06cc12c in fork_trampoline () at /usr/src/sys/i386/i386/exception.s:=
208
(kgdb) up 7
#7  0xc05f3723 in tcp_discardcb (tp=3D0xc47cb1d0) at /usr/src/sys/netinet/t=
cp_subr.c:689
689             callout_stop(tp->tt_delack);
(kgdb) print *tp
$2 =3D {t_segq =3D {lh_first =3D 0x0}, t_segqlen =3D 0, t_dupacks =3D 0, tt=
_rexmt =3D 0xc47cb314, tt_persist =3D 0xc47cb330, tt_keep =3D 0xc47cb34c, t=
t_2msl =3D 0xc47cb368, tt_delack =3D 0xc47cb384, t_inpcb =3D 0xc53e59d8,
  t_state =3D 9, t_flags =3D 533, snd_una =3D 1473244779, snd_max =3D 14732=
44779, snd_nxt =3D 1473244779, snd_up =3D 1473239551, snd_wl1 =3D 207142639=
8, snd_wl2 =3D 1473244779, iss =3D 1473217650, irs =3D 2071426082,
  rcv_nxt =3D 2071426399, rcv_adv =3D 2071491933, rcv_wnd =3D 65700, rcv_up=
 =3D 2071426398, snd_wnd =3D 16673, snd_cwnd =3D 6428, snd_bwnd =3D 3311178=
, snd_ssthresh =3D 2920, snd_bandwidth =3D 1517898, snd_recover =3D 1473244=
779,
  t_maxopd =3D 1460, t_rcvtime =3D 2089746807, t_starttime =3D 2089699567, =
t_rtttime =3D 0, t_rtseq =3D 1473239551, t_bw_rtttime =3D 2089746807, t_bw_=
rtseq =3D 1473244779, t_rxtcur =3D 4300, t_maxseg =3D 1460, t_srtt =3D 6564=
5,
  t_rttvar =3D 8198, t_rxtshift =3D 0, t_rttmin =3D 3, t_rttbest =3D 73843,=
 t_rttupdated =3D 4, max_sndwnd =3D 17520, t_softerror =3D 0, t_oobflags =
=3D 0 '\0', t_iobc =3D 0 '\0', snd_scale =3D 0 '\0', rcv_scale =3D 0 '\0',
  request_r_scale =3D 0 '\0', requested_s_scale =3D 0 '\0', ts_recent =3D 0=
, ts_recent_age =3D 0, last_ack_sent =3D 2071426398, snd_cwnd_prev =3D 5840=
, snd_ssthresh_prev =3D 1073725440, snd_recover_prev =3D 1473217651,
  t_badrxtwin =3D 2089702850, snd_limited =3D 2 '\002', rcv_second =3D 0, r=
cv_pps =3D 0, rcv_byps =3D 0, sack_enable =3D 1, snd_numholes =3D 0, snd_ho=
les =3D {tqh_first =3D 0x0, tqh_last =3D 0xc47cb2c4}, snd_fack =3D 14732307=
91,
  rcv_numsacks =3D 0, sackblks =3D {{start =3D 0, end =3D 0}, {start =3D 0,=
 end =3D 0}, {start =3D 0, end =3D 0}, {start =3D 0, end =3D 0}, {start =3D=
 0, end =3D 0}, {start =3D 0, end =3D 0}}, sack_newdata =3D 1473230791, sac=
khint =3D {
    nexthole =3D 0x0, sack_bytes_rexmit =3D 0}, t_rttlow =3D 1827}
(kgdb) print *tp->tt_delack
$4 =3D {c_links =3D {sle =3D {sle_next =3D 0x0}, tqe =3D {tqe_next =3D 0x0,=
 tqe_prev =3D 0x0}}, c_time =3D -998460220, c_arg =3D 0xc47cb4e0, c_func =
=3D 0xc47cb4fc, c_mtx =3D 0xc47cb518, c_flags =3D -998460112}
(kgdb) print *tp->tt_keep
$5 =3D {c_links =3D {sle =3D {sle_next =3D 0x0}, tqe =3D {tqe_next =3D 0x0,=
 tqe_prev =3D 0xcd7511c8}}, c_time =3D 2096946807, c_arg =3D 0xc47cb1d0, c_=
func =3D 0xc05f7650 <tcp_timer_keep>, c_mtx =3D 0x0, c_flags =3D 16}
(kgdb) print *tp->tt_2msl
$6 =3D {c_links =3D {sle =3D {sle_next =3D 0x0}, tqe =3D {tqe_next =3D 0x0,=
 tqe_prev =3D 0xcd7567c8}}, c_time =3D 2090346807, c_arg =3D 0xc47cb1d0, c_=
func =3D 0xc05f72f8 <tcp_timer_2msl>, c_mtx =3D 0x0, c_flags =3D 0}
(kgdb) print *tp->tt_persist
$7 =3D {c_links =3D {sle =3D {sle_next =3D 0x0}, tqe =3D {tqe_next =3D 0x0,=
 tqe_prev =3D 0x0}}, c_time =3D 0, c_arg =3D 0x0, c_func =3D 0, c_mtx =3D 0=
x0, c_flags =3D 16}
(kgdb) print *tp->tt_rexmt
$8 =3D {c_links =3D {sle =3D {sle_next =3D 0x0}, tqe =3D {tqe_next =3D 0x0,=
 tqe_prev =3D 0xcd74af40}}, c_time =3D 2089751078, c_arg =3D 0xc47cb1d0, c_=
func =3D 0xc05f7b8c <tcp_timer_rexmt>, c_mtx =3D 0x0, c_flags =3D 16}

This looks to me as tt_delack is corrupted somehow...?


--=20
Pav Lucistnik <pav@oook.cz>
              <pav@FreeBSD.org>

I want to earn the right to be obnoxious before I'm too bitter to really
enjoy it.
  -- Able

--=-HSS59GCfXRccLZImgW8J
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: Toto je =?UTF-8?Q?digit=C3=A1ln=C4=9B?=
	=?ISO-8859-1?Q?_podepsan=E1?= =?UTF-8?Q?_=C4=8D=C3=A1st?=
	=?ISO-8859-1?Q?_zpr=E1vy?=

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (FreeBSD)

iD8DBQBFbDkuntdYP8FOsoIRAmCgAKCom0NkJ40iFJAGm8Veuqkjh3dr0ACfXj0t
s1JROWdaWL9/XBrH62PDs4U=
=EqRt
-----END PGP SIGNATURE-----

--=-HSS59GCfXRccLZImgW8J--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1164720430.26541.24.camel>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation