Latest -current complete lockup (tcp changes?)
Pawel Worach
pawel.worach at gmail.com
Sat Mar 24 17:40:57 UTC 2007
Andrey Chernov wrote:
> Very recent -current cause complete lockup in case and after small amount
> of network activity happens. No panic, no ddb console - nothing just
> lockup. Previously working kernel is from Mar 22. I suspect
> recent round of TCP changes.
>
Here is what I see which is tcp related.
Fatal trap 12: page fault while in kernel mode
fault virtual address = 0x34
fault code = supervisor read, page not present
instruction pointer = 0x20:0xc074c3be
stack pointer = 0x28:0xe40a58fc
frame pointer = 0x28:0xe40a5960
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, def32 1, gran 1
processor eflags = interrupt enabled, resume, IOPL = 0
current process = 32 (ath0 taskq)
trap number = 12
panic: page fault
KDB: stack backtrace:
db_trace_self_wrapper(c078b6d3,e40a57ac,c054aef7,c0789c9f,c07fda40,...)
at db_trace_self_wrapper+0x26
kdb_backtrace(c0789c9f,c07fda40,c077d50b,e40a57b8,100,...) at
kdb_backtrace+0x2e
panic(c077d50b,c07a486b,c3bb2cf0,1,1,...) at panic+0xb7
trap_fatal(e40a58bc,34,1,0,c0741a9a,...) at trap_fatal+0x342
trap_pfault(e40a58bc,0,34,f0f70257,34,...) at trap_pfault+0x225
trap(e40a58bc) at trap+0x3cc
calltrap() at calltrap+0x6
--- trap 0xc, eip = 0xc074c3be, esp = 0xe40a58fc, ebp = 0xe40a5960 ---
generic_bcopy(c3fc43a0,e40a5988,730c3ea5,0,e40a597c,...) at
generic_bcopy+0x1a
tcp_do_segment(c3d93a00,c3f6a840,c4ba2ae0,c3fc43a0,34,...) at
tcp_do_segment+0xf92
tcp_input(c3d93a00,14,c3ba3c00,1,0,...) at tcp_input+0xd87
ip_input(c3d93a00,800,800,c3ba3c00,800,...) at ip_input+0x72c
netisr_dispatch(2,c3d93a00,3,0,3,...) at netisr_dispatch+0x4d
ether_demux(c3ba3c00,c3d93a00,3,0,3,...) at ether_demux+0x1cf
ether_input(c3ba3c00,c3d93a00,c3ea0098,c3d93a00,1c,...) at ether_input+0x3b6
ieee80211_deliver_data(c3d93a00,e40a5c24,6,1c,c07c4480,...) at
ieee80211_deliver_data+0x7d
ieee80211_input(c3bd8230,c3d93a00,c3ea0000,2e,25f7,...) at
ieee80211_input+0xb19
ath_rx_proc(c3bd8000,1,0,0,0,...) at ath_rx_proc+0x3f9
taskqueue_run(c3bb8a00,c3bb8a1c,0,c07816dc,0,...) at taskqueue_run+0x12d
taskqueue_thread_loop(c3bd8db4,e40a5d38,74d28524,40498b17,3b9c4d89,...)
at taskqueue_thread_loop+0x98
fork_exit(c05796e0,c3bd8db4,e40a5d38) at fork_exit+0x80
fork_trampoline() at fork_trampoline+0x8
--- trap 0, eip = 0, esp = 0xe40a5d70, ebp = 0 ---
Uptime: 9h8m38s
Physical memory: 1014 MB
Dumping 159 MB: (CTRL-C to abort) (CTRL-C to abort) (CTRL-C to abort)
(CTRL-C to abort) 144 128 112 96 80 64 48 32 16
#0 doadump () at pcpu.h:172
172 pcpu.h: No such file or directory.
in pcpu.h
(kgdb) bt
#0 doadump () at pcpu.h:172
#1 0xc054ac26 in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:409
#2 0xc054af8d in panic (fmt=0xc077d50b "%s")
at /usr/src/sys/kern/kern_shutdown.c:563
#3 0xc074e952 in trap_fatal (frame=0xe40a58bc, eva=52)
at /usr/src/sys/i386/i386/trap.c:868
#4 0xc074e5e5 in trap_pfault (frame=0xe40a58bc, usermode=0, eva=52)
at /usr/src/sys/i386/i386/trap.c:777
#5 0xc074e15c in trap (frame=0xe40a58bc) at
/usr/src/sys/i386/i386/trap.c:462
#6 0xc073cf7b in calltrap () at /usr/src/sys/i386/i386/exception.s:139
#7 0xc074c3be in generic_bcopy () at /usr/src/sys/i386/i386/support.s:489
Previous frame inner to this frame (corrupt stack?)
(kgdb) l *tcp_do_segment+0xf92
0xc06576f2 is in tcp_do_segment (/usr/src/sys/netinet/tcp_input.c:1901).
1896 }
1897 if (tp->sack_enable &&
1898 ((to.to_flags & TOF_SACK) ||
1899 !TAILQ_EMPTY(&tp->snd_holes)))
1900 tcp_sack_doack(tp, &to, th->th_ack);
1901 if (SEQ_LEQ(th->th_ack, tp->snd_una)) {
1902 if (tlen == 0 && tiwin == tp->snd_wnd) {
1903 tcpstat.tcps_rcvdupack++;
1904 /*
1905 * If we have outstanding data
(other than
(kgdb) l *tcp_input+0xd87
0xc0656677 is in tcp_input (/usr/src/sys/netinet/tcp_input.c:1004).
999 /*
1000 * Segment belongs to a connection in SYN_SENT,
ESTABLISHED or
1001 * later state. tcp_do_segment() always consumes the
mbuf chain
1002 * and unlocks the inpcb.
1003 */
1004 if (tcp_do_segment(m, th, so, tp, drop_hdrlen, tlen))
1005 goto findpcb; /* XXX: TIME_WAIT was nuked. */
1006 return;
1007
1008 dropwithreset:
# ident /usr/src/sys/netinet/tcp_input.c
/usr/src/sys/netinet/tcp_input.c:
$FreeBSD: src/sys/netinet/tcp_input.c,v 1.328 2007/03/23 20:16:50
andre Exp $
--
Pawel
More information about the freebsd-current
mailing list