kern/120344: FreeBSD 6.3-STABLE panics on hight loaded web server
Andrey V. Elsukov
bu7cher at yandex.ru
Thu Feb 7 12:10:03 UTC 2008
>Number: 120344
>Category: kern
>Synopsis: FreeBSD 6.3-STABLE panics on hight loaded web server
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Thu Feb 07 12:10:02 UTC 2008
>Closed-Date:
>Last-Modified:
>Originator: Andrey V. Elsukov
>Release: FreeBSD 6.3-STABLE i386
>Organization:
>Environment:
System: FreeBSD 6.3-STABLE
>Description:
FreeBSD 6.2-RELEASE and 6.3-STABLE panic on hight loaded web server.
Panic may occur several times per day, but can only one per several days.
Specifig kernel options:
options VM_KMEM_SIZE_SCALE="4"
options TCP_DROP_SYNFIN
options ACCEPT_FILTER_DATA
options ACCEPT_FILTER_HTTP
Note from Robert Watson:
It looks like things are definitely getting confused because so is
SS_ISCONNECTED and SS_DISCONNECTED at the end of it, but that it's
not clear that the panic is a result of that confusion, we may just
be running into what is normal for accept filters but not normally
noticed, and only seeing it because of a race.
>How-To-Repeat:
>Fix:
--- report.txt begins here ---
Unread portion of the kernel message buffer:
Fatal trap 12: page fault while in kernel mode
fault virtual address = 0x0
fault code = supervisor write, page not present
instruction pointer = 0x20:0xc0511be5
stack pointer = 0x28:0xe573bb18
frame pointer = 0x28:0xe573bb20
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, def32 1, gran 1
processor eflags = interrupt enabled, resume, IOPL = 0
current process = 11 (swi1: net)
trap number = 12
panic: page fault
Uptime: 3h10m0s
Dumping 2038 MB (4 chunks)
chunk 0: 1MB (159 pages) ... ok
chunk 1: 2038MB (521575 pages) 2022 2006 1990 1974 1958 1942 1926 1910 1894 1878 1862 1846 1830 1814 1798 1782 1766 1750 1734 1718 1702 1686 1670 1654 1638 1622 1606 1590 1574 1558 1542 1526 1510 1494 1478 1462 1446 1430 1414 1398 1382 1366 1350 1334 1318 1302 1286 1270 1254 1238 1222 1206 1190 1174 1158 1142 1126 1110 1094 1078 1062 1046 1030 1014 998 982 966 950 934 918 902 886 870 854 838 822 806 790 774 758 742 726 710 694 678 662 646 630 614 598 582 566 550 534 518 502 486 470 454 438 422 406 390 374 358 342 326 310 294 278 262 246 230 214 198 182 166 150 134 118 102 86 70 54 38 22 6
#0 doadump () at pcpu.h:165
in pcpu.h
(kgdb) bt full
#0 doadump () at pcpu.h:165
No locals.
#1 0xc04d5ba2 in boot (howto=260) at ../../../kern/kern_shutdown.c:409
first_buf_printf = 1
#2 0xc04d5e38 in panic (fmt=0xc0627e51 "%s") at ../../../kern/kern_shutdown.c:565
td = (struct thread *) 0xc6a7d780
bootopt = 260
newpanic = 0
ap = 0xc6a7d780 "x椮 \r¨Æ"
buf = "page fault", '\0' <repeats 245 times>
#3 0xc0606394 in trap_fatal (frame=0xe573bad8, eva=0) at ../../../i386/i386/trap.c:838
code = 40
ss = 40
esp = 0
type = 12
softseg = {ssd_base = 0, ssd_limit = 1048575, ssd_type = 27, ssd_dpl = 0, ssd_p = 1, ssd_xx = 10, ssd_xx1 = 0, ssd_def32 = 1, ssd_gran = 1}
msg = 0x0
#4 0xc06060fb in trap_pfault (frame=0xe573bad8, usermode=0, eva=0) at ../../../i386/i386/trap.c:745
va = 0
vm = (struct vmspace *) 0x0
map = 0xc06776e0
rv = 1
ftype = 1 '\001'
td = (struct thread *) 0xc6a7d780
p = (struct proc *) 0xc6a7ca78
#5 0xc0605d59 in trap (frame=
{tf_fs = 8, tf_es = 40, tf_ds = 40, tf_edi = -944673984, tf_esi = -948881320, tf_ebp = -445400288, tf_isp = -445400316, tf_ebx = -949633916, tf_edx = -948881292, tf_ecx = 4, tf_eax = 0, tf_trapno = 12, tf_err = 2, tf_eip = -1068426267, tf_cs = 32, tf_eflags = 590406, tf_esp = -949633836, tf_ss = -949633916}) at ../../../i386/i386/trap.c:435
td = (struct thread *) 0xc6a7d780
p = (struct proc *) 0xc6a7ca78
sticks = 1342177792
type = 12
i = 0
ucode = 0
code = 2
eva = 0
#6 0xc05f3a3a in calltrap () at ../../../i386/i386/exception.s:139
No locals.
