Subject: kern/28976: pool ipqepl: putting with none out, panic: pool_put, in tcp_reass() (netbsd-1-6)
To: None <kern-bug-people@netbsd.org, gnats-admin@netbsd.org,>
From: Greg A. Woods <woods@weird.com>
List: netbsd-bugs
Date: 01/15/2005 20:54:00
>Number: 28976
>Category: kern
>Synopsis: pool ipqepl: putting with none out, panic: pool_put, in tcp_reass() (netbsd-1-6)
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: kern-bug-people
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Sat Jan 15 20:54:00 +0000 2005
>Originator: Greg A. Woods
>Release: netbsd-1-6 20050112
>Organization:
Planix, Inc.; Toronto, Ontario; Canada
>Environment:
System: NetBSD 1.6.2_STABLE
Architecture: i386
Machine: i386
>Description:
google doesn't seem to know anything about this kind of panic,
and I don't think I've ever seen anything like it before either...
it happened during normal download activity while surfing the web
>How-To-Repeat:
pool ipqepl: putting with none out
panic: pool_put
Stopped at cpu_Debugger+0x4: movl %ebp,%esp
db> trace
cpu_Debugger(c1cbd034,c1cbd034,c067b0a0,c029e21f,c1cbd034) at cpu_Debugger+0x4
panic(c04d9060,e5024c1c,e5024b9c,c029c5c6,c04d9040) at panic+0xb0
pool_do_put(c067b0a0,c1cbd034,eb,5,e5024c20) at pool_do_put+0x3b
pool_put(c067b0a0,c1cbd034,e5024c1c,c1cd9a00) at pool_put+0x16
tcp_reass(c1c12298,e328e034,c2027300,e5024c94,c1cd9a00) at tcp_reass+0x388
tcp_input(c1cd9a00,14,6,1,c1cd9a00) at tcp_input+0x20e6
ip_input(c1cd9a00,c01e4344,c18ea000,e4d0a3e4) at ip_input+0x63b
ipintr(10,10,10,10,e4d0a3e4) at ipintr+0x6b
Xsoftnet() at Xsoftnet+0x2c
--- interrupt ---
idle(e4d0a3e4,3,c0295254,e4d0a3e4) at idle+0x20
bpendtsleep(c0673c08,118,c04d9f40,3,0) at bpendtsleep
sys_select(e4d0a3e4,e5024f80,e5024f78,c18d5038) at sys_select+0x304
syscall_plain(1f,85a001f,85a001f,bfbf001f,85af680) at syscall_plain+0xa7
db>
db> reboot
syncing disks... /building/work/woods/m-NetBSD-1.6/sys/netinet/tcp_input.c:2285: tcpcb 0xc1c12298 reass already locked
panic: tcp_reass_lock
Stopped at cpu_Debugger+0x4: movl %ebp,%esp
db>
>Fix:
unknown