Re: panic with tcpdrop
- From: Robert Watson <rwatson@xxxxxxxxxxx>
- Date: Sat, 24 Nov 2007 16:23:10 +0000 (GMT)
On Fri, 23 Nov 2007, Rako wrote:
Sorry for not send this before.
The connection that i kill was in TIME_WAIT or FIN_WAIT_? state
Any other information, please, tell me.
Javier
Javier,
Indeed, it looks like sysctl_drop is not handling certain TCP states properly with respect to locking. This is probably my fault, as it looks like perhaps this was fallout from the socket<->inpcb reference cleanup work in 7.x. The attached patch may help, could you give it a try?
Robert N M Watson
Computer Laboratory
University of Cambridge
Index: tcp_subr.c
(kgdb) bt
#0 doadump () at pcpu.h:195
#1 0xc0788594 in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:409
#2 0xc07887bf in panic (fmt=Variable "fmt" is not available.
) at /usr/src/sys/kern/kern_shutdown.c:563
#3 0xc09ccb43 in trap_fatal (frame=0xd66589c0, eva=24) at /usr/src/sys/i386/i386/trap.c:872
#4 0xc09cd4dd in trap (frame=0xd66589c0) at /usr/src/sys/i386/i386/trap.c:277
#5 0xc09b68fb in calltrap () at /usr/src/sys/i386/i386/exception.s:139
#6 0xc07b8644 in turnstile_broadcast (ts=0x0, queue=0) at /usr/src/sys/kern/subr_turnstile.c:834
#7 0xc077ba02 in _mtx_unlock_sleep (m=0xc4c35288, opts=0, file=0x0, line=0) at /usr/src/sys/kern/kern_mutex.c:593
#8 0xc086ba27 in sysctl_drop (oidp=0xc0b0d2e0, arg1=0x0, arg2=0, req=0xd6658ba4) at /usr/src/sys/netinet/tcp_subr.c:2057
#9 0xc0791a87 in sysctl_root (oidp=Variable "oidp" is not available.
) at /usr/src/sys/kern/kern_sysctl.c:1306
#10 0xc0791bd4 in userland_sysctl (td=0xc38c0210, name=0xd6658c14, namelen=4, old=0x0, oldlenp=0x0, inkernel=0, new=0xbfbfeb90, newlen=256,
retval=0xd6658c10, flags=0) at /usr/src/sys/kern/kern_sysctl.c:1401
#11 0xc07928fd in __sysctl (td=0xc38c0210, uap=0xd6658cfc) at /usr/src/sys/kern/kern_sysctl.c:1336
#12 0xc09cd0f5 in syscall (frame=0xd6658d38) at /usr/src/sys/i386/i386/trap.c:1008
#13 0xc09b6960 in Xint0x80_syscall () at /usr/src/sys/i386/i386/exception.s:196
#14 0x00000033 in ?? ()
Previous frame inner to this frame (corrupt stack?)
(kgdb) f 8
#8 0xc086ba27 in sysctl_drop (oidp=0xc0b0d2e0, arg1=0x0, arg2=0, req=0xd6658ba4) at /usr/src/sys/netinet/tcp_subr.c:2057
2057 INP_UNLOCK(inp);
(kgdb) l
2052 } else if (!(inp->inp_vflag & INP_DROPPED) &&
2053 !(inp->inp_socket->so_options & SO_ACCEPTCONN)) {
2054 tp = intotcpcb(inp);
2055 tcp_drop(tp, ECONNABORTED);
2056 }
2057 INP_UNLOCK(inp);
2058 } else
2059 error = ESRCH;
2060 INP_INFO_WUNLOCK(&tcbinfo);
2061 return (error);
(kgdb)
On Fri, 23 Nov 2007, Javier wrote:
Hi, a got a panic with tcpdrop command.
Javier,
I see you may have a coredump -- could you provide a backtrace from gdb for the below? Specifically, I'd like to know what line sysctl_drop+0x207 is.
