Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 12 Mar 2006 16:17:28 -0600
From:      Eric van Gyzen <eric@vangyzen.net>
To:        freebsd-stable@freebsd.org
Subject:   panic sbdrop on 6.0-RELEASE-p4 i386
Message-ID:  <44149DF8.30608@vangyzen.net>

next in thread | raw e-mail | index | archive | help
I recently had two "sbdrop" panics on 6.0-RELEASE-p4 i386.  Following 
are the stack traces and the kernel configuration.

Of course, I still have the crash dumps, and I'll gladly help anyone who 
wants more informaion.

--Eric

############################################################
############################################################

$ kgdb kernel.debug /var/crash/vmcore-panic-sbdrop-2006-03-09
GNU gdb 6.1.1 [FreeBSD]
[...]

Unread portion of the kernel message buffer:

[not ascii; here is a hexdump]

                      c1  20 33 70 c0 00 00 00 00
00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00
29 00 00 00 00 00 00 00  00 90 02 00 00 00 00 00
00 00 00 00 6c 0b 05 c1  00 00 00 00 09 00 01 00
00 00 00 00 00 00 00 00  00 00 00 00 88 14 05 c1
30 33 70 c0 00 00 00 00  00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00  2a 00 00 00 00 00 00 00
00 a0 02 00 00 00 00 00  00 00 00 00 b4 0b 05 c1
00 00 00 00 0d 0a 00 01  00 00 00 00 00 00 00 00
00 00 00 00 00 d0 14 05  c1 40 33 70 c0 18 0c 05
c1 90 a3 4b c1 88 a3 4b  c1 00 00 00 00 6c 7f 4f
c1 f8 15 00 00 00 00 00  00 00 b0 02 00 00 00 00

