From owner-freebsd-current@FreeBSD.ORG Sat Mar 24 17:40:57 2007 Return-Path: X-Original-To: current@freebsd.org Delivered-To: freebsd-current@FreeBSD.ORG Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 1BBCC16A400 for ; Sat, 24 Mar 2007 17:40:57 +0000 (UTC) (envelope-from pawel.worach@gmail.com) Received: from mu-out-0910.google.com (mu-out-0910.google.com [209.85.134.191]) by mx1.freebsd.org (Postfix) with ESMTP id 8D70613C4AD for ; Sat, 24 Mar 2007 17:40:56 +0000 (UTC) (envelope-from pawel.worach@gmail.com) Received: by mu-out-0910.google.com with SMTP id g7so2123043muf for ; Sat, 24 Mar 2007 10:40:55 -0700 (PDT) DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:user-agent:mime-version:to:subject:references:in-reply-to:content-type:content-transfer-encoding; b=Wt9Ydo0lRswYbfH05GMmudTbQ3p6OGuCHtrpR6j851nJXqjk7bB5yb0VtDMUjqlI3zlDcYzIYTI/D8399NN2qy2SBRvqyYLpbG83Y5BVrjUPsuE5LRXYi5OpZL6zjxyVEz47oPWKsFhrlu37bVhNm9phKjEKO4YDCsWoDag5dV8= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:user-agent:mime-version:to:subject:references:in-reply-to:content-type:content-transfer-encoding; b=HtWZhjm9aPs8VMSVwmkd8voxZmK0RvL30JBhsrJyrlJNaCkkG1uH8IAwCPak2o/JwebsvfDNZNz/1/zk22RMqKiFLZVHNzCrb0r0WGsyArW2/wDE5kWhIXiE4ZsSXqfO43p030P0cpwVTv6Cveda3v1Vq5oaIQN+zemAKGjac8Q= Received: by 10.82.175.2 with SMTP id x2mr9630899bue.1174756385947; Sat, 24 Mar 2007 10:13:05 -0700 (PDT) Received: from ibm-se82151.se.ibm.com ( [80.217.194.157]) by mx.google.com with ESMTP id j9sm20655015mue.2007.03.24.10.13.03; Sat, 24 Mar 2007 10:13:05 -0700 (PDT) Message-ID: <46055C1B.3000505@gmail.com> Date: Sat, 24 Mar 2007 18:12:59 +0100 From: Pawel Worach User-Agent: Thunderbird 2.0pre (X11/20070318) MIME-Version: 1.0 To: Andrey Chernov , current@freebsd.org References: <20070324124732.GA767@nagual.pp.ru> In-Reply-To: <20070324124732.GA767@nagual.pp.ru> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: Subject: Re: Latest -current complete lockup (tcp changes?) X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 24 Mar 2007 17:40:57 -0000 Andrey Chernov wrote: > Very recent -current cause complete lockup in case and after small amount > of network activity happens. No panic, no ddb console - nothing just > lockup. Previously working kernel is from Mar 22. I suspect > recent round of TCP changes. > Here is what I see which is tcp related. Fatal trap 12: page fault while in kernel mode fault virtual address = 0x34 fault code = supervisor read, page not present instruction pointer = 0x20:0xc074c3be stack pointer = 0x28:0xe40a58fc frame pointer = 0x28:0xe40a5960 code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, def32 1, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 32 (ath0 taskq) trap number = 12 panic: page fault KDB: stack backtrace: db_trace_self_wrapper(c078b6d3,e40a57ac,c054aef7,c0789c9f,c07fda40,...) at db_trace_self_wrapper+0x26 kdb_backtrace(c0789c9f,c07fda40,c077d50b,e40a57b8,100,...) at kdb_backtrace+0x2e panic(c077d50b,c07a486b,c3bb2cf0,1,1,...) at panic+0xb7 trap_fatal(e40a58bc,34,1,0,c0741a9a,...) at trap_fatal+0x342 trap_pfault(e40a58bc,0,34,f0f70257,34,...) at