kern/122743: panic: vm_page_unwire: invalid wire count: 0
Oleg Koreshkov <
okor at zone.salut.ru
Mon Apr 14 08:50:02 UTC 2008
>Number: 122743
>Category: kern
>Synopsis: panic: vm_page_unwire: invalid wire count: 0
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Mon Apr 14 08:50:02 UTC 2008
>Closed-Date:
>Last-Modified:
>Originator: Oleg Koreshkov
>Release: FreeBSD 6.3-RELEASE-p1 i386
>Organization:
-
>Environment:
FreeBSD d09.domain.tld 6.3-RELEASE-p1 FreeBSD 6.3-RELEASE-p1 #0: Tue Mar 18 10:13:59 MSK 2008 root at d-us9.kaspersky-labs.com:/usr/obj/usr/src/sys/D09 i386
>Description:
kgdb /usr/obj/usr/src/sys/D09/kernel.debug /var/crash/vmcore.2
[GDB will not be able to debug user-mode threads: /usr/lib/libthread_db.so: Undefined symbol "ps_pglobal_lookup"]
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i386-marcel-freebsd".
Unread portion of the kernel message buffer:
panic: vm_page_unwire: invalid wire count: 0
cpuid = 0
Uptime: 7d8h9m20s
Dumping 3317 MB (2 chunks)
chunk 0: 1MB (159 pages) ... ok
chunk 1: 3317MB (849120 pages) 3301 3285 3269 3253 3237 3221 3205 3189 3173 3157 3141 3125 3109 3093 3077 3061 3045 3029 3013 2997 2981 2965 2949 2933 2917 2901 2885 2869 2853 2837 2821 2805 2789 2773 2757 2741 2725 2709 2693 2677 2661 2645 2629 2613 2597 2581 2565 2549 2533 2517 2501 2485 2469 2453 2437 2421 2405 2389 2373 2357 2341 2325 2309 2293 2277 2261 2245 2229 2213 2197 2181 2165 2149 2133 2117 2101 2085 2069 2053 2037 2021 2005 1989 1973 1957 1941 1925 1909 1893 1877 1861 1845 1829 1813 1797 1781 1765 1749 1733 1717 1701 1685 1669 1653 1637 1621 1605 1589 1573 1557 1541 1525 1509 1493 1477 1461 1445 1429 1413 1397 1381 1365 1349 1333 1317 1301 1285 1269 1253 1237 1221 1205 1189 1173 1157 1141 1125 1109 1093 1077 1061 1045 1029 1013 997 981 965 949 933 917 901 885 869 853 837 821 805 789 773 757 741 725 709 693 677 661 645 629 613 597 581 565 549 533 517 501 485 469 453 437 421 405 389 373 357 341 325 309 293 277 261 245 229 213 197 181 165 149 133 117 101 85 69 53
37 21 5
#0 doadump () at pcpu.h:165
165 pcpu.h: No such file or directory.
in pcpu.h
(kgdb) bt
#0 doadump () at pcpu.h:165
#1 0x80516e6a in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:409
#2 0x80517191 in panic (fmt=0x80684cac "vm_page_unwire: invalid wire count: %d") at /usr/src/sys/kern/kern_shutdown.c:565
#3 0x80603000 in vm_page_unwire (m=0x82d57a80, activate=0) at /usr/src/sys/vm/vm_page.c:1275
#4 0x805599f4 in sf_buf_mext (addr=0xe8a66000, args=0x0) at /usr/src/sys/kern/uipc_syscalls.c:1711
#5 0x8054f792 in mb_free_ext (m=0xabf87e00) at /usr/src/sys/kern/uipc_mbuf.c:272
#6 0x80556dc8 in sbdrop_locked (sb=0xab13322c, len=1378) at mbuf.h:486
#7 0x805557c2 in soisdisconnected (so=0xab133164) at /usr/src/sys/kern/uipc_socket2.c:199
#8 0x805b5b33 in tcp_discardcb (tp=0x88f84740) at /usr/src/sys/netinet/tcp_subr.c:830
#9 0x805b5b4c in tcp_close (tp=0x0) at /usr/src/sys/netinet/tcp_subr.c:851
#10 0x805b1ade in tcp_input (m=0x94cfeb00, off0=20) at /usr/src/sys/netinet/tcp_input.c:1575
#11 0x805a9aa2 in ip_input (m=0x94cfeb00) at /usr/src/sys/netinet/ip_input.c:791
#12 0x8059212f in netisr_processqueue (ni=0x806e9cf8) at /usr/src/sys/net/netisr.c:236
#13 0x805922e6 in swi_net (dummy=0x0) at /usr/src/sys/net/netisr.c:343
