Date: Sun, 23 Jun 2002 20:02:27 -0400 From: Don Bowman <don@sandvine.com> To: 'Jonathan Lemon' <jlemon@flugsvamp.com>, "'freebsd-stable@freebsd.org'" <freebsd-stable@freebsd.org> Subject: RE: panic in syncache/rtfree with 4.6 Message-ID: <FE045D4D9F7AED4CBFF1B3B813C85337676585@mail.sandvine.com>
next in thread | raw e-mail | index | archive | help
I got another dump. This time I was for sure not low
on mbufs or clusters. It ran into the INVARIANTS check
in the zone allocator, freeing something already free,
again from syncache_free.
(kgdb) bt
#0 dumpsys () at /usr/src/sys/kern/kern_shutdown.c:487
#1 0xc01bf5ef in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:316
#2 0xc01bfa48 in poweroff_wait (junk=0xc034d399, howto=-1070281106)
at /usr/src/sys/kern/kern_shutdown.c:595
#3 0xc02e5094 in trap_fatal (frame=0xff807da4, eva=48)
at /usr/src/sys/i386/i386/trap.c:966
#4 0xc02e4d25 in trap_pfault (frame=0xff807da4, usermode=0, eva=48)
at /usr/src/sys/i386/i386/trap.c:859
#5 0xc02e4897 in trap (frame={tf_fs = -65512, tf_es = -8388592,
tf_ds = -643497968, tf_edi = 0, tf_esi = -643488256, tf_ebp =
-8356372,
tf_isp = -8356400, tf_ebx = -1070107716, tf_edx = 1744880836,
tf_ecx = -150038912, tf_eax = 0, tf_trapno = 12, tf_err = 0,
tf_eip = -1071173943, tf_cs = 8, tf_eflags = 66182, tf_esp =
-643488256,
tf_ss = -643488256}) at /usr/src/sys/i386/i386/trap.c:458
#6 0xc0272ec9 in acquire_lock (lk=0xc03773bc) at machine/globals.h:114
#7 0xc0276fdc in softdep_update_inodeblock (ip=0xd9a52600, bp=0xe62937d4,
waitfor=0) at /usr/src/sys/ufs/ffs/ffs_softdep.c:3813
#8 0xc0271f65 in ffs_update (vp=0xf70e9680, waitfor=0)
at /usr/src/sys/ufs/ffs/ffs_inode.c:106
#9 0xc027a3ff in ffs_sync (mp=0xd9a20600, waitfor=2, cred=0xc20ac900,
p=0xc03a3d40) at /usr/src/sys/ufs/ffs/ffs_vfsops.c:1022
#10 0xc01f08ef in sync (p=0xc03a3d40, uap=0x0)
at /usr/src/sys/kern/vfs_syscalls.c:576
#11 0xc01bf362 in boot (howto=256) at /usr/src/sys/kern/kern_shutdown.c:235
#12 0xc01bfa48 in poweroff_wait (junk=0xc033dfce, howto=-8356068)
at /usr/src/sys/kern/kern_shutdown.c:595
#13 0xc02934a3 in zerror () at /usr/src/sys/vm/vm_zone.c:538
#14 0xc029310b in zfreei (z=0xd99f2c80, item=0xf6291f40)
at /usr/src/sys/vm/vm_zone.c:81
#15 0xc0293056 in zfree (z=0xd99f2c80, item=0xf6291f40)
at /usr/src/sys/vm/vm_zone.c:317
#16 0xc021b933 in syncache_free (sc=0xf6291f40)
at /usr/src/sys/netinet/tcp_syncache.c:207
#17 0xc021bcb8 in syncache_drop (sc=0xf6291f40, sch=0x0)
at /usr/src/sys/netinet/tcp_syncache.c:343
#18 0xc021bd68 in syncache_timer (xslot=0x0)
at /usr/src/sys/netinet/tcp_syncache.c:377
#19 0xc01c569d in softclock () at /usr/src/sys/kern/kern_timeout.c:131
(kgdb) up 14
(kgdb l)
76 _zfree(vm_zone_t z, void *item)
77 {
78 ((void **) item)[0] = z->zitems;
79 #ifdef INVARIANTS
80 if (((void **) item)[1] == (void *) ZENTRY_FREE)
81 zerror(ZONE_ERROR_ALREADYFREE); <<<<<<<<<<<
82 ((void **) item)[1] = (void *) ZENTRY_FREE;
83 #endif
84 z->zitems = item;
