From owner-freebsd-stable  Tue Mar  4  6:40:38 2003
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id BC2B437B401
	for <stable@freebsd.org>; Tue,  4 Mar 2003 06:40:36 -0800 (PST)
Received: from mail.flugsvamp.com (ts46-01-qdr3643.mdfrd.or.charter.com [68.118.36.71])
	by mx1.FreeBSD.org (Postfix) with ESMTP id E74A343FA3
	for <stable@freebsd.org>; Tue,  4 Mar 2003 06:40:33 -0800 (PST)
	(envelope-from jlemon@flugsvamp.com)
Received: (from jlemon@localhost)
	by mail.flugsvamp.com (8.12.6/8.12.6) id h24Ee9ha074389;
	Tue, 4 Mar 2003 08:40:09 -0600 (CST)
	(envelope-from jlemon)
Date: Tue, 4 Mar 2003 08:40:09 -0600 (CST)
From: Jonathan Lemon <jlemon@flugsvamp.com>
Message-Id: <200303041440.h24Ee9ha074389@mail.flugsvamp.com>
To: roam@ringlet.net, stable@freebsd.org
Subject: Re: 4.8-PRE (and earlier) crash - syncookies?
X-Newsgroups: local.mail.freebsd-stable
In-Reply-To: <local.mail.freebsd-stable/20030304115918.GA554@straylight.oblivion.bg>
Organization: 
Cc: 
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-stable.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-stable>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-stable>
X-Loop: FreeBSD.ORG

In article <local.mail.freebsd-stable/20030304115918.GA554@straylight.oblivion.bg> you write:
>-=-=-=-=-=-
>-=-=-=-=-=-
>
>Hi,
>
>I think this has been going on for a couple of months; unfortunately, I
>cannot remember exactly when it started :(  Several machines, which have
>always been updated synchronously at intervals of a couple of weeks or
>so, have been experiencing panics every few days with recent 4.6-STABLE,
>4.7-STABLE, and 4.8-PRERELEASE kernel+world.
>
>Attached is the kernel config and a gdb session of the most recent
>crashdump.  Maybe the most interesting part is at the end of the gdb
>session: is there a normal reason why a TAILQ structure would have a
>null start pointer, and an end pointer pointing back to itself?

[ ... ]

>#16 0xc01b2768 in syncache_insert (sc=0xcb870b80, sch=0xc0eeeb7c)
>    at /usr/src/sys/netinet/tcp_syncache.c:289
>289			sc2 = TAILQ_FIRST(&sch->sch_bucket);
>(kgdb) print sch
>$1 = (struct syncache_head *) 0xc0eeeb7c
>(kgdb) print *sch
>$2 = {sch_bucket = {tqh_first = 0x0, tqh_last = 0xc0eeeb7c}, 
>  sch_length = 4294967295}


It looks to me like the tailq is empty (first == null, last == &head),
but the code path to remove an entry was taken because the length
counter indicated it was over the bucket limit.  sch_length == -1.

So my guess is the code dropped a syncache entry twice, and this is 
the resulting mess.  Can you print out the contents of tcp_syncache
and tcpstat?
-- 
Jonathan

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message