tcp_sack related panic
Matthew Dillon
dillon at apollo.backplane.com
Sun Feb 3 13:36:31 PST 2008
:Also just got this with the same sources:
:
:panic: zone: freeing free entry
:mp_lock =3D 00000000; cpuid =3D 0
:boot() called on cpu#0
:Uptime: 1d11h35m59s
:...
:#3 0xc02a6aa8 in zerror (error=3D2) at /usr/src/sys/vm/vm_zone.c:567
:#4 0xc02a6ff5 in zfree (z=3D0xd7049438, item=3D0xdb991760) at /usr/src/sys=
:/vm/vm_zone.c:98
:#5 0xc02341ac in tcp_sack_update_scoreboard (tp=3D0xdad397c0, to=3D0xdaa45=
:be8) at /usr/src/sys/netinet/tcp_sack.c:165
:#6 0xc02318d9 in tcp_input (m=3D0xeb7df200) at /usr/src/sys/netinet/tcp_in=
:put.c:1900
:#7 0xc0229ae2 in transport_processing_oncpu (m=3D0xeb7df200, hlen=3D20, ip=
:
:Do you think it's the same problem?
Same sources prior to the patch? It's quite possible.
I tracked this second crash to line 321 of tcp_sack.c (the kgdb backtrace
is all wrong due to all the inlining). It's freeing 'newblock' here,
which should always succeed at this paricular point in the code.
I think this case can only occur if the list had previously been
corrupted due to the hint not getting NULL'd out in those two places.
-Matt
Matthew Dillon
<dillon at backplane.com>
More information about the Bugs
mailing list