Re: [lwip-devel] lwIP 2.0.2 Crash on tcp_out.c line 1148 (TCP_SEQ

lwip-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [lwip-devel] lwIP 2.0.2 Crash on tcp_out.c line 1148 (TCP_SEQ_LT) EX

From:	jah6q
Subject:	Re: [lwip-devel] lwIP 2.0.2 Crash on tcp_out.c line 1148 (TCP_SEQ_LT) EXC_BAD_ACCESS
Date:	Mon, 18 Sep 2017 12:37:39 -0700 (MST)

Hmm, thanks for looking into this it seems that useg is NULL in this case. 

To give a 10,000 ft overview, the order of operations from my unit test are:

socket()
connect()
write()
read()
close()

Here's the stacktrace at crash:

* thread #2: tid = 32419, 0x000000000045ed1e
selftest`tcp_output(pcb=0x00000000022f1840) + 1086 at tcp_out.c:1154, name =
'selftest', stop reason = invalid address (fault address: 0x18)
    frame #0: 0x000000000045ed1e selftest`tcp_output(pcb=0x00000000022f1840)
+ 1086 at tcp_out.c:1154
-> 1154         if (TCP_SEQ_LT(lwip_ntohl(seg->tcphdr->seqno),
lwip_ntohl(useg->tcphdr->seqno))) {
   1155           /* add segment to before tail of unacked list, keeping the
list sorted */
   1156           struct tcp_seg **cur_seg = &(pcb->unacked);
   1157           while (*cur_seg &&




And, here's the stack's debug trace:

STACK:         tcp_out.c:  400:                tcp_write:
tcp_write(pcb=0x22f1840, data=0x7f2e5bfff010, len=8, apiflags=1)
STACK:         tcp_out.c:  328:         tcp_write_checks: tcp_write:
queuelen: 0
STACK:         tcp_out.c:  653:                tcp_write: tcp_write:
queueing 6714:6722
STACK:         tcp_out.c:  746:                tcp_write: tcp_write: 1
(after enqueued)
STACK:         tcp_out.c: 1069:               tcp_output: tcp_output:
snd_wnd 65535, cwnd 4380, wnd 4380, effwnd 8, seq 6714, ack 6714
STACK:         tcp_out.c: 1111:               tcp_output: tcp_output:
snd_wnd 65535, cwnd 4380, wnd 4380, effwnd 8, seq 6714, ack 6714, i 0
STACK:         tcp_out.c: 1269:       tcp_output_segment:
tcp_output_segment: 6714:6722
STACK:             tcp.c: 2039:          tcp_debug_print: TCP header:
STACK:             tcp.c: 2040:          tcp_debug_print:
+-------------------------------+
STACK:             tcp.c: 2042:          tcp_debug_print: |     7000      |   
49153      | (src port, dest port)
STACK:             tcp.c: 2043:          tcp_debug_print:
+-------------------------------+
STACK:             tcp.c: 2045:          tcp_debug_print: |          
0000006712          | (seq no)
STACK:             tcp.c: 2046:          tcp_debug_print:
+-------------------------------+
STACK:             tcp.c: 2048:          tcp_debug_print: |          
0000006722          | (ack no)
STACK:             tcp.c: 2049:          tcp_debug_print:
+-------------------------------+
STACK:             tcp.c: 2058:          tcp_debug_print: |  5 |   |011000|    
65527     | (hdrlen, flags (
STACK:             tcp.c: 2096:    tcp_debug_print_flags: PSH 
STACK:             tcp.c: 2099:    tcp_debug_print_flags: ACK 
STACK:             tcp.c: 2110:    tcp_debug_print_flags:
STACK:             tcp.c: 2060:          tcp_debug_print: ), win)
STACK:             tcp.c: 2061:          tcp_debug_print:
+-------------------------------+
STACK:             tcp.c: 2063:          tcp_debug_print: |    0x6433     |     
   
