Date: Tue, 16 Apr 1996 04:32:43 +0300 (EET DST) From: Heikki Suonsivu <hsu@clinet.fi> To: FreeBSD-gnats-submit@freebsd.org Subject: kern/1146: panic in soclose (?) Message-ID: <199604160132.EAA15744@katiska.clinet.fi> Resent-Message-ID: <199604160140.SAA25260@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 1146
>Category: kern
>Synopsis: panic in soclose (?)
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: freebsd-bugs
>State: open
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Mon Apr 15 18:40:02 PDT 1996
>Last-Modified:
>Originator: Heikki Suonsivu
>Organization:
Clinet, Espoo, Finland
>Release: FreeBSD 2.2-CURRENT i386
>Environment:
Apr 15 16:13:47 news /kernel: FreeBSD 2.2-CURRENT #19: Mon Apr 15 00:48:09 EET DST 1996
Apr 15 16:13:47 news /kernel: hsu@news.clinet.fi:/usr/current/src/sys/compile/CLINETSERVER
Apr 15 16:13:48 news /kernel: CPU: Pentium (89.80-MHz 586-class CPU)
Apr 15 16:13:48 news /kernel: Origin = "GenuineIntel" Id = 0x525 Stepping=5
Apr 15 16:13:48 news /kernel: Features=0x1bf<FPU,VME,DE,PSE,TSC,MSR,MCE,CX8>
Apr 15 16:13:48 news /kernel: real memory = 67108864 (65536K bytes)
Apr 15 16:13:48 news /kernel: avail memory = 54681600 (53400K bytes)
Apr 15 16:13:48 news /kernel: DEVFS: ready for devices
Apr 15 16:13:48 news /kernel: Probing for devices on PCI bus 0:
Apr 15 16:13:48 news /kernel: chip0 <generic PCI bridge (vendor=1039 device=5511 subclass=0)> rev 0 on pci0:0
Apr 15 16:13:48 news /kernel: chip1 <SiS 85c503> rev 1 on pci0:1
Apr 15 16:13:48 news /kernel: pci0:1: Silicon Integrated Systems, device=0x5513, class=storage (ide) int a irq ?? [no driver assigned]
Apr 15 16:13:48 news /kernel: ahc0 <Adaptec 2940 Ultra SCSI host adapter> rev 0 int a irq 10 on pci0:9
Apr 15 16:13:48 news /kernel: pcibus_ihandler_attach: counting pci irq10's as clk0 irqs
Apr 15 16:13:48 news /kernel: ahc0: aic7880 Single Channel, SCSI Id=7, 16 SCBs
Apr 15 16:13:48 news /kernel: ahc0 waiting for scsi devices to settle
Apr 15 16:13:48 news /kernel: (ahc0:0:0): "SEAGATE ST15230N 0638" type 0 fixed SCSI 2
Apr 15 16:13:48 news /kernel: sd0(ahc0:0:0): Direct-Access 4095MB (8386733 512 byte sectors)
Apr 15 16:13:48 news /kernel: sd0(ahc0:0:0): with 3992 cyls, 19 heads, and an average 110 sectors/track
Apr 15 16:13:48 news /kernel: (ahc0:1:0): "SEAGATE ST15230N 0638" type 0 fixed SCSI 2
Apr 15 16:13:48 news /kernel: sd1(ahc0:1:0): Direct-Access 4095MB (8386733 512 byte sectors)
Apr 15 16:13:48 news /kernel: sd1(ahc0:1:0): with 3992 cyls, 19 heads, and an average 110 sectors/track
Apr 15 16:13:48 news /kernel: (ahc0:2:0): "SEAGATE ST15230N 0638" type 0 fixed SCSI 2
