Date: Mon, 3 Apr 2006 13:39:08 +0100 (BST) From: Robert Watson <rwatson@FreeBSD.org> To: Kazuaki Oda <kaakun@highway.ne.jp> Cc: freebsd-current@freebsd.org Subject: Re: kernel panic: page fault Message-ID: <20060403133210.U36756@fledge.watson.org> In-Reply-To: <4430FAAF.2040809@highway.ne.jp> References: <4430FAAF.2040809@highway.ne.jp>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 3 Apr 2006, Kazuaki Oda wrote: ... > Fatal trap 12: page fault while in kernel mode > cpuid = 0; apic id = 00 > fault virtual address = 0x8 This is a NULL pointer dereference. > #6 0xc082836a in calltrap () at /usr/src/sys/i386/i386/exception.s:137 > #7 0xc0718779 in tcp_timewait (tw=0x0, to=0xd4422c40, th=0xc3a4f024, m=0xc3a27400, tlen=0) at /usr/src/sys/netinet/tcp_input.c:3202 > #8 0xc07159d8 in tcp_input (m=0xc3a27400, off0=20) at /usr/src/sys/netinet/tcp_input.c:763 Since you have a kernel dump, could I ask you to print the following in the tcp_input frame using kgdb: p inp p *inp p *inp->inp_socket p *inp->inp_ppcb In the tcp_timewait frame, could you print the following: p tw p *tw p *to p *th Also, are you running with INVARIANTS and/or WITNESS? It looks a lot like the inp->inp_ppcb pointer is NULL while the inpcb lock is held, meaning that some of the above commands should fail, but This Should Never Happen. It looks like I have a bug in tcp_twclose() which allows the socket and inpcb to persist with the inp_ppcb pointer NULL, which I'll investigate now. Having the additional debugging output would help confirm this is the cause, and hopefully I'll have a fix in a few hours. Thanks, Robert N M Watson > #9 0xc070ee01 in ip_input (m=0xc3a27400) at /usr/src/sys/netinet/ip_input.c:656 > #10 0xc06eb92f in netisr_processqueue (ni=0xc0971d18) at /usr/src/sys/net/netisr.c:236 > #11 0xc06ebb2e in swi_net (dummy=0x0) at /usr/src/sys/net/netisr.c:349 > #12 0xc0659e65 in ithread_execute_handlers (p=0xc32fd468, ie=0xc333f100) at /usr/src/sys/kern/kern_intr.c:662 > #13 0xc0659f85 in ithread_loop (arg=0xc32dc840) at /usr/src/sys/kern/kern_intr.c:745 > #14 0xc0658d7d in fork_exit (callout=0xc0659f30 <ithread_loop>, arg=0xc32dc840, frame=0xd4422d38) at /usr/src/sys/kern/kern_fork.c:819 > #15 0xc08283cc in fork_trampoline () at /usr/src/sys/i386/i386/exception.s:198 > (kgdb) > > -- > Kazuaki Oda > _______________________________________________ > freebsd-current@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-current > To unsubscribe, send any mail to "freebsd-current-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060403133210.U36756>