Date: Sat, 10 Aug 2002 19:28:22 -0400 From: Bosko Milekic <bmilekic@unixdaemons.com> To: FUJITA Kazutoshi <fujita@soum.co.jp> Cc: tlambert2@mindspring.com, freebsd-net@FreeBSD.ORG, freebsd-hackers@FreeBSD.ORG Subject: Re: m_freem() in tcp_respond() Message-ID: <20020810192822.A94017@unixdaemons.com> In-Reply-To: <20020811.082259.74720252.fujita@soum.co.jp>; from fujita@soum.co.jp on Sun, Aug 11, 2002 at 08:22:59AM %2B0900 References: <20020811.040808.74720123.fujita@soum.co.jp> <3D557563.D1FC72B8@mindspring.com> <20020811.082259.74720252.fujita@soum.co.jp>
next in thread | previous in thread | raw e-mail | index | archive | help
Ian Dowse just fixed this. Please upgrade.
On Sun, Aug 11, 2002 at 08:22:59AM +0900, FUJITA Kazutoshi wrote:
> From: Terry Lambert <tlambert2@mindspring.com>
> Subject: Re: m_freem() in tcp_respond()
> Date: Sat, 10 Aug 2002 13:19:47 -0700
> Message-ID: <3D557563.D1FC72B8@mindspring.com>
>=20
> > It is better to know that it's not NULL before it gets there.
> >=20
> > If you check everything everywhere to see if it's NULL before
> > you do anything, then you are going to speen all your time
> > comparing things to NULL, rather than doing real work.
>=20
> Hmmm...
> But my -STABLE box crashes at here when boot.
>=20
>=20
> # gdb -k kernel.debug vmcore.0
> GNU gdb 4.18 (FreeBSD)
> Copyright 1998 Free Software Foundation, Inc.
> GDB is free software, covered by the GNU General Public License, and you =
are
> welcome to change it and/or distribute copies of it under certain conditi=
ons.
> Type "show copying" to see the conditions.
> There is absolutely no warranty for GDB. Type "show warranty" for detail=
s.
> This GDB was configured as "i386-unknown-freebsd"...
> IdlePTD at phsyical address 0x005d2000
> initial pcb at physical address 0x004e2880
> panicstr: from debugger
> panic messages:
> ---
> Fatal trap 12: page fault while in kernel mode
> fault virtual address =3D 0x0
> fault code =3D supervisor read, page not present
> instruction pointer =3D 0x8:0xc021ef9c
> stack pointer =3D 0x10:0xdc319cd0
> frame pointer =3D 0x10:0xdc319cd8
> code segment =3D base 0x0, limit 0xfffff, type 0x1b
> =3D DPL 0, pres 1, def32 1, gran 1
> processor eflags =3D interrupt enabled, resume, IOPL =3D 0
> current process =3D 197 (wnnstat)
> interrupt mask =3D net tty=20
> panic: from debugger
>=20
>=20
> Fatal trap 3: breakpoint instruction fault while in kernel mode
> instruction pointer =3D 0x8:0xc03b872c
> stack pointer =3D 0x10:0xdc319ae4
> frame pointer =3D 0x10:0xdc319aec
> code segment =3D base 0x0, limit 0xfffff, type 0x1b
> =3D DPL 0, pres 1, def32 1, gran 1
> processor eflags =3D interrupt enabled, IOPL =3D 0
> current process =3D 197 (wnnstat)
> interrupt mask =3D net tty=20
> panic: from debugger
> Uptime: 38s
>=20
> dumping to dev #ad/0x30001, offset 1311872
> dump ata0: resetting devices .. done
> 639 638 637 636 635 634 633 632 631 630 629 628 627 626 625 624 623 622 6=
21 620 619 618 617 616 615 614 613 612 611 610 609 608 607 606 605 604 603 =
