kern/107992: rtorrent causes kernel panic on 6.1-RELEASE
Asbjørn Clemmensen
funcspam at okejl.dk
Tue Jan 16 16:40:24 UTC 2007
>Number: 107992
>Category: kern
>Synopsis: rtorrent causes kernel panic on 6.1-RELEASE
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Tue Jan 16 16:40:23 GMT 2007
>Closed-Date:
>Last-Modified:
>Originator: Asbjørn Clemmensen
>Release: 6.1-RELEASE
>Organization:
>Environment:
FreeBSD shh.okejl.dk 6.1-RELEASE FreeBSD 6.1-RELEASE #2: Tue Jan 16 05:37:32 CET 2007 func at shh.okejl.dk:/usr/obj/usr/src/sys/SHH i386
>Description:
Downloading with rtorrent, for almost any random period of time, causes a kernel panic. I recompiled with makeoptions=-g and got a kernel core dump, so I can give any information upon request.
kgdb output:
[root at shh /var/crash]# kgdb kernel.debug.2007-01-16 vmcore.0
[GDB will not be able to debug user-mode threads: /usr/lib/libthread_db.so: Undefined symbol "ps_pglobal_lookup"]
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i386-marcel-freebsd".
Unread portion of the kernel message buffer:
Fatal trap 12: page fault while in kernel mode
fault virtual address = 0x58
fault code = supervisor write, page not present
instruction pointer = 0x20:0xc060419a
stack pointer = 0x28:0xd1474ad0
frame pointer = 0x28:0xd1474b00
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, def32 1, gran 1
processor eflags = interrupt enabled, resume, IOPL = 0
current process = 627 (rtorrent)
trap number = 12
panic: page fault
Uptime: 4h17m45s
Dumping 255 MB (2 chunks)
chunk 0: 1MB (159 pages) ... ok
chunk 1: 255MB (65264 pages) 239 223 207 191 175 159 143 127 111 95 79 63 47 31 15
#0 doadump () at pcpu.h:165
165 pcpu.h: No such file or directory.
in pcpu.h
(kgdb) bt full
#0 doadump () at pcpu.h:165
No locals.
#1 0xc0557eb7 in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:402
first_buf_printf = 1
#2 0xc05581f9 in panic (fmt=0xc0753925 "%s") at /usr/src/sys/kern/kern_shutdown.c:558
td = (struct thread *) 0xc2602d80
bootopt = 260
newpanic = 0
ap = 0xc2602d80 "0�f�"
buf = "page fault", '\0' <repeats 245 times>
#3 0xc0727f4c in trap_fatal (frame=0xd1474a90, eva=0) at /usr/src/sys/i386/i386/trap.c:836
code = 40
type = 12
ss = 40
esp = 0
softseg = {ssd_base = 0, ssd_limit = 1048575, ssd_type = 27, ssd_dpl = 0, ssd_p = 1, ssd_xx = 3,
ssd_xx1 = 1, ssd_def32 = 1, ssd_gran = 1}
msg = 0x0
#4 0xc0727c22 in trap_pfault (frame=0xd1474a90, usermode=0, eva=88) at /usr/src/sys/i386/i386/trap.c:744
va = 0
vm = (struct vmspace *) 0x0
map = 0x1
rv = 1
ftype = 2 '\002'
td = (struct thread *) 0xc2602d80
p = (struct proc *) 0xc266b830
#5 0xc07277df in trap (frame=
{tf_fs = -1033895928, tf_es = -783876056, tf_ds = -1066336216, tf_edi = 0, tf_esi = 0, tf_ebp = -783856896, tf_isp = -783856964, tf_ebx = -783856512, tf_edx = -783856240, tf_ecx = 0, tf_eax = 8, tf_trapno = 12, tf_err = 2, tf_eip = -1067433574, tf_cs = 32, tf_eflags = 2163335, tf_esp = -783856512, tf_ss = -783856920}) at /usr/src/sys/i386/i386/trap.c:434
td = (struct thread *) 0xc2602d80
p = (struct proc *) 0xc266b830
sticks = 3229573652
i = 0
ucode = 0
type = 12
code = 2
eva = 88
#6 0xc071469a in calltrap () at /usr/src/sys/i386/i386/exception.s:139
No locals.
