GENERIC HEAD from Feb 5 09:19 UTC + mpsafe_vfs = 1 , vmcore.170
GDB: no debug ports present
KDB: debugger backends: ddb
KDB: current backend: ddb
Copyright (c) 1992-2005 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
The Regents of the University of California. All rights reserved.
FreeBSD 6.0-CURRENT #0: Sat Feb 5 14:05:02 CET 2005
pho@current.osted.lan:/usr/src/sys/i386/compile/PHO
WARNING: WITNESS option enabled, expect reduced performance.
ACPI APIC Table: <A M I OEMAPIC >
Timecounter "i8254" frequency 1193182 Hz quality 0
CPU: Intel(R) Celeron(R) CPU 1.80GHz (1799.14-MHz 686-class CPU)
Origin = "GenuineIntel" Id = 0xf13 Stepping = 3
Features=0x3febfbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CLFLUSH,DTS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM>
real memory = 267583488 (255 MB)
avail memory = 252379136 (240 MB)
:
mount root from ufs:/dev/ad0s1a
WARNING: / was not properly dismounted
rl0: link state changed to DOWN
sigreturn: eflags = 0x0
sigreturn: eflags = 0x0
freebsd4_sigreturn: eflags = 0x0
freebsd4_sigreturn: eflags = 0x0
freebsd4_sigreturn: eflags = 0x0
freebsd4_sigreturn: eflags = 0x0
freebsd4_sigreturn: eflags = 0x0
freebsd4_sigreturn: eflags = 0x0
freebsd4_sigreturn: eflags = 0x0
freebsd4_sigreturn: eflags = 0x0
freebsd4_sigreturn: eflags = 0x0
freebsd4_sigreturn: eflags = 0x0
panic: tcp_input: TCPS_LISTEN
cpuid = 0
KDB: enter: panic
[thread pid 35 tid 100011 ]
Stopped at kdb_enter+0x2b: nop
db> where
Tracing pid 35 tid 100011 td 0xc1524170
kdb_enter(c082560f) at kdb_enter+0x2b
panic(c0832f7d,0,0,1,0) at panic+0x14b
tcp_input(c27fca00,14,c27fca00,0,0) at tcp_input+0xbf6
ip_input(c27fca00) at ip_input+0x50d
netisr_processqueue(c0944cd8) at netisr_processqueue+0x6e
swi_net(0) at swi_net+0xbe
ithread_loop(c154d180,cbc90d48,c154d180,c0601f84,0) at ithread_loop+0x120
fork_exit(c0601f84,c154d180,cbc90d48) at fork_exit+0xa4
fork_trampoline() at fork_trampoline+0x8
--- trap 0x1, eip = 0, esp = 0xcbc90d7c, ebp = 0 ---
db> call doadump
Dumping 255 MB
16 32 48 64 80 96 112 128 144 160 176 192 208 224 240
Dump complete
0xf
db> reset
(kgdb) bt
#0 doadump () at pcpu.h:159
#1 0xc046609a in db_fncall (dummy1=0x0, dummy2=0x0, dummy3=0x0, dummy4=0xcbc90a40 "l\nÉË\020&zÀX\nÉË\\\nÉË\220\a")
at ../../../ddb/db_command.c:531
#2 0xc0465ea8 in db_command (last_cmdp=0xc08cf064, cmd_table=0x0, aux_cmd_tablep=0xc084e224, aux_cmd_tablep_end=0xc084e240)
at ../../../ddb/db_command.c:349