Apr 15 16:13:48 news /kernel: sd2(ahc0:2:0): Direct-Access 4095MB (8386733 512 byte sectors)
Apr 15 16:13:48 news /kernel: sd2(ahc0:2:0): with 3992 cyls, 19 heads, and an average 110 sectors/track
Apr 15 16:13:48 news /kernel: (ahc0:3:0): "SEAGATE ST31200N 9348" type 0 fixed SCSI 2
Apr 15 16:13:49 news /kernel: sd3(ahc0:3:0): Direct-Access 1011MB (2072435 512 byte sectors)
Apr 15 16:13:49 news /kernel: sd3(ahc0:3:0): with 2700 cyls, 9 heads, and an average 85 sectors/track
Apr 15 16:13:49 news /kernel: de0 <Digital DC21040 Ethernet> rev 35 int a irq 11 on pci0:11
Apr 15 16:13:49 news /kernel: pcibus_ihandler_attach: counting pci irq11's as clk0 irqs
Apr 15 16:13:49 news /kernel: de0: DC21040 [10Mb/s] pass 2.3 Ethernet address 00:c0:95:ec:47:a3
Apr 15 16:13:49 news /kernel: de0: enabling Thinwire/AUI port
Apr 15 16:13:49 news /kernel: Probing for devices on the ISA bus:
Apr 15 16:13:49 news /kernel: vt0 at 0x60-0x6f irq 1 on motherboard
Apr 15 16:13:49 news /kernel: vt0: generic, 80/132 col, color, 8 scr, mf2-kbd, [R3.20-b24]
Apr 15 16:13:49 news /kernel: ed0 not found at 0x280
Apr 15 16:13:49 news /kernel: lpt0 not found at 0xffffffff
Apr 15 16:13:49 news /kernel: lpt1 not found at 0xffffffff
Apr 15 16:13:49 news /kernel: sio0 not found at 0x3f8
Apr 15 16:13:49 news /kernel: sio1 not found at 0x2f8
Apr 15 16:13:49 news /kernel: cy0 not found
Apr 15 16:13:49 news /kernel: bt0 not found at 0x330
Apr 15 16:13:49 news /kernel: aha0 not found at 0x330
Apr 15 16:13:49 news /kernel: wdc0 not found at 0x1f0
Apr 15 16:13:49 news /kernel: fdc0 at 0x3f0-0x3f7 irq 6 drq 2 on isa
Apr 15 16:13:49 news /kernel: fdc0: NEC 72065B
Apr 15 16:13:49 news /kernel: fd0: 1.44MB 3.5in
Apr 15 16:13:50 news /kernel: matcdc0 not found at 0x230
Apr 15 16:13:50 news /kernel: npx0 on motherboard
Apr 15 16:13:50 news /kernel: npx0: INT 16 interface
Apr 15 16:13:50 news /kernel: changing root device to sd0a
Apr 15 16:13:50 news /kernel: devfs ready to run
Apr 15 16:13:50 news /kernel: new masks: bio c0000440, tty c0030802, net c0030802
Apr 15 16:13:50 news /kernel: WARNING: / was not properly dismounted.
This was from sup which ended 14th april 04:57 GMT. The machine is news
server and also servers disks for couple of machines (binaries).
>Description:
System panics when it is closing a file/socket/whatever.
Current directory is /m/varasto/nobackup/misc/
GDB is free software and you are welcome to distribute copies of it
under certain conditions; type "show copying" to see the conditions.
There is absolutely no warranty for GDB; type "show warranty" for details.
GDB 4.13 (i386-unknown-freebsd),
Copyright 1994 Free Software Foundation, Inc...