#14 0x805005ed in ithread_execute_handlers (p=0x87eeb860, ie=0x88102100) at /usr/src/sys/kern/kern_intr.c:682
#15 0x8050070d in ithread_loop (arg=0x87ecd8a0) at /usr/src/sys/kern/kern_intr.c:766
#16 0x804ff3a1 in fork_exit (callout=0x805006b8 <ithread_loop>, arg=0x87ecd8a0, frame=0xda928d38) at /usr/src/sys/kern/kern_fork.c:788
#17 0x8062f3cc in fork_trampoline () at /usr/src/sys/i386/i386/exception.s:208
(kgdb) frame 3
#3 0x80603000 in vm_page_unwire (m=0x82d57a80, activate=0) at /usr/src/sys/vm/vm_page.c:1275
1275 panic("vm_page_unwire: invalid wire count: %d", m->wire_count);
(kgdb) list
1270 vm_page_flag_clear(m, PG_WINATCFLS);
1271 vm_pageq_enqueue(PQ_INACTIVE, m);
1272 }
1273 }
1274 } else {
1275 panic("vm_page_unwire: invalid wire count: %d", m->wire_count);
1276 }
1277 }
1278
1279
(kgdb) up
#4 0x805599f4 in sf_buf_mext (addr=0xe8a66000, args=0x0) at /usr/src/sys/kern/uipc_syscalls.c:1711
1711 vm_page_unwire(m, 0);
(kgdb) list
1706 vm_page_t m;
1707
1708 m = sf_buf_page(args);
1709 sf_buf_free(args);
1710 vm_page_lock_queues();
1711 vm_page_unwire(m, 0);
1712 /*
1713 * Check for the object going away on us. This can
1714 * happen since we don't hold a reference to it.
1715 * If so, we're responsible for freeing the page.
(kgdb) print nsfbufsused
$1 = 2935
(kgdb) print nsfbufspeak
$2 = 5845
(kgdb) up list
No symbol "list" in current context.
(kgdb) up
#5 0x8054f792 in mb_free_ext (m=0xabf87e00) at /usr/src/sys/kern/uipc_mbuf.c:272
272 (*(m->m_ext.ext_free))(m->m_ext.ext_buf,
(kgdb) list
267 uma_zfree(zone_jumbo16, m->m_ext.ext_buf);
268 break;
269 default:
270 KASSERT(m->m_ext.ext_free != NULL,
271 ("%s: external free pointer not set", __func__));
272 (*(m->m_ext.ext_free))(m->m_ext.ext_buf,
273 m->m_ext.ext_args);
274 if (m->m_ext.ext_type != EXT_EXTREF) {
275 if (m->m_ext.ref_cnt != NULL)
276 free(__DEVOLATILE(u_int *,
(kgdb) print *m
$3 = {m_hdr = {mh_next = 0xabf87a00, mh_nextpkt = 0x0,
mh_data = 0xe8a66272 "7Opnm¤\233ц5/ЄмPoЅ,»\202\231ѕ\2138-\210±SЅ\2221я{\214>\226ИЪеФ\223\227`k~ХzТZ\212у\202|aАt5\203нуHр-К\236ЧНгьEдBB\\Ч\202R\no \212`яТ¦і¤\227\rјu]\021\033мѕЙ\031аФР~sB`\030uїдН\177#m\f~\006 at fё\212Е\001ўx^#ЛбтН\bvG4S\"*\215ЇЄ»оЫ*йю\234Э\210B\214§9ѕgrB¤;gзptЎoBмо(5w\001\231Е\214\210\216Ш?П0T\021уkмЫк\226Ч\023*\225\005df¤ЯrYL"..., mh_len = 3470, mh_flags = 11, mh_type = 1}, M_dat = {MH = {MH_pkthdr = {rcvif = 0x0,
len = 4096, header = 0x0, csum_flags = 0, csum_data = 0, tags = {slh_first = 0x0}}, MH_dat = {MH_ext = {ext_buf = 0xe8a66000 "СVK\206M",
ext_free = 0x805599a4 <sf_buf_mext>, ext_args = 0x880ddbc0, ext_size = 4096, ref_cnt = 0x97dde470, ext_type = 2},
MH_databuf = "\000`¦и¤\231U\200АЫ\r\210\000\020\000\000pдЭ\227\002\000\000\000@\006\000\000EPб\025OПў[\000PоЎ§nЩш_з·№P\020\"\b\036W\000\000\001\001\b\n%ЗЅ!\000\002АЭ", '\0' <repeats 139 times>}},
M_databuf = "\000\000\000\000\000\020", '\0' <repeats 19 times>, "`¦и¤\231U\200АЫ\r\210\000\020\000\000pдЭ\227\002\000\000\000@\006\000\000EPб\025OПў[\000PоЎ§nЩш_з·№P\020\"\b\036W\000\000\001\001\b\n%ЗЅ!\000\002АЭ", '\0' <repeats 139 times>}}
(kgdb) q
d-us9# kgdb /usr/obj/usr/src/sys/DOWNLOADS/kernel.debug /var/crash/vmcore.2
[GDB will not be able to debug user-mode threads: /usr/lib/libthread_db.so: Undefined symbol "ps_pglobal_lookup"]
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i386-marcel-freebsd".