#3 0xc0465f70 in db_command_loop () at ../../../ddb/db_command.c:455
#4 0xc0467af9 in db_trap (type=0x3, code=0x0) at ../../../ddb/db_main.c:228
#5 0xc062c7d4 in kdb_trap (type=0x3, code=0x0, tf=0xcbc90b84) at ../../../kern/subr_kdb.c:421
#6 0xc07bea8c in trap (frame=
{tf_fs = 0xcbc90018, tf_es = 0xc0620010, tf_ds = 0xc0820010, tf_edi = 0xc0832f7d, tf_esi = 0x1, tf_ebp = 0xcbc90bc4, tf_isp = 0xcbc90bb0, tf_ebx = 0xcbc90bf0, tf_edx = 0x0, tf_ecx = 0xc1033000, tf_eax = 0x12, tf_trapno = 0x3, tf_err = 0x0, tf_eip = 0xc062c53b, tf_cs = 0x8, tf_eflags = 0x292, tf_esp = 0xcbc90be4, tf_ss = 0xc061489b}) at ../../../i386/i386/trap.c:573
#7 0xc07acd2a in calltrap () at ../../../i386/i386/exception.s:139
#8 0xcbc90018 in ?? ()
#9 0xc0620010 in _callout_stop_safe (c=0xcbc90bf0, safe=0x100) at ../../../kern/kern_timeout.c:482
#10 0xc061489b in panic (fmt=0xc0832f7d "tcp_input: TCPS_LISTEN") at ../../../kern/kern_shutdown.c:550
#11 0xc06a8b22 in tcp_input (m=0xc27fca00, off0=0xffff) at ../../../netinet/tcp_input.c:1016
#12 0xc06a2611 in ip_input (m=0xc27fca00) at ../../../netinet/ip_input.c:753
#13 0xc0682086 in netisr_processqueue (ni=0xc0944cd8) at ../../../net/netisr.c:235
#14 0xc068226a in swi_net (dummy=0x0) at ../../../net/netisr.c:348
#15 0xc06020a4 in ithread_loop (arg=0xc154d180) at ../../../kern/kern_intr.c:546
#16 0xc06014b8 in fork_exit (callout=0xc0601f84 <ithread_loop>, arg=0xc154d180, frame=0xcbc90d48) at ../../../kern/kern_fork.c:790
#17 0xc07acd8c in fork_trampoline () at ../../../i386/i386/exception.s:208
(kgdb) f 11
#11 0xc06a8b22 in tcp_input (m=0xc27fca00, off0=0xffff) at ../../../netinet/tcp_input.c:1016
1016 panic("tcp_input: TCPS_LISTEN");
(kgdb) l
1011 INP_LOCK_ASSERT(inp);
1012
1013 /* XXX temp debugging */
1014 /* should not happen - syncache should pick up these connections */
1015 if (tp->t_state == TCPS_LISTEN)
1016 panic("tcp_input: TCPS_LISTEN");
1017
1018 /*
1019 * This is the second part of the MSS DoS prevention code (after
1020 * minmss on the sending side) and it deals with too many too small
(kgdb) info loc
th = (struct tcphdr *) 0xc27fca54
ip = (struct ip *) 0xc27fca40
ipov = (struct ipovly *) 0x2c
inp = (struct inpcb *) 0xc1b2cec4
optp = (u_char *) 0xc27fca68 "\002\004\005´\001\001\004\002\001\003\003\001\001\001\b\n\002|rç"
optlen = 0x18
len = 0xc1d25898
tlen = 0x0
off = 0x2c
drop_hdrlen = 0x40
tp = (struct tcpcb *) 0xc1d25898
thflags = 0x2
so = (struct socket *) 0xc258f530
todrop = 0xc1d25898