#7 0xc0511be5 in soisconnected (so=0xc765bc84) at ../../../kern/uipc_socket2.c:138
head = (struct socket *) 0xc7713858
#8 0xc0552040 in sohasdata (so=0xc7713874, arg=0x0, waitflag=1) at ../../../netinet/accf_data.c:66
No locals.
#9 0xc051280d in sowakeup (so=0xc765bc84, sb=0xc765bcd4) at ../../../kern/uipc_socket2.c:422
No locals.
#10 0xc051209a in soisdisconnected (so=0xc765bc84) at ../../../kern/uipc_socket2.c:196
No locals.
#11 0xc0566c9b in tcp_discardcb (tp=0xc7bfe3a0) at ../../../netinet/tcp_subr.c:830
q = (struct tseg_qent *) 0x0
inp = (struct inpcb *) 0xc7b16b40
so = (struct socket *) 0xc765bc84
#12 0xc0566cb4 in tcp_close (tp=0x0) at ../../../netinet/tcp_subr.c:851
inp = (struct inpcb *) 0xc7b16b40
#13 0xc0562c66 in tcp_input (m=0xc6b6e900, off0=20) at ../../../netinet/tcp_input.c:1575
th = (struct tcphdr *) 0xc7bfe3a0
ip = (struct ip *) 0xc7476020
ipov = (struct ipovly *) 0x4
inp = (struct inpcb *) 0xc7b16b40
optp = (u_char *) 0x0
optlen = 0
len = -943725664
tlen = 0
off = 20
drop_hdrlen = 40
tp = (struct tcpcb *) 0xc7bfe3a0
thflags = 4
so = (struct socket *) 0xc765bc84
todrop = -943725664
acked = -943725664
ourfinisacked = -445400176
needoutput = 0
tiwin = 0
to = {to_flags = 0, to_tsval = 0, to_tsecr = 0, to_mss = 0, to_requested_s_scale = 0 '\0', to_nsacks = 0 '\0', to_sacks = 0x0}
headlocked = 1
rstreason = -943725664
#14 0xc055acc2 in ip_input (m=0xc6b6e900) at ../../../netinet/ip_input.c:791
ip = (struct ip *) 0xc7476020
ia = (struct in_ifaddr *) 0xc6d89000
ifa = (struct ifaddr *) 0xc7713874
checkif = 0
hlen = 20
sum = 0
dchg = 0
odst = {s_addr = 62266432}
#15 0xc054a09b in netisr_processqueue (ni=0xc067fe58) at ../../../net/netisr.c:236
m = (struct mbuf *) 0xc6b6e900
#16 0xc054a296 in swi_net (dummy=0x0) at ../../../net/netisr.c:349
ni = (struct netisr *) 0xc067fe58
bits = 0
i = 4
#17 0xc04c1bed in ithread_execute_handlers (p=0xc6a7ca78, ie=0xc6a6c000) at ../../../kern/kern_intr.c:682
ih = (struct intr_handler *) 0xc6add8c0
ihn = (struct intr_handler *) 0x0
#18 0xc04c1d08 in ithread_loop (arg=0xc6a65720) at ../../../kern/kern_intr.c:766
intr_event = (struct intr_thread *) 0xc6a65720
ie = (struct intr_event *) 0xc6a6c000
td = (struct thread *) 0xc6a7d780
p = (struct proc *) 0xc6a7ca78
#19 0xc04c0b9c in fork_exit (callout=0xc04c1cb4 <ithread_loop>, arg=0xc6a65720, frame=0xe573bd38) at ../../../kern/kern_fork.c:788
p = (struct proc *) 0xc6a7ca78
td = (struct thread *) 0xc7713874
#20 0xc05f3a9c in fork_trampoline () at ../../../i386/i386/exception.s:208
No locals.