#0  doadump () at pcpu.h:165
165		__asm __volatile("movl %%fs:0,%0" : "=r" (td));
(kgdb) bt f
#0  doadump () at pcpu.h:165
No locals.
#1  0xc04fae3e in boot (howto=260) at 
/freebsd/src/sys/kern/kern_shutdown.c:399
	first_buf_printf = 1
#2  0xc04fb104 in panic (fmt=0xc069ed40 "sbdrop")
     at /freebsd/src/sys/kern/kern_shutdown.c:555
	td = (struct thread *) 0xc190e480
	bootopt = 260
	newpanic = 1
	ap = 0xc190e480 ""
	buf = "sbdrop", '\0' <repeats 249 times>
#3  0xc05378b8 in sbdrop_locked (sb=0xcf603b50, len=940)
     at /freebsd/src/sys/kern/uipc_socket2.c:1157
	m = (struct mbuf *) 0x0
	next = (struct mbuf *) 0x0
#4  0xc05377ce in sbflush_locked (sb=0xcf603b50)
     at /freebsd/src/sys/kern/uipc_socket2.c:1124
No locals.
#5  0xc0536d49 in sbrelease_locked (sb=0xcf603b50, so=0x0)
     at /freebsd/src/sys/kern/uipc_socket2.c:559
No locals.
#6  0xc0536db1 in sbrelease (sb=0xcf603b50, so=0xc19c2c84)
     at /freebsd/src/sys/kern/uipc_socket2.c:572
No locals.
#7  0xc0534921 in sorflush (so=0xc19c2c84)
     at /freebsd/src/sys/kern/uipc_socket.c:1480
	sb = (struct sockbuf *) 0xc19c2cd4
	pr = (struct protosw *) 0xc06d46a0
	asb = {sb_sel = {si_thrlist = {tqe_next = 0x0, tqe_prev = 0x0},
           si_thread = 0x0, si_note = {kl_list = {slh_first = 0x0},
           kl_lock = 0,
       kl_unlock = 0, kl_locked = 0, kl_lockarg = 0x0}, si_flags = 0},
       sb_mtx = {mtx_object = {lo_class = 0xc06cf004,
       lo_name = 0xc069ecad "so_rcv", lo_type = 0xc069ecad "so_rcv",
       lo_flags = 196608, lo_list = {tqe_next = 0x0, tqe_prev = 0x0},
       lo_witness = 0x0}, mtx_lock = 3247498368, mtx_recurse = 0},
       sb_state = 0, sb_mb = 0xc29af800, sb_mbtail = 0xc29af800,
       sb_lastrecord = 0xc29af800, sb_cc = 940, sb_hiwat = 8192,
       sb_mbcnt = 2048, sb_mbmax = 65536, sb_ctl = 0, sb_lowat = 1,
       sb_timeo = 0, sb_flags = 64}
#8  0xc0532cbb in sofree (so=0xc19c2c84)
     at /freebsd/src/sys/kern/uipc_socket.c:406
	head = (struct socket *) 0x0
#9  0xc0532fe9 in soclose (so=0xc19c2c84)
     at /freebsd/src/sys/kern/uipc_socket.c:484
	error = 0
#10 0xc0522e6b in soo_close (fp=0xc1eac870, td=0xc190e480)
     at /freebsd/src/sys/kern/sys_socket.c:317
	error = 0
	so = (struct socket *) 0x0
#11 0xc04dc0d4 in fdrop_locked (fp=0xc1eac870, td=0xc190e480)
     at file.h:289
	error = 0
#12 0xc04dc025 in fdrop (fp=0xc1eac870, td=0xc190e480)
     at /freebsd/src/sys/kern/kern_descrip.c:2101
No locals.
#13 0xc04da653 in closef (fp=0xc1eac870, td=0xc190e480)
     at /freebsd/src/sys/kern/kern_descrip.c:1921
	vp = (struct vnode *) 0xc1eac870
	lf = {l_start = 4294967295, l_len = -4495592928909675680,
               l_pid = 0, l_type = -7040, l_whence = -15984}
	fdtol = (struct filedesc_to_leader *) 0xcf603ca0
	fdp = (struct filedesc *) 0xc2ce5200
#14 0xc04d7a81 in close (td=0xc190e480, uap=0x0)
     at /freebsd/src/sys/kern/kern_descrip.c:1004
	fdp = (struct filedesc *) 0xc2ce5200
	fp = (struct file *) 0xc1eac870
	fd = 1
	error = -1047468928
	holdleaders = 0
#15 0xc0662dbb in syscall (frame=
       {tf_fs = 59, tf_es = 59, tf_ds = 59, tf_edi = 1,
        tf_esi = 134613344, tf_ebp = -1077941400, tf_isp = -815776412,
        tf_ebx = 134729728, tf_edx = 0, tf_ecx = 1, tf_eax = 6,
        tf_trapno = 22, tf_err = 2, tf_eip = 169785299, tf_cs = 51,
        tf_eflags = 642, tf_esp = -1077941428, tf_ss = 59})
     at /freebsd/src/sys/i386/i386/trap.c:976
	params = 0xbfbfeb50 <Address 0xbfbfeb50 out of bounds>
	callp = (struct sysent *) 0xc06ca6e8
	td = (struct thread *) 0xc190e480
	p = (struct proc *) 0xc19c720c
	orig_tf_eflags = 642
	sticks = 4436
	error = 0
	narg = 1
	args = {1, -815776464, -1067048045, 0, 0, 0, 4436, -1046711796}
	code = 6
#16 0xc06520cf in Xint0x80_syscall ()
     at /freebsd/src/sys/i386/i386/exception.s:200
No locals.
#17 0x00000033 in ?? ()
No symbol table info available.
Previous frame inner to this frame (corrupt stack?)

############################################################
############################################################

$ kgdb kernel.debug /var/crash/vmcore-panic-sbdrop-2006-03-12
GNU gdb 6.1.1 [FreeBSD]
[...]

Unread portion of the kernel message buffer:

[not ascii; here is a hexdump]

                      51  c1 00 40 09 28 18 6c 03
c1 08 3c 03 c1 38 01 03  c1 50 95 03 c1 44 44 51
c1 00 a0 06 08 00 00 00  00 74 07 37 c1 d0 e5 02
c1 28 f9 02 c1 4c 4b 51  c1 00 00 12 28 d0 52 03
c1 f4 48 3c c1 c0 7c 03  c1 a0 f6 02 c1 18 43 51
c1 00 20 07 28 00 00 00  00 ac 37 35 c1 08 0d 0a
03 c1 88 40 03 c1 78 4c  51 c1 00 30 0f 28 d8 c3
03 c1 18 e8 02 c1 e0 e4  02 c1 20 02 03 c1 c8 47
51 c1 00 a0 13 08 00 00  00 00 4c 13 3b c1 a0 28
03 c1 28 60 03 c1 18 43  51 c1 00 b0 bf bf 00 00
00 00 5c 0c 35 c1 58 0b  03 c1 d0 43 03 c1 c8 47
51 c1 00 50 17 08 00 00  00 00 e4 d0 36 c1 d0 4b
03 c1 00 1d 03 c1 a4 dd  94 c1 00