acked = 0xc1d25898
ourfinisacked = 0xc1d25898
needoutput = 0x0
tiwin = 0xffff
to = {to_flags = 0x0, to_tsval = 0x0, to_tsecr = 0x0, to_mss = 0x0, to_requested_s_scale = 0x0, to_pad = 0x0}
headlocked = 0x1
rstreason = 0xc1d25898
ip6 = (struct ip6_hdr *) 0x0
isipv6 = 0x0
(kgdb) p *th
$1 = {th_sport = 0x25d2, th_dport = 0x3c30, th_seq = 0xaf710aa1, th_ack = 0x0, th_x2 = 0x0, th_off = 0xb, th_flags = 0x2, th_win = 0xffff,
th_sum = 0x0, th_urp = 0x0}
(kgdb) p *ip
$2 = {ip_hl = 0x0, ip_v = 0x4, ip_tos = 0x0, ip_len = 0x0, ip_id = 0x0, ip_off = 0x0, ip_ttl = 0x0, ip_p = 0x6, ip_sum = 0x2c00, ip_src = {
s_addr = 0x301a8c0}, ip_dst = {s_addr = 0x301a8c0}}
(kgdb) p *inp
$3 = {inp_hash = {le_next = 0x0, le_prev = 0xc16640f0}, inp_list = {le_next = 0xc1b2cbf4, le_prev = 0xc1862b48}, inp_flow = 0x0, inp_inc = {
inc_flags = 0x0, inc_len = 0x0, inc_pad = 0x0, inc_ie = {ie_fport = 0x0, ie_lport = 0x3c30, ie_dependfaddr = {ie46_foreign = {
ia46_pad32 = {0x0, 0x0, 0x0}, ia46_addr4 = {s_addr = 0x0}}, ie6_foreign = {__u6_addr = {__u6_addr8 = '\0' <repeats 15 times>,
__u6_addr16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, __u6_addr32 = {0x0, 0x0, 0x0, 0x0}}}}, ie_dependladdr = {ie46_local = {
ia46_pad32 = {0x0, 0x0, 0x0}, ia46_addr4 = {s_addr = 0x0}}, ie6_local = {__u6_addr = {__u6_addr8 = '\0' <repeats 15 times>,
__u6_addr16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, __u6_addr32 = {0x0, 0x0, 0x0, 0x0}}}}}}, inp_ppcb = 0xc1d25898 "",
inp_pcbinfo = 0xc0945ae0, inp_socket = 0xc258f530, inp_label = 0x0, inp_flags = 0x800000, inp_sp = 0x0, inp_vflag = 0x1,
inp_ip_ttl = 0x40, inp_ip_p = 0x0, inp_depend4 = {inp4_ip_tos = 0x0, inp4_options = 0x0, inp4_moptions = 0x0}, inp_depend6 = {
inp6_options = 0x0, inp6_outputopts = 0x0, inp6_moptions = 0x0, inp6_icmp6filt = 0x0, inp6_cksum = 0x0, inp6_ifindex = 0x0,
inp6_hops = 0x0}, inp_portlist = {le_next = 0x0, le_prev = 0xc165eca8}, inp_phd = 0xc165eca0, inp_gencnt = 0x4f86, inp_mtx = {
mtx_object = {lo_class = 0xc0886388, lo_name = 0xc0836124 "inp", lo_type = 0xc0828e13 "tcpinp", lo_flags = 0x4b0000, lo_list = {
tqe_next = 0xc2594750, tqe_prev = 0xc258f5a8}, lo_witness = 0xc09072a0}, mtx_lock = 0xc1524170, mtx_recurse = 0x0}}
(kgdb) p *tp
$4 = {t_segq = {lh_first = 0x0}, t_segqlen = 0x0, t_dupacks = 0x0, tt_rexmt = 0xc1d259d8, tt_persist = 0xc1d259f0, tt_keep = 0xc1d25a08,
tt_2msl = 0xc1d25a20, tt_delack = 0xc1d25a38, t_inpcb = 0xc1b2cec4, t_state = 0x1, t_flags = 0xa0, t_force = 0x0, snd_una = 0x0,
