soclose() sorele panic
Pawel Worach
pawel.worach at telia.com
Mon Oct 18 13:46:49 PDT 2004
Got this panic when a ssh client disconnected/died.
6.0-CURRENT Sun Oct 17 05:46:04 MEST 2004, UP, debug.mpsafenet=1
dump+kernel.debug is still avail. if more info needed.
ps. Why is the thread NULL in frame #28 and #27 ?
-- sh game --
# ident /boot/kernel/kernel.debug |grep uipc_socket
$FreeBSD: src/sys/kern/uipc_socket.c,v 1.213 2004/10/11 08:11:26
rwatson Exp $
$FreeBSD: src/sys/kern/uipc_socket2.c,v 1.137 2004/08/15 06:24:41
jmg Exp $
# ll /boot/kernel/kernel.debug
-rwxr-xr-x 1 root wheel 11385263 Oct 17 07:18 /boot/kernel/kernel.debug
-- ddb game --
db> tr
kdb_enter(c066f892,c06b9600,c066d845,ca219b18,c1195000) at kdb_enter+0x30
panic(c066d845,c06af540,c133ee70,0,c0fe5900) at panic+0xd5
soclose(c1304dec,ca219b5c,c048a9c0,c0c44840,c1278880) at soclose+0x39c
soo_close(c1278dd0,c0fe5900,0,c133ee70,c1278dd0) at soo_close+0x7d
fdrop_locked(c1278dd0,c0fe5900,c12f6500,c0fe5900,c133ed68) at
fdrop_locked+0xf0
fdrop(c1278dd0,c0fe5900,c052c186,c06b8160,0,0,0,0,c133ed68,c0fe5900,c12f6500,2,0,0,0,c0c45e60,ffff01b6,c12787b4,0,c12787b4,ca219c0c)
at fdrop+0x5f
closef(c1278dd0,c0fe5900,c12787b4,c0fe5900,c051de0b) at closef+0x2b2
fdfree(c0fe5900,c0691200,2,c04c8ae0,c0fe5900) at fdfree+0x486
exit1(c0fe5900,ff00,ca219d40,c0652e00,c0fe5900) at exit1+0x64c
sys_exit(c0fe5900,ca219d14,4,ca219d3c,c04db206) at sys_exit+0x1d
syscall(2f,2f,2f,bfbfe560,ffffffff) at syscall+0x330
Xint0x80_syscall() at Xint0x80_syscall+0x1f
--- syscall (1, FreeBSD ELF32, sys_exit), eip = 0x2830a1bb, esp =
0xbfbfe4dc, ebp = 0xbfbfe4e8 ---
db> ps
pid proc uarea uid ppid pgrp flag stat wmesg wchan cmd
2086 c1257600 cabbe000 1001 2085 2086 0004002 [SLPQ ttyin
0xc1102010][SLP] tcsh
2085 c12d1c00 cac25000 1001 2083 2083 0000100 [SLPQ select
0xc06bd1e4][SLP] sshd
2083 c135ae00 cac55000 0 436 2083 0000100 [SLPQ sbwait
0xc1304d40][SLP] sshd
1545 c135a000 cab69000 1001 1 1545 0004002 [RUNQ] tcsh
1542 c115b200 ca492000 0 436 1542 0002100 [CPU 0] sshd
523 c1257800 cabbf000 0 1 523 0004002 [SLPQ ttyin
0xc10c9810][SLP] getty
522 c1257e00 cabc2000 0 1 522 0004002 [SLPQ ttyin
0xc10c5410][SLP] getty
517 c1256e00 cab7e000 0 1 517 0000000 [SLPQ select
0xc06bd1e4][SLP] inetd
486 c1257a00 cabc0000 1002 1 486 0000100 [SLPQ select
0xc06bd1e4][SLP] dhcpd
457 c12d1600 cac22000 0 1 457 0000000 [SLPQ nanslp
0xc06b9c0c][SLP] cron
445 c1257c00 cabc1000 25 1 445 0000100 [SLPQ pause
0xc1257c38][SLP] sendmail
441 c12d1400 cac21000 0 1 441 0000100 [SLPQ select
0xc06bd1e4][SLP] sendmail
436 c12d1000 cac01000 0 1 436 0000100 [SLPQ select
0xc06bd1e4][SLP] sshd
421 c12cf400 cabee000 0 1 421 0000000 [SLPQ select
0xc06bd1e4][SLP] ntpd
407 c12cfa00 cabfe000 0 1 407 0000000 [SLPQ select
0xc06bd1e4][SLP] lpd
369 c1257200 cab80000 64 365 365 0000100 [SLPQ bpf
