Home » Mailing list archives » freebsd-current » 2009 » August » 12

sctp panic in _mtx_lock_sleep when attempting to connect to a remote machine

Previous thread: ia64: port www/kazekahase panic: Inconsistent high FP state by Anton Shterenlikht on Wednesday, August 12, 2009 - 6:12 am. (1 message)

Next thread: tools/kerneldoc by Andreas Tobler on Wednesday, August 12, 2009 - 1:56 pm. (6 messages)
[view original message]
From: Bruce Cran
Subject: sctp panic in _mtx_lock_sleep when attempting to connect to a remote machine
Date: Wednesday, August 12, 2009 - 1:19 pm

I've found a way to reliably panic two machines running 8.0-BETA2.  It
seems that there's a problem with SCTP connection requests being made
at the same time as other network traffic.  The panic I see is:

Fatal trap 12: page fault while in kernel mode
cpuid = 0; apic id = 00

Stack trace:

_mtx_lock_sleep
sctp_lower_sosend
sctp_sosend
kern_sendit
sendit
sendto
sycall
Xfast_syscall

I can trigger it by running the SCTP-enabled version of ncat from
http://www.roe.ch/Nmap_SCTP .  I put a few thousand lines of:

cat /dev/random | ./ncat --sctp 192.168.1.80 2345

into a shell script, where 192.168.1.80 is a machine running 7.2 with
SCTP enabled but no server listening - I mostly see "Connection
refused" errors when I run the script.  When I run the script and at
the same time generate some tcp traffic by running csup for example,
the box panics.

-- 
Bruce
_______________________________________________
freebsd-current@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscribe@freebsd.org"

[ message continues ]
[view original message]
From: Kamigishi Rei
Subject: Re: sctp panic in _mtx_lock_sleep when attempting to connect to a remote machine
Date: Wednesday, August 12, 2009 - 1:25 pm

Please pay attention to this thread:
http://lists.freebsd.org/pipermail/freebsd-current/2009-August/010241.html
There is a patch available in that thread, as well.

Judging by the stack trace, it is the same case of a non-aligned pointer.


--
Kamigishi Rei
KREI-RIPE
_______________________________________________
freebsd-current@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscribe@freebsd.org"

[ message continues ]
[view original message]
From: Bjoern A. Zeeb
Subject: Re: sctp panic in _mtx_lock_sleep when attempting to connect to a remote machine
Date: Wednesday, August 12, 2009 - 1:30 pm

On Wed, 12 Aug 2009, Bruce Cran wrote:


unfrotunately the most intersting info is missing but it's likely that
you are hitting this:
http://lists.freebsd.org/pipermail/svn-src-stable-other/2009-August/000023.html

I you update to latest HEAD or stable/8, can you still reproduce it?

/bz

-- 
Bjoern A. Zeeb                      The greatest risk is not taking one.
_______________________________________________
freebsd-current@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscribe@freebsd.org"

[ message continues ]
[view original message]
From: Bruce Cran
Subject: Re: sctp panic in _mtx_lock_sleep when attempting to connect to a remote machine
Date: Thursday, August 13, 2009 - 11:36 am

On Wed, 12 Aug 2009 20:30:39 +0000 (UTC)

I updated to RELENG_8 at around 1700 today and I can still reproduce it:
sometimes I just get the "Fatal trap 12" panic, but now I also see a
more helpful message:

panic: mtx_lock() of destroyed mutex
@ /usr/src/sys/netinet/sctp_output.c:12767

GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and
you are welcome to change it and/or distribute copies of it under
certain conditions. Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for
details. This GDB was configured as "amd64-marcel-freebsd"...

Unread portion of the kernel message buffer:
panic: mtx_lock() of destroyed mutex
@ /usr/src/sys/netinet/sctp_output.c:12767 cpuid = 1
KDB: enter: panic
Uptime: 49s
Physical memory: 4078 MB
Dumping 1251 MB:

Fatal trap 12: page fault while in kernel mode
cpuid = 1; apic id = 01
fault virtual address	= 0x4 1236 1220 1204 1188 1172 1156 1140
1124 1108 1092 1076 1060 1044 1028 1012 996 980 964 948 932 916 900 884
868 852 836 820 804 788 772 756 740 724 708 692 676 660 644 628 612 596
580 564 548 532 516 500 484 468 452 436 420 404 388 372 356 340 324 308
292 276 260 244 228 212 196 180 164 148 132 116 100 84 68 52 36 20 4

Reading symbols from /boot/kernel/blank_saver.ko...Reading symbols
from /boot/kernel/blank_saver.ko.symbols...done. done.
Loaded symbols for /boot/kernel/blank_saver.ko
#0  doadump () at pcpu.h:223
223	pcpu.h: No such file or directory.
	in pcpu.h
(kgdb) #0  doadump () at pcpu.h:223
#1  0xffffffff80582023 in boot (howto=260)
    at /usr/src/sys/kern/kern_shutdown.c:419
#2  0xffffffff805824ac in panic (fmt=Variable "fmt" is not available.
)
    at /usr/src/sys/kern/kern_shutdown.c:575
#3  0xffffffff80573b75 in _mtx_lock_flags (m=0x0, opts=0, 
    file=0xffffffff80980c58 "/usr/src/sys/netinet/sctp_output.c",
line=12767) at /usr/src/sys/kern/kern_mutex.c:195
#4  ...
[ message continues ]
Previous thread: ia64: port www/kazekahase panic: Inconsistent high FP state by Anton Shterenlikht on Wednesday, August 12, 2009 - 6:12 am. (1 message)

Next thread: tools/kerneldoc by Andreas Tobler on Wednesday, August 12, 2009 - 1:56 pm. (6 messages)