kern/117717: Kernel panic with Bittorrent client.

Jonathan Chen jonc at chen.org.nz
Wed Oct 31 06:00:08 PDT 2007 

>Number:         117717
>Category:       kern
>Synopsis:       Kernel panic with Bittorrent client.
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Oct 31 13:00:07 UTC 2007
>Closed-Date:
>Last-Modified:
>Originator:     Jonathan Chen
>Release:        FreeBSD 6.2-STABLE i386
>Organization:
>Environment:
System: FreeBSD osiris.chen.org.nz 6.2-STABLE FreeBSD 6.2-STABLE #0: Mon Oct 22 11:26:18 NZDT 2007 root at osiris.chen.org.nz:/usr/obj/usr/src/sys/OSIRIS i386
>Description:

I've just recently updated Deluge (a GNOME Bitorrent client), and I'm
experiencing kernel panics when I run this on -STABLE as at 22-Oct-2007.
The panic is reproducible on another machine running an older version of
-STABLE as well.

The client has just recently undergone a rearchitecture to use more
threading instead of spawning processes. My uninformed guess is that
there is a race condition on setsockopt(2).

I managed to get a kernel dump while running it under single-user
mode. Contents of kgdb follows. Hope it is of help to someone.

osiris-OSIRIS,9:44pm# kgdb kernel.debug /var/crash/vmcore.0 
kgdb: kvm_nlist(_stopped_cpus): 
kgdb: kvm_nlist(_stoppcbs): 
[GDB will not be able to debug user-mode threads: /usr/lib/libthread_db.so: Undefined symbol "ps_pglobal_lookup"]
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-marcel-freebsd".

Unread portion of the kernel message buffer:
<118>osiris-~,9:35pm> 
<118>s
<118>t
<118>a
<118>r
<118>t
<118>x
<118>
<118>xauth:  creating new authority file /home/jonc/.serverauth.2052
<118>xauth:  creating new authority file /home/jonc/.Xauthority
<118>xauth:  creating new authority file /home/jonc/.Xauthority
<118>xauth: (argv):1:  
<118>bad display name "osiris.chen.org.nz:0" in "list" command
<118>xauth: (stdin):1:  
<118>bad display name "osiris.chen.org.nz:0" in "add" command
<118>
<118>
<118>
<118>X.Org X Server 1.4.0
<118>
<118>Release Date: 5 September 2007
<118>X Protocol Version 11, Revision 0
<118>Build Operating System: FreeBSD 6.2-STABLE i386 
<118>Current Operating System: FreeBSD osiris.chen.org.nz 6.2-STABLE FreeBSD 6.2-STABLE #0: Mon Oct 22 11:26:18 NZDT 2007     root at osiris.chen.org.nz:/usr/obj/usr/src/sys/OSIRIS i386
<118>Build Date: 02 October 2007  08:08:35PM
<118> 
<118>	Before reporting problems, check http://wiki.x.org
<118>	to make sure that you have the latest version.
<118>Module Loader present
<118>Markers: 
<118>(--) probed, 
<118>(**) from config file, 
<118>(==) default setting,
<118>	
<118>(++) from command line, 
<118>(!!) notice, 
<118>(II) informational,
<118>	
<118>(WW) warning, 
<118>(EE) error, 
<118>(NI) not implemented, 
<118>(??) unknown.
<118>(==) Log file: "/var/log/Xorg.0.log", Time: Tue Oct 30 21:35:20 2007
<118>(==) Using config file: "/etc/X11/xorg.conf"
<118>(II) Module "i2c" already built-in
<118>(II) Module "ddc" already built-in
<118>(II) Module "ramdac" already built-in