IdlePTD ac6000
current pcb at 224a50
panic: from debugger
#0 boot (howto=256) at ../../i386/i386/machdep.c:940
(kgdb) up
#1 0xf011acc7 in panic (fmt=0xf01011f8 "from debugger")
at ../../kern/subr_prf.c:133
(kgdb)
#2 0xf0101215 in db_panic (dummy1=-267218430, dummy2=0, dummy3=-1,
dummy4=0xefbffd20 "") at ../../ddb/db_command.c:395
(kgdb)
#3 0xf01010fe in db_command (last_cmdp=0xf0200b34, cmd_table=0xf0200994)
at ../../ddb/db_command.c:288
(kgdb)
#4 0xf010127d in db_command_loop () at ../../ddb/db_command.c:417
(kgdb) down
#3 0xf01010fe in db_command (last_cmdp=0xf0200b34, cmd_table=0xf0200994)
at ../../ddb/db_command.c:288
(kgdb) bt
#0 boot (howto=256) at ../../i386/i386/machdep.c:940
#1 0xf011acc7 in panic (fmt=0xf01011f8 "from debugger")
at ../../kern/subr_prf.c:133
#2 0xf0101215 in db_panic (dummy1=-267218430, dummy2=0, dummy3=-1,
dummy4=0xefbffd20 "") at ../../ddb/db_command.c:395
#3 0xf01010fe in db_command (last_cmdp=0xf0200b34, cmd_table=0xf0200994)
at ../../ddb/db_command.c:288
#4 0xf010127d in db_command_loop () at ../../ddb/db_command.c:417
#5 0xf01035e8 in db_trap (type=12, code=0) at ../../ddb/db_trap.c:73
#6 0xf01c6f4a in kdb_trap (type=12, code=0, regs=0xefbffe70)
at ../../i386/i386/db_interface.c:136
#7 0xf01cf6c3 in trap_fatal (frame=0xefbffe70) at ../../i386/i386/trap.c:736
#8 0xf01cf1c0 in trap_pfault (frame=0xefbffe70, usermode=0)
at ../../i386/i386/trap.c:651
#9 0xf01cee53 in trap (frame={tf_es = 16, tf_ds = 16, tf_edi = 0,
tf_esi = -220122880, tf_ebp = -272630100, tf_isp = -272630120,
tf_ebx = -559038242, tf_edx = 1073610751, tf_ecx = -1073610752,
tf_eax = -559038242, tf_trapno = 12, tf_err = 0, tf_eip = -267218430,
tf_cs = 8, tf_eflags = 66182, tf_esp = -272630072, tf_ss = -267218646})
at ../../i386/i386/trap.c:319
#10 0xf01c77c1 in calltrap ()
#11 0xf012912a in soclose (so=0xf2e13100) at ../../kern/uipc_socket.c:185
#12 0xf011d9ab in soo_close (fp=0xf2e14680, p=0xf2e13b00)
at ../../kern/sys_socket.c:209
#13 0xf010e264 in closef (fp=0xf2e14680, p=0xf2e13b00)
at ../../kern/kern_descrip.c:891
#14 0xf010d96f in close (p=0xf2e13b00, uap=0xefbfff94, retval=0xefbfff84)
at ../../kern/kern_descrip.c:390
#15 0xf01cf9ed in syscall (frame={tf_es = 39, tf_ds = 39, tf_edi = 5,
tf_esi = 118928, tf_ebp = -272638948, tf_isp = -272629788,
tf_ebx = 152096, tf_edx = 0, tf_ecx = 4, tf_eax = 6, tf_trapno = 7,
tf_err = 7, tf_eip = 134771669, tf_cs = 31, tf_eflags = 514,
tf_esp = -272638964, tf_ss = 39}) at ../../i386/i386/trap.c:904
#16 0xf01c7815 in Xsyscall ()
#17 0x113b8 in ?? ()
#18 0xab6a in ?? ()
#19 0xf8df in ?? ()
#20 0x9b70 in ?? ()
#21 0xb7b2 in ?? ()
#22 0x1096 in ?? ()
(kgdb) down
#2 0xf0101215 in db_panic (dummy1=-267218430, dummy2=0, dummy3=-1,
dummy4=0xefbffd20 "") at ../../ddb/db_command.c:395
(kgdb) up
#3 0xf01010fe in db_command (last_cmdp=0xf0200b34, cmd_table=0xf0200994)
at ../../ddb/db_command.c:288
(kgdb) up
#4 0xf010127d in db_command_loop () at ../../ddb/db_command.c:417
(kgdb) up
#5 0xf01035e8 in db_trap (type=12, code=0) at ../../ddb/db_trap.c:73
(kgdb) up
#6 0xf01c6f4a in kdb_trap (type=12, code=0, regs=0xefbffe70)
at ../../i386/i386/db_interface.c:136
(kgdb) up
#7 0xf01cf6c3 in trap_fatal (frame=0xefbffe70) at ../../i386/i386/trap.c:736
(kgdb) up
#8 0xf01cf1c0 in trap_pfault (frame=0xefbffe70, usermode=0)
at ../../i386/i386/trap.c:651
(kgdb) print usermode
$1 = 0
(kgdb) print curpcb
$2 = -152907776
(kgdb) set radix 16
Input and output radices now set to decimal 16, hex 10, octal 20.
