From owner-freebsd-net@FreeBSD.ORG Tue Nov 28 13:27:32 2006 Return-Path: X-Original-To: freebsd-net@FreeBSD.org Delivered-To: freebsd-net@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id D72E616A492 for ; Tue, 28 Nov 2006 13:27:32 +0000 (UTC) (envelope-from pav@FreeBSD.org) Received: from nat-application.b1.lan.prg.vol.cz (nat-application.b1.lan.prg.vol.cz [195.122.204.152]) by mx1.FreeBSD.org (Postfix) with ESMTP id AE54A43CA6 for ; Tue, 28 Nov 2006 13:27:16 +0000 (GMT) (envelope-from pav@FreeBSD.org) Received: from pav.hide.vol.cz (localhost [127.0.0.1]) by nat-application.b1.lan.prg.vol.cz (8.13.8/8.13.8) with ESMTP id kASDRBp6054481 for ; Tue, 28 Nov 2006 14:27:11 +0100 (CET) (envelope-from pav@FreeBSD.org) Received: (from pav@localhost) by pav.hide.vol.cz (8.13.8/8.13.8/Submit) id kASDRBdr054480 for freebsd-net@FreeBSD.org; Tue, 28 Nov 2006 14:27:11 +0100 (CET) (envelope-from pav@FreeBSD.org) X-Authentication-Warning: pav.hide.vol.cz: pav set sender to pav@FreeBSD.org using -f From: Pav Lucistnik To: freebsd-net@FreeBSD.org Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-HSS59GCfXRccLZImgW8J" Date: Tue, 28 Nov 2006 14:27:10 +0100 Message-Id: <1164720430.26541.24.camel@pav.hide.vol.cz> Mime-Version: 1.0 X-Mailer: Evolution 2.8.2.1 FreeBSD GNOME Team Port Cc: Subject: panic in tcp_discardcb() X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: pav@FreeBSD.org List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Nov 2006 13:27:32 -0000 --=-HSS59GCfXRccLZImgW8J Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Hey, Can anyone make anything out of this panic? It's SMP 6.1-RELEASE on i386. (Yes I know 6.1 is ooold, but it's the latest available release currently, so, it's what we have in production.) kernel trap 12 with interrupts disabled Fatal trap 12: page fault while in kernel mode cpuid =3D 0; apic id =3D 00 fault virtual address =3D 0x0 fault code =3D supervisor write, page not present instruction pointer =3D 0x20:0xc056b627 stack pointer =3D 0x28:0xd440ab24 frame pointer =3D 0x28:0xd440ab30 code segment =3D base 0x0, limit 0xfffff, type 0x1b =3D DPL 0, pres 1, def32 1, gran 1 processor eflags =3D resume, IOPL =3D 0 current process =3D 13 (swi1: net) trap number =3D 12 panic: page fault cpuid =3D 0 Uptime: 73d21h24m3s (kgdb) bt #0 doadump () at pcpu.h:165 #1 0xc055e50d in boot (howto=3D260) at /usr/src/sys/kern/kern_shutdown.c:4= 02 #2 0xc055e835 in panic (fmt=3D0xc0706511 "%s") at /usr/src/sys/kern/kern_s= hutdown.c:558 #3 0xc06dee30 in trap_fatal (frame=3D0xd440aae4, eva=3D0) at /usr/src/sys/= i386/i386/trap.c:836 #4 0xc06de5e6 in trap (frame=3D {tf_fs =3D -1067909112, tf_es =3D -996671448, tf_ds =3D -734003160, t= f_edi =3D 0, tf_esi =3D -998460540, tf_ebp =3D -733959376, tf_isp =3D -7339= 59408, tf_ebx =3D -1020302720, tf_edx =3D 0, tf_ecx =3D 0, tf_eax =3D 0, tf= _trapno =3D 12, tf_err =3D 2, tf_eip =3D -1068059097, tf_cs =3D 32, tf_efla= gs =3D 65538, tf_esp =3D 0, tf_ss =3D -998460976}) at /usr/src/sys/i386/i38= 6/trap.c:269 #5 0xc06cc0ca in calltrap () at /usr/src/sys/i386/i386/exception.s:139 #6 0xc056b627 in _callout_stop_safe (c=3D0xc47cb384, safe=3D0) at /usr/src= /sys/kern/kern_timeout.c:553 #7 0xc05f3723 in tcp_discardcb (tp=3D0xc47cb1d0) at /usr/src/sys/netinet/t= cp_subr.c:689 #8 0xc05f4e9d in tcp_twstart (tp=3D0xc47cb1d0) at /usr/src/sys/netinet/tcp= _subr.c:1708 #9 0xc05f0724 in tcp_input (m=3D0xc4e3e600, off0=3D20) at /usr/src/sys/net= inet/tcp_input.c:2432 #10 0xc05e770d in ip_input (m=3D0xc4e3e600) at /usr/src/sys/netinet/ip_inpu= t.c:786 #11 0xc05d6717 in netisr_processqueue (ni=3D0xc07842f8) at /usr/src/sys/net= /netisr.c:236 #12 0xc05d6916 in swi_net (dummy=3D0x0) at /usr/src/sys/net/netisr.c:349 #13 0xc05492d5 in ithread_execute_handlers (p=3D0xc32f5624, ie=3D0xc3337b80= ) at /usr/src/sys/kern/kern_intr.c:684 #14 0xc05493f1 in ithread_loop (arg=3D0xc32bb8a0) at /usr/src/sys/kern/kern= _intr.c:767 #15 0xc0548071 in fork_exit (callout=3D0xc054939c , arg=3D0xc= 32bb8a0, frame=3D0xd440ad38) at /usr/src/sys/kern/kern_fork.c:805 #16 0xc06cc12c in fork_trampoline () at /usr/src/sys/i386/i386/exception.s:= 208 (kgdb) up 7 #7 0xc05f3723 in tcp_discardcb (tp=3D0xc47cb1d0) at /usr/src/sys/netinet/t= cp_subr.c:689 689 callout_stop(tp->tt_delack); (kgdb) print *tp $2 =3D {t_segq =3D {lh_first =3D 0x0}, t_segqlen =3D 0, t_dupacks =3D 0, tt= _rexmt =3D 0xc47cb314, tt_persist =3D 0xc47cb330, tt_keep =3D 0xc47cb34c, t= t_2msl =3D 0xc47cb368, tt_delack =3D 0xc47cb384, t_inpcb =3D 0xc53e59d8, t_state =3D 9, t_flags =3D 533, snd_una =3D 1473244779, snd_max =3D 14732= 44779, snd_nxt =3D 1473244779, snd_up =3D 1473239551, snd_wl1 =3D 207142639= 8, snd_wl2 =3D 1473244779, iss =3D 1473217650, irs =3D 2071426082, rcv_nxt =3D 2071426399, rcv_adv =3D 2071491933, rcv_wnd =3D 65700, rcv_up= =3D 2071426398, snd_wnd =3D 16673, snd_cwnd =3D 6428, snd_bwnd =3D 3311178= , snd_ssthresh =3D 2920, snd_bandwidth =3D 1517898, snd_recover =3D 1473244= 779, t_maxopd =3D 1460, t_rcvtime =3D 2089746807, t_starttime =3D 2089699567, = t_rtttime =3D 0, t_rtseq =3D 1473239551, t_bw_rtttime =3D 2089746807, t_bw_= rtseq =3D 1473244779, t_rxtcur =3D 4300, t_maxseg =3D 1460, t_srtt =3D 6564= 5, t_rttvar =3D 8198, t_rxtshift =3D 0, t_rttmin =3D 3, t_rttbest =3D 73843,= t_rttupdated =3D 4, max_sndwnd =3D 17520, t_softerror =3D 0, t_oobflags = =3D 0 '\0', t_iobc =3D 0 '\0', snd_scale =3D 0 '\0', rcv_scale =3D 0 '\0', request_r_scale =3D 0 '\0', requested_s_scale =3D 0 '\0', ts_recent =3D 0= , ts_recent_age =3D 0, last_ack_sent =3D 2071426398, snd_cwnd_prev =3D 5840= , snd_ssthresh_prev =3D 1073725440, snd_recover_prev =3D 1473217651, t_badrxtwin =3D 2089702850, snd_limited =3D 2 '\002', rcv_second =3D 0, r= cv_pps =3D 0, rcv_byps =3D 0, sack_enable =3D 1, snd_numholes =3D 0, snd_ho= les =3D {tqh_first =3D 0x0, tqh_last =3D 0xc47cb2c4}, snd_fack =3D 14732307= 91, rcv_numsacks =3D 0, sackblks =3D {{start =3D 0, end =3D 0}, {start =3D 0,= end =3D 0}, {start =3D 0, end =3D 0}, {start =3D 0, end =3D 0}, {start =3D= 0, end =3D 0}, {start =3D 0, end =3D 0}}, sack_newdata =3D 1473230791, sac= khint =3D { nexthole =3D 0x0, sack_bytes_rexmit =3D 0}, t_rttlow =3D 1827} (kgdb) print *tp->tt_delack $4 =3D {c_links =3D {sle =3D {sle_next =3D 0x0}, tqe =3D {tqe_next =3D 0x0,= tqe_prev =3D 0x0}}, c_time =3D -998460220, c_arg =3D 0xc47cb4e0, c_func = =3D 0xc47cb4fc, c_mtx =3D 0xc47cb518, c_flags =3D -998460112} (kgdb) print *tp->tt_keep $5 =3D {c_links =3D {sle =3D {sle_next =3D 0x0}, tqe =3D {tqe_next =3D 0x0,= tqe_prev =3D 0xcd7511c8}}, c_time =3D 2096946807, c_arg =3D 0xc47cb1d0, c_= func =3D 0xc05f7650 , c_mtx =3D 0x0, c_flags =3D 16} (kgdb) print *tp->tt_2msl $6 =3D {c_links =3D {sle =3D {sle_next =3D 0x0}, tqe =3D {tqe_next =3D 0x0,= tqe_prev =3D 0xcd7567c8}}, c_time =3D 2090346807, c_arg =3D 0xc47cb1d0, c_= func =3D 0xc05f72f8 , c_mtx =3D 0x0, c_flags =3D 0} (kgdb) print *tp->tt_persist $7 =3D {c_links =3D {sle =3D {sle_next =3D 0x0}, tqe =3D {tqe_next =3D 0x0,= tqe_prev =3D 0x0}}, c_time =3D 0, c_arg =3D 0x0, c_func =3D 0, c_mtx =3D 0= x0, c_flags =3D 16} (kgdb) print *tp->tt_rexmt $8 =3D {c_links =3D {sle =3D {sle_next =3D 0x0}, tqe =3D {tqe_next =3D 0x0,= tqe_prev =3D 0xcd74af40}}, c_time =3D 2089751078, c_arg =3D 0xc47cb1d0, c_= func =3D 0xc05f7b8c , c_mtx =3D 0x0, c_flags =3D 16} This looks to me as tt_delack is corrupted somehow...? --=20 Pav Lucistnik I want to earn the right to be obnoxious before I'm too bitter to really enjoy it. -- Able --=-HSS59GCfXRccLZImgW8J Content-Type: application/pgp-signature; name=signature.asc Content-Description: Toto je =?UTF-8?Q?digit=C3=A1ln=C4=9B?= =?ISO-8859-1?Q?_podepsan=E1?= =?UTF-8?Q?_=C4=8D=C3=A1st?= =?ISO-8859-1?Q?_zpr=E1vy?= -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (FreeBSD) iD8DBQBFbDkuntdYP8FOsoIRAmCgAKCom0NkJ40iFJAGm8Veuqkjh3dr0ACfXj0t s1JROWdaWL9/XBrH62PDs4U= =EqRt -----END PGP SIGNATURE----- --=-HSS59GCfXRccLZImgW8J--