#0  doadump () at pcpu.h:165
165		__asm __volatile("movl %%fs:0,%0" : "=r" (td));
(kgdb) bt f
#0  doadump () at pcpu.h:165
No locals.
#1  0xc04fae3e in boot (howto=260) at 
/freebsd/src/sys/kern/kern_shutdown.c:399
	first_buf_printf = 1
#2  0xc04fb104 in panic (fmt=0xc069ed40 "sbdrop")
     at /freebsd/src/sys/kern/kern_shutdown.c:555
	td = (struct thread *) 0xc194ac00
	bootopt = 260
	newpanic = 1
	ap = 0xc194ac00 ""
	buf = "sbdrop", '\0' <repeats 249 times>
#3  0xc05378b8 in sbdrop_locked (sb=0xcf612b50, len=17)
     at /freebsd/src/sys/kern/uipc_socket2.c:1157
	m = (struct mbuf *) 0x0
	next = (struct mbuf *) 0x0
#4  0xc05377ce in sbflush_locked (sb=0xcf612b50)
     at /freebsd/src/sys/kern/uipc_socket2.c:1124
No locals.
#5  0xc0536d49 in sbrelease_locked (sb=0xcf612b50, so=0x0)
     at /freebsd/src/sys/kern/uipc_socket2.c:559
No locals.
#6  0xc0536db1 in sbrelease (sb=0xcf612b50, so=0xc1908b20)
     at /freebsd/src/sys/kern/uipc_socket2.c:572
No locals.
#7  0xc0534921 in sorflush (so=0xc1908b20)
     at /freebsd/src/sys/kern/uipc_socket.c:1480
	sb = (struct sockbuf *) 0xc1908b70
	pr = (struct protosw *) 0xc06d8b14
	asb = {sb_sel = {si_thrlist = {tqe_next = 0x0, tqe_prev = 0x0},
     si_thread = 0x0, si_note = {kl_list = {slh_first = 0x0},
     kl_lock = 0,
       kl_unlock = 0, kl_locked = 0, kl_lockarg = 0x0}, si_flags = 0},
   sb_mtx = {mtx_object = {lo_class = 0xc06cf004,
       lo_name = 0xc069ecad "so_rcv", lo_type = 0xc069ecad "so_rcv",
       lo_flags = 196608, lo_list = {tqe_next = 0x0, tqe_prev = 0x0},
       lo_witness = 0x0}, mtx_lock = 3247746048, mtx_recurse = 0},
   sb_state = 0, sb_mb = 0x0, sb_mbtail = 0x0, sb_lastrecord = 0x0,
   sb_cc = 17,
   sb_hiwat = 42080, sb_mbcnt = 4294964992, sb_mbmax = 262144,
   sb_ctl = 4294967280, sb_lowat = 1, sb_timeo = 0, sb_flags = 64}
#8  0xc0532cbb in sofree (so=0xc1908b20)
     at /freebsd/src/sys/kern/uipc_socket.c:406
	head = (struct socket *) 0x0
#9  0xc0532fe9 in soclose (so=0xc1908b20)
     at /freebsd/src/sys/kern/uipc_socket.c:484
	error = 0
#10 0xc0522e6b in soo_close (fp=0xc198ea20, td=0xc194ac00)
     at /freebsd/src/sys/kern/sys_socket.c:317
	error = 0
	so = (struct socket *) 0x0
#11 0xc04dc0d4 in fdrop_locked (fp=0xc198ea20, td=0xc194ac00)
     at file.h:289
	error = 0
#12 0xc04dc025 in fdrop (fp=0xc198ea20, td=0xc194ac00)
     at /freebsd/src/sys/kern/kern_descrip.c:2101
No locals.
#13 0xc04da653 in closef (fp=0xc198ea20, td=0xc194ac00)
     at /freebsd/src/sys/kern/kern_descrip.c:1921
	vp = (struct vnode *) 0xc198ea20
	lf = {l_start = -4580996068436530020, l_len = 23122899,
   l_pid = -370322744, l_type = 599, l_whence = 0}
	fdtol = (struct filedesc_to_leader *) 0xbe24ecff
	fdp = (struct filedesc *) 0xc1ca2400
#14 0xc04d7a81 in close (td=0xc194ac00, uap=0x0)
     at /freebsd/src/sys/kern/kern_descrip.c:1004
	fdp = (struct filedesc *) 0xc1ca2400
	fp = (struct file *) 0xc198ea20
	fd = 3
	error = -1047221248
	holdleaders = 0
#15 0xc0662dbb in syscall (frame=
       {tf_fs = 59, tf_es = 59, tf_ds = 59, tf_edi = 0,
        tf_esi = 673886912, tf_ebp = -1077941608, tf_isp = -815714972,
        tf_ebx = 673809636, tf_edx = 0, tf_ecx = 0, tf_eax = 6,
        tf_trapno = 0, tf_err = 2, tf_eip = 673286099, tf_cs = 51,
        tf_eflags = 534, tf_esp = -1077941636, tf_ss = 59})
     at /freebsd/src/sys/i386/i386/trap.c:976
	params = 0xbfbfea80 <Address 0xbfbfea80 out of bounds>
	callp = (struct sysent *) 0xc06ca6e8
	td = (struct thread *) 0xc194ac00
	p = (struct proc *) 0xc1a7f624
	orig_tf_eflags = 534
	sticks = 12
	error = 0
	narg = 1
	args = {3, -1066484000, 152949657, -815715028, -1067035982,
   -1066484000, -815715020, 672605572}
	code = 6
#16 0xc06520cf in Xint0x80_syscall ()
     at /freebsd/src/sys/i386/i386/exception.s:200
No locals.
#17 0x00000033 in ?? ()
No symbol table info available.
Previous frame inner to this frame (corrupt stack?)