(kgdb) print curpcb
$3 = 0xf6e2d000
(kgdb) print *curpcb
$4 = 0x0
(kgdb) print curpcb->pcb_onfault
Attempt to extract a component of a value that is not a structure pointer.
(kgdb) print frame
$5 = (struct trapframe *) 0xefbffe70
(kgdb) up
#9 0xf01cee53 in trap (frame={tf_es = 0x10, tf_ds = 0x10, tf_edi = 0x0,
tf_esi = 0xf2e13100, tf_ebp = 0xefbffeac, tf_isp = 0xefbffe98,
tf_ebx = 0xdeadc0de, tf_edx = 0x3ffdffff, tf_ecx = 0xc0020000,
tf_eax = 0xdeadc0de, tf_trapno = 0xc, tf_err = 0x0, tf_eip = 0xf0129202,
tf_cs = 0x8, tf_eflags = 0x10286, tf_esp = 0xefbffec8,
tf_ss = 0xf012912a}) at ../../i386/i386/trap.c:319
(kgdb) up
#10 0xf01c77c1 in calltrap ()
(kgdb) up
#11 0xf012912a in soclose (so=0xf2e13100) at ../../kern/uipc_socket.c:185
(kgdb) print so
$6 = (struct socket *) 0xf2e13100
(kgdb) print *spo
No symbol "spo" in current context.
(kgdb) print *so
$7 = {so_type = 0x1, so_options = 0x6, so_linger = 0x0, so_state = 0x180,
so_pcb = 0xf2e11c00 "", so_proto = 0xf0203fe0, so_head = 0x0, so_incomp = {
tqh_first = 0x0, tqh_last = 0xf2e13114}, so_comp = {tqh_first = 0x0,
tqh_last = 0xf2e1311c}, so_list = {tqe_next = 0x0, tqe_prev = 0x0},
so_qlen = 0x0, so_qlimit = 0x5, so_timeo = 0x0, so_error = 0x0,
so_pgid = 0x0, so_oobmark = 0x0, so_rcv = {sb_cc = 0x0, sb_hiwat = 0x4000,
sb_mbcnt = 0x0, sb_mbmax = 0x20000, sb_lowat = 0x1, sb_mb = 0x0, sb_sel = {
si_pid = 0x0, si_flags = 0x0}, sb_flags = 0x0, sb_timeo = 0x0},
so_snd = {sb_cc = 0x0, sb_hiwat = 0x4000, sb_mbcnt = 0x0,
sb_mbmax = 0x20000, sb_lowat = 0x800, sb_mb = 0x0, sb_sel = {si_pid = 0x0,
si_flags = 0x0}, sb_flags = 0x0, sb_timeo = 0x0}, so_tpcb = 0x0,
so_upcall = 0, so_upcallarg = 0x0}
(kgdb) print sp
$8 = (struct socket *) 0xdeadc0de
(kgdb) print *sp
Cannot access memory at address 0xdeadc0de.
(kgdb) print so_comp.tqh_first
No symbol "so_comp" in current context.