0     | (chksum, urgp)
STACK:             tcp.c: 2064:          tcp_debug_print:
+-------------------------------+
STACK:          tcp_in.c:  327:                tcp_input:
+-+-+-+-+-+-+-+-+-+-+-+-+-+- tcp_input: flags 
STACK:             tcp.c: 2096:    tcp_debug_print_flags: PSH 
STACK:             tcp.c: 2099:    tcp_debug_print_flags: ACK 
STACK:             tcp.c: 2110:    tcp_debug_print_flags:
STACK:          tcp_in.c:  329:                tcp_input:
-+-+-+-+-+-+-+-+-+-+-+-+-+-+
STACK:             tcp.c: 2075:    tcp_debug_print_state: State: ESTABLISHED
STACK:          tcp_in.c: 1040:              tcp_receive: tcp_receive:
window update 65527
STACK:          tcp_in.c: 1139:              tcp_receive: tcp_receive:
congestion avoidance cwnd 4866
STACK:          tcp_in.c: 1147:              tcp_receive: tcp_receive: ACK
for 6722, unacked->seqno 6714:6722
STACK:          tcp_in.c: 1157:              tcp_receive: tcp_receive:
removing 6714:6722 from pcb->unacked
STACK:          tcp_in.c: 1162:              tcp_receive: tcp_receive:
queuelen 1 ... 
STACK:          tcp_in.c: 1169:              tcp_receive: 0 (after freeing
unacked)
STACK:          tcp_in.c: 1233:              tcp_receive: tcp_receive:
pcb->rttest 210 rtseq 6713 ackno 6722
STACK:          tcp_in.c: 1244:              tcp_receive: tcp_receive:
experienced rtt 6 ticks (3000 msec).
STACK:          tcp_in.c: 1257:              tcp_receive: tcp_receive: RTO
11 (5500 milliseconds)
STACK:             tcp.c:  824:               tcp_recved: tcp_recved:
received 8 bytes, wnd 65535 (0).
STACK:         tcp_out.c: 1054:               tcp_output: tcp_output:
nothing to send ((nil))
STACK:         tcp_out.c: 1062:               tcp_output: tcp_output:
snd_wnd 65527, cwnd 4866, wnd 4866, seg == NULL, ack 6722
STACK:             tcp.c: 2075:    tcp_debug_print_state: State: ESTABLISHED
STACK:             tcp.c:  396:                tcp_close: tcp_close: closing
in 
STACK:             tcp.c: 2075:    tcp_debug_print_state: State: ESTABLISHED
STACK:         tcp_out.c:  792:        tcp_enqueue_flags: tcp_enqueue_flags:
queuelen: 0
STACK:         tcp_out.c:  848:        tcp_enqueue_flags: tcp_enqueue_flags:
queueing 6722:6723 (0x1)
STACK:         tcp_out.c:  874:        tcp_enqueue_flags: tcp_enqueue_flags:
1 (after enqueued)
STACK:         tcp_out.c: 1069:               tcp_output: tcp_output:
snd_wnd 65527, cwnd 4866, wnd 4866, effwnd 0, seq 6722, ack 6722
STACK:             tcp.c: 2039:          tcp_debug_print: TCP header:
STACK:             tcp.c: 2040:          tcp_debug_print:
+-------------------------------+
STACK:             tcp.c: 2042:          tcp_debug_print: |     7000      |   
49153      | (src port, dest port)
STACK:             tcp.c: 2043:          tcp_debug_print:
+-------------------------------+
STACK:             tcp.c: 2045:          tcp_debug_print: |          
0000006720          | (seq no)
STACK:             tcp.c: 2046:          tcp_debug_print:
+-------------------------------+
STACK:             tcp.c: 2048:          tcp_debug_print: |          
0000006722          | (ack no)
STACK:             tcp.c: 2049:          tcp_debug_print:
+-------------------------------+
STACK:             tcp.c: 2058:          tcp_debug_print: |  5 |   |010001|    
65527     | (hdrlen, flags (
STACK:             tcp.c: 2087:    tcp_debug_print_flags: FIN 
STACK:             tcp.c: 2099:    tcp_debug_print_flags: ACK 
STACK:         tcp_out.c: 1111:               tcp_output: tcp_output:
snd_wnd 65527, cwnd 4866, wnd 4866, effwnd 0, seq 6722, ack 6722, i 0
STACK:         tcp_out.c: 1265:       tcp_output_segment:
tcp_output_segment: rtseq 6722
STACK:         tcp_out.c: 1269:       tcp_output_segment:
tcp_output_segment: 6722:6722
STACK:             tcp.c: 2110:    tcp_debug_print_flags:
STACK:             tcp.c: 2060:          tcp_debug_print: ), win)
STACK:             tcp.c: 2061:          tcp_debug_print:
+-------------------------------+
STACK:             tcp.c: 2063:          tcp_debug_print: |    0x0ba5     |     
   
