Date: Sat, 24 Mar 2007 18:12:59 +0100 From: Pawel Worach <pawel.worach@gmail.com> To: Andrey Chernov <ache@freebsd.org>, current@freebsd.org Subject: Re: Latest -current complete lockup (tcp changes?) Message-ID: <46055C1B.3000505@gmail.com> In-Reply-To: <20070324124732.GA767@nagual.pp.ru> References: <20070324124732.GA767@nagual.pp.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
Andrey Chernov wrote: > Very recent -current cause complete lockup in case and after small amount > of network activity happens. No panic, no ddb console - nothing just > lockup. Previously working kernel is from Mar 22. I suspect > recent round of TCP changes. > Here is what I see which is tcp related. Fatal trap 12: page fault while in kernel mode fault virtual address = 0x34 fault code = supervisor read, page not present instruction pointer = 0x20:0xc074c3be stack pointer = 0x28:0xe40a58fc frame pointer = 0x28:0xe40a5960 code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, def32 1, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 32 (ath0 taskq) trap number = 12 panic: page fault KDB: stack backtrace: db_trace_self_wrapper(c078b6d3,e40a57ac,c054aef7,c0789c9f,c07fda40,...) at db_trace_self_wrapper+0x26 kdb_backtrace(c0789c9f,c07fda40,c077d50b,e40a57b8,100,...) at kdb_backtrace+0x2e panic(c077d50b,c07a486b,c3bb2cf0,1,1,...) at panic+0xb7 trap_fatal(e40a58bc,34,1,0,c0741a9a,...) at trap_fatal+0x342 trap_pfault(e40a58bc,0,34,f0f70257,34,...) at trap_pfault+0x225 trap(e40a58bc) at trap+0x3cc calltrap() at calltrap+0x6 --- trap 0xc, eip = 0xc074c3be, esp = 0xe40a58fc, ebp = 0xe40a5960 --- generic_bcopy(c3fc43a0,e40a5988,730c3ea5,0,e40a597c,...) at generic_bcopy+0x1a tcp_do_segment(c3d93a00,c3f6a840,c4ba2ae0,c3fc43a0,34,...) at tcp_do_segment+0xf92 tcp_input(c3d93a00,14,c3ba3c00,1,0,...) at tcp_input+0xd87 ip_input(c3d93a00,800,800,c3ba3c00,800,...) at ip_input+0x72c netisr_dispatch(2,c3d93a00,3,0,3,...) at netisr_dispatch+0x4d ether_demux(c3ba3c00,c3d93a00,3,0,3,...) at ether_demux+0x1cf ether_input(c3ba3c00,c3d93a00,c3ea0098,c3d93a00,1c,...) at ether_input+0x3b6 ieee80211_deliver_data(c3d93a00,e40a5c24,6,1c,c07c4480,...) at ieee80211_deliver_data+0x7d ieee80211_input(c3bd8230,c3d93a00,c3ea0000,2e,25f7,...) at ieee80211_input+0xb19 ath_rx_proc(c3bd8000,1,0,0,0,...) at ath_rx_proc+0x3f9 taskqueue_run(c3bb8a00,c3bb8a1c,0,c07816dc,0,...) at taskqueue_run+0x12d taskqueue_thread_loop(c3bd8db4,e40a5d38,74d28524,40498b17,3b9c4d89,...) at taskqueue_thread_loop+0x98 fork_exit(c05796e0,c3bd8db4,e40a5d38) at fork_exit+0x80 fork_trampoline() at fork_trampoline+0x8 --- trap 0, eip = 0, esp = 0xe40a5d70, ebp = 0 --- Uptime: 9h8m38s Physical memory: 1014 MB Dumping 159 MB: (CTRL-C to abort) (CTRL-C to abort) (CTRL-C to abort) (CTRL-C to abort) 144 128 112 96 80 64 48 32 16 #0 doadump () at pcpu.h:172 172 pcpu.h: No such file or directory. in pcpu.h (kgdb) bt #0 doadump () at pcpu.h:172 #1 0xc054ac26 in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:409 #2 0xc054af8d in panic (fmt=0xc077d50b "%s") at /usr/src/sys/kern/kern_shutdown.c:563 #3 0xc074e952 in trap_fatal (frame=0xe40a58bc, eva=52) at /usr/src/sys/i386/i386/trap.c:868 #4 0xc074e5e5 in trap_pfault (frame=0xe40a58bc, usermode=0, eva=52) at /usr/src/sys/i386/i386/trap.c:777 #5 0xc074e15c in trap (frame=0xe40a58bc) at /usr/src/sys/i386/i386/trap.c:462 #6 0xc073cf7b in calltrap () at /usr/src/sys/i386/i386/exception.s:139 #7 0xc074c3be in generic_bcopy () at /usr/src/sys/i386/i386/support.s:489 Previous frame inner to this frame (corrupt stack?) (kgdb) l *tcp_do_segment+0xf92 0xc06576f2 is in tcp_do_segment (/usr/src/sys/netinet/tcp_input.c:1901). 1896 } 1897 if (tp->sack_enable && 1898 ((to.to_flags & TOF_SACK) || 1899 !TAILQ_EMPTY(&tp->snd_holes))) 1900 tcp_sack_doack(tp, &to, th->th_ack); 1901 if (SEQ_LEQ(th->th_ack, tp->snd_una)) { 1902 if (tlen == 0 && tiwin == tp->snd_wnd) { 1903 tcpstat.tcps_rcvdupack++; 1904 /* 1905 * If we have outstanding data (other than (kgdb) l *tcp_input+0xd87 0xc0656677 is in tcp_input (/usr/src/sys/netinet/tcp_input.c:1004). 999 /* 1000 * Segment belongs to a connection in SYN_SENT, ESTABLISHED or 1001 * later state. tcp_do_segment() always consumes the mbuf chain 1002 * and unlocks the inpcb. 1003 */ 1004 if (tcp_do_segment(m, th, so, tp, drop_hdrlen, tlen)) 1005 goto findpcb; /* XXX: TIME_WAIT was nuked. */ 1006 return; 1007 1008 dropwithreset: # ident /usr/src/sys/netinet/tcp_input.c /usr/src/sys/netinet/tcp_input.c: $FreeBSD: src/sys/netinet/tcp_input.c,v 1.328 2007/03/23 20:16:50 andre Exp $ -- Pawel
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?46055C1B.3000505>