#7 0xc060419a in ip_ctloutput (so=0x8, sopt=0xd1474c80) at /usr/src/sys/netinet/ip_output.c:1210
inp = (struct inpcb *) 0x0
error = 0
optval = 8
#8 0xc061797c in tcp_ctloutput (so=0xc2706b20, sopt=0xd1474c80) at /usr/src/sys/netinet/tcp_usrreq.c:1038
error = 0
opt = 8
optval = -1033884288
inp = (struct inpcb *) 0xc27e34ec
tp = (struct tcpcb *) 0xc06c9b6f
ti = {tcpi_state = 0 '\0', __tcpi_ca_state = 0 '\0', __tcpi_retransmits = 0 '\0',
__tcpi_probes = 0 '\0', __tcpi_backoff = 0 '\0', tcpi_options = 1 '\001', tcpi_snd_wscale = 0 '\0',
tcpi_rcv_wscale = 0 '\0', __tcpi_rto = 3511110496, __tcpi_ato = 3226860672,
__tcpi_snd_mss = 3238199296, __tcpi_rcv_mss = 20, __tcpi_unacked = 3260944792,
__tcpi_sacked = 3511110916, __tcpi_lost = 3226670946, __tcpi_retrans = 3511110632,
__tcpi_fackets = 135450624, __tcpi_last_data_sent = 20, __tcpi_last_ack_sent = 3260944792,
__tcpi_last_data_recv = 3261254144, __tcpi_last_ack_recv = 3511110584, __tcpi_pmtu = 3226679447,
__tcpi_rcv_ssthresh = 3511110916, __tcpi_rtt = 3511110632, __tcpi_rttvar = 1,
tcpi_snd_ssthresh = 3228949640, tcpi_snd_cwnd = 203, __tcpi_advmss = 0, __tcpi_reordering = 0,
__tcpi_rcv_rtt = 1, tcpi_rcv_space = 71, tcpi_snd_wnd = 1023, tcpi_snd_bwnd = 3258018120, __tcpi_pad = {
0, 3511110584, 3226659679, 3258018120, 3261083008, 62847, 3238319944, 3238319872, 3257844640,
3228340475, 3257844640, 3262229528, 4, 3511110632, 3226659679, 3262229528, 3261083008, 0, 3262229528,
4, 3262229528, 3511110800, 3226625684, 3262229528, 3261083008, 3511110688, 3261446528, 3261083008,
3511110684, 1, 64, 0}}
#9 0xc059f737 in sosetopt (so=0xc2706b20, sopt=0xd1474c80) at /usr/src/sys/kern/uipc_socket.c:1560
error = -1077941928
optval = -1032819936
l = {l_onoff = -783856532, l_linger = -1068307617}
tv = {tv_sec = -1037122656, tv_usec = -1032737768}
val = 0
#10 0xc05a6379 in kern_setsockopt (td=0xc2602d80, s=8, level=8, name=8, val=0xbfbfe958,
valseg=UIO_USERSPACE, valsize=0) at /usr/src/sys/kern/uipc_syscalls.c:1351
error = 0
so = (struct socket *) 0xd1474d90
fp = (struct file *) 0xc271ac18
sopt = {sopt_dir = SOPT_SET, sopt_level = 0, sopt_name = 3, sopt_val = 0xbfbfe958,
sopt_valsize = 4, sopt_td = 0xc2602d80}
#11 0xc05a627e in setsockopt (td=0x8, uap=0xd1474d90) at /usr/src/sys/kern/uipc_syscalls.c:1307
No locals.
#12 0xc0728340 in syscall (frame=
{tf_fs = 135397435, tf_es = -1078001605, tf_ds = -783876037, tf_edi = 4, tf_esi = 3, tf_ebp = -1077941912, tf_isp = -783856284, tf_ebx = 673253000, tf_edx = 0, tf_ecx = 140, tf_eax = 105, tf_trapno = 22, tf_err = 2, tf_eip = 677329071, tf_cs = 51, tf_eflags = 2097734, tf_esp = -1077941956, tf_ss = 59})
at /usr/src/sys/i386/i386/trap.c:981
params = 0xbfbfe940 <Address 0xbfbfe940 out of bounds>
callp = (struct sysent *) 0xc07a218c
td = (struct thread *) 0xc2602d80
p = (struct proc *) 0xc266b830
orig_tf_eflags = 2097734
sticks = 15934
error = 0
narg = 5
args = {140, 0, 3, -1077941928, 4, -1077941520, -783856332, 673253000}
code = 105
#13 0xc07146ef in Xint0x80_syscall () at /usr/src/sys/i386/i386/exception.s:200
No locals.
#14 0x00000033 in ?? ()
No symbol table info available.
Previous frame inner to this frame (corrupt stack?)
The system is a Pentium III with 256 megs of memory, and a 3Com NIC (xl). dmesg output follows:
Copyright (c) 1992-2006 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
The Regents of the University of California. All rights reserved.