Unread portion of the kernel message buffer:
panic: vm_page_unwire: invalid wire count: 0
cpuid = 0
Uptime: 7d8h9m20s
Dumping 3317 MB (2 chunks)
chunk 0: 1MB (159 pages) ... ok
chunk 1: 3317MB (849120 pages) 3301 3285 3269 3253 3237 3221 3205 3189 3173 3157 3141 3125 3109 3093 3077 3061 3045 3029 3013 2997 2981 2965 2949 2933 2917 2901 2885 2869 2853 2837 2821 2805 2789 2773 2757 2741 2725 2709 2693 2677 2661 2645 2629 2613 2597 2581 2565 2549 2533 2517 2501 2485 2469 2453 2437 2421 2405 2389 2373 2357 2341 2325 2309 2293 2277 2261 2245 2229 2213 2197 2181 2165 2149 2133 2117 2101 2085 2069 2053 2037 2021 2005 1989 1973 1957 1941 1925 1909 1893 1877 1861 1845 1829 1813 1797 1781 1765 1749 1733 1717 1701 1685 1669 1653 1637 1621 1605 1589 1573 1557 1541 1525 1509 1493 1477 1461 1445 1429 1413 1397 1381 1365 1349 1333 1317 1301 1285 1269 1253 1237 1221 1205 1189 1173 1157 1141 1125 1109 1093 1077 1061 1045 1029 1013 997 981 965 949 933 917 901 885 869 853 837 821 805 789 773 757 741 725 709 693 677 661 645 629 613 597 581 565 549 533 517 501 485 469 453 437 421 405 389 373 357 341 325 309 293 277 261 245 229 213 197 181 165 149 133 117 101 85 69 53
37 21 5
#0 doadump () at pcpu.h:165
165 pcpu.h: No such file or directory.
in pcpu.h
(kgdb) bt
#0 doadump () at pcpu.h:165
#1 0x80516e6a in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:409
#2 0x80517191 in panic (fmt=0x80684cac "vm_page_unwire: invalid wire count: %d") at /usr/src/sys/kern/kern_shutdown.c:565
#3 0x80603000 in vm_page_unwire (m=0x82d57a80, activate=0) at /usr/src/sys/vm/vm_page.c:1275
#4 0x805599f4 in sf_buf_mext (addr=0xe8a66000, args=0x0) at /usr/src/sys/kern/uipc_syscalls.c:1711
#5 0x8054f792 in mb_free_ext (m=0xabf87e00) at /usr/src/sys/kern/uipc_mbuf.c:272
#6 0x80556dc8 in sbdrop_locked (sb=0xab13322c, len=1378) at mbuf.h:486
#7 0x805557c2 in soisdisconnected (so=0xab133164) at /usr/src/sys/kern/uipc_socket2.c:199
#8 0x805b5b33 in tcp_discardcb (tp=0x88f84740) at /usr/src/sys/netinet/tcp_subr.c:830
#9 0x805b5b4c in tcp_close (tp=0x0) at /usr/src/sys/netinet/tcp_subr.c:851
#10 0x805b1ade in tcp_input (m=0x94cfeb00, off0=20) at /usr/src/sys/netinet/tcp_input.c:1575
#11 0x805a9aa2 in ip_input (m=0x94cfeb00) at /usr/src/sys/netinet/ip_input.c:791
#12 0x8059212f in netisr_processqueue (ni=0x806e9cf8) at /usr/src/sys/net/netisr.c:236
#13 0x805922e6 in swi_net (dummy=0x0) at /usr/src/sys/net/netisr.c:343
#14 0x805005ed in ithread_execute_handlers (p=0x87eeb860, ie=0x88102100) at /usr/src/sys/kern/kern_intr.c:682
#15 0x8050070d in ithread_loop (arg=0x87ecd8a0) at /usr/src/sys/kern/kern_intr.c:766
#16 0x804ff3a1 in fork_exit (callout=0x805006b8 <ithread_loop>, arg=0x87ecd8a0, frame=0xda928d38) at /usr/src/sys/kern/kern_fork.c:788