(kgdb) f 7
#7 0xc0511be5 in soisconnected (so=0xc765bc84) at ../../../kern/uipc_socket2.c:138
138 TAILQ_INSERT_TAIL(&head->so_comp, so, so_list);
(kgdb) p *so
$1 = {so_count = 0, so_type = 1, so_options = 12, so_linger = 0, so_state = 8451, so_qstate = 0, so_pcb = 0xc7b16b40, so_proto = 0xc065d9c8,
so_head = 0xc7713858, so_incomp = {tqh_first = 0x0, tqh_last = 0x0}, so_comp = {tqh_first = 0x0, tqh_last = 0x0}, so_list = {tqe_next = 0x0,
tqe_prev = 0x0}, so_qlen = 0, so_incqlen = 0, so_qlimit = 0, so_timeo = 0, so_error = 54, so_sigio = 0x0, so_oobmark = 0, so_aiojobq = {
tqh_first = 0x0, tqh_last = 0xc765bccc}, so_rcv = {sb_sel = {si_thrlist = {tqe_next = 0x0, tqe_prev = 0x0}, si_thread = 0x0, si_note = {kl_list = {
slh_first = 0x0}, kl_lock = 0xc04bb7e0 <knlist_mtx_lock>, kl_unlock = 0xc04bb814 <knlist_mtx_unlock>, kl_locked = 0xc04bb850 <knlist_mtx_locked>,
kl_lockarg = 0xc765bcf8}, si_flags = 0}, sb_mtx = {mtx_object = {lo_class = 0xc0653d64, lo_name = 0xc062fce7 "so_rcv",
lo_type = 0xc062fce7 "so_rcv", lo_flags = 196608, lo_list = {tqe_next = 0x0, tqe_prev = 0x0}, lo_witness = 0x0}, mtx_lock = 4, mtx_recurse = 0},
sb_state = 32, sb_mb = 0x0, sb_mbtail = 0x0, sb_lastrecord = 0x0, sb_cc = 0, sb_hiwat = 66792, sb_mbcnt = 0, sb_mbmax = 262144, sb_ctl = 0,
sb_lowat = 1, sb_timeo = 0, sb_flags = 0}, so_snd = {sb_sel = {si_thrlist = {tqe_next = 0x0, tqe_prev = 0x0}, si_thread = 0x0, si_note = {kl_list = {
slh_first = 0x0}, kl_lock = 0xc04bb7e0 <knlist_mtx_lock>, kl_unlock = 0xc04bb814 <knlist_mtx_unlock>, kl_locked = 0xc04bb850 <knlist_mtx_locked>,
kl_lockarg = 0xc765bd70}, si_flags = 0}, sb_mtx = {mtx_object = {lo_class = 0xc0653d64, lo_name = 0xc062fce0 "so_snd",
lo_type = 0xc062fce0 "so_snd", lo_flags = 196608, lo_list = {tqe_next = 0x0, tqe_prev = 0x0}, lo_witness = 0x0}, mtx_lock = 4, mtx_recurse = 0},
sb_state = 0, sb_mb = 0x0, sb_mbtail = 0x0, sb_lastrecord = 0x0, sb_cc = 0, sb_hiwat = 33396, sb_mbcnt = 0, sb_mbmax = 262144, sb_ctl = 0,
sb_lowat = 2048, sb_timeo = 0, sb_flags = 0}, so_upcall = 0, so_upcallarg = 0x0, so_cred = 0xc7de1780, so_label = 0x0, so_peerlabel = 0x0,
so_gencnt = 87835, so_emuldata = 0x0, so_accf = 0x0}
(kgdb) p *(struct socket *)0xc7713858
$2 = {so_count = 0, so_type = 1, so_options = 12, so_linger = 0, so_state = 3, so_qstate = 2048, so_pcb = 0xc982fe10, so_proto = 0xc065d9c8,
so_head = 0xc6e629bc, so_incomp = {tqh_first = 0xc981d164, tqh_last = 0x0}, so_comp = {tqh_first = 0x0, tqh_last = 0x0}, so_list = {
tqe_next = 0xc99b3000, tqe_prev = 0xc89509e8}, so_qlen = 0, so_incqlen = 65535, so_qlimit = 0, so_timeo = 0, so_error = 0, so_sigio = 0x0,
so_oobmark = 0, so_aiojobq = {tqh_first = 0x0, tqh_last = 0xc77138a0}, so_rcv = {sb_sel = {si_thrlist = {tqe_next = 0x0, tqe_prev = 0x0},
si_thread = 0x0, si_note = {kl_list = {slh_first = 0x0}, kl_lock = 0xc04bb7e0 <knlist_mtx_lock>, kl_unlock = 0xc04bb814 <knlist_mtx_unlock>,
kl_locked = 0xc04bb850 <knlist_mtx_locked>, kl_lockarg = 0xc77138cc}, si_flags = 0}, sb_mtx = {mtx_object = {lo_class = 0xc0653d64,
lo_name = 0xc062fce7 "so_rcv", lo_type = 0xc062fce7 "so_rcv", lo_flags = 196608, lo_list = {tqe_next = 0x0, tqe_prev = 0x0}, lo_witness = 0x0},
mtx_lock = 4, mtx_recurse = 0}, sb_state = 0, sb_mb = 0x0, sb_mbtail = 0x0, sb_lastrecord = 0x0, sb_cc = 0, sb_hiwat = 65700, sb_mbcnt = 0,
sb_mbmax = 262144, sb_ctl = 0, sb_lowat = 1, sb_timeo = 0, sb_flags = 32}, so_snd = {sb_sel = {si_thrlist = {tqe_next = 0x0, tqe_prev = 0x0},
si_thread = 0x0, si_note = {kl_list = {slh_first = 0x0}, kl_lock = 0xc04bb7e0 <knlist_mtx_lock>, kl_unlock = 0xc04bb814 <knlist_mtx_unlock>,
kl_locked = 0xc04bb850 <knlist_mtx_locked>, kl_lockarg = 0xc7713944}, si_flags = 0}, sb_mtx = {mtx_object = {lo_class = 0xc0653d64,
lo_name = 0xc062fce0 "so_snd", lo_type = 0xc062fce0 "so_snd", lo_flags = 196608, lo_list = {tqe_next = 0x0, tqe_prev = 0x0}, lo_witness = 0x0},
mtx_lock = 4, mtx_recurse = 0}, sb_state = 0, sb_mb = 0x0, sb_mbtail = 0x0, sb_lastrecord = 0x0, sb_cc = 0, sb_hiwat = 33580, sb_mbcnt = 0,
sb_mbmax = 262144, sb_ctl = 0, sb_lowat = 2048, sb_timeo = 0, sb_flags = 0}, so_upcall = 0xc0552174 <sohashttpget>, so_upcallarg = 0x0,
so_cred = 0xc6a6cd00, so_label = 0x0, so_peerlabel = 0x0, so_gencnt = 144733, so_emuldata = 0x0, so_accf = 0x0}
(kgdb) l *0xc0511be5
0xc0511be5 is in soisconnected (../../../kern/uipc_socket2.c:138).
