Date: Wed, 6 Jul 2005 12:16:39 -0400 From: Kris Kennaway <kris@obsecurity.org> To: Blaz Zupan <blaz@si.FreeBSD.org> Cc: rwatson@FreeBSD.org, freebsd-stable@freebsd.org, Kris Kennaway <kris@obsecurity.org> Subject: Re: FreeBSD -STABLE servers repeatedly crashing. Message-ID: <20050706161638.GA86532@xor.obsecurity.org> In-Reply-To: <20050706180434.A9770@titanic.medinet.si> References: <42BF8815.6090909@atopia.net> <20050627081933.GA97832@cell.sick.ru> <42C16394.4040904@atopia.net> <1119971279.36316.45.camel@buffy.york.ac.uk> <42C16C0E.9090002@atopia.net> <20050629100535.GC27557@xor.obsecurity.org> <20050701184352.GA177@xor.obsecurity.org> <20050706093012.M3376@titanic.medinet.si> <20050706153024.GA80897@xor.obsecurity.org> <20050706180434.A9770@titanic.medinet.si>
next in thread | previous in thread | raw e-mail | index | archive | help
--xHFwDpU9dbj6ez1V
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Wed, Jul 06, 2005 at 06:10:20PM +0200, Blaz Zupan wrote:
> On Wed, 6 Jul 2005, Kris Kennaway wrote:
> >Please obtain the backtrace with kgdb.
>=20
> Here you go:
> #9 0xc1fa0018 in ?? ()
> #10 0xc2a40010 in ?? ()
> #11 0x00000010 in ?? ()
> #12 0xc2216000 in ?? ()
> #13 0xc0686a2c in tcbinfo ()
> #14 0xe4b6cb90 in ?? ()
> #15 0xe4b6cb68 in ?? ()
> #16 0xc1fac480 in ?? ()
> #17 0xc1fadbb4 in ?? ()
> #18 0xc1fadb00 in ?? ()
> #19 0x00000000 in ?? ()
> #20 0x0000000c in ?? ()
> #21 0x00000000 in ?? ()
> #22 0xc04eda6b in propagate_priority (td=3D0xc2216000) at=20
> /usr/src5/sys/kern/subr_turnstile.c:243
> #23 0xc04ee225 in turnstile_wait (ts=3D0xc1fadb00, lock=3D0xc0686a2c,=20
> owner=3D0xc2216000)
> at /usr/src5/sys/kern/subr_turnstile.c:556
> #24 0xc04c5ced in _mtx_lock_sleep (m=3D0xc0686a2c, td=3D0xc1fac480, opts=
=3D0,=20
> file=3D0x0, line=3D0)
> at /usr/src5/sys/kern/kern_mutex.c:552
> #25 0xc0559ad8 in tcp_usr_rcvd (so=3D0x0, flags=3D0) at=20
> /usr/src5/sys/netinet/tcp_usrreq.c:602
Interesting, this seems to finger the TCP code. Are you compiling
your kernel with -O2 though (this causes bogus stack frames like you
have here)? If so, recompile with -O and try to obtain another trace.
CC'ing rwatson.
Kris
> #26 0xc0506103 in soreceive (so=3D0xc27bf798, psa=3D0x0, uio=3D0xe4b6cc88=
,=20
> mp0=3D0x0, controlp=3D0x0, flagsp=3D0x0)
> at /usr/src5/sys/kern/uipc_socket.c:1395
> #27 0xc04f4bd9 in soo_read (fp=3D0x0, uio=3D0xe4b6cc88, active_cred=3D0xc=
2884a80,=20
> flags=3D0, td=3D0xc1fac480)
> at /usr/src5/sys/kern/sys_socket.c:91
> #28 0xc04ee865 in dofileread (td=3D0xc1fac480, fp=3D0xc2e17bb0, fd=3D10, =
buf=3D0x0,=20
> nbyte=3D4096, offset=3DUnhandled dwarf expression opcode 0x93
> ) at file.h:233
> #29 0xc04ee72f in read (td=3D0xc1fac480, uap=3D0xe4b6cd14) at=20
> /usr/src5/sys/kern/sys_generic.c:107
> #30 0xc05f4fe7 in syscall (frame=3D
> {tf_fs =3D 47, tf_es =3D 47, tf_ds =3D -1078001617, tf_edi =3D 10, =
tf_esi =3D=20
> 300, tf_ebp =3D -1077942168, tf_isp =3D -457781900, tf_ebx =3D 1348=
22152,=20
> tf_edx =3D 0, tf_ecx =3D 10, tf_eax =3D 3, tf_trapno =3D 0, tf_err =
=3D 2,=20
> tf_eip =3D 672556795, tf_cs =3D 31, tf_eflags =3D 658, tf_esp =3D=
=20
> -1077942212, tf_ss =3D 47}) at /usr/src5/sys/i386/i386/trap.c:1009
> #31 0xc05e288f in Xint0x80_syscall () at=20
> /usr/src5/sys/i386/i386/exception.s:201
> #32 0x0000002f in ?? ()
> #33 0x0000002f in ?? ()
> #34 0xbfbf002f in ?? ()
> #35 0x0000000a in ?? ()
> #36 0x0000012c in ?? ()
> #37 0xbfbfe868 in ?? ()
> #38 0xe4b6cd74 in ?? ()
> #39 0x08093908 in ?? ()
> #40 0x00000000 in ?? ()
> #41 0x0000000a in ?? ()
> #42 0x00000003 in ?? ()
> #43 0x00000000 in ?? ()
> #44 0x00000002 in ?? ()
> #45 0x281666fb in ?? ()
> #46 0x0000001f in ?? ()
> #47 0x00000292 in ?? ()
> #48 0xbfbfe83c in ?? ()
> #49 0x0000002f in ?? ()
> #50 0x00000000 in ?? ()
> #51 0x00000000 in ?? ()
> #52 0x00000000 in ?? ()
> #53 0x00000000 in ?? ()
> #54 0x2c75b000 in ?? ()
> #55 0xc22de000 in ?? ()
> #56 0xc1fac480 in ?? ()
> #57 0xe4b6ccac in ?? ()
> #58 0xe4b6cc94 in ?? ()
> #59 0xc1f26000 in ?? ()
> #60 0xc04ded13 in sched_switch (td=3D0x12c, newtd=3D0x8093908, flags=3DCa=
nnot=20
> access memory at address 0xbfbfe878
> ) at /usr/src5/sys/kern/sched_4bsd.c:881
> Previous frame inner to this frame (corrupt stack?)
> (kgdb) quit
--xHFwDpU9dbj6ez1V
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (FreeBSD)
iD8DBQFCzAPmWry0BWjoQKURAg1SAKC1sOtMkHHwnz+F30eCDSpgGdVr6ACdGkKA
XSbukUryyaZvqQ4RumSrs4g=
=v3vP
-----END PGP SIGNATURE-----
--xHFwDpU9dbj6ez1V--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050706161638.GA86532>