#17 0x8062f3cc in fork_trampoline () at /usr/src/sys/i386/i386/exception.s:208
(kgdb) up
#1 0x80516e6a in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:409
409 doadump();
(kgdb) frame 3
#3 0x80603000 in vm_page_unwire (m=0x82d57a80, activate=0) at /usr/src/sys/vm/vm_page.c:1275
1275 panic("vm_page_unwire: invalid wire count: %d", m->wire_count);
(kgdb) list
1270 vm_page_flag_clear(m, PG_WINATCFLS);
1271 vm_pageq_enqueue(PQ_INACTIVE, m);
1272 }
1273 }
1274 } else {
1275 panic("vm_page_unwire: invalid wire count: %d", m->wire_count);
1276 }
1277 }
1278
1279
(kgdb) print m
$1 = 0x82d57a80
(kgdb) print *m
$2 = {pageq = {tqe_next = 0x844bb780, tqe_prev = 0x806ec320}, listq = {tqe_next = 0x82eed3c8, tqe_prev = 0x8388cf40}, left = 0x8388cf38,
right = 0x0, object = 0x8b6a2bdc, pindex = 3, phys_addr = 1955401728, md = {pv_list_count = 0, pv_list = {tqh_first = 0x0,
tqh_last = 0x82d57aac}}, queue = 0, flags = 0, pc = 17, wire_count = 0, cow = 0, hold_count = 0, act_count = 0 '\0', busy = 0 '\0',
valid = 255 'я', dirty = 0 '\0'}
(kgdb) up
#4 0x805599f4 in sf_buf_mext (addr=0xe8a66000, args=0x0) at /usr/src/sys/kern/uipc_syscalls.c:1711
1711 vm_page_unwire(m, 0);
(kgdb) list
1706 vm_page_t m;
1707
1708 m = sf_buf_page(args);
1709 sf_buf_free(args);
1710 vm_page_lock_queues();
1711 vm_page_unwire(m, 0);
1712 /*
1713 * Check for the object going away on us. This can
1714 * happen since we don't hold a reference to it.
1715 * If so, we're responsible for freeing the page.
(kgdb) print *args
Attempt to dereference a generic pointer.
(kgdb) print args
$3 = (void *) 0x0
(kgdb) up
#5 0x8054f792 in mb_free_ext (m=0xabf87e00) at /usr/src/sys/kern/uipc_mbuf.c:272
272 (*(m->m_ext.ext_free))(m->m_ext.ext_buf,
(kgdb) list
267 uma_zfree(zone_jumbo16, m->m_ext.ext_buf);
268 break;
269 default:
270 KASSERT(m->m_ext.ext_free != NULL,
271 ("%s: external free pointer not set", __func__));
272 (*(m->m_ext.ext_free))(m->m_ext.ext_buf,
273 m->m_ext.ext_args);
274 if (m->m_ext.ext_type != EXT_EXTREF) {
275 if (m->m_ext.ref_cnt != NULL)
276 free(__DEVOLATILE(u_int *,
(kgdb) print *m
$4 = {m_hdr = {mh_next = 0xabf87a00, mh_nextpkt = 0x0,
mh_data = 0xe8a66272 "7Opnm¤\233ц5/ЄмPoЅ,»\202\231ѕ\2138-\210±SЅ\2221я{\214>\226ИЪеФ\223\227`k~ХzТZ\212у\202|aАt5\203нуHр-К\236ЧНгьEдBB\\Ч\202R\no \212`яТ¦і¤\227\rјu]\021\033мѕЙ\031аФР~sB`\030uїдН\177#m\f~\006 at fё\212Е\001ўx^#ЛбтН\bvG4S\"*\215ЇЄ»оЫ*йю\234Э\210B\214§9ѕgrB¤;gзptЎoBмо(5w\001\231Е\214\210\216Ш?П0T\021уkмЫк\226Ч\023*\225\005df¤ЯrYL"..., mh_len = 3470, mh_flags = 11, mh_type = 1}, M_dat = {MH = {MH_pkthdr = {rcvif = 0x0,