133 if ((so->so_options & SO_ACCEPTFILTER) == 0) {
134 SOCK_UNLOCK(so);
135 TAILQ_REMOVE(&head->so_incomp, so, so_list);
136 head->so_incqlen--;
137 so->so_qstate &= ~SQ_INCOMP;
138 TAILQ_INSERT_TAIL(&head->so_comp, so, so_list);
139 head->so_qlen++;
140 so->so_qstate |= SQ_COMP;
141 ACCEPT_UNLOCK();
142 sorwakeup(head);
(kgdb) print *so->so_head->so_head
$3 = {so_count = 1, so_type = 1, so_options = 4110, so_linger = 0, so_state = 0, so_qstate = 0, so_pcb = 0xc6f145a0, so_proto = 0xc065d9c8, so_head = 0x0,
so_incomp = {tqh_first = 0xc7fd0000, tqh_last = 0xc99b2cb0}, so_comp = {tqh_first = 0x0, tqh_last = 0xc6e629e0}, so_list = {tqe_next = 0x0,
tqe_prev = 0x0}, so_qlen = 0, so_incqlen = 107, so_qlimit = 128, so_timeo = 0, so_error = 0, so_sigio = 0x0, so_oobmark = 0, so_aiojobq = {
tqh_first = 0x0, tqh_last = 0xc6e62a04}, so_rcv = {sb_sel = {si_thrlist = {tqe_next = 0x0, tqe_prev = 0xc6e62744}, si_thread = 0xc7269a80, si_note = {
kl_list = {slh_first = 0x0}, kl_lock = 0xc04bb7e0 <knlist_mtx_lock>, kl_unlock = 0xc04bb814 <knlist_mtx_unlock>,
kl_locked = 0xc04bb850 <knlist_mtx_locked>, kl_lockarg = 0xc6e62a30}, si_flags = 0}, sb_mtx = {mtx_object = {lo_class = 0xc0653d64,
lo_name = 0xc062fce7 "so_rcv", lo_type = 0xc062fce7 "so_rcv", lo_flags = 196608, lo_list = {tqe_next = 0x0, tqe_prev = 0x0}, lo_witness = 0x0},
mtx_lock = 4, mtx_recurse = 0}, sb_state = 0, sb_mb = 0x0, sb_mbtail = 0x0, sb_lastrecord = 0x0, sb_cc = 0, sb_hiwat = 65536, sb_mbcnt = 0,
sb_mbmax = 262144, sb_ctl = 0, sb_lowat = 1, sb_timeo = 0, sb_flags = 8}, so_snd = {sb_sel = {si_thrlist = {tqe_next = 0x0, tqe_prev = 0x0},
si_thread = 0x0, si_note = {kl_list = {slh_first = 0x0}, kl_lock = 0xc04bb7e0 <knlist_mtx_lock>, kl_unlock = 0xc04bb814 <knlist_mtx_unlock>,
kl_locked = 0xc04bb850 <knlist_mtx_locked>, kl_lockarg = 0xc6e62aa8}, si_flags = 0}, sb_mtx = {mtx_object = {lo_class = 0xc0653d64,
lo_name = 0xc062fce0 "so_snd", lo_type = 0xc062fce0 "so_snd", lo_flags = 196608, lo_list = {tqe_next = 0x0, tqe_prev = 0x0}, lo_witness = 0x0},
mtx_lock = 4, mtx_recurse = 0}, sb_state = 0, sb_mb = 0x0, sb_mbtail = 0x0, sb_lastrecord = 0x0, sb_cc = 0, sb_hiwat = 32768, sb_mbcnt = 0,
sb_mbmax = 262144, sb_ctl = 0, sb_lowat = 2048, sb_timeo = 0, sb_flags = 0}, so_upcall = 0, so_upcallarg = 0x0, so_cred = 0xc6a6cd00, so_label = 0x0,
so_peerlabel = 0x0, so_gencnt = 391, so_emuldata = 0x0, so_accf = 0xc6bc7a30}
(kgdb) f 13
#13 0xc0562c66 in tcp_input (m=0xc6b6e900, off0=20) at ../../../netinet/tcp_input.c:1575
1575 tp = tcp_close(tp);
(kgdb) p so
$4 = (struct socket *) 0xc765bc84
(kgdb) p *so
$5 = {so_count = 0, so_type = 1, so_options = 12, so_linger = 0, so_state = 8451, so_qstate = 0, so_pcb = 0xc7b16b40, so_proto = 0xc065d9c8,
so_head = 0xc7713858, so_incomp = {tqh_first = 0x0, tqh_last = 0x0}, so_comp = {tqh_first = 0x0, tqh_last = 0x0}, so_list = {tqe_next = 0x0,
