Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 5 Feb 2002 12:08:02 -0800 (PST)
From:      Dima Ruban <dima@rdy.com>
To:        FreeBSD-gnats-submit@freebsd.org
Subject:   kern/34646: 4.5-stable crashes on thttpd restart under heavy traffic
Message-ID:  <200202052008.g15K82a07169@sivka.rdy.com>
next in thread | raw e-mail | index | archive | help 

>Number:         34646
>Category:       kern
>Synopsis:       4.5-stable crashes on thttpd restart under heavy traffic
>Confidential:   no
>Severity:       critical
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Feb 05 12:10:01 PST 2002
>Closed-Date:
>Last-Modified:
>Originator:     Dima Ruban
>Release:        FreeBSD 4.5-STABLE i386
>Organization:
ValueClick
>Environment:
	dmesg output:

Copyright (c) 1992-2002 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
	The Regents of the University of California. All rights reserved.
FreeBSD 4.5-STABLE #33: Tue Feb  5 00:41:11 PST 2002
    dima@furby4.valueclick.com:/usr/src/sys/compile/VC
Timecounter "i8254"  frequency 1193182 Hz
CPU: Pentium III/Pentium III Xeon/Celeron (451.02-MHz 686-class CPU)
  Origin = "GenuineIntel"  Id = 0x673  Stepping = 3
  Features=0x383fbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE>
real memory  = 536858624 (524276K bytes)
avail memory = 518664192 (506508K bytes)
Programming 24 pins in IOAPIC #0
IOAPIC #0 intpin 2 -> irq 0
IOAPIC #0 intpin 16 -> irq 11
IOAPIC #0 intpin 18 -> irq 10
IOAPIC #0 intpin 19 -> irq 12
FreeBSD/SMP: Multiprocessor motherboard
 cpu0 (BSP): apic id:  1, version: 0x00040011, at 0xfee00000
 cpu1 (AP):  apic id:  0, version: 0x00040011, at 0xfee00000
 io0 (APIC): apic id:  2, version: 0x00170011, at 0xfec00000
Preloaded elf kernel "kernel" at 0xc036e000.
ccd0-3: Concatenated disk drivers
Pentium Pro MTRR support enabled
Using $PIR table, 6 entries at 0xc00f0d20
npx0: <math processor> on motherboard
npx0: INT 16 interface
pcib0: <Intel 82443BX (440 BX) host to PCI bridge> on motherboard
pci0: <PCI bus> on pcib0
pcib1: <Intel 82443BX (440 BX) PCI-PCI (AGP) bridge> at device 1.0 on pci0
pci1: <PCI bus> on pcib1
isab0: <Intel 82371AB PCI to ISA bridge> at device 4.0 on pci0
isa0: <ISA bus> on isab0
atapci0: <Intel PIIX4 ATA33 controller> port 0xd800-0xd80f at device 4.1 on pci0
ata0: at 0x1f0 irq 14 on atapci0
ata1: at 0x170 irq 15 on atapci0
pci0: <Intel 82371AB/EB (PIIX4) USB controller> at 4.2 irq 12
Timecounter "PIIX"  frequency 3579545 Hz
chip1: <Intel 82371AB Power management controller> port 0xe800-0xe80f at device 4.3 on pci0
fxp0: <Intel Pro 10/100B/100+ Ethernet> port 0xd000-0xd03f mem 0xe2800000-0xe28fffff,0xe3000000-0xe3000fff irq 12 at device 9.0 on pci0
fxp0: Ethernet address 00:90:27:9a:63:9c
inphy0: <i82555 10/100 media interface> on miibus0
inphy0:  10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
ahc0: <Adaptec 2940 Ultra2 SCSI adapter> port 0xb800-0xb8ff mem 0xe2000000-0xe2000fff irq 10 at device 10.0 on pci0
aic7890/91: Ultra2 Wide Channel A, SCSI Id=7, 32/255 SCBs
pci0: <S3 ViRGE DX/GX graphics accelerator> at 12.0 irq 11
orm0: <Option ROMs> at iomem 0xc0000-0xc7fff,0xc8000-0xc8fff,0xcc000-0xd17ff on isa0
fdc0: <NEC 72065B or clone> at port 0x3f0-0x3f5,0x3f7 irq 6 drq 2 on isa0
fdc0: FIFO enabled, 8 bytes threshold
fd0: <1440-KB 3.5" drive> on fdc0 drive 0
atkbdc0: <Keyboard controller (i8042)> at port 0x60,0x64 on isa0
atkbd0: <AT Keyboard> irq 1 on atkbdc0
vga0: <Generic ISA VGA> at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0
sc0: <System console> on isa0
sc0: VGA <16 virtual consoles, flags=0x200>
sio0 at port 0x3f8-0x3ff irq 4 flags 0x10 on isa0
sio0: type 16550A
sio1 at port 0x2f8-0x2ff irq 3 on isa0
sio1: type 16550A
APIC_IO: Testing 8254 interrupt delivery
APIC_IO: routing 8254 via IOAPIC #0 intpin 2
IPv6 packet filtering initialized, default to accept, logging disabled
IP packet filtering initialized, divert enabled, rule-based forwarding enabled, default to accept, logging disabled
IPsec: Initialized Security Association Processing.
Waiting 15 seconds for SCSI devices to settle
SMP: AP CPU #1 Launched!
Mounting root from ufs:/dev/da0s1a
da0 at ahc0 bus 0 target 0 lun 0
da0: <SEAGATE ST39102LW 0006> Fixed Direct Access SCSI-2 device 
da0: 80.000MB/s transfers (40.000MHz, offset 15, 16bit), Tagged Queueing Enabled
da0: 8683MB (17783240 512 byte sectors: 255H 63S/T 1106C)

