panic in dummynet

Luigi Rizzo rizzo at iet.unipi.it
Thu Mar 24 09:31:14 UTC 2011 

On Thu, Mar 24, 2011 at 12:02:03PM +0300, Sergey Kandaurov wrote:
> On 21 March 2011 12:43, Sergey Kandaurov <pluknet at gmail.com> wrote:
> > Hi.
> >
> > This is a 8.1 box, not very much loaded.
> > It has two simple dummynet rules.
> > That's the first time it panics there. Any hints?
> >
> > db> x/s *panicstr
> > 0: ? ? ?*** error reading from address 0 ***
> > db> bt
> > Tracing pid 0 tid 100116 td 0xffffff000ab057c0
> > m_copym() at m_copym+0x37
> > ip_fragment() at ip_fragment+0x132
> > ip_output() at ip_output+0xeef
> > dummynet_send() at dummynet_send+0x14c
> > dummynet_task() at dummynet_task+0x1b7
> > taskqueue_run() at taskqueue_run+0x93
> > taskqueue_thread_loop() at taskqueue_thread_loop+0x46
> > fork_exit() at fork_exit+0x118
> > fork_trampoline() at fork_trampoline+0xe
> > --- trap 0, rip = 0, rsp = 0xffffff8399222d30, rbp = 0 ---
> >
> 
> Hmm.. Another crash today.
> Looks like it might be due to race with bce intr handler.

it is possible, but i wonder if this is a device-specific issue.

Otherwise this kind of race would be present in every machine using
dummynet -- all packets delayed by dummynet are sent out from the
taskqueue using the above path.

cheers
luigi

> Fatal trap 12: page fault while in kernel mode
> cpuid = 0; apic id = 00
> fault virtual address   = 0x18
> fault code              = supervisor read data, page not present
> instruction pointer     = 0x20:0xffffffff80611587
> stack pointer           = 0x28:0xffffff82b41da960
> frame pointer           = 0x28:0xffffff82b41da9c0
> code segment            = base 0x0, limit 0xfffff, type 0x1b
>                         = DPL 0, pres 1, long 1, def32 0, gran 1
> processor eflags        = interrupt enabled, resume, IOPL = 0
> current process         = 0 (dummynet)
> 
> db> bt
> Tracing pid 0 tid 100121 td 0xffffff00094177c0
> m_copym() at m_copym+0x37
> ip_fragment() at ip_fragment+0x132
> ip_output() at ip_output+0xeef
> dummynet_send() at dummynet_send+0x14c
> dummynet_task() at dummynet_task+0x1b7
> taskqueue_run() at taskqueue_run+0x93
> taskqueue_thread_loop() at taskqueue_thread_loop+0x46
> fork_exit() at fork_exit+0x118
> fork_trampoline() at fork_trampoline+0xe
> --- trap 0, rip = 0, rsp = 0xffffff82b41dad30, rbp = 0 ---
> 
> cpuid        = 0
> curthread    = 0xffffff00094177c0: pid 0 "dummynet"
> cpuid        = 1
> curthread    = 0xffffff00029a23e0: pid 12 "irq257: bce1"
> cpuid        = 2
> curthread    = 0xffffff00026fc3e0: pid 12 "swi4: clock"
> 
> 100039                   Run     CPU 1                       [irq257: bce1]
> 100038                   RunQ                                [irq256: bce0]
> 100012                   Run     CPU 2                       [swi4: clock]
> 
> db> bt 100039
> Tracing pid 12 tid 100039 td 0xffffff00029a23e0
> cpustop_handler() at cpustop_handler+0x40
> ipi_nmi_handler() at ipi_nmi_handler+0x30
> trap() at trap+0x175
> nmi_calltrap() at nmi_calltrap+0x8
> --- trap 0x13, rip = 0xffffffff805c62e4, rsp = 0xffffff8000052fe0, rbp = 0xfffff
> f82b155d7b0 ---
> callout_lock() at callout_lock+0x54
> callout_reset_on() at callout_reset_on+0x43
> tcp_do_segment() at tcp_do_segment+0x508
> tcp_input() at tcp_input+0xd22
> ip_input() at ip_input+0xad
> netisr_dispatch_src() at netisr_dispatch_src+0x7e
> ether_demux() at ether_demux+0x14d
> ether_input() at ether_input+0x17b
> ether_demux() at ether_demux+0x6f
> ether_input() at ether_input+0x17b
> bce_intr() at bce_intr+0x3b0
> intr_event_execute_handlers() at intr_event_execute_handlers+0xfd
> ithread_loop() at ithread_loop+0x8e
> fork_exit() at fork_exit+0x118
> fork_trampoline() at fork_trampoline+0xe
> --- trap 0, rip = 0, rsp = 0xffffff82b155dd30, rbp = 0 ---
> 
> db> bt 100038
> Tracing pid 12 tid 100038 td 0xffffff00029a27c0
> sched_switch() at sched_switch+0xea
> mi_switch() at mi_switch+0x16f
> ithread_loop() at ithread_loop+0x1d0
> fork_exit() at fork_exit+0x118
> fork_trampoline() at fork_trampoline+0xe
> --- trap 0, rip = 0, rsp = 0xffffff82b1554d30, rbp = 0 ---
> 
> db> bt 100012
> Tracing pid 12 tid 100012 td 0xffffff00026fc3e0
> cpustop_handler() at cpustop_handler+0x40
> ipi_nmi_handler() at ipi_nmi_handler+0x30
> trap() at trap+0x175
> nmi_calltrap() at nmi_calltrap+0x8
> --- trap 0x13, rip = 0xffffffff808a8270, rsp = 0xffffff8000059fe0, rbp
> = 0xffffff80000c9bd0 ---
> Xinvlpg() at Xinvlpg
> ithread_loop() at ithread_loop+0x142
> fork_exit() at fork_exit+0x118
> fork_trampoline() at fork_trampoline+0xe
> --- trap 0, rip = 0, rsp = 0xffffff80000c9d30, rbp = 0 ---
> 
> 
> -- 
> wbr,
> pluknet
> _______________________________________________
> freebsd-net at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe at freebsd.org"

More information about the freebsd-net mailing list