Panic in tcp_input
Jan Lentfer
Jan.Lentfer at web.de
Sun Sep 12 14:23:25 PDT 2010
Matthew Dillon schrieb:
Definitely upload. It's a use-after-free issue but I can't figure out
where from the txt.
Got an assert panic now. I am currently uploading the files to leaf
/home/lentferj/crash, .4 files (and this time for real :-) ).
Jan
Unread portion of the kernel message buffer:
panic: assertion: (so->so_state & SS_ASSERTINPROG) == 0 in sofree
mp_lock = 00000000; cpuid = 0
Trace beginning at frame 0xd13c2bd8
panic(ffffffff) at panic+0x174
panic(c05b117b,c060ddd8,c0592049,d1636200,0) at panic+0x174
sofree(d1636200,cb84f3c0,cb84f3c0,d13c2c3c,c033e42e) at sofree+0x80
soclose(d1636200,7,cb84f3c0,cb84f3c0,d13c2c68) at soclose+0x1cf
soo_close(cb84f3c0,cb84f3c0,d10ec780,d12f41e4,d13c2c6c) at soo_close+0x53
fdrop(cb84f3c0) at fdrop+0xe5
closef(cb84f3c0,ce3f72d0,0,ce429988,d12f40e8) at closef+0x187
kern_close(9,d13c2d34,c056aa03,d13c2cf0,27d330) at kern_close+0x114
sys_close(d13c2cf0,27d330,0,c0675e28,286) at sys_close+0xe
syscall2(d13c2d40) at syscall2+0x2b0
Xint0x80_syscall() at Xint0x80_syscall+0x36
Debugger("panic")
CPU0 stopping CPUs: 0x00000002
stopped
panic: from debugger
mp_lock = 00000000; cpuid = 0
boot() called on cpu#0
Uptime: 2m53s
Physical memory: 759 MB
Dumping 120 MB: 105 89 73 57 41 25 9
Reading symbols from /boot/kernel/acpi.ko...done.
Loaded symbols for /boot/kernel/acpi.ko
Reading symbols from /boot/kernel/ahci.ko...done.
Loaded symbols for /boot/kernel/ahci.ko
Reading symbols from /boot/kernel/ehci.ko...done.
Loaded symbols for /boot/kernel/ehci.ko
_get_mycpu (di=0xc06e76c0) at ./machine/thread.h:83
83 __asm ("movl %%fs:globaldata,%0" : "=r" (gd) :
"m"(__mycpu__dummy));
(kgdb) #0 _get_mycpu (di=0xc06e76c0) at ./machine/thread.h:83
#1 md_dumpsys (di=0xc06e76c0)
at /usr/src/sys/platform/pc32/i386/dump_machdep.c:263
#2 0xc0311bc9 in dumpsys () at /usr/src/sys/kern/kern_shutdown.c:880
#3 0xc0312189 in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:387
#4 0xc0312452 in panic (fmt=0xc05b4995 "from debugger")
at /usr/src/sys/kern/kern_shutdown.c:786
#5 0xc017adf5 in db_panic (addr=-1068151584, have_addr=0, count=-1,
modif=0xd13c2a8c "") at /usr/src/sys/ddb/db_command.c:448
#6 0xc017b46a in db_command () at /usr/src/sys/ddb/db_command.c:344
#7 db_command_loop () at /usr/src/sys/ddb/db_command.c:470
#8 0xc017daa4 in db_trap (type=3, code=0) at /usr/src/sys/ddb/db_trap.c:71
#9 0xc0554ee4 in kdb_trap (type=3, code=0, regs=0xd13c2b88)
at /usr/src/sys/platform/pc32/i386/db_interface.c:152
#10 0xc056a2cf in trap (frame=0xd13c2b88)
at /usr/src/sys/platform/pc32/i386/trap.c:823
#11 0xc0556267 in calltrap ()
at /usr/src/sys/platform/pc32/i386/exception.s:785
#12 0xc0554ce0 in breakpoint (msg=0xc05cc75f "panic") at ./cpu/cpufunc.h:73
#13 Debugger (msg=0xc05cc75f "panic")
at /usr/src/sys/platform/pc32/i386/db_interface.c:334
#9 0xc0554ee4 in kdb_trap (type=3, code=0, regs=0xd13c2b88)
at /usr/src/sys/platform/pc32/i386/db_interface.c:152
#10 0xc056a2cf in trap (frame=0xd13c2b88)
at /usr/src/sys/platform/pc32/i386/trap.c:823
#11 0xc0556267 in calltrap ()
at /usr/src/sys/platform/pc32/i386/exception.s:785
#12 0xc0554ce0 in breakpoint (msg=0xc05cc75f "panic") at ./cpu/cpufunc.h:73
#13 Debugger (msg=0xc05cc75f "panic")
at /usr/src/sys/platform/pc32/i386/db_interface.c:334
#14 0xc0312449 in panic (fmt=0xc05b117b "assertion: %s in %s")
at /usr/src/sys/kern/kern_shutdown.c:784
#15 0xc034e335 in sofree (so=0xd1636200) at
/usr/src/sys/kern/uipc_socket.c:325
#16 0xc034ec71 in soclose (so=0xd1636200, fflag=7)
at /usr/src/sys/kern/uipc_socket.c:419
#17 0xc033e42e in soo_close (fp=0xcb84f3c0)
at /usr/src/sys/kern/sys_socket.c:230
#18 0xc02f9aff in fo_close (fp=0xcb84f3c0) at /usr/src/sys/sys/file2.h:121
#19 fdrop (fp=0xcb84f3c0) at /usr/src/sys/kern/kern_descrip.c:2419
#20 0xc02f9db8 in closef (fp=0xcb84f3c0, p=0xce3f72d0)
at /usr/src/sys/kern/kern_descrip.c:2360
#21 0xc02fbfdb in kern_close (fd=9) at /usr/src/sys/kern/kern_descrip.c:857
#22 0xc02fc0bf in sys_close (uap=0xd13c2cf0)
at /usr/src/sys/kern/kern_descrip.c:816
#23 0xc056aa03 in syscall2 (frame=0xd13c2d40)
at /usr/src/sys/platform/pc32/i386/trap.c:1310
#24 0xc0556316 in Xint0x80_syscall ()
at /usr/src/sys/platform/pc32/i386/exception.s:876
#25 0x0000001f in ?? ()
More information about the Bugs
mailing list