0xc11b1d00][SLP] pflogd
365 c1041a00 ca256000 0 1 365 0000000 [SLPQ sbwait
0xc1274320][SLP] pflogd
360 c1041800 ca255000 0 353 353 0000100 [SLPQ select
0xc06bd1e4][SLP] rpc.lockd
353 c1257400 cabbd000 0 1 353 0000000 [SLPQ select
0xc06bd1e4][SLP] rpc.lockd
348 c1041400 ca253000 0 1 348 0000000 [SLPQ select
0xc06bd1e4][SLP] rpc.statd
343 c115be00 ca4d4000 0 334 334 0000000 [SLPQ -
0xc11aec00][SLP] nfsd
342 c1256000 cab67000 0 334 334 0000000 [SLPQ -
0xc11aee00][SLP] nfsd
341 c1256200 cab78000 0 334 334 0000000 [SLPQ -
0xc1254000][SLP] nfsd
340 c1256400 cab79000 0 334 334 0000000 [SLPQ -
0xc1254200][SLP] nfsd
339 c1256600 cab7a000 0 334 334 0000000 [SLPQ -
0xc1254400][SLP] nfsd
338 c1256800 cab7b000 0 334 334 0000000 [SLPQ -
0xc1254600][SLP] nfsd
337 c1256a00 cab7c000 0 334 334 0000000 [SLPQ -
0xc1254800][SLP] nfsd
336 c1256c00 cab7d000 0 334 334 0000000 [SLPQ -
0xc1254a00][SLP] nfsd
334 c1257000 cab7f000 0 1 334 0000000 [SLPQ select
0xc06bd1e4][SLP] nfsd
325 c115b000 ca491000 0 1 325 0000000 [SLPQ select
0xc06bd1e4][SLP] mountd
273 c1041e00 ca258000 0 1 273 0000000 [SLPQ select
0xc06bd1e4][SLP] rpcbind
254 c1041600 ca254000 0 1 254 0000000 [SLPQ select
0xc06bd1e4][SLP] syslogd
234 c1041c00 ca257000 0 1 234 0000000 [SLPQ select
0xc06bd1e4][SLP] devd
47 c115b400 ca493000 0 0 0 0000204 [SLPQ -
0xca4c0d08][SLP] schedcpu
46 c115b600 ca4d0000 0 0 0 0000204 [SLPQ -
0xc06c46cc][SLP] nfsiod 3
45 c115b800 ca4d1000 0 0 0 0000204 [SLPQ -
0xc06c46c8][SLP] nfsiod 2
44 c115ba00 ca4d2000 0 0 0 0000204 [SLPQ -
0xc06c46c4][SLP] nfsiod 1
43 c115bc00 ca4d3000 0 0 0 0000204 [SLPQ -
0xc06c46c0][SLP] nfsiod 0
42 c0ff4c00 ca229000 0 0 0 0000204 [SLPQ syncer
0xc06b998c][SLP] syncer
41 c0ff4e00 ca22a000 0 0 0 0000204 [SLPQ vlruwt
0xc0ff4e00][SLP] vnlru
40 c103e000 ca22b000 0 0 0 0000204 [SLPQ psleep
0xc06bd7ac][SLP] bufdaemon
39 c103e200 ca22c000 0 0 0 000020c [SLPQ pgzero
0xc06caf10][SLP] pagezero
38 c103e400 ca22d000 0 0 0 0000204 [SLPQ psleep
0xc06caf64][SLP] vmdaemon
37 c103e600 ca22e000 0 0 0 0000204 [SLPQ psleep
0xc06caf20][SLP] pagedaemon
36 c103e800 ca22f000 0 0 0 0000204 [RUNQ] swi0: sio
35 c103ea00 ca24e000 0 0 0 0000204 [SLPQ -
0xc103d63c][SLP] fdc0
9 c103ec00 ca24f000 0 0 0 0000204 [SLPQ actask
0xc079fa2c][SLP] acpi_task2
8 c103ee00 ca250000 0 0 0 0000204 [SLPQ actask
0xc079fa2c][SLP] acpi_task1
7 c1041000 ca251000 0 0 0 0000204 [SLPQ actask
0xc079fa2c][SLP] acpi_task0
34 c1041200 ca252000 0 0 0 0000204 [IWAIT] swi6: task queue
6 c0fe4600 ca200000 0 0 0 0000204 [SLPQ -
0xc103c300][SLP] kqueue taskq
33 c0fe4800 ca201000 0 0 0 0000204 [IWAIT] swi5:+
32 c0fe4a00 ca202000 0 0 0 0000204 [IWAIT] swi6: acpitaskq
5 c0fe4c00 ca203000 0 0 0 0000204 [SLPQ -
0xc103c440][SLP] thread taskq
31 c0fe4e00 ca204000 0 0 0 0000204 [IWAIT] swi6:+
30 c0ff4000 ca223000 0 0 0 0000204 [SLPQ -
0xc06b1ae0][SLP] yarrow