Fatal trap 12: page fault while in kernel mode
fault virtual address	= 0x0
fault code		= supervisor read, page not present
instruction pointer	= 0x20:0xc0599173
stack pointer	        = 0x28:0xeb5feb38
frame pointer	        = 0x28:0xeb5feb40
code segment		= base 0x0, limit 0xfffff, type 0x1b
			= DPL 0, pres 1, def32 1, gran 1
processor eflags	= interrupt enabled, resume, IOPL = 0
current process		= 2096 (python2.5)
trap number		= 12
panic: page fault
Uptime: 5m56s
Dumping 1023 MB (2 chunks)
  chunk 0: 1MB (159 pages) ... ok
  chunk 1: 1023MB (261872 pages) 1007 991 975 959 943 927 911 895 879 863 847 831 815 799 783 767 751 735 719 703 687 671 655 639 623 607 591 575 559 543 527 511 495 479 463 447 431 415 399 383 367 351 335 319 303 287 271 255 239 223 207 191 175 159 143 127 111 95 79 63 47 31 15

#0  doadump () at pcpu.h:165
165		__asm __volatile("movl %%fs:0,%0" : "=r" (td));
(kgdb) list *0xc0599173
0xc0599173 is in if_findmulti (/usr/src/sys/net/if.c:1893).
1888		TAILQ_FOREACH(ifma, &ifp->if_multiaddrs, ifma_link) {
1889			if (sa->sa_family == AF_LINK) {
1890				if (sa_dl_equal(ifma->ifma_addr, sa))
1891					break;
1892			} else {
1893				if (sa_equal(ifma->ifma_addr, sa))
1894					break;
1895			}
1896		}
1897	
(kgdb) bt
#0  doadump () at pcpu.h:165
#1  0xc052a952 in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:409
#2  0xc052abe8 in panic (fmt=0xc06a4845 "%s")
    at /usr/src/sys/kern/kern_shutdown.c:565
#3  0xc0673ce0 in trap_fatal (frame=0xeb5feaf8, eva=0)
    at /usr/src/sys/i386/i386/trap.c:838
#4  0xc0673a47 in trap_pfault (frame=0xeb5feaf8, usermode=0, eva=0)
    at /usr/src/sys/i386/i386/trap.c:745
#5  0xc06736a5 in trap (frame=
      {tf_fs = 8, tf_es = 40, tf_ds = 40, tf_edi = -346035324, tf_esi = -346035324, tf_ebp = -346035392, tf_isp = -346035420, tf_ebx = -986119552, tf_edx = 176, tf_ecx = 43, tf_eax = 0, tf_trapno = 12, tf_err = 0, tf_eip = -1067871885, tf_cs = 32, tf_eflags = 66183, tf_esp = -346035324, tf_ss = -994220032})
    at /usr/src/sys/i386/i386/trap.c:435
#6  0xc0661b4a in calltrap () at /usr/src/sys/i386/i386/exception.s:139
#7  0xc0599173 in if_findmulti (ifp=0x0, sa=0xeb5feb84)
    at /usr/src/sys/net/if.c:1893
#8  0xc0599313 in if_addmulti (ifp=0xc4bd6800, sa=0xeb5feb84, 
    retifma=0xeb5feb80) at /usr/src/sys/net/if.c:2001
#9  0xc05af097 in in_addmulti (ap=0xeb5febb8, ifp=0xc4bd6800)
    at /usr/src/sys/netinet/in.c:982
#10 0xc05b8274 in ip_setmoptions (inp=0xc4ff67bc, sopt=0xb0)
    at /usr/src/sys/netinet/ip_output.c:1897
#11 0xc05b76a3 in ip_ctloutput_pcbinfo (so=0xc5242de8, sopt=0xeb5fec90, 
    pcbinfo=0xc070f780) at /usr/src/sys/netinet/ip_output.c:1314
#12 0xc05b7950 in ip_ctloutput (so=0xc5242de8, sopt=0xeb5fec90)
    at /usr/src/sys/netinet/ip_output.c:1516
#13 0xc056583c in sosetopt (so=0xc5242de8, sopt=0xeb5fec90)
    at /usr/src/sys/kern/uipc_socket.c:1575
#14 0xc056abbd in kern_setsockopt (td=0xc55b5000, s=8, level=0, name=0, 
    val=0x2b, valseg=UIO_USERSPACE, valsize=176)
    at /usr/src/sys/kern/uipc_syscalls.c:1351
#15 0xc056aade in setsockopt (td=0xc55b5000, uap=0x0)
    at /usr/src/sys/kern/uipc_syscalls.c:1307
#16 0xc0673ff7 in syscall (frame=
      {tf_fs = 59, tf_es = 59, tf_ds = 59, tf_edi = -1077948888, tf_esi = -1077947712, tf_ebp = -1077949208, tf_isp = -346034844, tf_ebx = 677728976, tf_edx = 0, tf_ecx = 1, tf_eax = 105, tf_trapno = 12, tf_err = 2, tf_eip = 673121211, tf_cs = 51, tf_eflags = 658, tf_esp = -1077949364, tf_ss = 59})
    at /usr/src/sys/i386/i386/trap.c:984
#17 0xc0661b9f in Xint0x80_syscall () at /usr/src/sys/i386/i386/exception.s:200
#18 0x00000033 in ?? ()
Previous frame inner to this frame (corrupt stack?)
(kgdb)

