Date: Fri, 8 Oct 2004 20:39:00 -0700 From: Kris Kennaway <kris@obsecurity.org> To: net@FreeBSD.org, current@FreeBSD.org Subject: Infinite loop in tcp_output on RELENG_5 Message-ID: <20041009033900.GA6751@xor.obsecurity.org>
next in thread | raw e-mail | index | archive | help
--CE+1k2dSO48ffgeK Content-Type: text/plain; charset=us-ascii Content-Disposition: inline pointyhat (SMP machine running RELENG_5) has twice in the past 2 days gone into an infinite loop in the tcp_output() function (repeatedly breaking into DDB and continuing, I can see it at different points in the code). I made tcp_output keep a counter and increment when it hits the again: label. If the counter reaches 1000, it panics. This happened again just now: panic: Looping in tcp_output cpuid = 0 KDB: enter: panic [thread 100043] Stopped at kdb_enter+0x30: leave db> tr kdb_enter(c06de69a,0,c06e973a,ebbd5ba0,c34cd4b0) at kdb_enter+0x30 panic(c06e973a,0,ebbd5b68,0,0) at panic+0x14e tcp_output(c395f8c0,c395f8c0,c3ed3e10,c05a79f0,ebbd5ca0) at tcp_output+0x19e tcp_drop(c395f8c0,3c,c06e9fe7,1ab,e) at tcp_drop+0x30 tcp_timer_persist(c395f8c0,0,c06df6ba,f5,0) at tcp_timer_persist+0x14c softclock(0,0,c06dc037,269,c0738ac0) at softclock+0x1c8 ithread_loop(c345d800,ebbd5d48,c06dbe2a,323,41531744) at ithread_loop+0x172 fork_exit(c04f1210,c345d800,ebbd5d48) at fork_exit+0xc6 fork_trampoline() at fork_trampoline+0x8 --- trap 0x1, eip = 0, esp = 0xebbd5d7c, ebp = 0 --- This might be related to SACK, which is one of the situations where we loop back to the again label, but that's just a guess. Kris --CE+1k2dSO48ffgeK Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (FreeBSD) iD8DBQFBZ11UWry0BWjoQKURAqt9AKCLVrQypJYVusvpXcHVteJKaind0wCfYoj4 XwUr29IyzQnD6uUe7ecyzOg= =sKir -----END PGP SIGNATURE----- --CE+1k2dSO48ffgeK--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20041009033900.GA6751>