Date: Thu, 22 Sep 2005 01:58:27 +0200 From: Pawel Worach <pawel.worach@gmail.com> To: net@freebsd.org Subject: Re: [panic] page fault in tcp_timer_2msl_tw Message-ID: <4331F3A3.1060707@gmail.com> In-Reply-To: <4330711A.4040808@gmail.com> References: <4330711A.4040808@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Pawel Worach wrote:
> (kgdb) print *tw
> $1 = {tw_inpcb = 0x0, snd_nxt = 438603527, rcv_nxt = 3383864561,
> iss = 438603320, irs = 3383863898, cc_recv = 0, cc_send = 0,
> last_win = 65534, tw_so_options = 4, tw_cred = 0x0, t_recent = 0,
> t_starttime = 4294952294, tw_time = 0, tw_2msl = {le_next = 0xc24680a8,
> le_prev = 0xc06a827c}}
I poked a bit more and it looks like the dereference happens here in
tcp_timer_2msl_tw().
tcp_timer.c:294 INP_LOCK(tw->tw_inpcb);
INP_LOCK macro tries to reference tw->tw_inpcb->inp_mtx while
tw->tw_inpcb is null. However I have no idea how it got to this point.
--
Pawel
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4331F3A3.1060707>