Date: Thu, 1 Oct 2009 15:24:17 +0400 From: pluknet <pluknet@gmail.com> To: Robert Watson <rwatson@freebsd.org> Cc: FreeBSD Net <freebsd-net@freebsd.org> Subject: Re: panic in soabort Message-ID: <a31046fc0910010424n248e653ek93076eb56705e836@mail.gmail.com> In-Reply-To: <a31046fc0910010417n7a35785boe631dfa30c1151a7@mail.gmail.com> References: <a31046fc0904230118m184b50adnd2cebb4d610f94ca@mail.gmail.com> <alpine.BSF.2.00.0904231038550.54334@fledge.watson.org> <a31046fc0904232104w380b7dabr1168b3df970c542a@mail.gmail.com> <alpine.BSF.2.00.0904252009420.91546@fledge.watson.org> <a31046fc0910010417n7a35785boe631dfa30c1151a7@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
2009/10/1 pluknet <pluknet@gmail.com>:
> 2009/4/25 Robert Watson <rwatson@freebsd.org>:
>>
>> On Fri, 24 Apr 2009, pluknet wrote:
>>
>>> 2009/4/23 Robert Watson <rwatson@freebsd.org>:
>>>>
>>>> On Thu, 23 Apr 2009, pluknet wrote:
>>>>
>>>>> Please, give me comment on this. The panic is on 6.2-REL. Is it known=
to
>>>>> be fixed in the latter releases?
>>>>
>>>> It may well be -- there have been quite significant architectural
>>>> improvements to socket life cycle (etc) between 6.2 and 7.x releases, =
which
>>>> may well close the race causing this panic. =A0However, we'll probably=
need to
>>>> learn a bit more in order to decide for sure. =A0Could you convert the
>>>> trapping instruction pointer to file+offset in the source code?
>>>
>>> Looks I've lost the corresponding kernel.debug. Anyway I have such bt t=
he
>>> first time.
>>
>> If you run into this again, let me know. =A0Also, are you using accept f=
ilters
>> on the box?
>>
>
> Got it again (this time on 6.4-p5).
P.S.
It's funny to say: I got it on two boxes nearly simultaneously.
Both from proftpd. See also my first mail (the same).
>
> Fatal trap 12: page fault while in kernel mode
> cpuid =3D 2; apic id =3D 02
> fault virtual address =A0 =3D 0x104
> fault code =A0 =A0 =A0 =A0 =A0 =A0 =A0=3D supervisor read, page not prese=
nt
> instruction pointer =A0 =A0 =3D 0x20:0xc06a3425
> stack pointer =A0 =A0 =A0 =A0 =A0 =3D 0x28:0xef764bb0
> frame pointer =A0 =A0 =A0 =A0 =A0 =3D 0x28:0xef764bbc
> code segment =A0 =A0 =A0 =A0 =A0 =A0=3D base 0x0, limit 0xfffff, type 0x1=
b
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =3D DPL 0, pres 1, def32 1, g=
ran 1
> processor eflags =A0 =A0 =A0 =A0=3D resume, IOPL =3D 0
> current process =A0 =A0 =A0 =A0 =3D 74303 (proftpd)
>
> db> bt 74303
> Tracing pid 74303 tid 101039 td 0xcaa08820
> _mtx_lock_sleep(ccd50768,caa08820,0,0,0) at _mtx_lock_sleep+0x9d
> soabort(ccd506f4) at soabort+0x82
> soclose(d1aa8b20) at soclose+0x21a
> soo_close(c9f50a20,caa08820) at soo_close+0x63
> fdrop_locked(c9f50a20,caa08820,caf78a00,ef764ca8,c06875f3,...) at
> fdrop_locked+0xd0
> fdrop(c9f50a20,caa08820,caa08820,ef764c64,c0689055,...) at fdrop+0x41
> closef(c9f50a20,caa08820,0,ef764d38,cad8f648,...) at closef+0x42f
> kern_close(caa08820,a,ef764d30,c08e1d4b,caa08820,...) at kern_close+0x20d
> close(caa08820,ef764d04) at close+0x10
> syscall(bfbf003b,3b,bfbf003b,8150034,811a434,...) at syscall+0x2bf
> Xint0x80_syscall() at Xint0x80_syscall+0x1f
> --- syscall (6, FreeBSD ELF32, close), eip =3D 0x2832230f, esp =3D
> 0xbfbfe6bc, ebp =3D 0xbfbfe6d8 ---
> db> show proc 74303
> Process 74303 (proftpd) at 0xcad8f648:
> state: NORMAL
> uid: 36830 =A0gids: 36830
> parent: pid 95478 at 0xc8e60000
> ABI: FreeBSD ELF32
> arguments: proftpd: fatich_1 - 93.118.217.18: IDLE
> threads: 1
> 101039 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 Run =A0 =A0 CPU 2 =A0 =A0 =A0 =
=A0 =A0 =A0 =A0 proftpd
>
> (gdb) list *(soabort+0x82)
> 0xc06ea2a6 is in soabort (/usr/src/sys/kern/uipc_socket.c:510).
> 505 =A0 =A0 =A0 =A0 =A0 =A0 int error;
> 506
> 507 =A0 =A0 =A0 =A0 =A0 =A0 error =3D (*so->so_proto->pr_usrreqs->pru_abo=
rt)(so);
> 508 =A0 =A0 =A0 =A0 =A0 =A0 if (error) {
> 509 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 ACCEPT_LOCK();
> 510 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 SOCK_LOCK(so);
> 511 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 sotryfree(so); =A0/* note: do=
es not decrement
> the ref count */
> 512 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 return error;
> 513 =A0 =A0 =A0 =A0 =A0 =A0 }
> 514 =A0 =A0 =A0 =A0 =A0 =A0 return (0);
>
> --
> wbr,
> pluknet
>
--=20
wbr,
pluknet
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?a31046fc0910010424n248e653ek93076eb56705e836>