Kernel page fault with 2 non-sleepable locks held in tcp_input.c

From: Florian C. Smeets <flo_at_kasimir.com>
Date: Thu, 05 Oct 2006 22:57:47 +0200
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

i get this page fault with -CURRENT from FreeBSD 7.0-CURRENT #1: Wed Oct
 4 00:52:52 CEST 2006

Kernel page fault with the following non-sleepable locks held:
exclusive sleep mutex inp (tcpinp) r = 0 (0xc1074330) locked _at_
/usr/src/sys/netinet/tcp_input.c:754
exclusive sleep mutex tcp r = 0 (0xc071ecac) locked _at_
/usr/src/sys/netinet/tcp_input.c:624
KDB: stack backtrace:
kdb_backtrace(2,c0d8869c,c,c0d89a20,c73f8b58,...) at kdb_backtrace+0x29
witness_warn(5,0,c0698280) at witness_warn+0x192
trap(c0710008,c1070028,c06e0028,28,14,...) at trap+0xf4
calltrap() at calltrap+0x5
- --- trap 0xc, eip = 0xc057d7cd, esp = 0xc73f8ba0, ebp = 0xc73f8ba4 ---
in_broadcast(deadc0de,deadc0de) at in_broadcast+0x21
tcp_input(c0edd400,14,13c,f9878753,0,...) at tcp_input+0x3009
ip_input(c0edd400) at ip_input+0x5c5
netisr_processqueue(c071ddd8) at netisr_processqueue+0x6e
swi_net(0) at swi_net+0xc2
ithread_execute_handlers(c0d8869c,c0d86480) at
ithread_execute_handlers+0x122
ithread_loop(c0d726e0,c73f8d38) at ithread_loop+0x66
fork_exit(c04c300c,c0d726e0,c73f8d38) at fork_exit+0xac
fork_trampoline() at fork_trampoline+0x8
- --- trap 0x1, eip = 0, esp = 0xc73f8d6c, ebp = 0 ---


Fatal trap 12: page fault while in kernel mode
fault virtual address   = 0xdeadc136
fault code              = supervisor read, page not present
instruction pointer     = 0x20:0xc057d7cd
stack pointer           = 0x28:0xc73f8ba0
frame pointer           = 0x28:0xc73f8ba4
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, def32 1, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 13 (swi1: net)
Physical memory: 123 MB
Dumping 39 MB: 24 8

#0  doadump () at pcpu.h:166
166     pcpu.h: No such file or directory.
        in pcpu.h
(kgdb) bt
#0  doadump () at pcpu.h:166
#1  0xc046083b in db_fncall (dummy1=-952137260, dummy2=0, dummy3=1016,
    dummy4=0xc73f89a8 "\003") at /usr/src/sys/ddb/db_command.c:481
#2  0xc0460647 in db_command (last_cmdp=0xc06ce3c4, cmd_table=0x0)
    at /usr/src/sys/ddb/db_command.c:396
#3  0xc0460702 in db_command_loop () at /usr/src/sys/ddb/db_command.c:448
#4  0xc0462301 in db_trap (type=12, code=0) at
/usr/src/sys/ddb/db_main.c:221
#5  0xc04f5db1 in kdb_trap (type=12, code=0, tf=0x0)
    at /usr/src/sys/kern/subr_kdb.c:502
#6  0xc064fc91 in trap_fatal (frame=0xc73f8b60, eva=3735929142)
    at /usr/src/sys/i386/i386/trap.c:858
#7  0xc064f337 in trap (frame=
      {tf_fs = -1066336248, tf_es = -1056505816, tf_ds = -1066532824,
tf_edi = 40, tf_esi = 20, tf_ebp = -952136796, tf_isp = -952136820,
tf_ebx = 4, tf_edx = -559038242, tf_ecx = -559038242, tf_eax = 0,
tf_trapno = 12, tf_err = -559038154, tf_eip = -1067984947, tf_cs =
- -1058209760, tf_eflags = 66182, tf_esp = 4, tf_ss = -952136584}) at
/usr/src/sys/i386/i386/trap.c:277
#8  0xc063c58a in calltrap () at /usr/src/sys/i386/i386/exception.s:138
#9  0xc057d7cd in in_broadcast (in={s_addr = 3735929054}, ifp=0xdeadc0de)
    at /usr/src/sys/netinet/in.c:932
#10 0xc058c211 in tcp_input (m=0xc0edd400, off0=40) at endian.h:144
#11 0xc05830c5 in ip_input (m=0xc0edd400)
    at /usr/src/sys/netinet/ip_input.c:654
#12 0xc05538b6 in netisr_processqueue (ni=0xc071ddd8)
- ---Type <return> to continue, or q <return> to quit---
    at /usr/src/sys/net/netisr.c:236
#13 0xc0553a9e in swi_net (dummy=0x0) at /usr/src/sys/net/netisr.c:349
#14 0xc04c2f46 in ithread_execute_handlers (p=0xc0d8869c, ie=0xc0d86480)
    at /usr/src/sys/kern/kern_intr.c:662
#15 0xc04c3072 in ithread_loop (arg=0xc0d726e0)
    at /usr/src/sys/kern/kern_intr.c:745
#16 0xc04c2020 in fork_exit (callout=0xc04c300c <ithread_loop>,
    arg=0xc0d726e0, frame=0xc73f8d38) at /usr/src/sys/kern/kern_fork.c:818
#17 0xc063c5ec in fork_trampoline () at
/usr/src/sys/i386/i386/exception.s:199
(kgdb) frame 9
#9  0xc057d7cd in in_broadcast (in={s_addr = 3735929054}, ifp=0xdeadc0de)
    at /usr/src/sys/netinet/in.c:932
932                     return 0;
(kgdb) l
927
928             if (in.s_addr == INADDR_BROADCAST ||
929                 in.s_addr == INADDR_ANY)
930                     return 1;
931             if ((ifp->if_flags & IFF_BROADCAST) == 0)
932                     return 0;
933             t = ntohl(in.s_addr);
934             /*
935              * Look through the list of addresses for a match
936              * with a broadcast address.
(kgdb) info locals
ifa = (struct ifaddr *) 0xdeadc0de
t = 4
(kgdb)

If you need anything else from the core just let me know.

Cheers,
Flo
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Darwin)

iD8DBQFFJXHLA+1tjUZ1YScRAiw8AKCRC7OSMF2P2Pj5C4K0EZMWlT3qRwCfXjmd
ncGjnP8TswGi88DuaHLEyVA=
=0+F3
-----END PGP SIGNATURE-----
Received on Thu Oct 05 2006 - 18:58:23 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:01 UTC