trap 12: supervisor write, page not present on 6.1-STABLE Tue May 16 2006

Stanislaw Halik sthalik at tehran.lain.pl
Fri Jun 30 12:06:14 UTC 2006 

On Wed, Jun 28, 2006, Robert Watson wrote:

>>>> 6.1-STABLE crashed on me. I'm providing a backtrace. Could any of you,
>>>> experienced people, suggest me if it's a hardware problem or is it an
>>>> error inside the OS?
>>> This is a known bug in the TCP code; a large set of outstanding changes 
>>> is present in 7.x that will fix the problem when merged.  However, I 
>>> recently had push-back on merging the larger batch of changes, so am 
>>> looking at merging a workaround that will also correct the problem 
>>> without the larger set of architectural changes.  I hope to have a chance 
>>> to look at that in detail this weekend.

>> I'm glad to know that it isn't either unknown or hardware-related. Thank 
>> you for your prompt reply!

> Per my earlier e-mail, I had hoped to merge a larger set of changes from 
> HEAD that resolve the underlying problem here (that inpcb's can be detached 
> from a socket while the socket is still in use), but right now I'm 
> deferring merging those changes as they are somewhat risky (as they are 
> large).  Instead, I've produced a candidate work-around patch, now attached 
> to kern/97095.  This does not fix the underlying problem, but seeks to 
> narrow the window for the race to be exercised by avoiding caching a 
> volatile pointer across user memory copying, which under load can result in 
> blocking I/O.  I would be quite interested in knowing if this resolves the 
> problem in practice -- if so, it's a definite short-term merge candidate to 
> reduce the symptoms of this problem until the proper fix can be merged.

Unfortunately, it still happens to crash in the same code path:

(kgdb) up 7
#7  0xc058e947 in ip_ctloutput (so=0x0, sopt=0xd67f2c80) at
/usr/src/sys/netinet/ip_output.c:1216
1216                                    inp->inp_ip_tos = optval;
(kgdb) l /usr/src/sys/netinet/ip_output.c:1216
1211                                    break;
1212
1213                            inp = sotoinpcb(so);
1214                            switch (sopt->sopt_name) {
1215                            case IP_TOS:
1216                                    inp->inp_ip_tos = optval;
1217                                    break;
1218
1219                            case IP_TTL:
1220                                    inp->inp_ip_ttl = optval;
(kgdb) p inp
$1 = (struct inpcb *) 0x0

I'll be happy to test any other patches when they're available.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20060630/672cb1de/attachment.pgp

More information about the freebsd-stable mailing list