85 z->zfreecnt++;
(kgdb) up
#15 0xc0293056 in zfree (z=0xd99f2c80, item=0xf6291f40)
at /usr/src/sys/vm/vm_zone.c:317
317 zfreei(z, item);
(kgdb) l
312
313 void
314 zfree(vm_zone_t z, void *item)
315 {
316 #ifdef SMP
317 zfreei(z, item);
318 #else
319 _zfree(z, item);
320 #endif
321 }
(kgdb) up
#16 0xc021b933 in syncache_free (sc=0xf6291f40)
at /usr/src/sys/netinet/tcp_syncache.c:207
207 zfree(tcp_syncache.zone, sc);
(kgdb) l
202 rtrequest(RTM_DELETE, rt_key(rt),
203 rt->rt_gateway, rt_mask(rt),
204 rt->rt_flags, NULL);
205 RTFREE(rt);
206 }
207 zfree(tcp_syncache.zone, sc);
208 }
209
(kgdb) info locals
sc = (struct syncache *) 0xf6291f40
rt = (struct rtentry *) 0x0
(kgdb) p/x *sc
$2 = {sc_inp_gencnt = 0x12342378f6291f40, sc_tp = 0xf5191820, sc_ipopts =
0x0,
sc_inc = {inc_flags = 0x0, inc_len = 0x0, inc_pad = 0x0, inc_ie = {
ie_fport = 0xeb04, ie_lport = 0x8813, ie_dependfaddr = {ie46_foreign =
{
ia46_pad32 = {0x0, 0x0, 0x0}, ia46_addr4 = {s_addr = 0x6d010001}},
ie6_foreign = {__u6_addr = {__u6_addr8 = {0x0 <repeats 12 times>,
0x1,
0x0, 0x1, 0x6d}, __u6_addr16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x1, 0x6d01}, __u6_addr32 = {0x0, 0x0, 0x0, 0x6d010001}}}},
ie_dependladdr = {ie46_local = {ia46_pad32 = {0x0, 0x0, 0x0},
ia46_addr4 = {s_addr = 0x3030001}}, ie6_local = {__u6_addr = {
__u6_addr8 = {0x0 <repeats 12 times>, 0x1, 0x0, 0x3, 0x3},
__u6_addr16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x303},
__u6_addr32 = {0x0, 0x0, 0x0, 0x3030001}}}}}, inc_dependroute =
{
inc4_route = {ro_rt = 0x0, ro_dst = {sa_len = 0x10, sa_family = 0x2,
sa_data = {0x0, 0x0, 0x1, 0x0, 0x1, 0x6d, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0}}}, inc6_route = {ro_rt = 0x0, ro_dst = {
sin6_len = 0x10, sin6_family = 0x2, sin6_port = 0x0,
sin6_flowinfo = 0x6d010001, sin6_addr = {__u6_addr = {__u6_addr8 =
{
0x0 <repeats 16 times>}, __u6_addr16 = {0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0}, __u6_addr32 = {0x0, 0x0, 0x0, 0x0}}},
sin6_scope_id = 0x0}}}}, sc_tsrecent = 0x566c070, sc_cc_send =
0x0,
sc_cc_recv = 0x0, sc_irs = 0x176806a0, sc_iss = 0xcd9b49c5,
sc_rxttime = 0x69af58, sc_rxtslot = 0x0, sc_peer_mss = 0x5b4,
sc_wnd = 0xe000, sc_requested_s_scale = 0x1, sc_request_r_scale = 0x0,
sc_flags = 0x26, sc_hash = {tqe_next = 0x0, tqe_prev = 0xd97ed510},
sc_timerq = {tqe_next = 0xf6291f40, tqe_prev = 0xf6291fc0}}
(kgdb) up
#17 0xc021bcb8 in syncache_drop (sc=0xf6291f40, sch=0x0)
at /usr/src/sys/netinet/tcp_syncache.c:343
343 syncache_free(sc);
(kgdb) l
338 TAILQ_REMOVE(&tcp_syncache.timerq[sc->sc_rxtslot], sc,
sc_timerq);
339 if (TAILQ_EMPTY(&tcp_syncache.timerq[sc->sc_rxtslot]))
340
callout_stop(&tcp_syncache.tt_timerq[sc->sc_rxtslot]);
341 splx(s);
342
343 syncache_free(sc);
344 }
345
346 /*
347 * Walk the timer queues, looking for SYN,ACKs that need to be
retransmitted.
(kgdb)
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?FE045D4D9F7AED4CBFF1B3B813C85337676585>