(kgdb) print so
$9 = (struct socket *) 0xf2e13100
(kgdb) print so->so_comp.tqh_first
$10 = (struct socket *) 0x0
(kgdb) down
#10 0xf01c77c1 in calltrap ()
(kgdb) down
#9 0xf01cee53 in trap (frame={tf_es = 0x10, tf_ds = 0x10, tf_edi = 0x0,
tf_esi = 0xf2e13100, tf_ebp = 0xefbffeac, tf_isp = 0xefbffe98,
tf_ebx = 0xdeadc0de, tf_edx = 0x3ffdffff, tf_ecx = 0xc0020000,
tf_eax = 0xdeadc0de, tf_trapno = 0xc, tf_err = 0x0, tf_eip = 0xf0129202,
tf_cs = 0x8, tf_eflags = 0x10286, tf_esp = 0xefbffec8,
tf_ss = 0xf012912a}) at ../../i386/i386/trap.c:319
(kgdb) up
#10 0xf01c77c1 in calltrap ()
(kgdb) up
#11 0xf012912a in soclose (so=0xf2e13100) at ../../kern/uipc_socket.c:185
(kgdb) up
#12 0xf011d9ab in soo_close (fp=0xf2e14680, p=0xf2e13b00)
at ../../kern/sys_socket.c:209
(kgdb)
#13 0xf010e264 in closef (fp=0xf2e14680, p=0xf2e13b00)
at ../../kern/kern_descrip.c:891
(kgdb) print fp
$11 = (struct file *) 0xf2e14680
(kgdb) print *fp
$12 = {f_list = {le_next = 0xf2e0d2c0, le_prev = 0xf2e14440}, f_flag = 0x7,
f_type = 0x2, f_count = 0x0, f_msgcount = 0x0, f_cred = 0xf2e12100,
f_ops = 0xf0202570, f_offset = 0x0000000000000000,
f_data = 0xf2e13100 "\001"}
(kgdb) up
#14 0xf010d96f in close (p=0xf2e13b00, uap=0xefbfff94, retval=0xefbfff84)
at ../../kern/kern_descrip.c:390
(kgdb) print fp
$13 = (struct file *) 0xf2e14680
(kgdb) print p
$14 = (struct proc *) 0xf2e13b00
(kgdb) print uap
$15 = (struct close_args *) 0x1
(kgdb) print retval
$16 = (int *) 0xefbfff84
(kgdb) up
#15 0xf01cf9ed in syscall (frame={tf_es = 0x27, tf_ds = 0x27, tf_edi = 0x5,
tf_esi = 0x1d090, tf_ebp = 0xefbfdc1c, tf_isp = 0xefbfffe4,
tf_ebx = 0x25220, tf_edx = 0x0, tf_ecx = 0x4, tf_eax = 0x6,
tf_trapno = 0x7, tf_err = 0x7, tf_eip = 0x80873d5, tf_cs = 0x1f,
tf_eflags = 0x202, tf_esp = 0xefbfdc0c, tf_ss = 0x27})
at ../../i386/i386/trap.c:904
(kgdb) print p
$17 = (struct proc *) 0xf2e13b00
(kgdb) print args
$18 = {0x4, 0xefbfd3e8, 0x2a, 0x0, 0x0, 0x0, 0x63, 0x0}
(kgdb) print rval
$19 = {0x0, 0x0}
(kgdb) up
#16 0xf01c7815 in Xsyscall ()
(kgdb) up
#17 0x113b8 in ?? ()
(kgdb) up
#18 0xab6a in ?? ()
(kgdb) p
$20 = {0x0, 0x0}
(kgdb) up
#19 0xf8df in ?? ()
(kgdb) up
#20 0x9b70 in ?? ()
(kgdb) up
#21 0xb7b2 in ?? ()
(kgdb) up
#22 0x1096 in ?? ()
(kgdb) up
Initial frame selected; you cannot go up.
(kgdb)
>How-To-Repeat:
Happens within couple of hours from boot. I also managed to make
this happen by starting up innd before the news disks were mounted, but I
do not know if this is related.
>Fix:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199604160132.EAA15744>