From owner-freebsd-bugs@FreeBSD.ORG Wed Oct 31 13:00:08 2007 Return-Path: Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1AD1A16A480 for ; Wed, 31 Oct 2007 13:00:08 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id E7DEB13C4CC for ; Wed, 31 Oct 2007 13:00:07 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.1/8.14.1) with ESMTP id l9VD07gx033882 for ; Wed, 31 Oct 2007 13:00:07 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.1/8.14.1/Submit) id l9VD07aR033881; Wed, 31 Oct 2007 13:00:07 GMT (envelope-from gnats) Resent-Date: Wed, 31 Oct 2007 13:00:07 GMT Resent-Message-Id: <200710311300.l9VD07aR033881@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Jonathan Chen Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 54CF516A417 for ; Wed, 31 Oct 2007 12:51:57 +0000 (UTC) (envelope-from jonc@chen.org.nz) Received: from drone3.qsi.net.nz (drone3-svc-skyt.qsi.net.nz [202.89.128.3]) by mx1.freebsd.org (Postfix) with ESMTP id 53E6F13C4A3 for ; Wed, 31 Oct 2007 12:51:56 +0000 (UTC) (envelope-from jonc@chen.org.nz) Received: (qmail 12275 invoked by uid 0); 31 Oct 2007 11:04:42 -0000 Received: from unknown (HELO chen.org.nz) ([202.89.146.5]) (envelope-sender ) by 0 (qmail-ldap-1.03) with SMTP for ; 31 Oct 2007 11:04:41 -0000 Received: by chen.org.nz (Postfix, from userid 1000) id 747677E862; Thu, 1 Nov 2007 00:04:37 +1300 (NZDT) Message-Id: <20071031110437.747677E862@chen.org.nz> Date: Thu, 1 Nov 2007 00:04:37 +1300 (NZDT) From: Jonathan Chen To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Cc: Subject: kern/117717: Kernel panic with Bittorrent client. X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Jonathan Chen List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 31 Oct 2007 13:00:08 -0000 >Number: 117717 >Category: kern >Synopsis: Kernel panic with Bittorrent client. >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Wed Oct 31 13:00:07 UTC 2007 >Closed-Date: >Last-Modified: >Originator: Jonathan Chen >Release: FreeBSD 6.2-STABLE i386 >Organization: >Environment: System: FreeBSD osiris.chen.org.nz 6.2-STABLE FreeBSD 6.2-STABLE #0: Mon Oct 22 11:26:18 NZDT 2007 root@osiris.chen.org.nz:/usr/obj/usr/src/sys/OSIRIS i386 >Description: I've just recently updated Deluge (a GNOME Bitorrent client), and I'm experiencing kernel panics when I run this on -STABLE as at 22-Oct-2007. The panic is reproducible on another machine running an older version of -STABLE as well. The client has just recently undergone a rearchitecture to use more threading instead of spawning processes. My uninformed guess is that there is a race condition on setsockopt(2). I managed to get a kernel dump while running it under single-user mode. Contents of kgdb follows. Hope it is of help to someone. osiris-OSIRIS,9:44pm# kgdb kernel.debug /var/crash/vmcore.0 kgdb: kvm_nlist(_stopped_cpus): kgdb: kvm_nlist(_stoppcbs): [GDB will not be able to debug user-mode threads: /usr/lib/libthread_db.so: Undefined symbol "ps_pglobal_lookup"] GNU gdb 6.1.1 [FreeBSD] Copyright 2004 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "i386-marcel-freebsd". Unread portion of the kernel message buffer: <118>osiris-~,9:35pm> <118>s <118>t <118>a <118>r <118>t <118>x <118> <118>xauth: creating new authority file /home/jonc/.serverauth.2052 <118>xauth: creating new authority file /home/jonc/.Xauthority <118>xauth: creating new authority file /home/jonc/.Xauthority <118>xauth: (argv):1: <118>bad display name "osiris.chen.org.nz:0" in "list" command <118>xauth: (stdin):1: <118>bad display name "osiris.chen.org.nz:0" in "add" command <118> <118> <118> <118>X.Org X Server 1.4.0 <118> <118>Release Date: 5 September 2007 <118>X Protocol Version 11, Revision 0 <118>Build Operating System: FreeBSD 6.2-STABLE i386 <118>Current Operating System: FreeBSD osiris.chen.org.nz 6.2-STABLE FreeBSD 6.2-STABLE #0: Mon Oct 22 11:26:18 NZDT 2007 root@osiris.chen.org.nz:/usr/obj/usr/src/sys/OSIRIS i386 <118>Build Date: 02 October 2007 08:08:35PM <118> <118> Before reporting problems, check http://wiki.x.org <118> to make sure that you have the latest version. <118>Module Loader present <118>Markers: <118>(--) probed, <118>(**) from config file, <118>(==) default setting, <118> <118>(++) from command line, <118>(!!) notice, <118>(II) informational, <118> <118>(WW) warning, <118>(EE) error, <118>(NI) not implemented, <118>(??) unknown. <118>(==) Log file: "/var/log/Xorg.0.log", Time: Tue Oct 30 21:35:20 2007 <118>(==) Using config file: "/etc/X11/xorg.conf" <118>(II) Module "i2c" already built-in <118>(II) Module "ddc" already built-in <118>(II) Module "ramdac" already built-in Fatal trap 12: page fault while in kernel mode fault virtual address = 0x0 fault code = supervisor read, page not present instruction pointer = 0x20:0xc0599173 stack pointer = 0x28:0xeb5feb38 frame pointer = 0x28:0xeb5feb40 code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, def32 1, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 2096 (python2.5) trap number = 12 panic: page fault Uptime: 5m56s Dumping 1023 MB (2 chunks) chunk 0: 1MB (159 pages) ... ok chunk 1: 1023MB (261872 pages) 1007 991 975 959 943 927 911 895 879 863 847 831 815 799 783 767 751 735 719 703 687 671 655 639 623 607 591 575 559 543 527 511 495 479 463 447 431 415 399 383 367 351 335 319 303 287 271 255 239 223 207 191 175 159 143 127 111 95 79 63 47 31 15 #0 doadump () at pcpu.h:165 165 __asm __volatile("movl %%fs:0,%0" : "=r" (td)); (kgdb) list *0xc0599173 0xc0599173 is in if_findmulti (/usr/src/sys/net/if.c:1893). 1888 TAILQ_FOREACH(ifma, &ifp->if_multiaddrs, ifma_link) { 1889 if (sa->sa_family == AF_LINK) { 1890 if (sa_dl_equal(ifma->ifma_addr, sa)) 1891 break; 1892 } else { 1893 if (sa_equal(ifma->ifma_addr, sa)) 1894 break; 1895 } 1896 } 1897 (kgdb) bt #0 doadump () at pcpu.h:165 #1 0xc052a952 in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:409 #2 0xc052abe8 in panic (fmt=0xc06a4845 "%s") at /usr/src/sys/kern/kern_shutdown.c:565 #3 0xc0673ce0 in trap_fatal (frame=0xeb5feaf8, eva=0) at /usr/src/sys/i386/i386/trap.c:838 #4 0xc0673a47 in trap_pfault (frame=0xeb5feaf8, usermode=0, eva=0) at /usr/src/sys/i386/i386/trap.c:745 #5 0xc06736a5 in trap (frame= {tf_fs = 8, tf_es = 40, tf_ds = 40, tf_edi = -346035324, tf_esi = -346035324, tf_ebp = -346035392, tf_isp = -346035420, tf_ebx = -986119552, tf_edx = 176, tf_ecx = 43, tf_eax = 0, tf_trapno = 12, tf_err = 0, tf_eip = -1067871885, tf_cs = 32, tf_eflags = 66183, tf_esp = -346035324, tf_ss = -994220032}) at /usr/src/sys/i386/i386/trap.c:435 #6 0xc0661b4a in calltrap () at /usr/src/sys/i386/i386/exception.s:139 #7 0xc0599173 in if_findmulti (ifp=0x0, sa=0xeb5feb84) at /usr/src/sys/net/if.c:1893 #8 0xc0599313 in if_addmulti (ifp=0xc4bd6800, sa=0xeb5feb84, retifma=0xeb5feb80) at /usr/src/sys/net/if.c:2001 #9 0xc05af097 in in_addmulti (ap=0xeb5febb8, ifp=0xc4bd6800) at /usr/src/sys/netinet/in.c:982 #10 0xc05b8274 in ip_setmoptions (inp=0xc4ff67bc, sopt=0xb0) at /usr/src/sys/netinet/ip_output.c:1897 #11 