From owner-freebsd-stable@FreeBSD.ORG Sun Apr 5 16:28:32 2009 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id F1355106566C for ; Sun, 5 Apr 2009 16:28:32 +0000 (UTC) (envelope-from Martin.Blapp@t-systems.ch) Received: from mail100.t-systems.ch (mail109.t-systems.ch [193.108.232.23]) by mx1.freebsd.org (Postfix) with ESMTP id 6B50F8FC18 for ; Sun, 5 Apr 2009 16:28:32 +0000 (UTC) (envelope-from Martin.Blapp@t-systems.ch) Received: from wsairz0042.t-systems.ch (Not Verified[53.250.54.32]) by mail100.t-systems.ch with MailMarshal (using TLS: SSLv23) id ; Sun, 05 Apr 2009 18:18:14 +0200 Received: from TSS-EXCH01.t-systems.ch ([53.250.54.26]) by wsairz0042.t-systems.ch ([53.250.54.32]) with mapi; Sun, 5 Apr 2009 18:18:14 +0200 From: "Blapp, Martin" To: "freebsd-stable@freebsd.org" Date: Sun, 5 Apr 2009 18:18:13 +0200 Thread-Topic: FreeBSD 7.2-BETA1 tcp retransmit crash Thread-Index: AQHJtgoelLc+aRYgDk+FO6S3KnQ39Q== Message-ID: <509A7CA1EA3EA046B1A5BA2FCFDB3C8EC764853900@TSS-EXCH01.t-systems.ch> Accept-Language: de-DE, de-CH Content-Language: de-DE X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: de-DE, de-CH Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 HC: x Subject: FreeBSD 7.2-BETA1 tcp retransmit crash X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 05 Apr 2009 16:28:33 -0000 Hi all, Looks like the same problem as PR 129197 (FreeBSD 7 panic) http://www.freebsd.org/cgi/query-pr.cgi?pr=3D129197 OS: FreeBSD 7.2 BETA1 PF: Enabled SACK: net.inet.tcp.sack.enable: 1 Happens after some/many soabort calls ... I can reproduce it after 3-4 hours running time. Currently I'm testing a workaround but I guess the underlying problem should be fixed. -- Martin Fatal trap 12: page fault while in kernel mode cpuid =3D 1; apic id =3D 01 fault virtual address =3D 0xc fault code =3D supervisor read, page not present instruction pointer =3D 0x20:0xc07c6cb0 stack pointer =3D 0x28:0xc2f9c97c frame pointer =3D 0x28:0xc2f9c984 code segment =3D base 0x0, limit 0xfffff, type 0x1b =3D DPL 0, pres 1, def32 1, gran 1 processor eflags =3D interrupt enabled, resume, IOPL =3D 0 current process =3D 25 (em0 taskq) trap number =3D 12 panic: page fault cpuid =3D 1 Uptime: 4h12m47s Physical memory: 499 MB Dumping 104 MB: 89 73 57 41 25 9 Reading symbols from /boot/kernel/acpi.ko...Reading symbols from /boot/kern= el/acpi.ko.symbols...done. done. Loaded symbols for /boot/kernel/acpi.ko Reading symbols from /usr/local/lib/vmware-tools/modules/drivers/vmmemctl.k= o...done. Loaded symbols for /usr/local/lib/vmware-tools/modules/drivers/vmmemctl.ko Reading symbols from /usr/local/lib/vmware-tools/modules/drivers/vmxnet.ko.= ..done. Loaded symbols for /usr/local/lib/vmware-tools/modules/drivers/vmxnet.ko Reading symbols from /usr/local/lib/vmware-tools/modules/drivers/vmblock.ko= ...done. Loaded symbols for /usr/local/lib/vmware-tools/modules/drivers/vmblock.ko Reading symbols from /usr/local/lib/vmware-tools/modules/drivers/vmhgfs.ko.= ..done. Loaded symbols for /usr/local/lib/vmware-tools/modules/drivers/vmhgfs.ko Reading symbols from /boot/kernel/pf.ko...Reading symbols from /boot/kernel= /pf.ko.symbols...done. done. Loaded symbols for /boot/kernel/pf.ko Reading symbols from /boot/kernel/linux.ko...Reading symbols from /boot/ker= nel/linux.ko.symbols...done. done. Loaded symbols for /boot/kernel/linux.ko Reading symbols from /boot/modules/accf_smtp.ko...done. Loaded symbols for /boot/modules/accf_smtp.ko #0 doadump () at pcpu.h:196 #1 0xc0772d87 in boot (howto=3D260) at /usr/src/sys/kern/kern_shutdown.c:4= 18 #2 0xc0773059 in panic (fmt=3DVariable "fmt" is not available. ) at /usr/src/sys/kern/kern_shutdown.c:574 #3 0xc0a5062c in trap_fatal (frame=3D0xc2f9c93c, eva=3D12) at /usr/src/sys= /i386/i386/trap.c:939 #4 0xc0a508b0 in trap_pfault (frame=3D0xc2f9c93c, usermode=3D0, eva=3D12) = at /usr/src/sys/i386/i386/trap.c:852 #5 0xc0a5125c in trap (frame=3D0xc2f9c93c) at /usr/src/sys/i386/i386/trap.= c:530 #6 0xc0a3593b in calltrap () at /usr/src/sys/i386/i386/exception.s:159 #7 0xc07c6cb0 in sbsndptr (sb=3D0xc342ede4, off=3D112, len=3D113, moff=3D0= xc2f9ca04) at /usr/src/sys/kern/uipc_sockbuf.c:939 #8 0xc089cd64 in tcp_output (tp=3D0xc43311d0) at /usr/src/sys/netinet/tcp_= output.c:798 #9 0xc089974a in tcp_do_segment (m=3D0xc34a6600, th=3D0xc34c8024, so=3D0xc= 342ed00, tp=3D0xc43311d0, drop_hdrlen=3D52, tlen=3D0) at /usr/src/sys/netinet/tcp_input.c:1835 #10 0xc089b2ee in tcp_input (m=3D0xc34a6600, off0=3D20) at /usr/src/sys/net= inet/tcp_input.c:846 #11 0xc08340a0 in ip_input (m=3D0xc34a6600) at /usr/src/sys/netinet/ip_inpu= t.c:664 #12 0xc081ae15 in netisr_dispatch (num=3D2, m=3D0xc34a6600) at /usr/src/sys= /net/netisr.c:185 #13 0xc0810d81 in ether_demux (ifp=3D0xc31bb400, m=3D0xc34a6600) at /usr/sr= c/sys/net/if_ethersubr.c:834 #14 0xc0811173 in ether_input (ifp=3D0xc31bb400, m=3D0xc34a6600) at /usr/sr= c/sys/net/if_ethersubr.c:692 #15 0xc0561f2a in em_rxeof (adapter=3D0xc31bc000, count=3D99) at /usr/src/s= ys/dev/e1000/if_em.c:4539 #16 0xc0562a57 in em_handle_rxtx (context=3D0xc31bc000, pending=3D1) at /us= r/src/sys/dev/e1000/if_em.c:1702 #17 0xc07a8015 in taskqueue_run (queue=3D0xc3181780) at /usr/src/sys/kern/s= ubr_taskqueue.c:282 #18 0xc07a8228 in taskqueue_thread_loop (arg=3D0xc31c035c) at /usr/src/sys/= kern/subr_taskqueue.c:401 #19 0xc074d839 in fork_exit (callout=3D0xc07a8160 , = arg=3D0xc31c035c, frame=3D0xc2f9cd38) at /usr/src/sys/kern/kern_fork.c:810 #20 0xc0a359b0 in fork_trampoline () at /usr/src/sys/i386/i386/exception.s:= 264 (kgdb) frame 7 #7 0xc07c6cb0 in sbsndptr (sb=3D0xc342ede4, off=3D112, len=3D113, moff=3D0= xc2f9ca04) at /usr/src/sys/kern/uipc_sockbuf.c:939 939 off > 0 && off >=3D m->m_len; (kgdb) list 934 *moff =3D off - sb->sb_sndptroff; 935 m =3D ret =3D sb->sb_sndptr ? sb->sb_sndptr : sb->sb_mb; 936 937 /* Advance by len to be as close as possible for the next t= ransmit. */ 938 for (off =3D off - sb->sb_sndptroff + len - 1; 939 off > 0 && off >=3D m->m_len; 940 m =3D m->m_next) { 941 sb->sb_sndptroff +=3D m->m_len; 942 off -=3D m->m_len; 943 } (kgdb) p sb->sb_sndptr $1 =3D (struct mbuf *) 0x0 (kgdb) p sb->sb_mb $2 =3D (struct mbuf *) 0x0 Kein Wunder gibts da nen Crash ... (kgdb) p *sb $8 =3D {sb_sel =3D {si_thrlist =3D {tqe_next =3D 0x0, tqe_prev =3D 0x0}, si= _thread =3D 0x0, si_note =3D {kl_list =3D {slh_first =3D 0x0}, kl_lock =3D 0xc0747700 , kl_unlock =3D 0xc07470e0 , kl_locked =3D 0xc07470c0 , kl_lockarg =3D 0xc342ee08}, si_flags =3D 0}, sb_mtx =3D {lock_object = =3D {lo_name =3D 0xc0ad4ad8 "so_snd", lo_type =3D 0xc0ad4ad8 "so_snd", lo_f= lags =3D 16973824, lo_witness_data =3D {lod_list =3D {stqe_next =3D 0x0}, lod_witness = =3D 0x0}}, mtx_lock =3D 3272403696, mtx_recurse =3D 0}, sb_sx =3D {lock_obj= ect =3D { lo_name =3D 0xc0ad4ae6 "so_snd_sx", lo_type =3D 0xc0ad4ae6 "so_snd_sx= ", lo_flags =3D 37421056, lo_witness_data =3D {lod_list =3D {stqe_next =3D = 0x0}, lod_witness =3D 0x0}}, sx_lock =3D 1, sx_recurse =3D 0}, sb_state = =3D 16, sb_mb =3D 0x0, sb_mbtail =3D 0x0, sb_lastrecord =3D 0x0, sb_sndptr = =3D 0x0, sb_sndptroff =3D 0, sb_cc =3D 0, sb_hiwat =3D 33580, sb_mbcnt =3D 0, sb_m= cnt =3D 0, sb_ccnt =3D 0, sb_mbmax =3D 262144, sb_ctl =3D 0, sb_lowat =3D 2= 048, sb_timeo =3D 0, sb_flags =3D 2048} (kgdb) f 8 #8 0xc089cd64 in tcp_output (tp=3D0xc43311d0) at /usr/src/sys/netinet/tcp_= output.c:798 798 mb =3D sbsndptr(&so->so_snd, off, len, &moff); p *so $9 =3D {so_count =3D 0, so_type =3D 1, so_options =3D 12, so_linger =3D 0, = so_state =3D 24633, so_qstate =3D 2048, so_pcb =3D 0xc40e0708, so_proto =3D= 0xc0b994a8, so_head =3D 0xc4056b60, so_incomp =3D {tqh_first =3D 0x0, tqh_last =3D 0x= 0}, so_comp =3D {tqh_first =3D 0x0, tqh_last =3D 0x0}, so_list =3D {tqe_nex= t =3D 0x0, tqe_prev =3D 0xc445b02c}, so_qlen =3D 0, so_incqlen =3D 0, so_qlimit = =3D 0, so_timeo =3D 0, so_error =3D 0, so_sigio =3D 0x0, so_oobmark =3D 0, = so_aiojobq =3D { tqh_first =3D 0x0, tqh_last =3D 0xc342ed48}, so_rcv =3D {sb_sel =3D {si= _thrlist =3D {tqe_next =3D 0x0, tqe_prev =3D 0x0}, si_thread =3D 0x0, si_no= te =3D {kl_list =3D { slh_first =3D 0x0}, kl_lock =3D 0xc0747700 , kl_= unlock =3D 0xc07470e0 , kl_locked =3D 0xc07470c0 , kl_lockarg =3D 0xc342ed74}, si_flags =3D 0}, sb_mtx =3D {lock_objec= t =3D {lo_name =3D 0xc0ad4adf "so_rcv", lo_type =3D 0xc0ad4adf "so_rcv", lo_flags =3D 16973824, lo_witness_data =3D {lod_list =3D {stqe_next= =3D 0x0}, lod_witness =3D 0x0}}, mtx_lock =3D 4, mtx_recurse =3D 0}, sb_sx= =3D {lock_object =3D { lo_name =3D 0xc0ad4af0 "so_rcv_sx", lo_type =3D 0xc0ad4af0 "so_rcv_= sx", lo_flags =3D 37421056, lo_witness_data =3D {lod_list =3D {stqe_next = =3D 0x0}, lod_witness =3D 0x0}}, sx_lock =3D 1, sx_recurse =3D 0}, sb_state= =3D 32, sb_mb =3D 0x0, sb_mbtail =3D 0x0, sb_lastrecord =3D 0x0, sb_sndptr= =3D 0x0, sb_sndptroff =3D 0, sb_cc =3D 0, sb_hiwat =3D 65700, sb_mbcnt =3D 0, sb= _mcnt =3D 0, sb_ccnt =3D 0, sb_mbmax =3D 262144, sb_ctl =3D 0, sb_lowat =3D= 1, sb_timeo =3D 0, sb_flags =3D 2048}, so_snd =3D {sb_sel =3D {si_thrlist =3D {tqe_next = =3D 0x0, tqe_prev =3D 0x0}, si_thread =3D 0x0, si_note =3D {kl_list =3D {sl= h_first =3D 0x0}, kl_lock =3D 0xc0747700 , kl_unlock =3D 0xc07470e0 = , kl_locked =3D 0xc07470c0 , kl_lockarg =3D 0xc342ee08}, si_flags =3D 0}, sb_mtx =3D {lock_objec= t =3D {lo_name =3D 0xc0ad4ad8 "so_snd", lo_type =3D 0xc0ad4ad8 "so_snd", lo_flags =3D 16973824, lo_witness_data =3D {lod_list =3D {stqe_next= =3D 0x0}, lod_witness =3D 0x0}}, mtx_lock =3D 3272403696, mtx_recurse =3D = 0}, sb_sx =3D { lock_object =3D {lo_name =3D 0xc0ad4ae6 "so_snd_sx", lo_type =3D 0xc0= ad4ae6 "so_snd_sx", lo_flags =3D 37421056, lo_witness_data =3D {lod_list = =3D { stqe_next =3D 0x0}, lod_witness =3D 0x0}}, sx_lock =3D 1, sx_re= curse =3D 0}, sb_state =3D 16, sb_mb =3D 0x0, sb_mbtail =3D 0x0, sb_lastrec= ord =3D 0x0, sb_sndptr =3D 0x0, sb_sndptroff =3D 0, sb_cc =3D 0, sb_hiwat =3D 33580,= sb_mbcnt =3D 0, sb_mcnt =3D 0, sb_ccnt =3D 0, sb_mbmax =3D 262144, sb_ctl = =3D 0, sb_lowat =3D 2048, sb_timeo =3D 0, sb_flags =3D 2048}, so_upcall =3D 0, so_upcallarg =3D 0= x5dc0, so_cred =3D 0xc4260900, so_label =3D 0x0, so_peerlabel =3D 0x0, so_g= encnt =3D 118111, so_emuldata =3D 0x0, so_accf =3D 0x0, so_fibnum =3D 0} (kgdb) p so->so_snd $10 =3D {sb_sel =3D {si_thrlist =3D {tqe_next =3D 0x0, tqe_prev =3D 0x0}, s= i_thread =3D 0x0, si_note =3D {kl_list =3D {slh_first =3D 0x0}, kl_lock =3D 0xc0747700 , kl_unlock =3D 0xc07470e0 , kl_locked =3D 0xc07470c0 , kl_lockarg =3D 0xc342ee08}, si_flags =3D 0}, sb_mtx =3D {lock_object = =3D {lo_name =3D 0xc0ad4ad8 "so_snd", lo_type =3D 0xc0ad4ad8 "so_snd", lo_f= lags =3D 16973824, lo_witness_data =3D {lod_list =3D {stqe_next =3D 0x0}, lod_witness = =3D 0x0}}, mtx_lock =3D 3272403696, mtx_recurse =3D 0}, sb_sx =3D {lock_obj= ect =3D { lo_name =3D 0xc0ad4ae6 "so_snd_sx", lo_type =3D 0xc0ad4ae6 "so_snd_sx= ", lo_flags =3D 37421056, lo_witness_data =3D {lod_list =3D {stqe_next =3D = 0x0}, lod_witness =3D 0x0}}, sx_lock =3D 1, sx_recurse =3D 0}, sb_state = =3D 16, sb_mb =3D 0x0, sb_mbtail =3D 0x0, sb_lastrecord =3D 0x0, sb_sndptr = =3D 0x0, sb_sndptroff =3D 0, sb_cc =3D 0, sb_hiwat =3D 33580, sb_mbcnt =3D 0, sb_m= cnt =3D 0, sb_ccnt =3D 0, sb_mbmax =3D 262144, sb_ctl =3D 0, sb_lowat =3D 2= 048, sb_timeo =3D 0, sb_flags =3D 2048} (kgdb) f 10 #10 0xc089b2ee in tcp_input (m=3D0xc34a6600, off0=3D20) at /usr/src/sys/net= inet/tcp_input.c:846 846 tcp_do_segment(m, th, so, tp, drop_hdrlen, tlen); (kgdb) p m $13 =3D (struct mbuf *) 0xc34a6600 (kgdb) p *m $14 =3D {m_hdr =3D {mh_next =3D 0x0, mh_nextpkt =3D 0x0, mh_data =3D 0xc34c= 8010 "E", mh_len =3D 52, mh_flags =3D 3, mh_type =3D 1, pad =3D "\000"}, M_= dat =3D {MH =3D { MH_pkthdr =3D {rcvif =3D 0xc31bb400, header =3D 0x0, len =3D 52, csum= _flags =3D 3840, csum_data =3D 65535, tso_segsz =3D 0, ether_vtag =3D 0, ta= gs =3D { slh_first =3D 0xc4c06b80}}, MH_dat =3D {MH_ext =3D {ext_buf =3D 0= xc34c8000 "\005", ext_free =3D 0, ext_args =3D 0x0, ext_size =3D 2048, ref_= cnt =3D 0xc34af9dc, ext_type =3D 6}, MH_databuf =3D "\000\200L=C3\000\000\000\000\000\000\000\000\000\b\= 000\000=DC=F9J=C3\006\000\000\000e\224=EC\"\230\0058>\a=DC6\217F=E4=EE=CD?= =B4=CA=C6=C3L=A9\tc\021=DBk=EB=ED=BEs\177=D2\211=ADy\214\020\rXr=BB&yPI\v^N= \210=A1=DF[\005=BD=AA=B9@=C8d/\003\215=FC=AE\2205=AD=B9RE$\003\020=CEf\035O= 0G=CF=DE\216U\"=EB=E5=B3=F5=B8\215`\002=E2=C9=C2\n\212=BE\207=EFr\036=EB=E6= j=B0=E4=DB=A8HU\234\034=C6=A4=AA.=DAb=DA\031\220=DB=AF=EDAe=A9\0333\207=FFz= =F3=BD \025v=A5<\a=AFZ=CE\205W<=B2\233'\205\002)\nRk=CA=E4]\024>\214=F5\217= \217p]\230=D4w>=BAs=C4"...}}, M_databuf =3D "\000=B4\033=C3\000\000\000\0004\000\000\000\000\017\000\= 000=FF=FF\000\000\000\000\000\000\200k=C0=C4\000\200L=C3\000\000\000\000\00= 0\000\000\000\000\b\000\000=DC=F9J=C3\006\000\000\000e\224=EC\"\230\0058>\a= =DC6\217F=E4=EE=CD?=B4=CA=C6=C3L=A9\tc\021=DBk=EB=ED=BEs\177=D2\211=ADy\214= \020\rXr=BB&yPI\v^N\210=A1=DF[\005=BD=AA=B9@=C8d/\003\215=FC=AE\2205=AD=B9R= E$\003\020=CEf\035O0G=CF=DE\216U\"=EB=E5=B3=F5=B8\215`\002=E2=C9=C2\n\212= =BE\207=EFr\036=EB=E6j=B0=E4=DB=A8HU\234\034=C6=A4=AA.=DAb=DA\031\220=DB=AF= =EDAe=A9\0333\207=FFz=F3=BD \025v=A5<\a=AFZ=CE\205W"...}}=