Date: Fri, 26 Jul 2002 20:23:37 +0300 From: andrew bliznak <andrew@ort.lviv.net> To: John Baldwin <jhb@FreeBSD.org> Cc: current@FreeBSD.org, Alex Zepeda <zipzippy@sonic.net>, Peter Schultz <peter@jocose.org> Subject: Re: I think X is making this whole thing unstable.. Message-ID: <3D418599.6000108@ort.lviv.net> References: <XFMail.20020726124415.jhb@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
John Baldwin wrote:
> On 26-Jul-2002 andrew bliznak wrote:
>
>>#14 0xc03179d8 in calltrap () at {standard input}:98
>>#15 0xc01e4db5 in _mtx_lock_sleep (m=0x28, opts=0, file=0x0, line=0)
>> at /usr/home/andrew/C/src/sys/kern/kern_mutex.c:598
>
>
> This is the bug, it's like it is dereferencing a null pointer to get
> a mutex or something.
>
>
>>#16 0xc026f71d in tcp_input (m=0xc0f10100, off0=20)
>> at /usr/home/andrew/C/src/sys/netinet/tcp_input.c:520
>
>
> /*
> * Locate pcb for segment.
> */
> INP_INFO_WLOCK(&tcbinfo);
> headlocked = 1;
>
> #define INP_INFO_WLOCK(ipi) mtx_lock(&(ipi)->ipi_mtx)
>
> I don't see why it should be a problem though, tcbinfo is a global
> var.
Hm, little more debuging, m in sys/kern/kern_mutex.c:595 is wrong!
(kgdb) up 16
#16 0xc026f71d in tcp_input (m=0xc0f10100, off0=20)
at /usr/home/andrew/C/src/sys/netinet/tcp_input.c:520
520
INP_INFO_WLOCK(&tcbinfo);
(kgdb) print tcinfo
$1 = {hashbase = 0xc1c6a000, hashmask = 511, porthashbase = 0xc0efe800,
porthashmask = 511, listhead = 0xc03c1bf0, lastport = 49172, lastlow
= 0,
lasthi = 0, ipi_zone = 0xc0f05dc0, ipi_count = 29, ipi_gencnt = 74,
ipi_mtx = {mtx_object = {lo_class = 0xc03b6f00, lo_name = 0xc03662e8
"tcp",
lo_type = 0xc03662e8 "tcp", lo_flags = 720896, lo_list = {
tqe_next = 0x0, tqe_prev = 0x0}, lo_witness = 0x0},
mtx_lock = 3237004802, mtx_recurse = 0, mtx_blocked = {
tqh_first = 0xc0f0bd80, tqh_last = 0xc0f0bda0}, mtx_contested = {
le_next = 0x0, le_prev = 0xc0f0c664}, mtx_acqtime = 0,
mtx_filename = 0x0, mtx_lineno = 0}}
(kgdb) down
#15 0xc01e4db5 in _mtx_lock_sleep (m=0x28, opts=0, file=0x0, line=0)
at /usr/home/andrew/C/src/sys/kern/kern_mutex.c:598
598
propagate_priority(td);
(kgdb) list
593
* Save who we're blocked on.
594
*/
595
td->td_blocked = m;
596
td->td_mtxname = m->mtx_object.lo_name;
597
td->td_state = TDS_MTX;
598
propagate_priority(td);
599
600
if (LOCK_LOG_TEST(&m->mtx_object, opts))
601
CTR3(KTR_LOCK,
602
"_mtx_lock_sleep: p %p blocked on [%p] %s", td, m,
(kgdb) print td
$2 = (struct thread *) 0xc0f0c600
(kgdb) print *td
$3 = {td_proc = 0xc207f560, td_ksegrp = 0xc207f598, td_plist = {
tqe_next = 0x0, tqe_prev = 0xc207f570}, td_kglist = {tqe_next = 0x0,
tqe_prev = 0xc207f5b4}, td_slpq = {tqe_next = 0x0, tqe_prev =
0xc0f0c0d8},
td_blkq = {tqe_next = 0x0, tqe_prev = 0x0}, td_runq = {tqe_next = 0x0,
tqe_prev = 0x0}, td_selq = {tqh_first = 0xc1cef270,
tqh_last = 0xc20c711c}, td_flags = 200, td_last_kse = 0x0,
td_kse = 0xc207f5f4, td_dupfd = 0, td_wchan = 0xc03ba2c4,
td_wmesg = 0xc035eb89 "select", td_lastcpu = 0 '\0', td_inktr = 0 '\0',
td_inktrace = 0 '\0', td_locks = -416, td_blocked = 0x0, td_ithd = 0x0,
td_mtxname = 0x0, td_contested = {lh_first = 0xc03c1c2c},
td_sleeplocks = 0x0, td_intr_nesting_level = 0, td_mailbox = 0x0,
td_ucred = 0xc209f100, td_switchin = 0, td_md = <incomplete type>,
td_retval = {0, 189}, td_base_pri = 187 '»', td_priority = 40 '(',
td_pcb = 0xcc3e5da0, td_state = TDS_SLP, td_slpcallout = {c_links =
{sle = {
sle_next = 0x0}, tqe = {tqe_next = 0x0, tqe_prev = 0xc0f0c510}},
c_time = 23481, c_arg = 0xc0f0c600,
c_func = 0xc01cc450 <cv_timedwait_end>, c_flags = 14},
td_frame = 0xcc3e5d48, td_kstack_obj = 0xc083312c, td_kstack =
3426631680,
td_critnest = 1}
(kgdb) print m
$4 = (struct mtx *) 0x28
(kgdb)
>
> Hmm, one thing to note is that the tcbinfo_mtx pointer isn't ever
> used or assigned.
>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3D418599.6000108>