4 c0ff4200 ca224000 0 0 0 0000204 [SLPQ -
0xc06b4528][SLP] g_down
3 c0ff4400 ca225000 0 0 0 0000204 [SLPQ -
0xc06b4524][SLP] g_up
2 c0ff4600 ca226000 0 0 0 0000204 [SLPQ -
0xc06b451c][SLP] g_event
29 c0ff4800 ca227000 0 0 0 0000204 [IWAIT] swi1: net
28 c0ff4a00 ca228000 0 0 0 0000204 [IWAIT] swi3: vm
27 c0fc6200 c99ee000 0 0 0 000020c [RUNQ] swi4: clock sio
26 c0fc6400 c99ef000 0 0 0 0000204 [IWAIT] irq15: ata1
25 c0fc6600 c99f0000 0 0 0 0000204 [IWAIT] irq14: ata0
24 c0fc6800 c9a0f000 0 0 0 0000204 [IWAIT] irq13:
23 c0fc6a00 c9a10000 0 0 0 0000204 [IWAIT] irq12:
22 c0fc6c00 c9a11000 0 0 0 0000204 [IWAIT] irq11: fxp0
21 c0fc6e00 c9a12000 0 0 0 0000204 [IWAIT] irq10:
20 c0fe4000 ca1fd000 0 0 0 0000204 [IWAIT] irq9: xl0 acpi0
19 c0fe4200 ca1fe000 0 0 0 0000204 [IWAIT] irq8: rtc
18 c0fe4400 ca1ff000 0 0 0 0000204 [IWAIT] irq7:
17 c0fbf000 c99a9000 0 0 0 0000204 [IWAIT] irq6: fdc0
16 c0fbf200 c99e6000 0 0 0 0000204 [IWAIT] irq5:
15 c0fbf400 c99e7000 0 0 0 0000204 [IWAIT] irq4: sio0
14 c0fbf600 c99e8000 0 0 0 0000204 [IWAIT] irq3: sio1
13 c0fbf800 c99e9000 0 0 0 0000204 [IWAIT] irq1: atkbd0
12 c0fbfa00 c99ea000 0 0 0 0000204 [IWAIT] irq0: clk
11 c0fbfc00 c99eb000 0 0 0 000020c [Can run] idle
1 c0fbfe00 c99ec000 0 0 1 0004200 [SLPQ wait
0xc0fbfe00][SLP] init
10 c0fc6000 c99ed000 0 0 0 0000204 [SLPQ ktrace
0xc06b7bb8][SLP] ktrace
0 c06b4620 c081f000 0 0 0 0000200 [SLPQ sched
0xc06b4620][SLP] swapper
1544 c12d1e00 cac26000 1001 1542 1542 0002100 zomb[INACTIVE] sshd
db> panic
panic: from debugger
Uptime: 12h11m42s
Dumping 191 MB
16 32 48 64 80 96 112 128 144 160 176
Dump complete
Automatic reboot in 15 seconds - press a key on the console to abort
-- kgdb game --
(kgdb) bt
#22 0x00000000 in ?? ()
#23 0xc04d1fa0 in kdb_enter (msg=0x0) at cpufunc.h:56
#24 0xc04b4715 in panic (fmt=0xc066d845 "sorele") at
/usr/src/sys/kern/kern_shutdown.c:525
#25 0xc04f86dc in soclose (so=0xc1304dec) at
/usr/src/sys/kern/uipc_socket.c:473
#26 0xc04e51ed in soo_close (fp=0xc1278dd0, td=0xc0fe5900) at
/usr/src/sys/kern/sys_socket.c:275
#27 0xc048d6d0 in fdrop_locked (fp=0xc1278dd0, td=0x0) at file.h:289
#28 0xc048bf4f in fdrop (fp=0xc1278dd0, td=0x0) at
/usr/src/sys/kern/kern_descrip.c:1897
#29 0xc048bee2 in closef (fp=0xc1278dd0, td=0xc0fe5900) at
/usr/src/sys/kern/kern_descrip.c:1883
#30 0xc048b496 in fdfree (td=0xc0fe5900) at
/usr/src/sys/kern/kern_descrip.c:1610
#31 0xc049556c in exit1 (td=0xc0fe5900, rv=65280) at
/usr/src/sys/kern/kern_exit.c:237
#32 0xc0494f1d in sys_exit (td=0x0, uap=0x0) at
/usr/src/sys/kern/kern_exit.c:94
#33 0xc0652e00 in syscall (frame=
{tf_fs = 47, tf_es = 47, tf_ds = 47, tf_edi = -1077942944, tf_esi
= -1, tf_ebp = -1077943064, tf_isp = -903766668, tf_ebx = 671987736,
tf_edx = 134703100, tf_ecx = 0, tf_eax = 1, tf_trapno = 12, tf_err = 2,
