From owner-freebsd-current@FreeBSD.ORG Mon Apr 3 12:39:10 2006 Return-Path: X-Original-To: freebsd-current@freebsd.org Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8644716A42F for ; Mon, 3 Apr 2006 12:39:10 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from cyrus.watson.org (cyrus.watson.org [209.31.154.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id 293A843D48 for ; Mon, 3 Apr 2006 12:39:10 +0000 (GMT) (envelope-from rwatson@FreeBSD.org) Received: from fledge.watson.org (fledge.watson.org [209.31.154.41]) by cyrus.watson.org (Postfix) with ESMTP id DFE1446BC7; Mon, 3 Apr 2006 08:39:08 -0400 (EDT) Date: Mon, 3 Apr 2006 13:39:08 +0100 (BST) From: Robert Watson X-X-Sender: robert@fledge.watson.org To: Kazuaki Oda In-Reply-To: <4430FAAF.2040809@highway.ne.jp> Message-ID: <20060403133210.U36756@fledge.watson.org> References: <4430FAAF.2040809@highway.ne.jp> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: freebsd-current@freebsd.org Subject: Re: kernel panic: page fault X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Apr 2006 12:39:10 -0000 On Mon, 3 Apr 2006, Kazuaki Oda wrote: ... > Fatal trap 12: page fault while in kernel mode > cpuid = 0; apic id = 00 > fault virtual address = 0x8 This is a NULL pointer dereference. > #6 0xc082836a in calltrap () at /usr/src/sys/i386/i386/exception.s:137 > #7 0xc0718779 in tcp_timewait (tw=0x0, to=0xd4422c40, th=0xc3a4f024, m=0xc3a27400, tlen=0) at /usr/src/sys/netinet/tcp_input.c:3202 > #8 0xc07159d8 in tcp_input (m=0xc3a27400, off0=20) at /usr/src/sys/netinet/tcp_input.c:763 Since you have a kernel dump, could I ask you to print the following in the tcp_input frame using kgdb: p inp p *inp p *inp->inp_socket p *inp->inp_ppcb In the tcp_timewait frame, could you print the following: p tw p *tw p *to p *th Also, are you running with INVARIANTS and/or WITNESS? It looks a lot like the inp->inp_ppcb pointer is NULL while the inpcb lock is held, meaning that some of the above commands should fail, but This Should Never Happen. It looks like I have a bug in tcp_twclose() which allows the socket and inpcb to persist with the inp_ppcb pointer NULL, which I'll investigate now. Having the additional debugging output would help confirm this is the cause, and hopefully I'll have a fix in a few hours. Thanks, Robert N M Watson > #9 0xc070ee01 in ip_input (m=0xc3a27400) at /usr/src/sys/netinet/ip_input.c:656 > #10 0xc06eb92f in netisr_processqueue (ni=0xc0971d18) at /usr/src/sys/net/netisr.c:236 > #11 0xc06ebb2e in swi_net (dummy=0x0) at /usr/src/sys/net/netisr.c:349 > #12 0xc0659e65 in ithread_execute_handlers (p=0xc32fd468, ie=0xc333f100) at /usr/src/sys/kern/kern_intr.c:662 > #13 0xc0659f85 in ithread_loop (arg=0xc32dc840) at /usr/src/sys/kern/kern_intr.c:745 > #14 0xc0658d7d in fork_exit (callout=0xc0659f30 , arg=0xc32dc840, frame=0xd4422d38) at /usr/src/sys/kern/kern_fork.c:819 > #15 0xc08283cc in fork_trampoline () at /usr/src/sys/i386/i386/exception.s:198 > (kgdb) > > -- > Kazuaki Oda > _______________________________________________ > freebsd-current@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-current > To unsubscribe, send any mail to "freebsd-current-unsubscribe@freebsd.org" >