I recently had two "sbdrop" panics on 6.0-RELEASE-p4 i386. Following
are the stack traces and the kernel configuration.
Of course, I still have the crash dumps, and I'll gladly help anyone who
wants more informaion.
--Eric
############################################################
############################################################
$ kgdb kernel.debug /var/crash/vmcore-panic-sbdrop-2006-03-09
GNU gdb 6.1.1 [FreeBSD]
[...]
Unread portion of the kernel message buffer:
[not ascii; here is a hexdump]
c1 20 33 70 c0 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
29 00 00 00 00 00 00 00 00 90 02 00 00 00 00 00
00 00 00 00 6c 0b 05 c1 00 00 00 00 09 00 01 00
00 00 00 00 00 00 00 00 00 00 00 00 88 14 05 c1
30 33 70 c0 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 2a 00 00 00 00 00 00 00
00 a0 02 00 00 00 00 00 00 00 00 00 b4 0b 05 c1
00 00 00 00 0d 0a 00 01 00 00 00 00 00 00 00 00
00 00 00 00 00 d0 14 05 c1 40 33 70 c0 18 0c 05
c1 90 a3 4b c1 88 a3 4b c1 00 00 00 00 6c 7f 4f
c1 f8 15 00 00 00 00 00 00 00 b0 02 00 00 00 00
#0 doadump () at pcpu.h:165
165 __asm __volatile("movl %%fs:0,%0" : "=r" (td));
(kgdb) bt f
#0 doadump () at pcpu.h:165
No locals.
#1 0xc04fae3e in boot (howto=260) at
/freebsd/src/sys/kern/kern_shutdown.c:399
first_buf_printf = 1
#2 0xc04fb104 in panic (fmt=0xc069ed40 "sbdrop")
at /freebsd/src/sys/kern/kern_shutdown.c:555
td = (struct thread *) 0xc190e480
bootopt = 260
newpanic = 1
ap = 0xc190e480 ""
buf = "sbdrop", '\0' <repeats 249 times>
#3 0xc05378b8 in sbdrop_locked (sb=0xcf603b50, len=940)
at /freebsd/src/sys/kern/uipc_socket2.c:1157
m = (struct mbuf *) 0x0
next = (struct mbuf *) 0x0
#4 0xc05377ce in sbflush_locked (sb=0xcf603b50)
at /freebsd/src/sys/kern/uipc_socket2.c:1124
No locals.
#5 0xc0536d49 in sbrelease_locked (sb=0xcf603b50, so=0x0)
at /freebsd/src/sys/kern/uipc_socket2.c:559
No locals.
#6 0xc0536db1 in sbrelease (sb=0xcf603b50, so=0xc19c2c84)
at /freebsd/src/sys/kern/uipc_socket2.c:572
No locals.
#7 0xc0534921 in sorflush (so=0xc19c2c84)
at /freebsd/src/sys/kern/uipc_socket.c:1480
sb = (struct sockbuf *) 0xc19c2cd4
pr = (struct protosw *) 0xc06d46a0
asb = {sb_sel = {si_thrlist = {tqe_next = 0x0, tqe_prev = 0x0},
si_thread = 0x0, si_note = {kl_list = {slh_first = 0x0},
kl_lock = 0,
kl_unlock = 0, kl_locked = 0, kl_lockarg = 0x0}, si_flags = 0},
sb_mtx = {mtx_object = {lo_class = 0xc06cf004,
lo_name = 0xc069ecad "so_rcv", lo_type = 0xc069ecad "so_rcv",
lo_flags = 196608, lo_list = {tqe_next = 0x0, tqe_prev = 0x0},
lo_witness = 0x0}, mtx_lock = 3247498368, mtx_recurse = 0},
sb_state = 0, sb_mb = 0xc29af800, sb_mbtail = 0xc29af800,
sb_lastrecord = 0xc29af800, sb_cc = 940, sb_hiwat = 8192,
sb_mbcnt = 2048, sb_mbmax = 65536, sb_ctl = 0, sb_lowat = 1,
sb_timeo = 0, sb_flags = 64}
#8 0xc0532cbb in sofree (so=0xc19c2c84)
at /freebsd/src/sys/kern/uipc_socket.c:406
head = (struct socket *) 0x0
#9 0xc0532fe9 in soclose (so=0xc19c2c84)
at /freebsd/src/sys/kern/uipc_socket.c:484
error = 0
#10 0xc0522e6b in soo_close (fp=0xc1eac870, td=0xc190e480)
at /freebsd/src/sys/kern/sys_socket.c:317
error = 0
so = (struct socket *) 0x0
#11 0xc04dc0d4 in fdrop_locked (fp=0xc1eac870, td=0xc190e480)
at file.h:289
error = 0
#12 0xc04dc025 in fdrop (fp=0xc1eac870, td=0xc190e480)
at /freebsd/src/sys/kern/kern_descrip.c:2101
No locals.