0xc05b76a3 in ip_ctloutput_pcbinfo (so=0xc5242de8, sopt=0xeb5fec90, pcbinfo=0xc070f780) at /usr/src/sys/netinet/ip_output.c:1314 #12 0xc05b7950 in ip_ctloutput (so=0xc5242de8, sopt=0xeb5fec90) at /usr/src/sys/netinet/ip_output.c:1516 #13 0xc056583c in sosetopt (so=0xc5242de8, sopt=0xeb5fec90) at /usr/src/sys/kern/uipc_socket.c:1575 #14 0xc056abbd in kern_setsockopt (td=0xc55b5000, s=8, level=0, name=0, val=0x2b, valseg=UIO_USERSPACE, valsize=176) at /usr/src/sys/kern/uipc_syscalls.c:1351 #15 0xc056aade in setsockopt (td=0xc55b5000, uap=0x0) at /usr/src/sys/kern/uipc_syscalls.c:1307 #16 0xc0673ff7 in syscall (frame= {tf_fs = 59, tf_es = 59, tf_ds = 59, tf_edi = -1077948888, tf_esi = -1077947712, tf_ebp = -1077949208, tf_isp = -346034844, tf_ebx = 677728976, tf_edx = 0, tf_ecx = 1, tf_eax = 105, tf_trapno = 12, tf_err = 2, tf_eip = 673121211, tf_cs = 51, tf_eflags = 658, tf_esp = -1077949364, tf_ss = 59}) at /usr/src/sys/i386/i386/trap.c:984 #17 0xc0661b9f in Xint0x80_syscall () at /usr/src/sys/i386/i386/exception.s:200 #18 0x00000033 in ?? () Previous frame inner to this frame (corrupt stack?) (kgdb) ------------------------------------------------------------------------------- dmesg follows: Copyright (c) 1992-2007 The FreeBSD Project. Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 The Regents of the University of California. All rights reserved. FreeBSD is a registered trademark of The FreeBSD Foundation. FreeBSD 6.2-STABLE #0: Mon Oct 22 11:26:18 NZDT 2007 root@osiris.chen.org.nz:/usr/obj/usr/src/sys/OSIRIS ACPI APIC Table: Timecounter "i8254" frequency 1193182 Hz quality 0 CPU: AMD Athlon(tm) XP 2800+ (2079.56-MHz 686-class CPU) Origin = "AuthenticAMD" Id = 0x6a0 Stepping = 0 Features=0x383fbff AMD Features=0xc0400800 real memory = 1073676288 (1023 MB) avail memory = 1041678336 (993 MB) ioapic0 irqs 0-23 on motherboard kbd1 at kbdmux0 acpi0: on motherboard acpi0: Power Button (fixed) Timecounter "ACPI-fast" frequency 3579545 Hz quality 1000 acpi_timer0: <24-bit timer at 3.579545MHz> port 0x1008-0x100b on acpi0 cpu0: on acpi0 acpi_button0: on acpi0 pcib0: port 0xcf8-0xcff,0xcf0-0xcf3 on acpi0 pci0: on pcib0 Correcting nForce2 C1 CPU disconnect hangs agp0: mem 0xe0000000-0xe3ffffff at device 0.0 on pci0 pci0: at device 0.1 (no driver attached) pci0: at device 0.2 (no driver attached) pci0: at device 0.3 (no driver attached) pci0: at device 0.4 (no driver attached) pci0: at device 0.5 (no driver attached) isab0: at device 1.0 on pci0 isa0: on isab0 pci0: at device 1.1 (no driver attached) ohci0: mem 0xe9003000-0xe9003fff irq 20 at device 2.0 on pci0 ohci0: [GIANT-LOCKED] usb0: OHCI version 1.0, legacy support usb0: on ohci0 usb0: USB revision 1.0 uhub0: nVidia OHCI root hub, class 9/0, rev 1.00/1.00, addr 1 uhub0: 3 ports with 3 removable, self powered ohci1: mem 0xe9004000-0xe9004fff irq 21 at device 2.1 on pci0 ohci1: [GIANT-LOCKED] usb1: OHCI version 1.0, legacy support usb1: on ohci1 usb1: USB revision 1.0 uhub1: nVidia OHCI root hub, class 9/0, rev 1.00/1.00, addr 1 uhub1: 3 ports with 3 removable, self powered ehci0: mem 0xe9005000-0xe90050ff irq 22 at device 2.2 on pci0 ehci0: [GIANT-LOCKED] usb2: EHCI version 1.0 usb2: companion controllers, 4 ports each: usb0 usb1 usb2: on ehci0 usb2: USB revision 2.0 uhub2: nVidia EHCI root hub, class 9/0, rev 2.00/1.00, addr 1 uhub2: 6 ports with 6 removable, self powered pcm0: port 0xd400-0xd4ff,0xd800-0xd87f mem 0xe9001000-0xe9001fff irq 20 at device 6.0 on pci0 pcm0: pcib1: at device 