0     | (chksum, urgp)
STACK:             tcp.c: 2064:          tcp_debug_print:
+-------------------------------+
STACK:          tcp_in.c:  327:                tcp_input:
+-+-+-+-+-+-+-+-+-+-+-+-+-+- tcp_input: flags 
STACK:             tcp.c: 2087:    tcp_debug_print_flags: FIN 
STACK:             tcp.c: 2099:    tcp_debug_print_flags: ACK 
STACK:             tcp.c: 2110:    tcp_debug_print_flags:
STACK:          tcp_in.c:  329:                tcp_input:
-+-+-+-+-+-+-+-+-+-+-+-+-+-+
STACK:             tcp.c: 2075:    tcp_debug_print_state: State: FIN_WAIT_1
STACK:          tcp_in.c: 1040:              tcp_receive: tcp_receive:
window update 65527
STACK:          tcp_in.c: 1233:              tcp_receive: tcp_receive:
pcb->rttest 216 rtseq 6722 ackno 6722
STACK:          tcp_in.c: 1468:              tcp_receive: tcp_receive:
received FIN.
STACK:         tcp_out.c: 1069:               tcp_output: tcp_output:
snd_wnd 65527, cwnd 4866, wnd 4866, effwnd 0, seq 6722, ack 6722
STACK:         tcp_out.c: 1111:               tcp_output: tcp_output:
snd_wnd 65527, cwnd 4866, wnd 4866, effwnd 0, seq 6722, ack 6722, i 0
STACK:         tcp_out.c: 1269:       tcp_output_segment:
tcp_output_segment: 6722:6722
STACK:         tcp_out.c: 1148:               tcp_output:                
seg=0x22f1e10
STACK:         tcp_out.c: 1149:               tcp_output:               
useg=(nil)




--
Sent from: http://lwip.100.n7.nabble.com/lwip-devel-f11621.html

[Prev in Thread]

Current Thread

[Next in Thread]

[lwip-devel] lwIP 2.0.2 Crash on tcp_out.c line 1148 (TCP_SEQ_LT) EXC_BAD_ACCESS, jah6q, 2017/09/15
- Re: [lwip-devel] lwIP 2.0.2 Crash on tcp_out.c line 1148 (TCP_SEQ_LT) EXC_BAD_ACCESS, jah6q, 2017/09/15
- Re: [lwip-devel] lwIP 2.0.2 Crash on tcp_out.c line 1148 (TCP_SEQ_LT) EXC_BAD_ACCESS, address@hidden, 2017/09/15
  - Re: [lwip-devel] lwIP 2.0.2 Crash on tcp_out.c line 1148 (TCP_SEQ_LT) EXC_BAD_ACCESS, jah6q <=
    - Re: [lwip-devel] lwIP 2.0.2 Crash on tcp_out.c line 1148 (TCP_SEQ_LT) EXC_BAD_ACCESS, jah6q, 2017/09/18
    - Re: [lwip-devel] lwIP 2.0.2 Crash on tcp_out.c line 1148 (TCP_SEQ_LT) EXC_BAD_ACCESS, address@hidden, 2017/09/18
    - Re: [lwip-devel] lwIP 2.0.2 Crash on tcp_out.c line 1148 (TCP_SEQ_LT) EXC_BAD_ACCESS, jah6q, 2017/09/18

Prev by Date: [lwip-devel] [patch #9455] IPv6 ready test on RFC2460
Next by Date: Re: [lwip-devel] lwIP 2.0.2 Crash on tcp_out.c line 1148 (TCP_SEQ_LT) EXC_BAD_ACCESS
Previous by thread: Re: [lwip-devel] lwIP 2.0.2 Crash on tcp_out.c line 1148 (TCP_SEQ_LT) EXC_BAD_ACCESS
Next by thread: Re: [lwip-devel] lwIP 2.0.2 Crash on tcp_out.c line 1148 (TCP_SEQ_LT) EXC_BAD_ACCESS
Index(es):
- Date
- Thread