Project

General

Profile

Bug #5711

assertion failed: bp != NULL, file: ../../common/inet/tcp/tcp.c, line: 3218

Added by Yuri Pankov over 5 years ago. Updated over 5 years ago.

Status:
New
Priority:
Low
Assignee:
-
Category:
networking
Start date:
2015-03-13
Due date:
% Done:

0%

Estimated time:
Difficulty:
Medium
Tags:
needs-triage
Gerrit CR:

Description

Just hit the following panic (2nd time in several month), no idea how to reproduce hence setting priority to low:

> ::panicinfo
             cpu                3
          thread ffffff005d12dc40
         message assertion failed: bp != NULL, file: ../../common/inet/tcp/tcp.c, line: 3218
             rdi fffffffffbf54f00
             rsi ffffff005d12d780
             rdx fffffffff7ba7eda
             rcx              c92
              r8 ffffff005d12dc40
              r9                0
             rax ffffff005d12d7a0
             rbx                0
             rbp ffffff005d12d7e0
             r10                0
             r11 fffffffffb800d33
             r12 ffffff1e4d192b40
             r13                1
             r14                0
             r15                0
          fsbase                0
          gsbase ffffff0db3eb3580
              ds               4b
              es               4b
              fs                0
              gs              1c3
          trapno                0
             err                0
             rip fffffffffb869ed0
              cs               30
          rflags              282
             rsp ffffff005d12d778
              ss               38
          gdt_hi                0
          gdt_lo         700001ef
          idt_hi                0
          idt_lo         90000fff
             ldt                0
            task               70
             cr0         8005003b
             cr2          8692000
             cr3          4000000
             cr4              6f8
> ::stack
vpanic()
0xfffffffffbe0bc98()
tcp_zcopy_backoff+0x13f(ffffff1e4d192b40, 0, 1)
tcp_timer+0x859(ffffff1e4d192340)
tcp_timer_handler+0x95(ffffff1e4d192340, ffffff1c89556580, ffffff0db365f600, 0)
squeue_drain+0x4cb(ffffff0db365f600, 2, 294dee17b4489)
squeue_worker+0xd8(ffffff0db365f600)
thread_start+8()
> fffffffffbe0bc98::whatis
fffffffffbe0bc98 is in genunix's text segment
>
#1

Updated by Dan McDonald over 5 years ago

Can you make a vmdump available for people?

#3

Updated by Rich Lowe over 5 years ago

The mysterious address is just assfail.

We seem to deal in a lot of code with the fact tcp_xmit_head could be NULL but it appears that it will be NULL on FIN and perhaps at no other time.

I'm not sure what state we're in now, because TCP is bloody ugly.

tcps_state == 4, but we have two sets of TCPS_* macros with different bloody values, one in tcp.h one in tcp_fsm.h

4 is either ESTABLISHED or LAST_ACK. LAST_ACK would make sense, I suppose, but I wouldn't want to place bets without knowing the code.

#4

Updated by Rich Lowe over 5 years ago

last ack seems likely to be true, I suspect we just need to guard against NULL here. But you'd want Dan or Seb to confirm that.

Also available in: Atom PDF