Date: Fri, 30 Jun 2006 14:08:12 +0200 From: Stanislaw Halik <sthalik@tehran.lain.pl> To: freebsd-stable@freebsd.org Subject: Re: trap 12: supervisor write, page not present on 6.1-STABLE Tue May 16 2006 Message-ID: <20060630120812.GA2380@tehran.lain.pl> In-Reply-To: <20060628101405.I50845@fledge.watson.org> References: <20060627045310.GA6324@tehran.lain.pl> <20060627140946.J273@fledge.watson.org> <20060627134134.GA23337@tehran.lain.pl> <20060628101405.I50845@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --]
On Wed, Jun 28, 2006, Robert Watson wrote:
>>>> 6.1-STABLE crashed on me. I'm providing a backtrace. Could any of you,
>>>> experienced people, suggest me if it's a hardware problem or is it an
>>>> error inside the OS?
>>> This is a known bug in the TCP code; a large set of outstanding changes
>>> is present in 7.x that will fix the problem when merged. However, I
>>> recently had push-back on merging the larger batch of changes, so am
>>> looking at merging a workaround that will also correct the problem
>>> without the larger set of architectural changes. I hope to have a chance
>>> to look at that in detail this weekend.
>> I'm glad to know that it isn't either unknown or hardware-related. Thank
>> you for your prompt reply!
> Per my earlier e-mail, I had hoped to merge a larger set of changes from
> HEAD that resolve the underlying problem here (that inpcb's can be detached
> from a socket while the socket is still in use), but right now I'm
> deferring merging those changes as they are somewhat risky (as they are
> large). Instead, I've produced a candidate work-around patch, now attached
> to kern/97095. This does not fix the underlying problem, but seeks to
> narrow the window for the race to be exercised by avoiding caching a
> volatile pointer across user memory copying, which under load can result in
> blocking I/O. I would be quite interested in knowing if this resolves the
> problem in practice -- if so, it's a definite short-term merge candidate to
> reduce the symptoms of this problem until the proper fix can be merged.
Unfortunately, it still happens to crash in the same code path:
(kgdb) up 7
#7 0xc058e947 in ip_ctloutput (so=0x0, sopt=0xd67f2c80) at
/usr/src/sys/netinet/ip_output.c:1216
1216 inp->inp_ip_tos = optval;
(kgdb) l /usr/src/sys/netinet/ip_output.c:1216
1211 break;
1212
1213 inp = sotoinpcb(so);
1214 switch (sopt->sopt_name) {
1215 case IP_TOS:
1216 inp->inp_ip_tos = optval;
1217 break;
1218
1219 case IP_TTL:
1220 inp->inp_ip_ttl = optval;
(kgdb) p inp
$1 = (struct inpcb *) 0x0
I'll be happy to test any other patches when they're available.
[-- Attachment #2 --]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (FreeBSD)
iD8DBQFEpRQradU+vjT62TERAjJrAJ0bWpv8wC6K2BAelp8POEoXqYmgigCfbJUG
aQLckZG3f03/qf3S8mXQsAw=
=9bjz
-----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060630120812.GA2380>