602 601 600 599 598 597 596 595 594 593 592 591 590 589 588 587 586 585 584=
583 582 581 580 579 578 577 576 575 574 573 572 571 570 569 568 567 566 56=
5 564 563 562 561 560 559 558 557 556 555 554 553 552 551 550 549 548 547 5=
46 545 544 543 542 541 540 539 538 537 536 535 534 533 532 531 530 529 528 =
527 526 525 524 523 522 521 520 519 518 517 516 515 514 513 512 511 510 509=
508 507 506 505 504 503 502 501 500 499 498 497 496 495 494 493 492 491 49=
0 489 488 487 486 485 484 483 482 481 480 479 478 477 476 475 474 473 472 4=
71 470 469 468 467 466 465 464 463 462 461 460 459 458 457 456 455 454 453 =
452 451 450 449 448 447 446 445 444 443 442 441 440 439 438 437 436 435 434=
433 432 431 430 429 428 427 426 425 424 423 422 421 420 419 418 417 416 41=
5 414 413 412 411 410 409 408 407 406 405 404 403 402 401 400 399 398 397 3=
96 395 394 393 39
> 2 391 390 389 388 387 386 385 384 383 382 381 380 379 378 377 376 375 37=
4 373 372 371 370 369 368 367 366 365 364 363 362 361 360 359 358 357 356 3=
55 354 353 352 351 350 349 348 347 346 345 344 343 342 341 340 339 338 337 =
336 335 334 333 332 331 330 329 328 327 326 325 324 323 322 321 320 319 318=
317 316 315 314 313 312 311 310 309 308 307 306 305 304 303 302 301 300 29=
9 298 297 296 295 294 293 292 291 290 289 288 287 286 285 284 283 282 281 2=
80 279 278 277 276 275 274 273 272 271 270 269 268 267 266 265 264 263 262 =
261 260 259 258 257 256 255 254 253 252 251 250 249 248 247 246 245 244 243=
242 241 240 239 238 237 236 235 234 233 232 231 230 229 228 227 226 225 22=
4 223 222 221 220 219 218 217 216 215 214 213 212 211 210 209 208 207 206 2=
05 204 203 202 201 200 199 198 197 196 195 194 193 192 191 190 189 188 187 =
186 185 184 183 182 181 180 179 178 177 176 175 174 173 172 171 170 169 168=
167 166 165 164 163 162 161 160 159 158 157 156 155 154 153 152 151 150 14=
9 148 147 146 145
> 144 143 142 141 140 139 138 137 136 135 134 133 132 131 130 129 128 127=
126 125 124 123 122 121 120 119 118 117 116 115 114 113 112 111 110 109 10=
8 107 106 105 104 103 102 101 100 99 98 97 96 95 94 93 92 91 90 89 88 87 86=
85 84 83 82 81 80 79 78 77 76 75 74 73 72 71 70 69 68 67 66 65 64 63 62 61=
60 59 58 57 56 55 54 53 52 51 50 49 48 47 46 45 44 43 42 41 40 39 38 37 36=
35 34 33 32 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11=
10 9 8 7 6 5 4 3 2 1 0=20
> ---
> #0 dumpsys () at /usr/src/sys/kern/kern_shutdown.c:487
> 487 if (dumping++) {
> (kgdb) bt
> #0 dumpsys () at /usr/src/sys/kern/kern_shutdown.c:487
> #1 0xc0202e73 in boot (howto=3D260) at /usr/src/sys/kern/kern_shutdown.c=
:316
> #2 0xc02032b1 in panic (fmt=3D0xc03edd84 "from debugger")
> at /usr/src/sys/kern/kern_shutdown.c:595
> #3 0xc014cbb9 in db_panic (addr=3D-1071517796, have_addr=3D0, count=3D-1=
,=20
> modif=3D0xdc319b3c "") at /usr/src/sys/ddb/db_command.c:435
> #4 0xc014cb59 in db_command (last_cmdp=3D0xc0463918, cmd_table=3D0xc0463=
758,=20
> aux_cmd_tablep=3D0xc04c0cb8) at /usr/src/sys/ddb/db_command.c:333
