Date: Wed, 19 Jul 2006 09:34:26 -0400 From: Randall Stewart <rrs@cisco.com> To: Pawel Worach <pawel.worach@gmail.com> Cc: freebsd-net@freebsd.org Subject: Re: SCTP Message-ID: <44BE34E2.7070603@cisco.com> In-Reply-To: <d227e09e0607181323q18e53947p942c944602c43cfe@mail.gmail.com> References: <44BB7A92.9080008@cisco.com> <d227e09e0607181323q18e53947p942c944602c43cfe@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Pawel: I see at least one thing wrong with the sctp_sendmsg() code... I just recently added the iov.... and the order of where bad:/ bad2:/ bad1: goes is wrong.. Now, the MAC stuff I have never enabled (at least I don't think so).. and I see that in this trace it seems the MAC stuff is calling to deallocate the socket directly... I am not sure if the crash is related to the wrong bad calls.. which would do a free() when it should not on the iov.. that can't be good.. but also not sure of the deallocate() stuff... The bad stuff is easy to fix.. and I will get a new patch prepared.. (I also will see if I can't update to current again.. and thus eliminate your syscall conflict).. But I want to look a bit into this mac_destroy_socket() path... R Pawel Worach wrote: > On 7/17/06, Randall Stewart <rrs@cisco.com> wrote: > >> All: >> >> Just a friendly reminder/prod... if you have started >> testing SCTP.. thats great (any feedback?).. >> and if you have not .. please do so :-D > > > Hi, > > I played around a bit with NetPIPE, FreeBSD-CURRENT in one end and > Linux 2.6.17 in the other over a gigabit crossover cable network, 1500 > MTU. FreeBSD crashes after a while. I do have MAC enabled (no policy > modules loaded at the time), it looks like it is involved. I think I > can reproduce this, made it happen on both attempts. > > For the record, I modified the patch a bit to make it compile, the > syscalls numbers collide with new threading syscalls added recently, > so I moved the thr syscalls up a notch. And I removed this #ifdef MAC > part of the patch due to duplicate sctp_bad labels. > > +#ifdef MAC > +sctp_bad: > +#endif > + sctp_bad: > + free(iov, M_IOV); > > Any more info I can provide ? > > ~/sctp/np> ./NPsctp -h 192.168.10.1 > ... > 68: 16384 bytes 71 times --> 179.87 Mbps in 694.94 usec > 69: 16387 bytes 71 times --> 178.78 Mbps in 699.33 usec > 70: 24573 bytes 71 times --> 198.43 Mbps in 944.80 usec > 71: 24576 bytes 70 times --> 199.18 Mbps in 941.35 usec > 72: 24579 bytes 70 times --> 198.82 Mbps in 943.19 usec > 73: 32765 bytes 35 times --> 210.05 Mbps in 1190.07 usec > 74: 32768 bytes 42 times --> 208.48 Mbps in 1199.15 usec > 75: 32771 bytes 41 times --> 208.00 Mbps in 1202.03 usec > 76: 49149 bytes 41 times --> 234.43 Mbps in 1599.55 usec > 77: 49152 bytes 41 times --> 300.20 Mbps in 1249.17 usec > 78: 49155 bytes 53 times --> 299.66 Mbps in 1251.51 usec > 79: 65533 bytes 26 times --> 4.77 Mbps in 104844.52 usec > 80: 65536 bytes 3 times --> 3.70 Mbps in 135258.48 usec > 81: 65539 bytes 3 times --> 3.70 Mbps in 135257.16 usec > 82: 98301 bytes 3 times --> 7.36 Mbps in 101946.00 usec > 83: 98304 bytes 3 times --> 7.36 Mbps in 101923.51 usec > 84: 98307 bytes 3 times --> 7.36 Mbps in 101945.48 usec > 85: 131069 bytes 3 times --> [stalls here] > > then a couple of seconds later... > > Fatal trap 12: page fault while in kernel mode > fault virtual address = 0x0 > fault code = supervisor write, page not present > instruction pointer = 0x20:0xc06a7e16 > stack pointer = 0x28:0xd35e5174 > frame pointer = 0x28:0xd35e5174 > code segment = base 0x0, limit 0xfffff, type 0x1b > = DPL 0, pres 1, def32 1, gran 1 > processor eflags = interrupt enabled, resume, IOPL = 0 > current process = 12 (swi1: net) > trap number = 12 > panic: page fault > KDB: stack backtrace: > kdb_backtrace(c078488a,c07e2500,c07790c0,d35e5028,100,...) at > kdb_backtrace+0x2e > panic(c07790c0,c079de93,c2466a70,1,1,...) at panic+0xb7 > trap_fatal(d35e5134,0,2,8,e5df6f6e,...) at trap_fatal+0x342 > trap_pfault(d35e5134,0,0,0,0,...) at trap_pfault+0x245 > trap(8,ffff0028,7fff0028,c104db80,0,...) at trap+0x3e3 > calltrap() at calltrap+0x5 > --- trap 0xc, eip = 0xc06a7e16, esp = 0xd35e5174, ebp = 0xd35e5174 --- > mac_labelzone_dtor(0,14,0,0,0,...) at mac_labelzone_dtor+0x6 > uma_zfree_arg(c104db80,0,0,d35e51d0,c06acfc4,...) at uma_zfree_arg+0x2f > mac_labelzone_free(0) at mac_labelzone_free+0x22 > mac_socket_label_free(0,c2ad4000,d35e5200,c0587da8,c2ad4000,...) at > mac_socket_label_free+0x94 > mac_destroy_socket(c2ad4000,40,0,c2ad4000,4,...) at mac_destroy_socket+0x18 > sodealloc(c2ad4000,c2ad4000,0,0,4,...) at sodealloc+0x168 > sofree(c2ad4000,0,0,0,c10372c8,...) at sofree+0x311 > sctp_inpcb_free(c2c98000,0,0,d35e52b4,c060c90d,...) at > sctp_inpcb_free+0x10d6 > sctp_free_assoc(c2c98000,c2cad958,0,c2cafcd0,d35e534c,...) at > sctp_free_assoc+0x1a5b > sctp_handle_shutdown_complete(c2cf3830,c2cad958,c2cafcd0,d35e534c,c0754bbe,...) > > at sctp_handle_shutdown_complete+0x228 > sctp_process_control(c2cea500,14,d35e5bb8,24,c2cf3824,...) at > sctp_process_control+0x1388 > sctp_common_input_processing(d35e5c30,14,20,24,c2cf3824,...) at > sctp_common_input_processing+0x87 > sctp_input(c2cea500,14,c255c800,1,0,...) at sctp_input+0x383 > ip_input(c2cea500,d35e5c88,c0553c65,8,0,...) at ip_input+0x70c > netisr_processqueue(c07e75b8,c2467870,c2467870,c24668d0,d35e5ce4,...) > at netisr_processqueue+0xe9 > swi_net(0,c2467870,80246,b9669622,c2467870,...) at swi_net+0x12f > ithread_execute_handlers(c24668d0,c2463500,c24668d0,c2467870,c24668d0,...) > at ithread_execute_handlers+0x188 > ithread_loop(c2433ad0,d35e5d38,0,0,c2433ad0,...) at ithread_loop+0x76 > fork_exit(c051d900,c2433ad0,d35e5d38) at fork_exit+0x7f > fork_trampoline() at fork_trampoline+0x8 > --- trap 0x1, eip = 0, esp = 0xd35e5d6c, ebp = 0 --- > Uptime: 27m28s > Physical memory: 502 MB > Dumping 68 MB: 53 37 21 5 > > #0 doadump () at pcpu.h:166 > 166 pcpu.h: No such file or directory. > in pcpu.h > (kgdb) bt > #0 doadump () at pcpu.h:166 > #1 0xc053c0b4 in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:409 > #2 0xc053c42d in panic (fmt=0xc07790c0 "%s") > at /usr/src/sys/kern/kern_shutdown.c:565 > #3 0xc074a2d2 in trap_fatal (frame=0xd35e5134, eva=0) > at /usr/src/sys/i386/i386/trap.c:869 > #4 