>Description:
	I was able to crash 4.5-stable box by killing thttpd and starting
	it again on a machine with heavy traffic.
	thttpd version is: thttpd/2.22beta4 14nov2001
	Crash dump is available.

	Here's backtrace:

GNU gdb 4.18
Copyright 1998 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-unknown-freebsd"...
SMP 2 cpus
IdlePTD at phsyical address 0x0038d000
initial pcb at physical address 0x002ea860
panicstr: page fault
panic messages:
---
panic: ipsec4_setspidx_inpcb: no PCB found.

mp_lock = 01000001; cpuid = 1; lapic.id = 00000000
boot() called on cpu#1

syncing disks... 

Fatal trap 12: page fault while in kernel mode
mp_lock = 01000002; cpuid = 1; lapic.id = 00000000
fault virtual address   = 0x10
fault code              = supervisor read, page not present
instruction pointer     = 0x8:0xc0235f7f
stack pointer           = 0x10:0xff80faa0
frame pointer           = 0x10:0xff80faf8
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, def32 1, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = Idle
interrupt mask          =  <- SMP: XXX
trap number             = 12
panic: page fault
mp_lock = 01000002; cpuid = 1; lapic.id = 00000000
boot() called on cpu#1
Uptime: 18m11s

dumping to dev #da/0x20001, offset 3145752
dump 511 510 509 508 507 506 505 504 503 502 501 500 499 498 497 496 495 494
493 492 491 490 489 488 487 486 485 484 483 482 481 480 479 478 477 476 475
[ ... dump stuff removed ... ]
10 9 8 7 6 5 4 3 2 1 0 
---
#0  dumpsys () at ../../kern/kern_shutdown.c:485
485             if (dumping++) {
#0  dumpsys () at ../../kern/kern_shutdown.c:485
#1  0xc0175f37 in boot (howto=260) at ../../kern/kern_shutdown.c:314
#2  0xc01763a9 in panic (fmt=0xc02bbb79 "%s") at
../../kern/kern_shutdown.c:593
#3  0xc026e535 in trap_fatal (frame=0xff80fa60, eva=16)
    at ../../i386/i386/trap.c:956
#4  0xc026e1a1 in trap_pfault (frame=0xff80fa60, usermode=0, eva=16)
    at ../../i386/i386/trap.c:849
#5  0xc026dcfb in trap (frame={tf_fs = -955777000, tf_es = -952238064, 
      tf_ds = -955777008, tf_edi = 2, tf_esi = 0, tf_ebp = -8324360, 
      tf_isp = -8324468, tf_ebx = 0, tf_edx = 160, tf_ecx = 8192, tf_eax = 0, 
      tf_trapno = 12, tf_err = 0, tf_eip = -1071423617, tf_cs = 8, 
      tf_eflags = 66118, tf_esp = -558233024, tf_ss = 0})
    at ../../i386/i386/trap.c:448