len = 4096, header = 0x0, csum_flags = 0, csum_data = 0, tags = {slh_first = 0x0}}, MH_dat = {MH_ext = {ext_buf = 0xe8a66000 "СVK\206M",
ext_free = 0x805599a4 <sf_buf_mext>, ext_args = 0x880ddbc0, ext_size = 4096, ref_cnt = 0x97dde470, ext_type = 2},
MH_databuf = "\000`¦и¤\231U\200АЫ\r\210\000\020\000\000pдЭ\227\002\000\000\000@\006\000\000EPб\025OПў[\000PоЎ§nЩш_з·№P\020\"\b\036W\000\000\001\001\b\n%ЗЅ!\000\002АЭ", '\0' <repeats 139 times>}},
M_databuf = "\000\000\000\000\000\020", '\0' <repeats 19 times>, "`¦и¤\231U\200АЫ\r\210\000\020\000\000pдЭ\227\002\000\000\000@\006\000\000EPб\025OПў[\000PоЎ§nЩш_з·№P\020\"\b\036W\000\000\001\001\b\n%ЗЅ!\000\002АЭ", '\0' <repeats 139 times>}}
(kgdb) up
#6 0x80556dc8 in sbdrop_locked (sb=0xab13322c, len=1378) at mbuf.h:486
486 mb_free_ext(m);
(kgdb) list
481
482 #ifdef INVARIANTS
483 m->m_flags |= M_FREELIST;
484 #endif
485 if (m->m_flags & M_EXT)
486 mb_free_ext(m);
487 else
488 uma_zfree(zone_mbuf, m);
489 return n;
490 }
(kgdb) up
#7 0x805557c2 in soisdisconnected (so=0xab133164) at /usr/src/sys/kern/uipc_socket2.c:199
199 sbdrop_locked(&so->so_snd, so->so_snd.sb_cc);
(kgdb) print *so
$5 = {so_count = 0, so_type = 1, so_options = 4, so_linger = 0, so_state = 8449, so_qstate = 0, so_pcb = 0xa1158708, so_proto = 0x806c5468,
so_head = 0x0, so_incomp = {tqh_first = 0x0, tqh_last = 0x0}, so_comp = {tqh_first = 0x0, tqh_last = 0x0}, so_list = {tqe_next = 0x0,
tqe_prev = 0x884e8e0c}, so_qlen = 0, so_incqlen = 0, so_qlimit = 0, so_timeo = 0, so_error = 54, so_sigio = 0x0, so_oobmark = 0, so_aiojobq = {
tqh_first = 0x0, tqh_last = 0xab1331ac}, so_rcv = {sb_sel = {si_thrlist = {tqe_next = 0x0, tqe_prev = 0x0}, si_thread = 0x0, si_note = {
kl_list = {slh_first = 0x0}, kl_lock = 0x804f9a88 <knlist_mtx_lock>, kl_unlock = 0x804f9ac0 <knlist_mtx_unlock>,
kl_locked = 0x804f9afc <knlist_mtx_locked>, kl_lockarg = 0xab1331d8}, si_flags = 0}, sb_mtx = {mtx_object = {lo_class = 0x806bafc4,
lo_name = 0x8067aec9 "so_rcv", lo_type = 0x8067aec9 "so_rcv", lo_flags = 196608, lo_list = {tqe_next = 0x0, tqe_prev = 0x0},
lo_witness = 0x0}, mtx_lock = 4, mtx_recurse = 0}, sb_state = 32, sb_mb = 0x0, sb_mbtail = 0x0, sb_lastrecord = 0x0, sb_cc = 0,
sb_hiwat = 8760, sb_mbcnt = 0, sb_mbmax = 70080, sb_ctl = 0, sb_lowat = 1, sb_timeo = 0, sb_flags = 0}, so_snd = {sb_sel = {si_thrlist = {
tqe_next = 0x0, tqe_prev = 0x0}, si_thread = 0x0, si_note = {kl_list = {slh_first = 0x0}, kl_lock = 0x804f9a88 <knlist_mtx_lock>,
kl_unlock = 0x804f9ac0 <knlist_mtx_unlock>, kl_locked = 0x804f9afc <knlist_mtx_locked>, kl_lockarg = 0xab133250}, si_flags = 0}, sb_mtx = {
mtx_object = {lo_class = 0x806bafc4, lo_name = 0x8067aec2 "so_snd", lo_type = 0x8067aec2 "so_snd", lo_flags = 196608, lo_list = {