-------------------------------------------------------------------------------
dmesg follows:

Copyright (c) 1992-2007 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
	The Regents of the University of California. All rights reserved.
FreeBSD is a registered trademark of The FreeBSD Foundation.
FreeBSD 6.2-STABLE #0: Mon Oct 22 11:26:18 NZDT 2007
    root at osiris.chen.org.nz:/usr/obj/usr/src/sys/OSIRIS
ACPI APIC Table: <Nvidia AWRDACPI>
Timecounter "i8254" frequency 1193182 Hz quality 0
CPU: AMD Athlon(tm) XP 2800+ (2079.56-MHz 686-class CPU)
  Origin = "AuthenticAMD"  Id = 0x6a0  Stepping = 0
  Features=0x383fbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE>
  AMD Features=0xc0400800<SYSCALL,MMX+,3DNow!+,3DNow!>
real memory  = 1073676288 (1023 MB)
avail memory = 1041678336 (993 MB)
ioapic0 <Version 1.1> irqs 0-23 on motherboard
kbd1 at kbdmux0
acpi0: <Nvidia AWRDACPI> on motherboard
acpi0: Power Button (fixed)
Timecounter "ACPI-fast" frequency 3579545 Hz quality 1000
acpi_timer0: <24-bit timer at 3.579545MHz> port 0x1008-0x100b on acpi0
cpu0: <ACPI CPU> on acpi0
acpi_button0: <Power Button> on acpi0
pcib0: <ACPI Host-PCI bridge> port 0xcf8-0xcff,0xcf0-0xcf3 on acpi0
pci0: <ACPI PCI bus> on pcib0
Correcting nForce2 C1 CPU disconnect hangs
agp0: <NVIDIA nForce2 AGP Controller> mem 0xe0000000-0xe3ffffff at device 0.0 on pci0
pci0: <memory, RAM> at device 0.1 (no driver attached)
pci0: <memory, RAM> at device 0.2 (no driver attached)
pci0: <memory, RAM> at device 0.3 (no driver attached)
pci0: <memory, RAM> at device 0.4 (no driver attached)
pci0: <memory, RAM> at device 0.5 (no driver attached)
isab0: <PCI-ISA bridge> at device 1.0 on pci0
isa0: <ISA bus> on isab0
pci0: <serial bus, SMBus> at device 1.1 (no driver attached)
ohci0: <OHCI (generic) USB controller> mem 0xe9003000-0xe9003fff irq 20 at device 2.0 on pci0
ohci0: [GIANT-LOCKED]
usb0: OHCI version 1.0, legacy support
usb0: <OHCI (generic) USB controller> on ohci0
usb0: USB revision 1.0
uhub0: nVidia OHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub0: 3 ports with 3 removable, self powered
ohci1: <OHCI (generic) USB controller> mem 0xe9004000-0xe9004fff irq 21 at device 2.1 on pci0
ohci1: [GIANT-LOCKED]
usb1: OHCI version 1.0, legacy support
usb1: <OHCI (generic) USB controller> on ohci1
usb1: USB revision 1.0
uhub1: nVidia OHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub1: 3 ports with 3 removable, self powered