#13 0xc04da653 in closef (fp=0xc1eac870, td=0xc190e480)
at /freebsd/src/sys/kern/kern_descrip.c:1921
vp = (struct vnode *) 0xc1eac870
lf = {l_start = 4294967295, l_len = -4495592928909675680,
l_pid = 0, l_type = -7040, l_whence = -15984}
fdtol = (struct filedesc_to_leader *) 0xcf603ca0
fdp = (struct filedesc *) 0xc2ce5200
#14 0xc04d7a81 in close (td=0xc190e480, uap=0x0)
at /freebsd/src/sys/kern/kern_descrip.c:1004
fdp = (struct filedesc *) 0xc2ce5200
fp = (struct file *) 0xc1eac870
fd = 1
error = -1047468928
holdleaders = 0
#15 0xc0662dbb in syscall (frame=
{tf_fs = 59, tf_es = 59, tf_ds = 59, tf_edi = 1,
tf_esi = 134613344, tf_ebp = -1077941400, tf_isp = -815776412,
tf_ebx = 134729728, tf_edx = 0, tf_ecx = 1, tf_eax = 6,
tf_trapno = 22, tf_err = 2, tf_eip = 169785299, tf_cs = 51,
tf_eflags = 642, tf_esp = -1077941428, tf_ss = 59})
at /freebsd/src/sys/i386/i386/trap.c:976
params = 0xbfbfeb50 <Address 0xbfbfeb50 out of bounds>
callp = (struct sysent *) 0xc06ca6e8
td = (struct thread *) 0xc190e480
p = (struct proc *) 0xc19c720c
orig_tf_eflags = 642
sticks = 4436
error = 0
narg = 1
args = {1, -815776464, -1067048045, 0, 0, 0, 4436, -1046711796}
code = 6
#16 0xc06520cf in Xint0x80_syscall ()
at /freebsd/src/sys/i386/i386/exception.s:200
No locals.
#17 0x00000033 in ?? ()
No symbol table info available.
Previous frame inner to this frame (corrupt stack?)
############################################################
############################################################
$ kgdb kernel.debug /var/crash/vmcore-panic-sbdrop-2006-03-12
GNU gdb 6.1.1 [FreeBSD]
[...]
Unread portion of the kernel message buffer:
[not ascii; here is a hexdump]
51 c1 00 40 09 28 18 6c 03
c1 08 3c 03 c1 38 01 03 c1 50 95 03 c1 44 44 51
c1 00 a0 06 08 00 00 00 00 74 07 37 c1 d0 e5 02
c1 28 f9 02 c1 4c 4b 51 c1 00 00 12 28 d0 52 03
c1 f4 48 3c c1 c0 7c 03 c1 a0 f6 02 c1 18 43 51
c1 00 20 07 28 00 00 00 00 ac 37 35 c1 08 0d 0a
03 c1 88 40 03 c1 78 4c 51 c1 00 30 0f 28 d8 c3
03 c1 18 e8 02 c1 e0 e4 02 c1 20 02 03 c1 c8 47
51 c1 00 a0 13 08 00 00 00 00 4c 13 3b c1 a0 28
03 c1 28 60 03 c1 18 43 51 c1 00 b0 bf bf 00 00
00 00 5c 0c 35 c1 58 0b 03 c1 d0 43 03 c1 c8 47
51 c1 00 50 17 08 00 00 00 00 e4 d0 36 c1 d0 4b
03 c1 00 1d 03 c1 a4 dd 94 c1 00
#0 doadump () at pcpu.h:165
165 __asm __volatile("movl %%fs:0,%0" : "=r" (td));
(kgdb) bt f
#0 doadump () at pcpu.h:165
No locals.