############################################################
############################################################

machine		i386
cpu		I686_CPU

options 	SCHED_4BSD
options 	PREEMPTION
options 	INET
options 	INET6
options 	FFS
options 	SOFTUPDATES
options 	UFS_ACL
options 	UFS_DIRHASH
options 	MSDOSFS
options 	CD9660
options 	GEOM_GPT
options 	COMPAT_43
options 	COMPAT_FREEBSD4
options 	COMPAT_FREEBSD5
options 	SCSI_DELAY=1000
options 	KTRACE
options 	SYSVSHM
options 	SYSVMSG
options 	SYSVSEM
options 	_KPOSIX_PRIORITY_SCHEDULING
options 	KBD_INSTALL_CDEV
options 	ADAPTIVE_GIANT

device		apic

device		isa
device		pci

device		ata
device		atadisk
options 	ATA_STATIC_ID

device		scbus
device		da
device		cd
device		pass

device		atkbdc
device		atkbd
device		psm

device		vga

device		splash

device		sc

device		agp

device		npx

device		pmtimer

device		ppc
device		ppbus
device		lpt
device		plip
device		ppi

device		loop
device		mem
device		io
device		random
device		ether
device		pty
device		md

device		bpf

device		uhci
device		ohci
device		ehci
device		usb
device		ugen
device		uhid
device		ukbd
device		ulpt
device		umass
device		ums

options 	INCLUDE_CONFIG_FILE

makeoptions	DEBUG=-g

options 	KDB
options 	DDB
options 	GDB

ident		WITHHELD

device		fdc

device		atapicd
device		atapicam

device		sym

device		sio

device		miibus
device		rl
device		fxp

device		wlan
device		wlan_wep
device		wlan_ccmp
device		wlan_tkip
device		wlan_xauth
device		wlan_acl

device		ath
device		ath_hal
device		ath_rate_sample

options		IPFIREWALL
options		IPFIREWALL_VERBOSE
options		IPFIREWALL_VERBOSE_LIMIT=1024
options		IPFIREWALL_DEFAULT_TO_ACCEPT
options		IPDIVERT



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?44149DF8.30608>