ehci0: <NVIDIA nForce2 USB 2.0 controller> mem 0xe9005000-0xe90050ff irq 22 at device 2.2 on pci0
ehci0: [GIANT-LOCKED]
usb2: EHCI version 1.0
usb2: companion controllers, 4 ports each: usb0 usb1
usb2: <NVIDIA nForce2 USB 2.0 controller> on ehci0
usb2: USB revision 2.0
uhub2: nVidia EHCI root hub, class 9/0, rev 2.00/1.00, addr 1
uhub2: 6 ports with 6 removable, self powered
pcm0: <nVidia nForce2> port 0xd400-0xd4ff,0xd800-0xd87f mem 0xe9001000-0xe9001fff irq 20 at device 6.0 on pci0
pcm0: <Avance Logic ALC655 AC97 Codec>
pcib1: <ACPI PCI-PCI bridge> at device 8.0 on pci0
pci1: <ACPI PCI bus> on pcib1
xl0: <3Com 3c905-TX Fast Etherlink XL> port 0xa000-0xa03f irq 16 at device 8.0 on pci1
miibus0: <MII bus> on xl0
nsphy0: <DP83840 10/100 media interface> on miibus0
nsphy0:  10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
xl0: Ethernet address: 00:60:97:a4:7f:82
re0: <RealTek 8169S Single-chip Gigabit Ethernet> port 0xa400-0xa4ff mem 0xe8006000-0xe80060ff irq 16 at device 11.0 on pci1
miibus1: <MII bus> on re0
rgephy0: <RTL8169S/8110S media interface> on miibus1
rgephy0:  10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, 1000baseT, 1000baseT-FDX, auto
re0: Ethernet address: 00:0d:61:77:af:09
re0: [FAST]
atapci0: <ITE IT8212F UDMA133 controller> port 0xa810-0xa817,0xac00-0xac03,0xb010-0xb017,0xb400-0xb403,0xb800-0xb80f irq 17 at device 12.0 on pci1
ata2: <ATA channel 0> on atapci0
ata3: <ATA channel 1> on atapci0
atapci1: <SiI 3512 SATA150 controller> port 0xbc00-0xbc07,0xc000-0xc003,0xc400-0xc407,0xc800-0xc803,0xcc00-0xcc0f mem 0xe8004000-0xe80041ff irq 18 at device 13.0 on pci1
ata4: <ATA channel 0> on atapci1
ata5: <ATA channel 1> on atapci1
fwohci0: <Texas Instruments TSB43AB23> mem 0xe8005000-0xe80057ff,0xe8000000-0xe8003fff irq 16 at device 14.0 on pci1
fwohci0: OHCI version 1.10 (ROM=1)
fwohci0: No. of Isochronous channels is 4.
fwohci0: EUI64 00:0d:61:00:00:48:17:f4
fwohci0: Phy 1394a available S400, 3 ports.
fwohci0: Link S400, max_rec 2048 bytes.
firewire0: <IEEE1394(FireWire) bus> on fwohci0
sbp0: <SBP-2/SCSI over FireWire> on firewire0
fwe0: <Ethernet over FireWire> on firewire0
if_fwe0: Fake Ethernet address: 02:0d:61:48:17:f4
fwe0: Ethernet address: 02:0d:61:48:17:f4
fwe0: if_start running deferred for Giant
fwohci0: Initiate bus reset
fwohci0: BUS reset
fwohci0: node_id=0xc800ffc0, gen=1, CYCLEMASTER mode
firewire0: 1 nodes, maxhop <= 0, cable IRM = 0 (me)
firewire0: bus manager 0 (me)
