tcp_sack related panic

Peter Avalos pavalos at theshell.com
Sat Feb 2 18:12:19 PST 2008


On Sat, Feb 02, 2008 at 05:35:00PM -0800, Matthew Dillon wrote:
> :#6  0xc02fe396 in calltrap () at /usr/src/sys/platform/pc32/i386/exception.=
> :s:783
> :#7  0xc0233d36 in sack_block_lookup (scb=3D0xdace6b0c, seq=3D1554912228, sb=
> :=3D0xdaa45a90) at /usr/src/sys/netinet/tcp_sack.c:128
> :#8  0xc0233eda in tcp_sack_nextseg (tp=3D0xdace6a20, nextrexmt=3D0xdaa45ad0=
> :, plen=3D0xdaa45ad4, lostdup=3D0xdaa45acc) at /usr/src/sys/netinet/tcp_sack=
> :=2Ec:496
> :#9  0xc022f603 in tcp_sack_rexmt (tp=3D0xdace6a20, th=3D<value optimized ou=
> 
>     Hmm.  I see two places where a node is removed from the sackblocks list
>     but lastfound is not cleared on match.  I don't know if this is the
>     issue but it's the most obvious from looking at the failure.
> 
>     I'll commit this tomorrow if no new developments come up.
> 

Also just got this with the same sources:

panic: zone: freeing free entry
mp_lock = 00000000; cpuid = 0
boot() called on cpu#0
Uptime: 1d11h35m59s

dumping to dev #da/0x20001, blockno 378927

(kgdb) bt
#0  dumpsys () at ./machine/thread.h:83
#1  0xc01a2ea9 in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:375
#2  0xc01a316c in panic (fmt=0xc034328a "zone: freeing free entry") at /usr/src/sys/kern/kern_shutdown.c:800
#3  0xc02a6aa8 in zerror (error=2) at /usr/src/sys/vm/vm_zone.c:567
#4  0xc02a6ff5 in zfree (z=0xd7049438, item=0xdb991760) at /usr/src/sys/vm/vm_zone.c:98
#5  0xc02341ac in tcp_sack_update_scoreboard (tp=0xdad397c0, to=0xdaa45be8) at /usr/src/sys/netinet/tcp_sack.c:165
#6  0xc02318d9 in tcp_input (m=0xeb7df200) at /usr/src/sys/netinet/tcp_input.c:1900
#7  0xc0229ae2 in transport_processing_oncpu (m=0xeb7df200, hlen=20, ip=<value optimized out>, nexthop=0x0) at /usr/src/sys/netinet/ip_input.c:391
#8  0xc022bae0 in ip_input (m=0xeb7df200) at /usr/src/sys/netinet/ip_input.c:1092
#9  0xc022bbb4 in ip_input_handler (msg0=0xeb7df218) at /usr/src/sys/netinet/ip_input.c:421
#10 0xc0235653 in tcpmsg_service_loop (dummy=0x0) at /usr/src/sys/netinet/tcp_subr.c:385
#11 0xc01a9fa5 in lwkt_deschedule_self (td=Cannot access memory at address 0x8
) at /usr/src/sys/kern/lwkt_thread.c:214
Backtrace stopped: previous frame inner to this frame (corrupt stack?)

Do you think it's the same problem?
Attachment:
pgp00001.pgp
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pgp00001.pgp
Type: application/octet-stream
Size: 197 bytes
Desc: "Description: PGP signature"
URL: <http://lists.dragonflybsd.org/pipermail/bugs/attachments/20080202/96c18bb7/attachment-0016.obj>


More information about the Bugs mailing list