tqe_prev = 0x0}, so_qlen = 0, so_incqlen = 0, so_qlimit = 0, so_timeo = 0, so_error = 54, so_sigio = 0x0, so_oobmark = 0, so_aiojobq = {
tqh_first = 0x0, tqh_last = 0xc765bccc}, so_rcv = {sb_sel = {si_thrlist = {tqe_next = 0x0, tqe_prev = 0x0}, si_thread = 0x0, si_note = {kl_list = {
slh_first = 0x0}, kl_lock = 0xc04bb7e0 <knlist_mtx_lock>, kl_unlock = 0xc04bb814 <knlist_mtx_unlock>, kl_locked = 0xc04bb850 <knlist_mtx_locked>,
kl_lockarg = 0xc765bcf8}, si_flags = 0}, sb_mtx = {mtx_object = {lo_class = 0xc0653d64, lo_name = 0xc062fce7 "so_rcv",
lo_type = 0xc062fce7 "so_rcv", lo_flags = 196608, lo_list = {tqe_next = 0x0, tqe_prev = 0x0}, lo_witness = 0x0}, mtx_lock = 4, mtx_recurse = 0},
sb_state = 32, sb_mb = 0x0, sb_mbtail = 0x0, sb_lastrecord = 0x0, sb_cc = 0, sb_hiwat = 66792, sb_mbcnt = 0, sb_mbmax = 262144, sb_ctl = 0,
sb_lowat = 1, sb_timeo = 0, sb_flags = 0}, so_snd = {sb_sel = {si_thrlist = {tqe_next = 0x0, tqe_prev = 0x0}, si_thread = 0x0, si_note = {kl_list = {
slh_first = 0x0}, kl_lock = 0xc04bb7e0 <knlist_mtx_lock>, kl_unlock = 0xc04bb814 <knlist_mtx_unlock>, kl_locked = 0xc04bb850 <knlist_mtx_locked>,
kl_lockarg = 0xc765bd70}, si_flags = 0}, sb_mtx = {mtx_object = {lo_class = 0xc0653d64, lo_name = 0xc062fce0 "so_snd",
lo_type = 0xc062fce0 "so_snd", lo_flags = 196608, lo_list = {tqe_next = 0x0, tqe_prev = 0x0}, lo_witness = 0x0}, mtx_lock = 4, mtx_recurse = 0},
sb_state = 0, sb_mb = 0x0, sb_mbtail = 0x0, sb_lastrecord = 0x0, sb_cc = 0, sb_hiwat = 33396, sb_mbcnt = 0, sb_mbmax = 262144, sb_ctl = 0,
sb_lowat = 2048, sb_timeo = 0, sb_flags = 0}, so_upcall = 0, so_upcallarg = 0x0, so_cred = 0xc7de1780, so_label = 0x0, so_peerlabel = 0x0,
so_gencnt = 87835, so_emuldata = 0x0, so_accf = 0x0}
(kgdb) f 9
#9 0xc051280d in sowakeup (so=0xc765bc84, sb=0xc765bcd4) at ../../../kern/uipc_socket2.c:422
422 (*so->so_upcall)(so, so->so_upcallarg, M_DONTWAIT);
(kgdb) p so
$6 = (struct socket *) 0xc765bc84
(kgdb) p sb
$7 = (struct sockbuf *) 0xc765bcd4
(kgdb) p *so
$8 = {so_count = 0, so_type = 1, so_options = 12, so_linger = 0, so_state = 8451, so_qstate = 0, so_pcb = 0xc7b16b40, so_proto = 0xc065d9c8,
so_head = 0xc7713858, so_incomp = {tqh_first = 0x0, tqh_last = 0x0}, so_comp = {tqh_first = 0x0, tqh_last = 0x0}, so_list = {tqe_next = 0x0,
tqe_prev = 0x0}, so_qlen = 0, so_incqlen = 0, so_qlimit = 0, so_timeo = 0, so_error = 54, so_sigio = 0x0, so_oobmark = 0, so_aiojobq = {
tqh_first = 0x0, tqh_last = 0xc765bccc}, so_rcv = {sb_sel = {si_thrlist = {tqe_next = 0x0, tqe_prev = 0x0}, si_thread = 0x0, si_note = {kl_list = {
slh_first = 0x0}, kl_lock = 0xc04bb7e0 <knlist_mtx_lock>, kl_unlock = 0xc04bb814 <knlist_mtx_unlock>, kl_locked = 0xc04bb850 <knlist_mtx_locked>,
kl_lockarg = 0xc765bcf8}, si_flags = 0}, sb_mtx = {mtx_object = {lo_class = 0xc0653d64, lo_name = 0xc062fce7 "so_rcv",
