freebsd stable - May 2005 - panic in recent RELENG_5 tcp code path

Sorry, I couldn't get a dump.

%%%
    obiwan:tataz$ uname -a
    FreeBSD obiwan.tataz.chchile.org 5.4-STABLE FreeBSD 5.4-STABLE #16: Fri May
13 01:01:50 CEST 2005    
root@obiwan.tataz.chchile.org:/usr/src/sys/i386/compile/OBIWAN  i386
%%%

%%%
    Fatal trap 12: page fault while in kernel mode
    fault virtual address   = 0xc
    fault code              = supervisor read, page not present
    instruction pointer     = 0x8:0xc05aa4e0
    stack pointer           = 0x10:0xd6dbfaa4
    frame pointer           = 0x10:0xd6dbfabc
    code segment            = base 0x0, limit 0xfffff, type 0x1b
                            = DPL 0, pres 1, def32 1, gran 1
    processor eflags        = interrupt enabled, resume, IOPL = 0
    current process         = 25637 (sshd)
    [thread pid 25637 tid 100131 ]
    Stopped at      m_copydata+0x28:        movl    0xc(%esi),%ebx
    db> trace
    Tracing pid 25637 tid 100131 td 0xc23bc180
    m_copydata(c211aa00,0,40,c211aaa8,c21422ec) at m_copydata+0x28
    tcp_output(c1d74534,c211aa00,c211aa30,40,0) at tcp_output+0xb49
    tcp_usr_send(c1ec9144,0,c211aa00,0,0) at tcp_usr_send+0x1ca
    sosend(c1ec9144,0,d6dbfc6c,c211aa00,0) at sosend+0x6dc
    soo_write(c21422ec,d6dbfc6c,c2c2dd89,0,c23bc180) at soo_write+0x9e
    dofilewrite(c23bc180,c21422ec,4,807d000,40) at dofilewrite+0xb6
    write(c23bc180,d6dbfd04,c,c23bc180,c21264b0) at write+0x6a
    syscall(807002f,bfbf002f,bfbf002f,806eca8,40) at syscall+0x340
    Xint0x80_syscall() at Xint0x80_syscall+0x1f
    --- syscall (4, FreeBSD ELF32, write), eip = 0x2826cd0b, esp = 0xbfbfe4fc,
ebp = 0xbfbfr518 ---
%%%

Please Cc: me in replies, I'm not subscribed to this list.

-- 
Jeremie Le Hen
< jeremie at le-hen dot org >< ttz at chchile dot org >

On Sun, 15 May 2005, Jeremie Le Hen wrote:
> Sorry, I couldn't get a dump.
>
> %%%
>     obiwan:tataz$ uname -a
>     FreeBSD obiwan.tataz.chchile.org 5.4-STABLE FreeBSD 5.4-STABLE #16: Fri
May 13 01:01:50 CEST 2005    
root@obiwan.tataz.chchile.org:/usr/src/sys/i386/compile/OBIWAN  i386
> %%%
>
> %%%
>     Fatal trap 12: page fault while in kernel mode
>     fault virtual address   = 0xc
>     fault code              = supervisor read, page not present
>     instruction pointer     = 0x8:0xc05aa4e0
>     stack pointer           = 0x10:0xd6dbfaa4
>     frame pointer           = 0x10:0xd6dbfabc
>     code segment            = base 0x0, limit 0xfffff, type 0x1b
>                             = DPL 0, pres 1, def32 1, gran 1
>     processor eflags        = interrupt enabled, resume, IOPL = 0
>     current process         = 25637 (sshd)
>     [thread pid 25637 tid 100131 ]
>     Stopped at      m_copydata+0x28:        movl    0xc(%esi),%ebx
>     db> trace
>     Tracing pid 25637 tid 100131 td 0xc23bc180
>     m_copydata(c211aa00,0,40,c211aaa8,c21422ec) at m_copydata+0x28
>     tcp_output(c1d74534,c211aa00,c211aa30,40,0) at tcp_output+0xb49
>     tcp_usr_send(c1ec9144,0,c211aa00,0,0) at tcp_usr_send+0x1ca
>     sosend(c1ec9144,0,d6dbfc6c,c211aa00,0) at sosend+0x6dc
>     soo_write(c21422ec,d6dbfc6c,c2c2dd89,0,c23bc180) at soo_write+0x9e
>     dofilewrite(c23bc180,c21422ec,4,807d000,40) at dofilewrite+0xb6
>     write(c23bc180,d6dbfd04,c,c23bc180,c21264b0) at write+0x6a
>     syscall(807002f,bfbf002f,bfbf002f,806eca8,40) at syscall+0x340
>     Xint0x80_syscall() at Xint0x80_syscall+0x1f
>     --- syscall (4, FreeBSD ELF32, write), eip = 0x2826cd0b, esp =
0xbfbfe4fc, ebp = 0xbfbfr518 ---
> %%%
>
> Please Cc: me in replies, I'm not subscribed to this list.
Can you load a kernel.debug into gdb and do "l *(tcp_output+0xb49)" 
and
post the output? that offset isn't a function call in my kernel.
tcp_output() doesn't call m_copypacket directly so the exact spot is
difficult to find.

-- 
Doug White                    |  FreeBSD: The Power to Serve
dwhite@gumbysoft.com          |  www.FreeBSD.org