trap_pfault+0x225 trap(e40a58bc) at trap+0x3cc calltrap() at calltrap+0x6 --- trap 0xc, eip = 0xc074c3be, esp = 0xe40a58fc, ebp = 0xe40a5960 --- generic_bcopy(c3fc43a0,e40a5988,730c3ea5,0,e40a597c,...) at generic_bcopy+0x1a tcp_do_segment(c3d93a00,c3f6a840,c4ba2ae0,c3fc43a0,34,...) at tcp_do_segment+0xf92 tcp_input(c3d93a00,14,c3ba3c00,1,0,...) at tcp_input+0xd87 ip_input(c3d93a00,800,800,c3ba3c00,800,...) at ip_input+0x72c netisr_dispatch(2,c3d93a00,3,0,3,...) at netisr_dispatch+0x4d ether_demux(c3ba3c00,c3d93a00,3,0,3,...) at ether_demux+0x1cf ether_input(c3ba3c00,c3d93a00,c3ea0098,c3d93a00,1c,...) at ether_input+0x3b6 ieee80211_deliver_data(c3d93a00,e40a5c24,6,1c,c07c4480,...) at ieee80211_deliver_data+0x7d ieee80211_input(c3bd8230,c3d93a00,c3ea0000,2e,25f7,...) at ieee80211_input+0xb19 ath_rx_proc(c3bd8000,1,0,0,0,...) at ath_rx_proc+0x3f9 taskqueue_run(c3bb8a00,c3bb8a1c,0,c07816dc,0,...) at taskqueue_run+0x12d taskqueue_thread_loop(c3bd8db4,e40a5d38,74d28524,40498b17,3b9c4d89,...) at taskqueue_thread_loop+0x98 fork_exit(c05796e0,c3bd8db4,e40a5d38) at fork_exit+0x80 fork_trampoline() at fork_trampoline+0x8 --- trap 0, eip = 0, esp = 0xe40a5d70, ebp = 0 --- Uptime: 9h8m38s Physical memory: 1014 MB Dumping 159 MB: (CTRL-C to abort) (CTRL-C to abort) (CTRL-C to abort) (CTRL-C to abort) 144 128 112 96 80 64 48 32 16 #0 doadump () at pcpu.h:172 172 pcpu.h: No such file or directory. in pcpu.h (kgdb) bt #0 doadump () at pcpu.h:172 #1 0xc054ac26 in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:409 #2 0xc054af8d in panic (fmt=0xc077d50b "%s") at /usr/src/sys/kern/kern_shutdown.c:563 #3 0xc074e952 in trap_fatal (frame=0xe40a58bc, eva=52) at /usr/src/sys/i386/i386/trap.c:868 #4 0xc074e5e5 in trap_pfault (frame=0xe40a58bc, usermode=0, eva=52) at /usr/src/sys/i386/i386/trap.c:777 #5 0xc074e15c in trap (frame=0xe40a58bc) at /usr/src/sys/i386/i386/trap.c:462 #6 0xc073cf7b in calltrap () at /usr/src/sys/i386/i386/exception.s:139 #7 0xc074c3be in generic_bcopy () at /usr/src/sys/i386/i386/support.s:489 Previous frame inner to this frame (corrupt stack?) (kgdb) l *tcp_do_segment+0xf92 0xc06576f2 is in tcp_do_segment (/usr/src/sys/netinet/tcp_input.c:1901). 1896 } 1897 if (tp->sack_enable && 1898 ((to.to_flags & TOF_SACK) || 1899 !TAILQ_EMPTY(&tp->snd_holes))) 1900 tcp_sack_doack(tp, &to, th->th_ack); 1901 if (SEQ_LEQ(th->th_ack, tp->snd_una)) { 1902 if (tlen == 0 && tiwin == tp->snd_wnd) { 1903 tcpstat.tcps_rcvdupack++; 1904 /* 1905 * If we have outstanding data (other than (kgdb) l *tcp_input+0xd87 0xc0656677 is in tcp_input (/usr/src/sys/netinet/tcp_input.c:1004). 999 /* 1000 * Segment belongs to a connection in SYN_SENT, ESTABLISHED or 1001 * later state. tcp_do_segment() always consumes the mbuf chain 1002 * and unlocks the inpcb. 1003 */ 1004 if (tcp_do_segment(m, th, so, tp, drop_hdrlen, tlen)) 1005 goto findpcb; /* XXX: TIME_WAIT was nuked. */ 1006 return; 1007 1008 dropwithreset: # ident /usr/src/sys/netinet/tcp_input.c /usr/src/sys/netinet/tcp_input.c: $FreeBSD: src/sys/netinet/tcp_input.c,v 1.328 2007/03/23 20:16:50 andre Exp $ -- Pawel