Re: Latest -current complete lockup (tcp changes?)

From: Pawel Worach <pawel.worach_at_gmail.com>
Date: Sat, 24 Mar 2007 18:12:59 +0100
Andrey Chernov wrote:
> Very recent -current cause complete lockup in case and after small amount 
> of network activity happens. No panic, no ddb console - nothing just 
> lockup. Previously working kernel is from Mar 22. I suspect 
> recent round of TCP changes.
> 

Here is what I see which is tcp related.

Fatal trap 12: page fault while in kernel mode
fault virtual address   = 0x34
fault code              = supervisor read, page not present
instruction pointer     = 0x20:0xc074c3be
stack pointer           = 0x28:0xe40a58fc
frame pointer           = 0x28:0xe40a5960
code segment            = base 0x0, limit 0xfffff, type 0x1b
                         = DPL 0, pres 1, def32 1, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 32 (ath0 taskq)
trap number             = 12
panic: page fault
KDB: stack backtrace:
db_trace_self_wrapper(c078b6d3,e40a57ac,c054aef7,c0789c9f,c07fda40,...) 
at db_trace_self_wrapper+0x26
kdb_backtrace(c0789c9f,c07fda40,c077d50b,e40a57b8,100,...) at 
kdb_backtrace+0x2e
panic(c077d50b,c07a486b,c3bb2cf0,1,1,...) at panic+0xb7
trap_fatal(e40a58bc,34,1,0,c0741a9a,...) at trap_fatal+0x342
trap_pfault(e40a58bc,0,34,f0f70257,34,...) at trap_pfault+0x225
trap(e40a58bc) at trap+0x3cc
calltrap() at calltrap+0x6
--- trap 0xc, eip = 0xc074c3be, esp = 0xe40a58fc, ebp = 0xe40a5960 ---
generic_bcopy(c3fc43a0,e40a5988,730c3ea5,0,e40a597c,...) at 
generic_bcopy+0x1a
tcp_do_segment(c3d93a00,c3f6a840,c4ba2ae0,c3fc43a0,34,...) at 
tcp_do_segment+0xf92
tcp_input(c3d93a00,14,c3ba3c00,1,0,...) at tcp_input+0xd87
ip_input(c3d93a00,800,800,c3ba3c00,800,...) at ip_input+0x72c
netisr_dispatch(2,c3d93a00,3,0,3,...) at netisr_dispatch+0x4d
ether_demux(c3ba3c00,c3d93a00,3,0,3,...) at ether_demux+0x1cf
ether_input(c3ba3c00,c3d93a00,c3ea0098,c3d93a00,1c,...) at ether_input+0x3b6
ieee80211_deliver_data(c3d93a00,e40a5c24,6,1c,c07c4480,...) at 
ieee80211_deliver_data+0x7d
ieee80211_input(c3bd8230,c3d93a00,c3ea0000,2e,25f7,...) at 
ieee80211_input+0xb19
ath_rx_proc(c3bd8000,1,0,0,0,...) at ath_rx_proc+0x3f9
taskqueue_run(c3bb8a00,c3bb8a1c,0,c07816dc,0,...) at taskqueue_run+0x12d
taskqueue_thread_loop(c3bd8db4,e40a5d38,74d28524,40498b17,3b9c4d89,...) 
at taskqueue_thread_loop+0x98
fork_exit(c05796e0,c3bd8db4,e40a5d38) at fork_exit+0x80
fork_trampoline() at fork_trampoline+0x8
--- trap 0, eip = 0, esp = 0xe40a5d70, ebp = 0 ---
Uptime: 9h8m38s
Physical memory: 1014 MB
Dumping 159 MB: (CTRL-C to abort)  (CTRL-C to abort)  (CTRL-C to abort) 
  (CTRL-C to abort)  144 128 112 96 80 64 48 32 16

#0  doadump () at pcpu.h:172
172     pcpu.h: No such file or directory.
         in pcpu.h
(kgdb) bt
#0  doadump () at pcpu.h:172
#1  0xc054ac26 in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:409
#2  0xc054af8d in panic (fmt=0xc077d50b "%s")
     at /usr/src/sys/kern/kern_shutdown.c:563
#3  0xc074e952 in trap_fatal (frame=0xe40a58bc, eva=52)
     at /usr/src/sys/i386/i386/trap.c:868
#4  0xc074e5e5 in trap_pfault (frame=0xe40a58bc, usermode=0, eva=52)
     at /usr/src/sys/i386/i386/trap.c:777
#5  0xc074e15c in trap (frame=0xe40a58bc) at 
/usr/src/sys/i386/i386/trap.c:462
#6  0xc073cf7b in calltrap () at /usr/src/sys/i386/i386/exception.s:139
#7  0xc074c3be in generic_bcopy () at /usr/src/sys/i386/i386/support.s:489
Previous frame inner to this frame (corrupt stack?)
(kgdb) l *tcp_do_segment+0xf92
0xc06576f2 is in tcp_do_segment (/usr/src/sys/netinet/tcp_input.c:1901).
1896                    }
1897                    if (tp->sack_enable &&
1898                        ((to.to_flags & TOF_SACK) ||
1899                         !TAILQ_EMPTY(&tp->snd_holes)))
1900                            tcp_sack_doack(tp, &to, th->th_ack);
1901                    if (SEQ_LEQ(th->th_ack, tp->snd_una)) {
1902                            if (tlen == 0 && tiwin == tp->snd_wnd) {
1903                                    tcpstat.tcps_rcvdupack++;
1904                                    /*
1905                                     * If we have outstanding data 
(other than
(kgdb) l *tcp_input+0xd87
0xc0656677 is in tcp_input (/usr/src/sys/netinet/tcp_input.c:1004).
999             /*
1000             * Segment belongs to a connection in SYN_SENT, 
ESTABLISHED or
1001             * later state.  tcp_do_segment() always consumes the 
mbuf chain
1002             * and unlocks the inpcb.
1003             */
1004            if (tcp_do_segment(m, th, so, tp, drop_hdrlen, tlen))
1005                    goto findpcb;   /* XXX: TIME_WAIT was nuked. */
1006            return;
1007
1008    dropwithreset:

# ident /usr/src/sys/netinet/tcp_input.c
/usr/src/sys/netinet/tcp_input.c:
      $FreeBSD: src/sys/netinet/tcp_input.c,v 1.328 2007/03/23 20:16:50 
andre Exp $


-- 
Pawel
Received on Sat Mar 24 2007 - 16:40:57 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:07 UTC