FreeBSD 6.1-RELEASE #2: Tue Jan 16 05:37:32 CET 2007
func at shh.okejl.dk:/usr/obj/usr/src/sys/SHH
Timecounter "i8254" frequency 1193182 Hz quality 0
CPU: Pentium III/Pentium III Xeon/Celeron (451.03-MHz 686-class CPU)
Origin = "GenuineIntel" Id = 0x672 Stepping = 2
Features=0x383f9ff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE>
real memory = 268369920 (255 MB)
avail memory = 253136896 (241 MB)
kbd1 at kbdmux0
acpi0: <HP HPCCD HW> on motherboard
acpi0: Power Button (fixed)
Timecounter "ACPI-safe" frequency 3579545 Hz quality 1000
acpi_timer0: <24-bit timer at 3.579545MHz> port 0x4008-0x400b on acpi0
cpu0: <ACPI CPU> on acpi0
acpi_throttle0: <ACPI CPU Throttling> on cpu0
acpi_button0: <Power Button> on acpi0
pcib0: <ACPI Host-PCI bridge> port 0xcf8-0xcff,0x4000-0x4041,0x5000-0x500f on acpi0
pci0: <ACPI PCI bus> on pcib0
agp0: <Intel 82443BX (440 BX) host to PCI bridge> mem 0xe0000000-0xe3ffffff at device 0.0 on pci0
pcib1: <PCI-PCI bridge> at device 1.0 on pci0
pci1: <PCI bus> on pcib1
pci1: <display, VGA> at device 0.0 (no driver attached)
csa0: <CS4280/CS4614/CS4622/CS4624/CS4630> mem 0xec101000-0xec101fff,0xec000000-0xec0fffff irq 12 at device 4.0 on pci0
csa: card is Unknown/invalid SSID (CS4614)
csa0: [GIANT-LOCKED]
pcm0: <CS461x PCM Audio> on csa0
pcm0: <Cirrus Logic CS4297 AC97 Codec>
pcm0: [GIANT-LOCKED]
isab0: <PCI-ISA bridge> at device 7.0 on pci0
isa0: <ISA bus> on isab0
atapci0: <Intel PIIX4 UDMA33 controller> port 0x1f0-0x1f7,0x3f6,0x170-0x177,0x376,0xf000-0xf00f at device 7.1 on pci0
ata0: <ATA channel 0> on atapci0
ata1: <ATA channel 1> on atapci0
uhci0: <Intel 82371AB/EB (PIIX4) USB controller> port 0xe000-0xe01f irq 3 at device 7.2 on pci0
uhci0: [GIANT-LOCKED]
usb0: <Intel 82371AB/EB (PIIX4) USB controller> on uhci0
usb0: USB revision 1.0
uhub0: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub0: 2 ports with 2 removable, self powered
pci0: <bridge> at device 7.3 (no driver attached)
xl0: <3Com 3c905B-TX Fast Etherlink XL> port 0xe400-0xe47f mem 0xec100100-0xec10017f irq 10 at device 15.0 on pci0
miibus0: <MII bus> on xl0
xlphy0: <3Com internal media interface> on miibus0
xlphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
xl0: Ethernet address: 00:50:04:3d:4e:5b
pci0: <display, VGA> at device 18.0 (no driver attached)
sio0: <16550A-compatible COM port> port 0x3f8-0x3ff irq 4 flags 0x10 on acpi0
sio0: type 16550A
ppc0: <Standard parallel printer port> port 0x378-0x37f irq 7 on acpi0
ppc0: Generic chipset (EPP/NIBBLE) in COMPATIBLE mode
ppbus0: <Parallel port bus> on ppc0
plip0: <PLIP network interface> on ppbus0
lpt0: <Printer> on ppbus0
lpt0: Interrupt-driven port
ppi0: <Parallel I/O> on ppbus0
atkbdc0: <Keyboard controller (i8042)> port 0x60,0x64 irq 1 on acpi0
atkbd0: <AT Keyboard> irq 1 on atkbdc0
kbd0 at atkbd0
atkbd0: [GIANT-LOCKED]
pmtimer0 on isa0
orm0: <ISA Option ROM> at iomem 0xc0000-0xc7fff on isa0
sc0: <System console> at flags 0x100 on isa0
sc0: VGA <16 virtual consoles, flags=0x300>
vga0: <Generic ISA VGA> at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0
fdc0: No FDOUT register!
sio1: configured irq 3 not in bitmap of probed irqs 0
sio1: port may not be enabled
ums0: Microsoft Microsoft 5-Button Mouse with IntelliEye(TM), rev 1.10/3.00, addr 2, iclass 3/1
ums0: 5 buttons and Z dir.
Timecounter "TSC" frequency 451025256 Hz quality 800
Timecounters tick every 1.000 msec
ad0: 32253MB <Seagate ST3120022A 8.54> at ata0-master UDMA33
acd0: CDROM <CD-532E-B/2.0A> at ata1-master PIO4
acd1: CDRW <AOPEN CD-RW CRW2440/2.08> at ata1-slave PIO4
Trying to mount root from ufs:/dev/ad0s1a
>How-To-Repeat:
Just running rtorrent, having it download a large file will do the trick eventually, usually within an hour. Having opened torrents that are inactive doesn't seem to cause any trouble, but downloading at full speed (110 kb/sec in my case) will make it panic eventually.
>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list