tqe_next = 0x0, tqe_prev = 0x0}, lo_witness = 0x0}, mtx_lock = 2280573184, mtx_recurse = 0}, sb_state = 16, sb_mb = 0xabf87e00,
sb_mbtail = 0xabf87a00, sb_lastrecord = 0xabf87e00, sb_cc = 1378, sb_hiwat = 33580, sb_mbcnt = 4352, sb_mbmax = 262144, sb_ctl = 0,
sb_lowat = 2048, sb_timeo = 0, sb_flags = 0}, so_upcall = 0, so_upcallarg = 0x0, so_cred = 0x882f2b80, so_label = 0x0, so_peerlabel = 0x0,
so_gencnt = 182221015, so_emuldata = 0x0, so_accf = 0x0}
(kgdb) list
194 so->so_state |= SS_ISDISCONNECTED;
195 so->so_rcv.sb_state |= SBS_CANTRCVMORE;
196 sorwakeup_locked(so);
197 SOCKBUF_LOCK(&so->so_snd);
198 so->so_snd.sb_state |= SBS_CANTSENDMORE;
199 sbdrop_locked(&so->so_snd, so->so_snd.sb_cc);
200 sowwakeup_locked(so);
201 wakeup(&so->so_timeo);
202 }
203
(kgdb) up
#8 0x805b5b33 in tcp_discardcb (tp=0x88f84740) at /usr/src/sys/netinet/tcp_subr.c:830
830 soisdisconnected(so);
(kgdb) up
#9 0x805b5b4c in tcp_close (tp=0x0) at /usr/src/sys/netinet/tcp_subr.c:851
851 tcp_discardcb(tp);
(kgdb) print *tp
Cannot access memory at address 0x0
(kgdb) print tp
$6 = (struct tcpcb *) 0x0
(kgdb) list
846 #endif
847
848 INP_INFO_WLOCK_ASSERT(&tcbinfo);
849 INP_LOCK_ASSERT(inp);
850
851 tcp_discardcb(tp);
852 #ifdef INET6
853 if (INP_CHECK_SOCKAF(so, AF_INET6))
854 in6_pcbdetach(inp);
855 else
(kgdb) up
#10 0x805b1ade in tcp_input (m=0x94cfeb00, off0=20) at /usr/src/sys/netinet/tcp_input.c:1575
1575 tp = tcp_close(tp);
(kgdb) list
1570 tp->t_state = TCPS_CLOSED;
1571 tcpstat.tcps_drops++;
1572 KASSERT(headlocked, ("tcp_input: "
1573 "trimthenstep6: tcp_close: head not "
1574 "locked"));
1575 tp = tcp_close(tp);
1576 break;
1577
1578 case TCPS_CLOSING:
1579 case TCPS_LAST_ACK:
(kgdb) print tp
$7 = (struct tcpcb *) 0x88f84740
(kgdb) print *tp
$8 = {t_segq = {lh_first = 0x0}, t_segqlen = 0, t_dupacks = 3, tt_rexmt = 0x88f84884, tt_persist = 0x88f848a0, tt_keep = 0x88f848bc,
tt_2msl = 0x88f848d8, tt_delack = 0x88f848f4, t_inpcb = 0x0, t_state = 0, t_flags = 1049104, snd_una = 3243810266, snd_max = 3243815115,
snd_nxt = 3243815115, snd_up = 3243810266, snd_wl1 = 2083319388, snd_wl2 = 3243810266, iss = 3243793116, irs = 2083318792, rcv_nxt = 2083319388,
rcv_adv = 2083328148, rcv_wnd = 8760, rcv_up = 2083319388, snd_wnd = 65535, snd_cwnd = 1460, snd_bwnd = 6144, snd_ssthresh = 2920,
snd_bandwidth = 2067, snd_recover = 3243815115, t_maxopd = 1460, t_rcvtime = 633916719, t_starttime = 633834341, t_rtttime = 0,
t_rtseq = 3243814646, t_bw_rtttime = 633850606, t_bw_rtseq = 3243810266, t_rxtcur = 48200, t_maxseg = 1460, t_srtt = 0, t_rttvar = 1501,
t_rxtshift = 7, t_rttmin = 30, t_rttbest = 9508, t_rttupdated = 6, max_sndwnd = 65535, t_softerror = 0, t_oobflags = 0 '\0', t_iobc = 0 '\0',