#1 0xc04fae3e in boot (howto=260) at
/freebsd/src/sys/kern/kern_shutdown.c:399
first_buf_printf = 1
#2 0xc04fb104 in panic (fmt=0xc069ed40 "sbdrop")
at /freebsd/src/sys/kern/kern_shutdown.c:555
td = (struct thread *) 0xc194ac00
bootopt = 260
newpanic = 1
ap = 0xc194ac00 ""
buf = "sbdrop", '\0' <repeats 249 times>
#3 0xc05378b8 in sbdrop_locked (sb=0xcf612b50, len=17)
at /freebsd/src/sys/kern/uipc_socket2.c:1157
m = (struct mbuf *) 0x0
next = (struct mbuf *) 0x0
#4 0xc05377ce in sbflush_locked (sb=0xcf612b50)
at /freebsd/src/sys/kern/uipc_socket2.c:1124
No locals.
#5 0xc0536d49 in sbrelease_locked (sb=0xcf612b50, so=0x0)
at /freebsd/src/sys/kern/uipc_socket2.c:559
No locals.
#6 0xc0536db1 in sbrelease (sb=0xcf612b50, so=0xc1908b20)
at /freebsd/src/sys/kern/uipc_socket2.c:572
No locals.
#7 0xc0534921 in sorflush (so=0xc1908b20)
at /freebsd/src/sys/kern/uipc_socket.c:1480
sb = (struct sockbuf *) 0xc1908b70
pr = (struct protosw *) 0xc06d8b14
asb = {sb_sel = {si_thrlist = {tqe_next = 0x0, tqe_prev = 0x0},
si_thread = 0x0, si_note = {kl_list = {slh_first = 0x0},
kl_lock = 0,
kl_unlock = 0, kl_locked = 0, kl_lockarg = 0x0}, si_flags = 0},
sb_mtx = {mtx_object = {lo_class = 0xc06cf004,
lo_name = 0xc069ecad "so_rcv", lo_type = 0xc069ecad "so_rcv",
lo_flags = 196608, lo_list = {tqe_next = 0x0, tqe_prev = 0x0},
lo_witness = 0x0}, mtx_lock = 3247746048, mtx_recurse = 0},
sb_state = 0, sb_mb = 0x0, sb_mbtail = 0x0, sb_lastrecord = 0x0,
sb_cc = 17,
sb_hiwat = 42080, sb_mbcnt = 4294964992, sb_mbmax = 262144,
sb_ctl = 4294967280, sb_lowat = 1, sb_timeo = 0, sb_flags = 64}
#8 0xc0532cbb in sofree (so=0xc1908b20)
at /freebsd/src/sys/kern/uipc_socket.c:406
head = (struct socket *) 0x0
#9 0xc0532fe9 in soclose (so=0xc1908b20)
at /freebsd/src/sys/kern/uipc_socket.c:484
error = 0
#10 0xc0522e6b in soo_close (fp=0xc198ea20, td=0xc194ac00)
at /freebsd/src/sys/kern/sys_socket.c:317
error = 0
so = (struct socket *) 0x0
#11 0xc04dc0d4 in fdrop_locked (fp=0xc198ea20, td=0xc194ac00)
at file.h:289
error = 0
#12 0xc04dc025 in fdrop (fp=0xc198ea20, td=0xc194ac00)
at /freebsd/src/sys/kern/kern_descrip.c:2101
No locals.