snd_max = 0x0, snd_nxt = 0x0, snd_up = 0x0, snd_wl1 = 0x0, snd_wl2 = 0x0, iss = 0x0, irs = 0x0, rcv_nxt = 0x0, rcv_adv = 0x0,
rcv_wnd = 0x0, rcv_up = 0x0, snd_wnd = 0x0, snd_cwnd = 0x3fffc000, snd_bwnd = 0x3fffc000, snd_ssthresh = 0x3fffc000, snd_bandwidth = 0x0,
snd_recover = 0x0, t_maxopd = 0x200, t_rcvtime = 0x27c72cc, t_starttime = 0x0, t_rtttime = 0x0, t_rtseq = 0x0, t_bw_rtttime = 0x27c72cc,
t_bw_rtseq = 0x0, t_rxtcur = 0xbb8, t_maxseg = 0x200, t_srtt = 0x0, t_rttvar = 0x2ee0, t_rxtshift = 0x0, t_rttmin = 0x3, t_rttbest = 0x0,
t_rttupdated = 0x0, max_sndwnd = 0x0, t_softerror = 0x0, t_oobflags = 0x0, t_iobc = 0x0, snd_scale = 0x0, rcv_scale = 0x0,
request_r_scale = 0x0, requested_s_scale = 0x0, ts_recent = 0x0, ts_recent_age = 0x0, last_ack_sent = 0x0, snd_cwnd_prev = 0x0,
snd_ssthresh_prev = 0x0, snd_recover_prev = 0x0, t_badrxtwin = 0x0, snd_limited = 0x0, rcv_second = 0x0, rcv_pps = 0x0, rcv_byps = 0x0,
sack_enable = 0x1, snd_numholes = 0x0, snd_holes = 0x0, rcv_laststart = 0x0, rcv_lastend = 0x0, rcv_lastsack = 0x0, rcv_numsacks = 0x0,
sackblks = {{start = 0x0, end = 0x0}, {start = 0x0, end = 0x0}, {start = 0x0, end = 0x0}, {start = 0x0, end = 0x0}, {start = 0x0,
end = 0x0}, {start = 0x0, end = 0x0}}, sack_newdata = 0x0}
(kgdb) p *so
$5 = {so_count = 0x1, so_type = 0x1, so_options = 0x4, so_linger = 0x0, so_state = 0x0, so_qstate = 0x0, so_pcb = 0xc1b2cec4,
so_proto = 0xc0890fc8, so_head = 0x0, so_incomp = {tqh_first = 0x0, tqh_last = 0xc258f54c}, so_comp = {tqh_first = 0x0,
tqh_last = 0xc258f554}, so_list = {tqe_next = 0x0, tqe_prev = 0x0}, so_qlen = 0x0, so_incqlen = 0x0, so_qlimit = 0x0, so_timeo = 0x0,
so_error = 0x0, so_sigio = 0x0, so_oobmark = 0x0, so_aiojobq = {tqh_first = 0x0, tqh_last = 0xc258f578}, so_rcv = {sb_sel = {
si_thrlist = {tqe_next = 0x0, tqe_prev = 0x0}, si_thread = 0x0, si_note = {kl_lock = 0xc258f598, kl_list = {slh_first = 0x0}},
si_flags = 0x0}, sb_mtx = {mtx_object = {lo_class = 0xc0886388, lo_name = 0xc0828dd3 "so_rcv", lo_type = 0xc0828dd3 "so_rcv",
lo_flags = 0x30000, lo_list = {tqe_next = 0xc1b2cf54, tqe_prev = 0xc258f614}, lo_witness = 0xc0907408}, mtx_lock = 0x4,
mtx_recurse = 0x0}, sb_state = 0x0, sb_mb = 0x0, sb_mbtail = 0x0, sb_lastrecord = 0x0, sb_cc = 0x0, sb_hiwat = 0x10000,
sb_mbcnt = 0x0, sb_mbmax = 0x40000, sb_ctl = 0x0, sb_lowat = 0x1, sb_timeo = 0x0, sb_flags = 0x0}, so_snd = {sb_sel = {si_thrlist = {