snd_scale = 0 '\0', rcv_scale = 0 '\0', request_r_scale = 0 '\0', requested_s_scale = 0 '\0', ts_recent = 0, ts_recent_age = 0,
last_ack_sent = 2083319388, snd_cwnd_prev = 4866, snd_ssthresh_prev = 2920, snd_recover_prev = 3243810266, t_badrxtwin = 633851504,
snd_limited = 1 '\001', rcv_second = 0, rcv_pps = 0, rcv_byps = 0, sack_enable = 1, snd_numholes = 0, snd_holes = {tqh_first = 0x0,
tqh_last = 0x88f84834}, snd_fack = 3243814646, rcv_numsacks = 0, sackblks = {{start = 0, end = 0}, {start = 0, end = 0}, {start = 0, end = 0}, {
start = 0, end = 0}, {start = 0, end = 0}, {start = 0, end = 0}}, sack_newdata = 3243815115, sackhint = {nexthole = 0x0,
sack_bytes_rexmit = 0}, t_rttlow = 180}
(kgdb) print *,
A syntax error in expression, near `,'.
(kgdb) print *m
$9 = {m_hdr = {mh_next = 0x0, mh_nextpkt = 0x0, mh_data = 0xadcd980e "E", mh_len = 40, mh_flags = 3, mh_type = 1}, M_dat = {MH = {MH_pkthdr = {
rcvif = 0x881a9000, len = 40, header = 0x0, csum_flags = 3840, csum_data = 65535, tags = {slh_first = 0x0}}, MH_dat = {MH_ext = {
ext_buf = 0xadcd9800 "", ext_free = 0, ext_args = 0x0, ext_size = 2048, ref_cnt = 0x0, ext_type = 3},
MH_databuf = "\000\230Н\000\000\000\000\000\000\000\000\000\b\000\000\000\000\000\000\003\000\000\000@\006\000\000EPб\025Й\233aб\000P\231Ч\221\034_оЯ3U,\200\020!АW©\000\000\001\001\b\n%ИПkвzw\037*\002\020\037*\002®D.\002@б8\002\003ш8\002\\ш8\002\205ш8\002Щш8\002vы8\002v*9\002", '\0' <repeats 100 times>}},
M_databuf = "\000\220\032\210(\000\000\000\000\000\000\000\000\017\000\000яя\000\000\000\000\000\000\000\230Н\000\000\000\000\000\000\000\000\000\b\000\000\000\000\000\000\003\000\000\000@\006\000\000EPб\025Й\233aб\000P\231Ч\221\034_оЯ3U,\200\020!АW©\000\000\001\001\b\n%ИПkвzw\037*\002\020\037*\002®D.\002@б8\002\003ш8\002\\ш8\002\205ш8\002Щш8\002vы8\002v*9\002", '\0' <repeats 100 times>}}
(kgdb) up
#11 0x805a9aa2 in ip_input (m=0x94cfeb00) at /usr/src/sys/netinet/ip_input.c:791
791 (*inetsw[ip_protox[ip->ip_p]].pr_input)(m, hlen);
(kgdb) list
786 /*
787 * Switch out to protocol's input routine.
788 */
789 ipstat.ips_delivered++;
790
791 (*inetsw[ip_protox[ip->ip_p]].pr_input)(m, hlen);
792 return;
793 bad:
794 m_freem(m);
795 }
(kgdb) print hlen
$10 = 20
(kgdb)
>How-To-Repeat:
system panics under heavy network load -- http/ftp server on 1GigEther link.
Bug possibly connected to NIC driver (not sure):
re0 at pci3:0:0: class=0x020000 card=0xe0001458 chip=0x816810ec rev=0x01 hdr=0x00
vendor = 'Realtek Semiconductor'
device = 'RTL8168/8111 PCI-E Gigabit Ethernet NIC'
class = network
subclass = ethernet
>Fix:
no.
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list