0xc0749f65 in trap_pfault (frame=0xd35e5134, usermode=0, eva=0) > at /usr/src/sys/i386/i386/trap.c:778 > #5 0xc0749ab3 in trap (frame= > {tf_fs = 8, tf_es = -65496, tf_ds = 2147418152, tf_edi = > -1056646272, tf_esi = 0, tf_ebp = -748793484, tf_isp = -748793504, > tf_ebx = 0, tf_edx = 0, tf_ecx = 4, tf_eax = 0, tf_trapno = 12, tf_err > = 2, tf_eip = -1066762730, tf_cs = 32, tf_eflags = 66178, tf_esp = > -748793432, tf_ss = -1066463889}) > at /usr/src/sys/i386/i386/trap.c:463 > #6 0xc0738cfa in calltrap () at /usr/src/sys/i386/i386/exception.s:138 > #7 0xc06a7e16 in mac_labelzone_dtor (mem=0x0, size=20, arg=0x0) > at /usr/src/sys/security/mac/mac_label.c:74 > #8 0xc06f0d6f in uma_zfree_arg (zone=0xc104db80, item=0x0, udata=0x0) > at /usr/src/sys/vm/uma_core.c:2263 > #9 0xc06a7e72 in mac_labelzone_free (label=0x0) at uma.h:303 > #10 0xc06acfc4 in mac_socket_label_free (label=0x0) > at /usr/src/sys/security/mac/mac_socket.c:151 > #11 0xc06ad088 in mac_destroy_socket (socket=0xc2ad4000) > ---Type <return> to continue, or q <return> to quit--- > at /usr/src/sys/security/mac/mac_socket.c:168 > #12 0xc0587da8 in sodealloc (so=0xc2ad4000) > at /usr/src/sys/kern/uipc_socket.c:291 > #13 0xc0588971 in sofree (so=0xc2ad4000) at > /usr/src/sys/kern/uipc_socket.c:592 > #14 0xc0604986 in sctp_inpcb_free (inp=0xc2c98000, immediate=0) > at /usr/src/sys/netinet/sctp_pcb.c:2582 > #15 0xc060817b in sctp_free_assoc (inp=0xc2c98000, stcb=0xc2cad958, > from_inpcbfree=0) at /usr/src/sys/netinet/sctp_pcb.c:3896 > #16 0xc0617b58 in sctp_handle_shutdown_complete (cp=0xc2cf3830, > stcb=0xc2cad958, net=0x0) at /usr/src/sys/netinet/sctp_input.c:2500 > #17 0xc061a7d8 in sctp_process_control (m=0xc2cea500, iphlen=20, > offset=0xd35e5bb8, length=36, sh=0xc2cf3824, ch=0xc2cf3830, > inp=0xc2c98000, stcb=0xc2cad958, netp=0xd35e5bd0, > fwd_tsn_seen=0xd35e5b98) > at /usr/src/sys/netinet/sctp_input.c:4267 > #18 0xc061ad87 in sctp_common_input_processing (mm=0xd35e5c30, iphlen=20, > offset=32, length=36, sh=0xc2cf3824, ch=0xc2cf3830, inp=0xc2c98000, > stcb=0xc2cad958, net=0xc2cafcd0, ecn_bits=2 '\002') > at /usr/src/sys/netinet/sctp_input.c:4583 > #19 0xc061b5e3 in sctp_input (m=0xc2cea500, off=20) > at /usr/src/sys/netinet/sctp_input.c:4994 > #20 0xc05ec1ec in ip_input (m=0xc2cea500) > at /usr/src/sys/netinet/ip_input.c:658 > #21 0xc05d2de9 in netisr_processqueue (ni=0xc07e75b8) > ---Type <return> to continue, or q <return> to quit--- > at /usr/src/sys/net/netisr.c:236 > #22 0xc05d305f in swi_net (dummy=0x0) at /usr/src/sys/net/netisr.c:349 > #23 0xc051d808 in ithread_execute_handlers (p=0xc24668d0, ie=0xc2463500) > at /usr/src/sys/kern/kern_intr.c:662 > #24 0xc051d976 in ithread_loop (arg=0xc2433ad0) > at /usr/src/sys/kern/kern_intr.c:745 > #25 0xc051c38f in fork_exit (callout=0xc051d900 <ithread_loop>, arg=0x0, > frame=0x0) at /usr/src/sys/kern/kern_fork.c:822 > #26 0xc0738d5c in fork_trampoline () at > /usr/src/sys/i386/i386/exception.s:199 > -- Randall Stewart NSSTG - Cisco Systems Inc. 803-345-0369 <or> 815-342-5222 (cell)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?44BE34E2.7070603>