[backtrace] RELENG_7_0 on NFS

From: Xin LI <delphij_at_delphij.net>
Date: Wed, 13 Feb 2008 00:30:36 -0800
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

I hit this while copying a large (~500MB) file from Linux (client) to
FreeBSD (server), which is easily reproducable.  Mount options are:
rsize=262144,wsize=262144,tcp.

*sb at /usr/src/sys/kern/uipc_sockbuf.c:939:

$7 = {sb_sel = {si_thrlist = {tqe_next = 0x0, tqe_prev = 0x0}, si_thread
= 0x0, si_note = {kl_list = {slh_first = 0x0},
      kl_lock = 0xffffffff80453a00 <knlist_mtx_lock>, kl_unlock =
0xffffffff804533d0 <knlist_mtx_unlock>, kl_locked = 0xffffffff804533b0
<knlist_mtx_locked>,
      kl_lockarg = 0xffffff000e7649f0}, si_flags = 0}, sb_mtx =
{lock_object = {lo_name = 0xffffffff807f15f5 "so_snd", lo_type =
0xffffffff807f15f5 "so_snd",
      lo_flags = 16973824, lo_witness_data = {lod_list = {stqe_next =
0x0}, lod_witness = 0x0}}, mtx_lock = 18446742974254660080, mtx_recurse
= 0}, sb_sx = {
    lock_object = {lo_name = 0xffffffff807f15fc "so_snd_sx", lo_type =
0xffffffff807f15fc "so_snd_sx", lo_flags = 37421056, lo_witness_data =
{lod_list = {
          stqe_next = 0x0}, lod_witness = 0x0}}, sx_lock =
18446742974254660080, sx_recurse = 0}, sb_state = 0, sb_mb =
0xffffff000eded600,
  sb_mbtail = 0xffffff000e6e5300, sb_lastrecord = 0xffffff000eded600,
sb_sndptr = 0xffffff000e6e5300, sb_sndptroff = 1004, sb_cc = 1504,
sb_hiwat = 233016,
  sb_mbcnt = 2560, sb_mbmax = 262144, sb_ctl = 0, sb_lowat = 2048,
sb_timeo = 0, sb_flags = 2048}


Cheers,
- --
Xin LI <delphij_at_delphij.net>	http://www.delphij.net/
FreeBSD - The Power to Serve!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4 (FreeBSD)

iD8DBQFHsqqsi+vbBBjt66ARAmEGAKCxozvCUCReu9IGVXohJEovcS9XWwCeOcwQ
Wz7NdotzJQcKFXNb0IntJeg=
=5lwO
-----END PGP SIGNATURE-----

Script started on Wed Feb 13 00:21:51 2008
[GDB will not be able to debug user-mode threads: /usr/lib/libthread_db.so: Undefined symbol "ps_pglobal_lookup"]
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "amd64-marcel-freebsd".

Unread portion of the kernel message buffer:


Fatal trap 12: page fault while in kernel mode
cpuid = 1; apic id = 01
fault virtual address	= 0x18
fault code		= supervisor read data, page not present
instruction pointer	= 0x8:0xffffffff804c8180
stack pointer	        = 0x10:0xffffffffff1f5810
frame pointer	        = 0x10:0xffffff000e9cf000
code segment		= base 0x0, limit 0xfffff, type 0x1b
			= DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags	= interrupt enabled, resume, IOPL = 0
current process		= 865 (nfsd)
trap number		= 12
panic: page fault
cpuid = 1
Uptime: 8m15s
Physical memory: 8178 MB
Dumping 505 MB: 490 474 458 442 426 410 394 378 362 346 330 314 298 282 266 250 234 218 202 186 170 154 138 122 106 90 74 58 42 26 10

#0  doadump () at pcpu.h:194
194	pcpu.h: No such file or directory.
	in pcpu.h
(kgdb) bt
#0  doadump () at pcpu.h:194
#1  0x0000000000000004 in ?? ()
#2  0xffffffff80477809 in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:409
#3  0xffffffff80477c0d in panic (fmt=0x104 <Address 0x104 out of bounds>) at /usr/src/sys/kern/kern_shutdown.c:563
#4  0xffffffff807332f4 in trap_fatal (frame=0xffffff000361b9f0, eva=18446742974254893264) at /usr/src/sys/amd64/amd64/trap.c:724
#5  0xffffffff807336c5 in trap_pfault (frame=0xffffffffff1f5760, usermode=0) at /usr/src/sys/amd64/amd64/trap.c:641
#6  0xffffffff80734008 in trap (frame=0xffffffffff1f5760) at /usr/src/sys/amd64/amd64/trap.c:410
#7  0xffffffff80719c6e in calltrap () at /usr/src/sys/amd64/amd64/exception.S:169
#8  0xffffffff804c8180 in sbsndptr (sb=0xffffff000e7649a8, off=499, len=Variable "len" is not available.
) at /usr/src/sys/kern/uipc_sockbuf.c:939
#9  0xffffffff805acb5e in tcp_output (tp=0xffffff000e9cf000) at /usr/src/sys/netinet/tcp_output.c:802
#10 0xffffffff805b7855 in tcp_usr_send (so=0xffffff000e764828, flags=0, m=0xffffff000e73f500, nam=Variable "nam" is not available.
) at /usr/src/sys/netinet/tcp_usrreq.c:843
#11 0xffffffff804cdafb in sosend_generic (so=0xffffff000e764828, addr=0x0, uio=0x0, top=0xffffff000e73f500, control=0x0, flags=Variable "flags" is not available.
)
    at /usr/src/sys/kern/uipc_socket.c:1240
#12 0xffffffff80613b9a in nfsrv_send (so=0xffffff000e764828, nam=Variable "nam" is not available.
) at /usr/src/sys/nfsserver/nfs_srvsock.c:770
#13 0xffffffff80617821 in nfssvc (td=Variable "td" is not available.
) at /usr/src/sys/nfsserver/nfs_syscalls.c:498
#14 0xffffffff80733947 in syscall (frame=0xffffffffff1f5c70) at /usr/src/sys/amd64/amd64/trap.c:852
#15 0xffffffff80719e7b in Xfast_syscall () at /usr/src/sys/amd64/amd64/exception.S:290
#16 0x000000080068746c in ?? ()
Previous frame inner to this frame (corrupt stack?)
(kgdb) up 8
#8  0xffffffff804c8180 in sbsndptr (sb=0xffffff000e7649a8, off=499, len=Variable "len" is not available.
) at /usr/src/sys/kern/uipc_sockbuf.c:939
939		     off > 0 && off >= m->m_len;
(kgdb) inspecd t m
$1 = (struct mbuf *) 0x0
(kgdb) up  list
934		*moff = off - sb->sb_sndptroff;
935		m = ret = sb->sb_sndptr ? sb->sb_sndptr : sb->sb_mb;
936	
937		/* Advance by len to be as close as possible for the next transmit. */
938		for (off = off - sb->sb_sndptroff + len - 1;
939		     off > 0 && off >= m->m_len;
940		     m = m->m_next) {
941			sb->sb_sndptroff += m->m_len;
942			off -= m->m_len;
943		}
(kgdb) 
Script done on Wed Feb 13 00:22:27 2008
Received on Wed Feb 13 2008 - 07:31:13 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:27 UTC