atapci2: <nVidia nForce2 UDMA133 controller> port 0x1f0-0x1f7,0x3f6,0x170-0x177,0x376,0xf000-0xf00f at device 9.0 on pci0
ata0: <ATA channel 0> on atapci2
ata1: <ATA channel 1> on atapci2
pcib2: <ACPI PCI-PCI bridge> at device 30.0 on pci0
pci2: <ACPI PCI bus> on pcib2
pci2: <display, VGA> at device 0.0 (no driver attached)
fdc0: <floppy drive controller> port 0x3f0-0x3f5,0x3f7 irq 6 drq 2 on acpi0
fdc0: [FAST]
sio0: <16550A-compatible COM port> port 0x3f8-0x3ff irq 4 flags 0x10 on acpi0
sio0: type 16550A
sio1: <16550A-compatible COM port> port 0x2f8-0x2ff irq 3 on acpi0
sio1: type 16550A
ppc0: <ECP parallel printer port> port 0x378-0x37f,0x778-0x77b irq 7 drq 3 on acpi0
ppc0: Generic chipset (ECP/PS2/NIBBLE) in COMPATIBLE mode
ppc0: FIFO with 16/16/16 bytes threshold
ppbus0: <Parallel port bus> on ppc0
ppbus0: IEEE1284 device found /NIBBLE/ECP
Probing for PnP devices on ppbus0:
ppbus0: <Hewlett-Packard HP LaserJet 6MP> PJL,MLC,PCLXL,PCL,POSTSCRIPT
plip0: <PLIP network interface> on ppbus0
lpt0: <Printer> on ppbus0
lpt0: Interrupt-driven port
ppi0: <Parallel I/O> on ppbus0
atkbdc0: <Keyboard controller (i8042)> port 0x60,0x64 irq 1 on acpi0
atkbd0: <AT Keyboard> irq 1 on atkbdc0
kbd0 at atkbd0
atkbd0: [GIANT-LOCKED]
psm0: <PS/2 Mouse> irq 12 on atkbdc0
psm0: [GIANT-LOCKED]
psm0: model IntelliMouse, device ID 3
pmtimer0 on isa0
orm0: <ISA Option ROM> at iomem 0xc0000-0xcefff on isa0
sc0: <System console> at flags 0x100 on isa0
sc0: VGA <16 virtual consoles, flags=0x300>
vga0: <Generic ISA VGA> at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0
Timecounter "TSC" frequency 2079561755 Hz quality 800
Timecounters tick every 1.000 msec
ad0: 78166MB <Maxtor 6Y080L0 YAR41BW0> at ata0-master UDMA133
ad1: 190782MB <HDT722520DLAT80 V44OA96A> at ata0-slave UDMA133
acd0: DVDR <HL-DT-ST DVDRAM GSA-4165B/DL05> at ata1-master UDMA33
acd0: FAILURE - INQUIRY ILLEGAL REQUEST asc=0x24 ascq=0x00 sks=0x40 0x00 0x01
cd0 at ata1 bus 0 target 0 lun 0
cd0: <HL-DT-ST DVDRAM GSA-4165B DL05> Removable CD-ROM SCSI-0 device 
cd0: 33.000MB/s transfers
cd0: cd present [2295104 x 2048 byte records]
Trying to mount root from ufs:/dev/ad0s1a
WARNING: / was not properly dismounted
ipfw2 (+ipv6) initialized, divert loadable, rule-based forwarding disabled, default to deny, logging disabled
re0: link state changed to UP

>How-To-Repeat:

Install ports/net-p2p/deluge on a 6-STABLE UP machine with 512Mb RAM. 
Repeatedly start and stop until panic occurs.

>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-bugs mailing list