8.0 on pci0 pci1: on pcib1 xl0: <3Com 3c905-TX Fast Etherlink XL> port 0xa000-0xa03f irq 16 at device 8.0 on pci1 miibus0: on xl0 nsphy0: on miibus0 nsphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto xl0: Ethernet address: 00:60:97:a4:7f:82 re0: port 0xa400-0xa4ff mem 0xe8006000-0xe80060ff irq 16 at device 11.0 on pci1 miibus1: on re0 rgephy0: on miibus1 rgephy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, 1000baseT, 1000baseT-FDX, auto re0: Ethernet address: 00:0d:61:77:af:09 re0: [FAST] atapci0: port 0xa810-0xa817,0xac00-0xac03,0xb010-0xb017,0xb400-0xb403,0xb800-0xb80f irq 17 at device 12.0 on pci1 ata2: on atapci0 ata3: on atapci0 atapci1: port 0xbc00-0xbc07,0xc000-0xc003,0xc400-0xc407,0xc800-0xc803,0xcc00-0xcc0f mem 0xe8004000-0xe80041ff irq 18 at device 13.0 on pci1 ata4: on atapci1 ata5: on atapci1 fwohci0: mem 0xe8005000-0xe80057ff,0xe8000000-0xe8003fff irq 16 at device 14.0 on pci1 fwohci0: OHCI version 1.10 (ROM=1) fwohci0: No. of Isochronous channels is 4. fwohci0: EUI64 00:0d:61:00:00:48:17:f4 fwohci0: Phy 1394a available S400, 3 ports. fwohci0: Link S400, max_rec 2048 bytes. firewire0: on fwohci0 sbp0: on firewire0 fwe0: on firewire0 if_fwe0: Fake Ethernet address: 02:0d:61:48:17:f4 fwe0: Ethernet address: 02:0d:61:48:17:f4 fwe0: if_start running deferred for Giant fwohci0: Initiate bus reset fwohci0: BUS reset fwohci0: node_id=0xc800ffc0, gen=1, CYCLEMASTER mode firewire0: 1 nodes, maxhop <= 0, cable IRM = 0 (me) firewire0: bus manager 0 (me) atapci2: port 0x1f0-0x1f7,0x3f6,0x170-0x177,0x376,0xf000-0xf00f at device 9.0 on pci0 ata0: on atapci2 ata1: on atapci2 pcib2: at device 30.0 on pci0 pci2: on pcib2 pci2: at device 0.0 (no driver attached) fdc0: port 0x3f0-0x3f5,0x3f7 irq 6 drq 2 on acpi0 fdc0: [FAST] sio0: <16550A-compatible COM port> port 0x3f8-0x3ff irq 4 flags 0x10 on acpi0 sio0: type 16550A sio1: <16550A-compatible COM port> port 0x2f8-0x2ff irq 3 on acpi0 sio1: type 16550A ppc0: port 0x378-0x37f,0x778-0x77b irq 7 drq 3 on acpi0 ppc0: Generic chipset (ECP/PS2/NIBBLE) in COMPATIBLE mode ppc0: FIFO with 16/16/16 bytes threshold ppbus0: on ppc0 ppbus0: IEEE1284 device found /NIBBLE/ECP Probing for PnP devices on ppbus0: ppbus0: PJL,MLC,PCLXL,PCL,POSTSCRIPT plip0: on ppbus0 lpt0: on ppbus0 lpt0: Interrupt-driven port ppi0: on ppbus0 atkbdc0: port 0x60,0x64 irq 1 on acpi0 atkbd0: irq 1 on atkbdc0 kbd0 at atkbd0 atkbd0: [GIANT-LOCKED] psm0: irq 12 on atkbdc0 psm0: [GIANT-LOCKED] psm0: model IntelliMouse, device ID 3 pmtimer0 on isa0 orm0: at iomem 0xc0000-0xcefff on isa0 sc0: at flags 0x100 on isa0 sc0: VGA <16 virtual consoles, flags=0x300> vga0: at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0 Timecounter "TSC" frequency 2079561755 Hz quality 800 Timecounters tick every 1.000 msec ad0: 78166MB at ata0-master UDMA133 ad1: 190782MB at ata0-slave UDMA133 acd0: DVDR at ata1-master UDMA33 acd0: FAILURE - INQUIRY ILLEGAL REQUEST asc=0x24 ascq=0x00 sks=0x40 0x00 0x01 cd0 at ata1 bus 0 target 0 lun 0 cd0: Removable CD-ROM SCSI-0 device cd0: 33.000MB/s transfers cd0: cd present [2295104 x 2048 byte records] Trying to mount root from ufs:/dev/ad0s1a WARNING: / was not properly dismounted ipfw2 (+ipv6) initialized, divert loadable, rule-based forwarding disabled, default to deny, logging disabled re0: link state changed to UP >How-To-Repeat: Install ports/net-p2p/deluge on a 6-STABLE UP machine with 512Mb RAM. Repeatedly start and stop until panic occurs. >Fix: >Release-Note: >Audit-Trail: >Unformatted: