tcp ip panic

To: current-users%netbsd.org@localhost
Subject: tcp ip panic
From: Patrick Welche <prlw1%cam.ac.uk@localhost>
Date: Wed, 6 Jul 2011 12:49:25 +0100

On -current/amd64 of 28th June, while doing a 500GB ftp transfer from
an netbooted amd64 client to the amd64 server, the server panicked:

(gdb) target kvm netbsd.0.core
#0  0xffffffff803924c9 in cpu_reboot (howto=260, bootstr=<value optimized out>)
    at ../../../../arch/amd64/amd64/machdep.c:696
696                     dumpsys();
(gdb) print panicstr
$2 = 0xffffffff80858b88 <Address 0xffffffff80858b88 out of bounds>
(gdb) bt
#0  0xffffffff803924c9 in cpu_reboot (howto=260, bootstr=<value optimized out>)
    at ../../../../arch/amd64/amd64/machdep.c:696
#1  0xffffffff80504be1 in panic (
    fmt=0xffffffff80858b88 <Address 0xffffffff80858b88 out of bounds>)
    at ../../../../kern/subr_prf.c:301
#2  0xffffffff805312c8 in tcp_output (tp=0xffff80000990b998)
    at ../../../../netinet/tcp_output.c:708
#3  0xffffffff8052de8b in tcp_input (m=0xffff80000c2b0200)
    at ../../../../netinet/tcp_input.c:2148
#4  0xffffffff80311362 in ip_input (m=0xffff80000c2b0200)
    at ../../../../netinet/ip_input.c:891
#5  0xffffffff8031167b in ipintr () at ../../../../netinet/ip_input.c:393
#6  0xffffffff803675ad in softint_dispatch (pinned=<value optimized out>, s=4)
    at ../../../../kern/kern_softint.c:540
#7  0xffffffff8011430f in Xsoftintr ()
#8  0x0000000000000000 in ?? ()

ident /netbsd:
     $NetBSD: tcp_input.c,v 1.314 2011/05/25 23:20:57 gdt Exp $
     $NetBSD: tcp_output.c,v 1.171 2011/04/14 16:08:53 yamt Exp $
     $NetBSD: ip_input.c,v 1.295 2011/05/03 17:44:31 dyoung Exp $

/netinet/tcp_output.c:708:
708             TCP_REASS_LOCK(tp);

#define TCP_REASS_LOCK(tp)      (void) tcp_reass_lock_try((tp))

static __inline int
tcp_reass_lock_try(struct tcpcb *tp)
{
        int s;
 
        /*
         * Use splvm() -- we're blocking things that would cause
         * mbuf allocation.
         */
        s = splvm();
        if (tp->t_flags & TF_REASSEMBLING) {
                splx(s);
                return (0);
        }
        tp->t_flags |= TF_REASSEMBLING;
        splx(s); 
        return (1);
}


Thoughts? (Now trying again with a kernel post the
sys/kern/uipc_socket.c
Fix kern/45093 as discussed on tech-kern@:
http://mail-index.netbsd.org/tech-kern/2011/06/17/msg010734.html
fix...
The similarity seems to be "blocking mbuf allocation", but the traces
look different to me)

Cheers,

Patrick

Follow-Ups:
- Re: tcp ip panic
  - From: Patrick Welche

Prev by Date: daily CVS update output
Next by Date: SSL renegotiation
Previous by Thread: daily CVS update output
Next by Thread: Re: tcp ip panic
Indexes:

Home | Main Index | Thread Index | Old Index