#6  0xc0235f7f in vnode_pager_generic_putpages (vp=0xdeba0a40, m=0xff80fb9c, 
    bytecount=8192, flags=0, rtvals=0xff80fb68) at machine/globals.h:114
#7  0xc0220d96 in ffs_putpages (ap=0xff80fb2c)
    at ../../ufs/ufs/ufs_readwrite.c:722
#8  0xc0235de2 in vnode_pager_putpages (object=0xdee4b840, m=0xff80fb9c, 
    count=2, sync=0, rtvals=0xff80fb68) at vnode_if.h:1147
#9  0xc0232d3f in vm_pageout_flush (mc=0xff80fb9c, count=2, flags=0)
    at ../../vm/vm_pager.h:145
#10 0xc022fcef in vm_object_page_clean (object=0xdee4b840, start=0, end=0, 
    flags=4) at ../../vm/vm_object.c:680
#11 0xc01a579c in vfs_msync (mp=0xc715f000, flags=2)
    at ../../kern/vfs_subr.c:2712
#12 0xc01a6810 in sync (p=0xc0302080, uap=0x0) at
../../kern/vfs_syscalls.c:546
#13 0xc0175cea in boot (howto=256) at ../../kern/kern_shutdown.c:235
#14 0xc01763a9 in panic (
    fmt=0xc029cf80 "ipsec4_setspidx_inpcb: no PCB found.\n")
    at ../../kern/kern_shutdown.c:593
#15 0xc01dd1a3 in ipsec4_setspidx_inpcb (m=0xc1102000, pcb=0x0)
    at ../../netinet6/ipsec.c:721
#16 0xc01dcbb9 in ipsec4_getpolicybysock (m=0xc1102000, dir=2, so=0xdac7df00, 
    error=0xff80fdd4) at ../../netinet6/ipsec.c:258
#17 0xc01ca14a in ip_output (m0=0xc1102000, opt=0x0, ro=0xdc97ab98, flags=0, 
    imo=0x0) at ../../netinet/ip_output.c:446
#18 0xc01d2fe7 in syncache_respond (sc=0xdc97ab60, m=0xc1102000)
    at ../../netinet/tcp_syncache.c:1184
#19 0xc01d2871 in syncache_add (inc=0xff80fedc, to=0xff80ff48, th=0xc113a034, 
    sop=0xff80fed8, m=0xc1102000) at ../../netinet/tcp_syncache.c:842
#20 0xc01cd6ac in tcp_input (m=0xc1102000, off0=20, proto=6)
    at ../../netinet/tcp_input.c:826
#21 0xc01c8a17 in ip_input (m=0xc1102000) at ../../netinet/ip_input.c:815
#22 0xc01c8a8b in ipintr () at ../../netinet/ip_input.c:843
(kgdb)

Even though IPSec is compiled into the kernel, this particular box isn't
running any of the IPSec stuff.

>How-To-Repeat:
	I haven't tried to reproduce this problem outside my enviroment.
	But for me all it comes down to is rebooting machine (thttpd
	starts on reboot), waiting a few minutes 'till it starts getting
	traffic, then killing thttpd and starting it again.

>Fix:

	Not known.


>Release-Note:
>Audit-Trail:
>Unformatted:

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200202052008.g15K82a07169>