tqe_next = 0x0, tqe_prev = 0x0}, si_thread = 0x0, si_note = {kl_lock = 0xc258f604, kl_list = {slh_first = 0x0}}, si_flags = 0x0},
sb_mtx = {mtx_object = {lo_class = 0xc0886388, lo_name = 0xc0828dcc "so_snd", lo_type = 0xc0828dcc "so_snd", lo_flags = 0x30000,
lo_list = {tqe_next = 0xc258f598, tqe_prev = 0xc269233c}, lo_witness = 0xc0907430}, mtx_lock = 0x4, mtx_recurse = 0x0},
sb_state = 0x0, sb_mb = 0x0, sb_mbtail = 0x0, sb_lastrecord = 0x0, sb_cc = 0x0, sb_hiwat = 0x8000, sb_mbcnt = 0x0, sb_mbmax = 0x40000,
sb_ctl = 0x0, sb_lowat = 0x800, sb_timeo = 0x0, sb_flags = 0x0}, so_upcall = 0, so_upcallarg = 0x0, so_cred = 0xc1810a00,
so_label = 0x0, so_peerlabel = 0x0, so_gencnt = 0x2798b1, so_emuldata = 0x0, so_accf = 0x0}
(kgdb) p *panic_td
$13 = {td_proc = 0xc1555bd0, td_ksegrp = 0xc15256c0, td_plist = {tqe_next = 0x0, tqe_prev = 0xc1555be0}, td_kglist = {tqe_next = 0x0,
tqe_prev = 0xc15256cc}, td_slpq = {tqe_next = 0x0, tqe_prev = 0x0}, td_lockq = {tqe_next = 0x0, tqe_prev = 0xcf6b4c18}, td_runq = {
tqe_next = 0x0, tqe_prev = 0x0}, td_selq = {tqh_first = 0x0, tqh_last = 0x0}, td_sleepqueue = 0xc1514500, td_turnstile = 0xc1523080,
td_tid = 0x186ab, td_flags = 0x1000000, td_inhibitors = 0x0, td_pflags = 0x0, td_dupfd = 0x0, td_wchan = 0x0, td_wmesg = 0x0,
td_lastcpu = 0x0, td_oncpu = 0x0, td_locks = 0x0, td_blocked = 0x0, td_ithd = 0xc154d180, td_lockname = 0x0, td_contested = {
lh_first = 0x0}, td_sleeplocks = 0xc09439e0, td_intr_nesting_level = 0x0, td_pinned = 0x0, td_mailbox = 0x0, td_ucred = 0xc1515300,
td_standin = 0x0, td_upcall = 0x0, td_sticks = 0x0, td_uuticks = 0x0, td_usticks = 0x0, td_intrval = 0x0, td_oldsigmask = {__bits = {0x0,
0x0, 0x0, 0x0}}, td_sigmask = {__bits = {0x0, 0x0, 0x0, 0x0}}, td_siglist = {__bits = {0x0, 0x0, 0x0, 0x0}}, td_waitset = 0x0,
td_umtxq = 0x0, td_generation = 0xe3812f, td_sigstk = {ss_sp = 0x0, ss_size = 0x0, ss_flags = 0x0}, td_kflags = 0x0, td_xsig = 0x0,
td_profil_addr = 0x0, td_profil_ticks = 0x0, td_base_pri = 0x28, td_priority = 0x28, td_pcb = 0xcbc90da0, td_state = TDS_RUNNING,
td_retval = {0x0, 0x0}, td_slpcallout = {c_links = {sle = {sle_next = 0x0}, tqe = {tqe_next = 0x0, tqe_prev = 0x0}}, c_time = 0x0,
c_arg = 0x0, c_func = 0, c_flags = 0x8}, td_frame = 0xcbc90d48, td_kstack_obj = 0xc105a948, td_kstack = 0xcbc8f000,
td_kstack_pages = 0x2, td_altkstack_obj = 0x0, td_altkstack = 0x0, td_altkstack_pages = 0x0, td_critnest = 0x1, td_md = {
md_savecrit = 0x46}, td_sched = 0xc15242bc}