> #5 0xc014cc1e in db_command_loop () at /usr/src/sys/ddb/db_command.c:457
> #6 0xc014ed5b in db_trap (type=3D12, code=3D0) at /usr/src/sys/ddb/db_tr=
ap.c:71
> #7 0xc03b84ce in kdb_trap (type=3D12, code=3D0, regs=3D0xdc319c90)
> at /usr/src/sys/i386/i386/db_interface.c:158
> #8 0xc03c8e14 in trap_fatal (frame=3D0xdc319c90, eva=3D0)
> at /usr/src/sys/i386/i386/trap.c:969
> #9 0xc03c8aed in trap_pfault (frame=3D0xdc319c90, usermode=3D0, eva=3D0)
> at /usr/src/sys/i386/i386/trap.c:867
> #10 0xc03c8667 in trap (frame=3D{tf_fs =3D 16, tf_es =3D -600768496, tf_d=
s =3D 16,=20
> tf_edi =3D -1048332032, tf_esi =3D 6422528, tf_ebp =3D -600728360,=
=20
> tf_isp =3D -600728388, tf_ebx =3D 0, tf_edx =3D 6756410, tf_ecx =3D=
0,=20
> tf_eax =3D 0, tf_trapno =3D 12, tf_err =3D 0, tf_eip =3D -107151779=
6, tf_cs =3D 8,=20
> tf_eflags =3D 66199, tf_esp =3D -1048331972, tf_ss =3D -1048331972})
> at /usr/src/sys/i386/i386/trap.c:466
> #11 0xc021ef9c in m_freem (m=3D0x0) at /usr/src/sys/kern/uipc_mbuf.c:706
> ---Type <return> to continue, or q <return> to quit---
> #12 0xc0273a0f in tcp_respond (tp=3D0x0, ipgen=3D0xc183b93c, th=3D0xc183b=
950,=20
> m=3D0xc183b900, ack=3D2100704027, seq=3D0, flags=3D20)
> at /usr/src/sys/netinet/tcp_subr.c:396
> #13 0xc0271eff in tcp_input (m=3D0xc183b900, off0=3D20, proto=3D6)
> at /usr/src/sys/netinet/tcp_input.c:2204
> #14 0xc026b874 in ip_input (m=3D0xc183b900)
> at /usr/src/sys/netinet/ip_input.c:821
> #15 0xc026b8d3 in ipintr () at /usr/src/sys/netinet/ip_input.c:842
> #16 0xc03ba809 in swi_net_next ()
> #17 0xc0224929 in connect (p=3D0xd86e1f20, uap=3D0xdc319f80)
> at /usr/src/sys/kern/uipc_syscalls.c:396
> #18 0xc03c90f5 in syscall2 (frame=3D{tf_fs =3D 47, tf_es =3D 47, tf_ds =
=3D 47,=20
> tf_edi =3D 22273, tf_esi =3D 3, tf_ebp =3D -1077938064, tf_isp =3D =
-600727596,=20
> tf_ebx =3D 671650276, tf_edx =3D -1077938288, tf_ecx =3D 13, tf_eax=
=3D 98,=20
> tf_trapno =3D 12, tf_err =3D 2, tf_eip =3D 672133692, tf_cs =3D 31,=
=20
> tf_eflags =3D 659, tf_esp =3D -1077938252, tf_ss =3D 47})
> at /usr/src/sys/i386/i386/trap.c:1175
> #19 0xc03b93a5 in Xint0x80_syscall ()
> #20 0x2806fcbd in ?? ()
> #21 0x8048d88 in ?? ()
> #22 0x8048add in ?? ()
> (kgdb) frame 12
> #12 0xc0273a0f in tcp_respond (tp=3D0x0, ipgen=3D0xc183b93c, th=3D0xc183b=
950,=20
> m=3D0xc183b900, ack=3D2100704027, seq=3D0, flags=3D20)
> at /usr/src/sys/netinet/tcp_subr.c:396
> 396 m_freem(m->m_next);
> (kgdb) print m
> $1 =3D (struct mbuf *) 0xc183b900
> (kgdb) print m->m_hdr.mh_next
> $2 =3D (struct mbuf *) 0x0
> (kgdb) frame 11
> #11 0xc021ef9c in m_freem (m=3D0x0) at /usr/src/sys/kern/uipc_mbuf.c:706
> 706 if (mcl_pool_now < mcl_pool_max && m->m_next =3D=3D NULL =
&&
> (kgdb)=20
>=20
>=20
>=20
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-net" in the body of the message
>=20
--=20
Bosko Milekic * bmilekic@unixdaemons.com * bmilekic@FreeBSD.org
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020810192822.A94017>