lo_type = 0xc062fce7 "so_rcv", lo_flags = 196608, lo_list = {tqe_next = 0x0, tqe_prev = 0x0}, lo_witness = 0x0}, mtx_lock = 4, mtx_recurse = 0},
sb_state = 32, sb_mb = 0x0, sb_mbtail = 0x0, sb_lastrecord = 0x0, sb_cc = 0, sb_hiwat = 66792, sb_mbcnt = 0, sb_mbmax = 262144, sb_ctl = 0,
sb_lowat = 1, sb_timeo = 0, sb_flags = 0}, so_snd = {sb_sel = {si_thrlist = {tqe_next = 0x0, tqe_prev = 0x0}, si_thread = 0x0, si_note = {kl_list = {
slh_first = 0x0}, kl_lock = 0xc04bb7e0 <knlist_mtx_lock>, kl_unlock = 0xc04bb814 <knlist_mtx_unlock>, kl_locked = 0xc04bb850 <knlist_mtx_locked>,
kl_lockarg = 0xc765bd70}, si_flags = 0}, sb_mtx = {mtx_object = {lo_class = 0xc0653d64, lo_name = 0xc062fce0 "so_snd",
lo_type = 0xc062fce0 "so_snd", lo_flags = 196608, lo_list = {tqe_next = 0x0, tqe_prev = 0x0}, lo_witness = 0x0}, mtx_lock = 4, mtx_recurse = 0},
sb_state = 0, sb_mb = 0x0, sb_mbtail = 0x0, sb_lastrecord = 0x0, sb_cc = 0, sb_hiwat = 33396, sb_mbcnt = 0, sb_mbmax = 262144, sb_ctl = 0,
sb_lowat = 2048, sb_timeo = 0, sb_flags = 0}, so_upcall = 0, so_upcallarg = 0x0, so_cred = 0xc7de1780, so_label = 0x0, so_peerlabel = 0x0,
so_gencnt = 87835, so_emuldata = 0x0, so_accf = 0x0}
(kgdb) f 13
#13 0xc0562c66 in tcp_input (m=0xc6b6e900, off0=20) at ../../../netinet/tcp_input.c:1575
1575 tp = tcp_close(tp);
(kgdb) p *so
$9 = {so_count = 0, so_type = 1, so_options = 12, so_linger = 0, so_state = 8451, so_qstate = 0, so_pcb = 0xc7b16b40, so_proto = 0xc065d9c8,
so_head = 0xc7713858, so_incomp = {tqh_first = 0x0, tqh_last = 0x0}, so_comp = {tqh_first = 0x0, tqh_last = 0x0}, so_list = {tqe_next = 0x0,
tqe_prev = 0x0}, so_qlen = 0, so_incqlen = 0, so_qlimit = 0, so_timeo = 0, so_error = 54, so_sigio = 0x0, so_oobmark = 0, so_aiojobq = {
tqh_first = 0x0, tqh_last = 0xc765bccc}, so_rcv = {sb_sel = {si_thrlist = {tqe_next = 0x0, tqe_prev = 0x0}, si_thread = 0x0, si_note = {kl_list = {
slh_first = 0x0}, kl_lock = 0xc04bb7e0 <knlist_mtx_lock>, kl_unlock = 0xc04bb814 <knlist_mtx_unlock>, kl_locked = 0xc04bb850 <knlist_mtx_locked>,
kl_lockarg = 0xc765bcf8}, si_flags = 0}, sb_mtx = {mtx_object = {lo_class = 0xc0653d64, lo_name = 0xc062fce7 "so_rcv",
lo_type = 0xc062fce7 "so_rcv", lo_flags = 196608, lo_list = {tqe_next = 0x0, tqe_prev = 0x0}, lo_witness = 0x0}, mtx_lock = 4, mtx_recurse = 0},
sb_state = 32, sb_mb = 0x0, sb_mbtail = 0x0, sb_lastrecord = 0x0, sb_cc = 0, sb_hiwat = 66792, sb_mbcnt = 0, sb_mbmax = 262144, sb_ctl = 0,
sb_lowat = 1, sb_timeo = 0, sb_flags = 0}, so_snd = {sb_sel = {si_thrlist = {tqe_next = 0x0, tqe_prev = 0x0}, si_thread = 0x0, si_note = {kl_list = {
slh_first = 0x0}, kl_lock = 0xc04bb7e0 <knlist_mtx_lock>, kl_unlock = 0xc04bb814 <knlist_mtx_unlock>, kl_locked = 0xc04bb850 <knlist_mtx_locked>,
kl_lockarg = 0xc765bd70}, si_flags = 0}, sb_mtx = {mtx_object = {lo_class = 0xc0653d64, lo_name = 0xc062fce0 "so_snd",