(kgdb) p *panic_td->td_proc
$14 = {p_list = {le_next = 0xc1555dc8, le_prev = 0xc15559d8}, p_ksegrps = {tqh_first = 0xc15256c0, tqh_last = 0xc15256c4}, p_threads = {
tqh_first = 0xc1524170, tqh_last = 0xc1524178}, p_suspended = {tqh_first = 0x0, tqh_last = 0xc1555be8}, p_ucred = 0xc1515300,
p_fd = 0xc156be00, p_fdtol = 0x0, p_stats = 0xc1513d00, p_limit = 0xc1513600, p_sigacts = 0xc1566000, p_flag = 0x204, p_sflag = 0x1,
p_state = PRS_NORMAL, p_pid = 0x23, p_hash = {le_next = 0x0, le_prev = 0xc151108c}, p_pglist = {le_next = 0xc1555dc8,
le_prev = 0xc1555a28}, p_pptr = 0xc08e8020, p_sibling = {le_next = 0xc1555dc8, le_prev = 0xc1555a34}, p_children = {lh_first = 0x0},
p_mtx = {mtx_object = {lo_class = 0xc0886388, lo_name = 0xc0824c8c "process lock", lo_type = 0xc0824c8c "process lock",
lo_flags = 0x430000, lo_list = {tqe_next = 0xc1555e30, tqe_prev = 0xc1555a50}, lo_witness = 0xc0907520}, mtx_lock = 0x4,
mtx_recurse = 0x0}, p_oppid = 0x0, p_vmspace = 0xc08e8380, p_swtime = 0x9fd3, p_realtimer = {it_interval = {tv_sec = 0x0,
tv_usec = 0x0}, it_value = {tv_sec = 0x0, tv_usec = 0x0}}, p_rux = {rux_runtime = {sec = 0x405, frac = 0x585b20d9444b7506},
rux_uticks = 0x0, rux_sticks = 0x0, rux_iticks = 0x20d00, rux_uu = 0x0, rux_su = 0x0, rux_iu = 0x3d5a4e93}, p_crux = {rux_runtime = {
sec = 0x0, frac = 0x0}, rux_uticks = 0x0, rux_sticks = 0x0, rux_iticks = 0x0, rux_uu = 0x0, rux_su = 0x0, rux_iu = 0x0},
p_profthreads = 0x0, p_maxthrwaits = 0x0, p_traceflag = 0x0, p_tracevp = 0x0, p_tracecred = 0x0, p_textvp = 0x0, p_siglist = {__bits = {
0x0, 0x0, 0x0, 0x0}}, p_lock = 0x1, p_sigiolst = {slh_first = 0x0}, p_sigparent = 0x14, p_sig = 0x0, p_code = 0x0, p_stops = 0x0,
p_stype = 0x0, p_step = 0x0, p_pfsflags = 0x0, p_nlminfo = 0x0, p_aioinfo = 0x0, p_singlethread = 0x0, p_suspcount = 0x0,
p_xthread = 0x0, p_boundary_count = 0x0, p_magic = 0xbeefface, p_comm = "swi1: net\000\000\000\000\000\000\000\000\000\000",
p_pgrp = 0xc08e8540, p_sysent = 0xc0881c40, p_args = 0x0, p_cpulimit = 0x7fffffffffffffff, p_nice = 0x0, p_xstat = 0x0, p_klist = {
kl_lock = 0xc1555c38, kl_list = {slh_first = 0x0}}, p_numthreads = 0x1, p_numksegrps = 0x1, p_md = {md_ldt = 0x0}, p_itcallout = {
c_links = {sle = {sle_next = 0x0}, tqe = {tqe_next = 0x0, tqe_prev = 0x0}}, c_time = 0x0, c_arg = 0x0, c_func = 0, c_flags = 0x8},
p_acflag = 0x1, p_ru = 0x0, p_peers = 0x0, p_leader = 0xc1555bd0, p_emuldata = 0x0, p_label = 0x0, p_sched = 0xc1555dc8}