Thanks,
Robert N M Watson
Computer Laboratory
University of Cambridge
Regards,
Javier
uname -a
FreeBSD odin.valhala 7.0-BETA3 FreeBSD 7.0-BETA3 #0: Mon Nov 19 15:40:35 ART 2007
Fatal trap 12: page fault while in kernel mode
fault virtual address = 0x18
fault code = supervisor read, page not present
instruction pointer = 0x20:0xc07b8644
stack pointer = 0x28:0xd6658a00
frame pointer = 0x28:0xd6658a0c
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, def32 1, gran 1
processor eflags = resume, IOPL = 0
current process = 77347 (tcpdrop)
trap number = 12
panic: page fault
KDB: stack backtrace:
db_trace_self_wrapper(c0a5f1ea,d66588e0,c078878a,c0a5d5f4,c0b5bcc0,...) at db_trace_self_wrapper+0x26
kdb_backtrace(c0a5d5f4,c0b5bcc0,c0a1fb8c,d66588ec,d66588ec,...) at kdb_backtrace+0x29
panic(c0a1fb8c,c0a7c54d,c39ac220,1,1,...) at panic+0xaa
trap_fatal(c0a7c44f,c,246,c38c0210,c,...) at trap_fatal+0x303
trap(d66589c0) at trap+0x10d
calltrap() at calltrap+0x6
--- trap 0xc, eip = 0xc07b8644, esp = 0xd6658a00, ebp = 0xd6658a0c ---
turnstile_broadcast(0,0,c4c351f8,0,d6658b54,...) at turnstile_broadcast+0x34
_mtx_unlock_sleep(c4c35288,0,0,0,e103,...) at _mtx_unlock_sleep+0x52
sysctl_drop(c0b0d2e0,0,0,d6658ba4,d6658ba4,...) at sysctl_drop+0x207
sysctl_root(d6658ba4,100,1,c0937524,c1fbb1e0,...) at sysctl_root+0x127
userland_sysctl(c38c0210,d6658c14,4,0,0,...) at userland_sysctl+0x134
__sysctl(c38c0210,d6658cfc,18,c38c0210,d6658d2c,...) at __sysctl+0xdd
syscall(d6658d38) at syscall+0x335
Xint0x80_syscall() at Xint0x80_syscall+0x20
--- syscall (202, FreeBSD ELF32, __sysctl), eip = 0x28148a3b, esp = 0xbfbfe32c, ebp = 0xbfbfe358 ---
Uptime: 2d20h23m41s
Physical memory: 495 MB
Dumping 129 MB: 114 98 82 66 50 34 18 2
#0 doadump () at pcpu.h:195
195 pcpu.h: No such file or directory.
in pcpu.h
(kgdb)
_______________________________________________
freebsd-current@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscribe@xxxxxxxxxxx"
===================================================================
RCS file: /zoo/cvsup/FreeBSD-CVS/src/sys/netinet/tcp_subr.c,v
retrieving revision 1.301
diff -u -r1.301 tcp_subr.c
--- tcp_subr.c 24 Oct 2007 19:03:59 -0000 1.301
+++ tcp_subr.c 24 Nov 2007 14:11:22 -0000
@@ -2049,12 +2049,16 @@
tw = intotw(inp);
if (tw != NULL)
tcp_twclose(tw, 0);
+ else
+ INP_UNLOCK(inp);
} else if (!(inp->inp_vflag & INP_DROPPED) &&
!(inp->inp_socket->so_options & SO_ACCEPTCONN)) {
tp = intotcpcb(inp);
- tcp_drop(tp, ECONNABORTED);
- }
- INP_UNLOCK(inp);
+ tp = tcp_drop(tp, ECONNABORTED);
+ if (tp != NULL)
+ INP_UNLOCK(inp);
+ } else
+ INP_UNLOCK(inp);
} else
error = ESRCH;
INP_INFO_WUNLOCK(&tcbinfo);
_______________________________________________
freebsd-current@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscribe@xxxxxxxxxxx"
- Follow-Ups:
- Re: panic with tcpdrop
- From: Rako
- Re: panic with tcpdrop
- References:
- panic with tcpdrop
- From: Javier
- Re: panic with tcpdrop
- From: Robert Watson
- Re: panic with tcpdrop
- From: Rako
- panic with tcpdrop
- Prev by Date: Crashes with SDL and libthr
- Next by Date: Re: Can not boot 7.0-BETA3 with puc
- Previous by thread: Re: panic with tcpdrop
- Next by thread: Re: panic with tcpdrop
- Index(es):
Relevant Pages
|
|