lo_type = 0xc062fce0 "so_snd", lo_flags = 196608, lo_list = {tqe_next = 0x0, tqe_prev = 0x0}, lo_witness = 0x0}, mtx_lock = 4, mtx_recurse = 0},
sb_state = 0, sb_mb = 0x0, sb_mbtail = 0x0, sb_lastrecord = 0x0, sb_cc = 0, sb_hiwat = 33396, sb_mbcnt = 0, sb_mbmax = 262144, sb_ctl = 0,
sb_lowat = 2048, sb_timeo = 0, sb_flags = 0}, so_upcall = 0, so_upcallarg = 0x0, so_cred = 0xc7de1780, so_label = 0x0, so_peerlabel = 0x0,
so_gencnt = 87835, so_emuldata = 0x0, so_accf = 0x0}
(kgdb) p *inp
$10 = {inp_hash = {le_next = 0x0, le_prev = 0xc81e621c}, inp_list = {le_next = 0xc94f9870, le_prev = 0xc7a14bfc}, inp_flow = 0, inp_inc = {
inc_flags = 0 '\0', inc_len = 0 '\0', inc_pad = 0, inc_ie = {ie_fport = 35915, ie_lport = 20480, ie_dependfaddr = {ie46_foreign = {ia46_pad32 = {0, 0,
0}, ia46_addr4 = {s_addr = 2012805208}}, ie6_foreign = {__u6_addr = {__u6_addr8 = '\0' <repeats 12 times>, "Xøøw", __u6_addr16 = {0, 0, 0, 0,
0, 0, 63576, 30712}, __u6_addr32 = {0, 0, 0, 2012805208}}}}, ie_dependladdr = {ie46_local = {ia46_pad32 = {0, 0, 0}, ia46_addr4 = {
s_addr = 62266432}}, ie6_local = {__u6_addr = {__u6_addr8 = '\0' <repeats 12 times>, "@\034¶\003", __u6_addr16 = {0, 0, 0, 0, 0, 0, 7232, 950},
__u6_addr32 = {0, 0, 0, 62266432}}}}}}, inp_ppcb = 0x0, inp_pcbinfo = 0xc0680c00, inp_socket = 0xc765bc84, inp_label = 0x0, inp_flags = 0,
inp_sp = 0x0, inp_vflag = 1 '\001', inp_ip_ttl = 64 '@', inp_ip_p = 0 '\0', inp_ip_minttl = 0 '\0', inp_depend4 = {inp4_ip_tos = 0 '\0',
inp4_options = 0x0, inp4_moptions = 0x0}, inp_depend6 = {inp6_options = 0x0, inp6_outputopts = 0x0, inp6_moptions = 0x0, inp6_icmp6filt = 0x0,
inp6_cksum = 0, inp6_ifindex = 0, inp6_hops = 0}, inp_portlist = {le_next = 0xc94f9870, le_prev = 0xc8021e8c}, inp_phd = 0xc6bdb2a0,
inp_gencnt = 124975, inp_mtx = {mtx_object = {lo_class = 0xc0653d64, lo_name = 0xc063453c "inp", lo_type = 0xc0634539 "tcpinp", lo_flags = 4915200,
lo_list = {tqe_next = 0x0, tqe_prev = 0x0}, lo_witness = 0x0}, mtx_lock = 3332888448, mtx_recurse = 0}}
(kgdb) p *tp
$11 = {t_segq = {lh_first = 0x0}, t_segqlen = 0, t_dupacks = 0, tt_rexmt = 0xc7bfe4e4, tt_persist = 0xc7bfe500, tt_keep = 0xc7bfe51c, tt_2msl = 0xc7bfe538,
tt_delack = 0xc7bfe554, t_inpcb = 0x0, t_state = 0, t_flags = 516, snd_una = 4022304259, snd_max = 4022304259, snd_nxt = 4022304259, snd_up = 4022304258,
snd_wl1 = 771801553, snd_wl2 = 4022304259, iss = 4022304258, irs = 771801552, rcv_nxt = 771801553, rcv_adv = 771867088, rcv_wnd = 66792,
rcv_up = 771801553, snd_wnd = 65535, snd_cwnd = 2904, snd_bwnd = 1073725440, snd_ssthresh = 2984, snd_bandwidth = 0, snd_recover = 4022304259,
t_maxopd = 1452, t_rcvtime = 11349044, t_starttime = 4073548, t_rtttime = 0, t_rtseq = 0, t_bw_rtttime = 4073548, t_bw_rtseq = 0, t_rxtcur = 1766,
t_maxseg = 1452, t_srtt = 11399, t_rttvar = 284, t_rxtshift = 0, t_rttmin = 30, t_rttbest = 11431, t_rttupdated = 0, max_sndwnd = 65535, t_softerror = 0,
