Discussion:
crash in tcp_input() on 4.0_BETA2
(too old to reply)
Jeff Rizzo
2007-03-15 16:56:12 UTC
Permalink
I'm not sure I have enough info to effectively send-pr, but here's the
traceback I got in a 4.0_BETA2 i386 system with 4G RAM and 2 wm(4)
interfaces, one of which has an mtu of 9000:

kernel: supervisor trap page fault, code=0
Stopped at netbsd:memcpy+0x15: repe movsl (%esi),%es:(%edi)
db{0}> bt
memcpy(c53864d8,c5f0bc00,c5f1de00,14,fbc) at netbsd:memcpy+0x15
sbappendstream(c53864d8,c5f0bc00,cf305822,14,20) at
netbsd:sbappendstream+0x2f
tcp_input(c5f0bc00,14,6,1,c09b9834) at netbsd:tcp_input+0x2f34
ip_input(c5f0bc00,c0100e0d,cf542f50,c051adc2,0) at netbsd:ip_input+0x657
ipintr(cf540010,c0910030,c0910010,10,cf540000) at netbsd:ipintr+0x24
DDB lost frame for netbsd:Xsoftnet+0x49, trying 0xcf542f58
Xsoftnet() at netbsd:Xsoftnet+0x49
--- interrupt ---
Bad frame pointer: 0xc09d98a0
0x246:
db{0}>

unfortunately, this is a production system, so I can't leave it down. I
also don't have enough swap to get a crash dump. :( But if there's
anything else anyone would like to know... (I _do_ have the netbsd.gdb
available from this kernel, if it helps)

+j


--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de
Bill Stouder-Studenmund
2007-03-15 19:12:05 UTC
Permalink
Post by Jeff Rizzo
I'm not sure I have enough info to effectively send-pr, but here's the
traceback I got in a 4.0_BETA2 i386 system with 4G RAM and 2 wm(4)
I saw this at Wasabi at a customer that was using multiple Gig NICs.

I _thought_ (but never verified) that the spl wrapping around pool_put
that Thor talked about would have fixed this.

In my testing, I found that the two mbufs, the one that has the data you
want to append and the one into which you want to append, have addresses
that differ by 4 bytes. Ick! It could also be a wm driver IPL issue.

Take care,

Bill
Post by Jeff Rizzo
kernel: supervisor trap page fault, code=0
Stopped at netbsd:memcpy+0x15: repe movsl (%esi),%es:(%edi)
db{0}> bt
memcpy(c53864d8,c5f0bc00,c5f1de00,14,fbc) at netbsd:memcpy+0x15
sbappendstream(c53864d8,c5f0bc00,cf305822,14,20) at
netbsd:sbappendstream+0x2f
tcp_input(c5f0bc00,14,6,1,c09b9834) at netbsd:tcp_input+0x2f34
ip_input(c5f0bc00,c0100e0d,cf542f50,c051adc2,0) at netbsd:ip_input+0x657
ipintr(cf540010,c0910030,c0910010,10,cf540000) at netbsd:ipintr+0x24
DDB lost frame for netbsd:Xsoftnet+0x49, trying 0xcf542f58
Xsoftnet() at netbsd:Xsoftnet+0x49
--- interrupt ---
Bad frame pointer: 0xc09d98a0
db{0}>
unfortunately, this is a production system, so I can't leave it down. I
also don't have enough swap to get a crash dump. :( But if there's
anything else anyone would like to know... (I _do_ have the netbsd.gdb
available from this kernel, if it helps)
+j
Loading...