tf_eip = 674275771, tf_cs = 31, tf_eflags = 646, tf_esp = -1077943076,
tf_ss = 47}) at /usr/src/sys/i386/i386/trap.c:1001
#34 0xc0642dff in Xint0x80_syscall () at
/usr/src/sys/i386/i386/exception.s:201
#35 0x0000002f in ?? ()
(kgdb) frame 25
#25 0xc04f86dc in soclose (so=0xc1304dec) at
/usr/src/sys/kern/uipc_socket.c:473
473 sorele(so);
(kgdb) list
468 }
469 discard:
470 SOCK_LOCK(so);
471 KASSERT((so->so_state & SS_NOFDREF) == 0, ("soclose:
NOFDREF"));
472 so->so_state |= SS_NOFDREF;
473 sorele(so);
474 return (error);
475 }
476
477 /*
(kgdb) print *so
$1 = {so_count = 0, so_type = 1, so_options = 0, so_linger = 0, so_state
= 8193, so_qstate = 0, so_pcb = 0x0, so_proto = 0xc0698ce0,
so_head = 0x0, so_incomp = {tqh_first = 0x0, tqh_last = 0xc1304e08},
so_comp = {tqh_first = 0x0, tqh_last = 0xc1304e10}, so_list = {
tqe_next = 0x0, tqe_prev = 0x0}, so_qlen = 0, so_incqlen = 0,
so_qlimit = 0, so_timeo = 0, so_error = 0, so_sigio = 0x0, so_oobmark = 0,
so_aiojobq = {tqh_first = 0x0, tqh_last = 0xc1304e34}, so_rcv =
{sb_sel = {si_thrlist = {tqe_next = 0x0, tqe_prev = 0x0}, si_thread = 0x0,
si_note = {kl_lock = 0x0, kl_list = {slh_first = 0x0}}, si_flags
= 0}, sb_mtx = {mtx_object = {lo_class = 0xc06938dc,
lo_name = 0xc067264c "so_rcv", lo_type = 0xc067264c "so_rcv",
lo_flags = 131072, lo_list = {tqe_next = 0x0, tqe_prev = 0x0},
lo_witness = 0x0}, mtx_lock = 3237894400, mtx_recurse = 0},
sb_mb = 0x0, sb_mbtail = 0x0, sb_lastrecord = 0x0, sb_cc = 0,
sb_hiwat = 0, sb_mbcnt = 0, sb_mbmax = 0, sb_ctl = 0, sb_lowat = 0,
sb_timeo = 0, sb_flags = 0, sb_state = 0}, so_snd = {sb_sel = {
si_thrlist = {tqe_next = 0x0, tqe_prev = 0x0}, si_thread = 0x0,
si_note = {kl_lock = 0x0, kl_list = {slh_first = 0x0}}, si_flags = 0},
sb_mtx = {mtx_object = {lo_class = 0xc06938dc, lo_name = 0xc0672645
"so_snd", lo_type = 0xc0672645 "so_snd", lo_flags = 131072,
lo_list = {tqe_next = 0x0, tqe_prev = 0x0}, lo_witness = 0x0},
mtx_lock = 4, mtx_recurse = 0}, sb_mb = 0x0, sb_mbtail = 0x0,
sb_lastrecord = 0x0, sb_cc = 0, sb_hiwat = 0, sb_mbcnt = 0,
sb_mbmax = 0, sb_ctl = 0, sb_lowat = 2048, sb_timeo = 0, sb_flags = 64,
sb_state = 16}, so_upcall = 0, so_upcallarg = 0x0, so_cred =
0xc12f6500, so_label = 0x0, so_peerlabel = 0x0, so_gencnt = 3336,
so_emuldata = 0x0, so_accf = 0x0}
(kgdb) frame 30
#30 0xc048b496 in fdfree (td=0xc0fe5900) at
/usr/src/sys/kern/kern_descrip.c:1610
1610 (void) closef(*fpp, td);
(kgdb) print td->td_proc->p_comm
$2 = "sshd\000er", '\0' <repeats 12 times>
(kgdb) print /d td->td_proc->p_pid
$3 = 1542
(kgdb) printf "%s", msgbufp->msg_ptr
...
<118>Oct 17 19:33:10 hostname sshd[1542]: fatal: mm_request_receive:
read: -1
panic: sorele
KDB: enter: panic
panic: from debugger
Uptime: 12h11m42s
Dumping 191 MB
16 32 48 64 80 96 112 128 144 160 176
--
Pawel
More information about the freebsd-current
mailing list