#13 0xc04da653 in closef (fp=0xc198ea20, td=0xc194ac00)
at /freebsd/src/sys/kern/kern_descrip.c:1921
vp = (struct vnode *) 0xc198ea20
lf = {l_start = -4580996068436530020, l_len = 23122899,
l_pid = -370322744, l_type = 599, l_whence = 0}
fdtol = (struct filedesc_to_leader *) 0xbe24ecff
fdp = (struct filedesc *) 0xc1ca2400
#14 0xc04d7a81 in close (td=0xc194ac00, uap=0x0)
at /freebsd/src/sys/kern/kern_descrip.c:1004
fdp = (struct filedesc *) 0xc1ca2400
fp = (struct file *) 0xc198ea20
fd = 3
error = -1047221248
holdleaders = 0
#15 0xc0662dbb in syscall (frame=
{tf_fs = 59, tf_es = 59, tf_ds = 59, tf_edi = 0,
tf_esi = 673886912, tf_ebp = -1077941608, tf_isp = -815714972,
tf_ebx = 673809636, tf_edx = 0, tf_ecx = 0, tf_eax = 6,
tf_trapno = 0, tf_err = 2, tf_eip = 673286099, tf_cs = 51,
tf_eflags = 534, tf_esp = -1077941636, tf_ss = 59})
at /freebsd/src/sys/i386/i386/trap.c:976
params = 0xbfbfea80 <Address 0xbfbfea80 out of bounds>
callp = (struct sysent *) 0xc06ca6e8
td = (struct thread *) 0xc194ac00
p = (struct proc *) 0xc1a7f624
orig_tf_eflags = 534
sticks = 12
error = 0
narg = 1
args = {3, -1066484000, 152949657, -815715028, -1067035982,
-1066484000, -815715020, 672605572}
code = 6
#16 0xc06520cf in Xint0x80_syscall ()
at /freebsd/src/sys/i386/i386/exception.s:200
No locals.
#17 0x00000033 in ?? ()
No symbol table info available.
Previous frame inner to this frame (corrupt stack?)
############################################################
############################################################
machine i386
cpu I686_CPU
options SCHED_4BSD
options PREEMPTION
options INET
options INET6
options FFS
options SOFTUPDATES
options UFS_ACL
options UFS_DIRHASH
options MSDOSFS
options CD9660
options GEOM_GPT
options COMPAT_43
options COMPAT_FREEBSD4
options COMPAT_FREEBSD5
options SCSI_DELAY=1000
options KTRACE
options SYSVSHM
options SYSVMSG
options SYSVSEM
options _KPOSIX_PRIORITY_SCHEDULING
options KBD_INSTALL_CDEV
options ADAPTIVE_GIANT
device apic
device isa
device pci
device ata
device atadisk
options ATA_STATIC_ID
device scbus
device da
device cd
device pass
device atkbdc
device atkbd
device psm
device vga
device splash
device sc
device agp
device npx
device pmtimer
device ppc
device ppbus
device lpt
device plip
device ppi
device loop
device mem
device io
device random
device ether
device pty
device md
device bpf
device uhci
device ohci
device ehci
device usb
device ugen
device uhid
device ukbd
device ulpt
device umass
device ums
options INCLUDE_CONFIG_FILE
makeoptions DEBUG=-g
options KDB
options DDB
options GDB
ident WITHHELD
device fdc
device atapicd
device atapicam
device sym
device sio
device miibus
device rl
device fxp
device wlan
device wlan_wep
device wlan_ccmp
device wlan_tkip
device wlan_xauth
device wlan_acl
device ath
device ath_hal
device ath_rate_sample
options IPFIREWALL
options IPFIREWALL_VERBOSE
options IPFIREWALL_VERBOSE_LIMIT=1024
options IPFIREWALL_DEFAULT_TO_ACCEPT
options IPDIVERT
_______________________________________________
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "[EMAIL PROTECTED]"