t_oobflags = 0 '\0', t_iobc = 0 '\0', snd_scale = 0 '\0', rcv_scale = 0 '\0', request_r_scale = 0 '\0', requested_s_scale = 0 '\0', ts_recent = 0,
ts_recent_age = 0, last_ack_sent = 771801553, snd_cwnd_prev = 0, snd_ssthresh_prev = 0, snd_recover_prev = 0, t_badrxtwin = 0, snd_limited = 0 '\0',
rcv_second = 0, rcv_pps = 0, rcv_byps = 0, sack_enable = 1, snd_numholes = 0, snd_holes = {tqh_first = 0x0, tqh_last = 0xc7bfe494}, snd_fack = 0,
rcv_numsacks = 0, sackblks = {{start = 0, end = 0}, {start = 0, end = 0}, {start = 0, end = 0}, {start = 0, end = 0}, {start = 0, end = 0}, {start = 0,
end = 0}}, sack_newdata = 0, sackhint = {nexthole = 0x0, sack_bytes_rexmit = 0}, t_rttlow = 0}
(kgdb) p *so->so_head
$12 = {so_count = 0, so_type = 1, so_options = 12, so_linger = 0, so_state = 3, so_qstate = 2048, so_pcb = 0xc982fe10, so_proto = 0xc065d9c8,
so_head = 0xc6e629bc, so_incomp = {tqh_first = 0xc981d164, tqh_last = 0x0}, so_comp = {tqh_first = 0x0, tqh_last = 0x0}, so_list = {
tqe_next = 0xc99b3000, tqe_prev = 0xc89509e8}, so_qlen = 0, so_incqlen = 65535, so_qlimit = 0, so_timeo = 0, so_error = 0, so_sigio = 0x0,
so_oobmark = 0, so_aiojobq = {tqh_first = 0x0, tqh_last = 0xc77138a0}, so_rcv = {sb_sel = {si_thrlist = {tqe_next = 0x0, tqe_prev = 0x0},
si_thread = 0x0, si_note = {kl_list = {slh_first = 0x0}, kl_lock = 0xc04bb7e0 <knlist_mtx_lock>, kl_unlock = 0xc04bb814 <knlist_mtx_unlock>,
kl_locked = 0xc04bb850 <knlist_mtx_locked>, kl_lockarg = 0xc77138cc}, si_flags = 0}, sb_mtx = {mtx_object = {lo_class = 0xc0653d64,
lo_name = 0xc062fce7 "so_rcv", lo_type = 0xc062fce7 "so_rcv", lo_flags = 196608, lo_list = {tqe_next = 0x0, tqe_prev = 0x0}, lo_witness = 0x0},
mtx_lock = 4, mtx_recurse = 0}, sb_state = 0, sb_mb = 0x0, sb_mbtail = 0x0, sb_lastrecord = 0x0, sb_cc = 0, sb_hiwat = 65700, sb_mbcnt = 0,
sb_mbmax = 262144, sb_ctl = 0, sb_lowat = 1, sb_timeo = 0, sb_flags = 32}, so_snd = {sb_sel = {si_thrlist = {tqe_next = 0x0, tqe_prev = 0x0},
si_thread = 0x0, si_note = {kl_list = {slh_first = 0x0}, kl_lock = 0xc04bb7e0 <knlist_mtx_lock>, kl_unlock = 0xc04bb814 <knlist_mtx_unlock>,
kl_locked = 0xc04bb850 <knlist_mtx_locked>, kl_lockarg = 0xc7713944}, si_flags = 0}, sb_mtx = {mtx_object = {lo_class = 0xc0653d64,
lo_name = 0xc062fce0 "so_snd", lo_type = 0xc062fce0 "so_snd", lo_flags = 196608, lo_list = {tqe_next = 0x0, tqe_prev = 0x0}, lo_witness = 0x0},
mtx_lock = 4, mtx_recurse = 0}, sb_state = 0, sb_mb = 0x0, sb_mbtail = 0x0, sb_lastrecord = 0x0, sb_cc = 0, sb_hiwat = 33580, sb_mbcnt = 0,
sb_mbmax = 262144, sb_ctl = 0, sb_lowat = 2048, sb_timeo = 0, sb_flags = 0}, so_upcall = 0xc0552174 <sohashttpget>, so_upcallarg = 0x0,
so_cred = 0xc6a6cd00, so_label = 0x0, so_peerlabel = 0x0, so_gencnt = 144733, so_emuldata = 0x0, so_accf = 0x0}
(kgdb)
--- report.txt ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list