From owner-freebsd-bugs  Tue Nov  5 12:20:13 2002
Delivered-To: freebsd-bugs@hub.freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 6054837B401
	for <freebsd-bugs@hub.freebsd.org>; Tue,  5 Nov 2002 12:20:08 -0800 (PST)
Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 6F12543E42
	for <freebsd-bugs@hub.freebsd.org>; Tue,  5 Nov 2002 12:20:07 -0800 (PST)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1])
	by freefall.freebsd.org (8.12.6/8.12.6) with ESMTP id gA5KK7x3058877
	for <freebsd-bugs@freefall.freebsd.org>; Tue, 5 Nov 2002 12:20:07 -0800 (PST)
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.12.6/8.12.6/Submit) id gA5KK7GU058876;
	Tue, 5 Nov 2002 12:20:07 -0800 (PST)
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id B41D637B401
	for <freebsd-gnats-submit@FreeBSD.org>; Tue,  5 Nov 2002 12:11:51 -0800 (PST)
Received: from www.freebsd.org (www.freebsd.org [216.136.204.117])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 117EB43E77
	for <freebsd-gnats-submit@FreeBSD.org>; Tue,  5 Nov 2002 12:11:51 -0800 (PST)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.12.6/8.12.6) with ESMTP id gA5KBj7R043024
	for <freebsd-gnats-submit@FreeBSD.org>; Tue, 5 Nov 2002 12:11:45 -0800 (PST)
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.12.6/8.12.6/Submit) id gA5KBjfE043023;
	Tue, 5 Nov 2002 12:11:45 -0800 (PST)
Message-Id: <200211052011.gA5KBjfE043023@www.freebsd.org>
Date: Tue, 5 Nov 2002 12:11:45 -0800 (PST)
From: Heiko Weber <heiko@wecos.de>
To: freebsd-gnats-submit@FreeBSD.org
X-Send-Pr-Version: www-1.0
Subject: kern/44950: SMP kernel crash in vm_page_free: freeing wired page
Sender: owner-freebsd-bugs@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-bugs.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-bugs>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-bugs>
X-Loop: FreeBSD.org


>Number:         44950
>Category:       kern
>Synopsis:       SMP kernel crash in vm_page_free: freeing wired page
>Confidential:   no
>Severity:       critical
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Nov 05 12:20:01 PST 2002
>Closed-Date:
>Last-Modified:
>Originator:     Heiko Weber
>Release:        4.7-STABLE
>Organization:
Wecos
>Environment:
uname -a
FreeBSD www.terminmarktwelt.de 4.7-STABLE FreeBSD 4.7-STABLE #3: Mon Oct 21 22:27:42 CEST 2002     heiko@www.terminmarktwelt.de:/usr/src/sys/compile/DONALD  i386

>Description:
My SMP machine runs stable rock stable with 4.5-STABLE. After 4.6 was released, I used cvsup to update the machine. Since then the machine reboots every week or so. With 4.7-STABLE it was just the same. So I pushed myself, compiled my kernel with DEBUG=-g and setup dumpon. And here is the result after the first crash:

gdb -k kernel /var/crash/vmcore.0
GNU gdb 4.18 (FreeBSD)
Copyright 1998 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-unknown-freebsd"...
(no debugging symbols found)...
SMP 2 cpus
IdlePTD at phsyical address 0x002fd000
initial pcb at physical address 0x00275d60
panicstr: vm_page_free: freeing wired page

panic messages:
---
panic: vm_page_free: freeing wired page

mp_lock = 01000001; cpuid = 1; lapic.id = 01000000
boot() called on cpu#1

syncing disks... 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
giving up on 41 buffers
Uptime: 14d16h33m35s

dumping to dev #da/0x20001, offset 2621568
dump 767 766 765 764 763 762 ... [lots of digits removed ...]
---
#0  0xc016209a in dumpsys ()
(kgdb) where
#0  0xc016209a in dumpsys ()
#1  0xc0161e6b in boot ()
#2  0xc01622c4 in poweroff_wait ()
#3  0xc01e1036 in vm_page_free_toq ()
#4  0xc01dfe14 in vm_object_collapse ()
#5  0xc01df044 in vm_object_deallocate ()
#6  0xc01dc4e0 in vm_map_entry_delete ()
#7  0xc01dc699 in vm_map_delete ()
#8  0xc01dc726 in vm_map_remove ()
#9  0xc015a220 in exit1 ()
#10 0xc0159ff0 in exit1 ()
#11 0xc0211349 in syscall2 ()
#12 0xc01fb88b in Xint0x80_syscall ()
Cannot access memory at address 0xbfbffd08.
(kgdb)

I just wonder why I don't get the symbol in kdb, if I do 'file kernel' I get:

kernel: ELF 32-bit LSB executable, Intel 80386, version 1 (FreeBSD), dynamically linked (uses shared libs), not stripped

And here is some stuff from /var/log/messages:

Nov  5 14:16:38 www /kernel: Copyright (c) 1992-2002 The FreeBSD Project.
Nov  5 14:16:38 www /kernel: Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
Nov  5 14:16:38 www /kernel: The Regents of the University of California. All rights reserved.
Nov  5 14:16:38 www /kernel: FreeBSD 4.7-STABLE #3: Mon Oct 21 22:27:42 CEST 2002
Nov  5 14:16:38 www /kernel: heiko@www.terminmarktwelt.de:/usr/src/sys/compile/DONALD
Nov  5 14:16:38 www /kernel: Timecounter "i8254"  frequency 1193182 Hz
Nov  5 14:16:38 www /kernel: CPU: Pentium III/Pentium III Xeon/Celeron (1003.66-MHz 686-class CPU)
Nov  5 14:16:38 www /kernel: Origin = "GenuineIntel"  Id = 0x68a  Stepping = 10
Nov  5 14:16:38 www /kernel: Features=0x383fbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE>
Nov  5 14:16:38 www /kernel: real memory  = 805240832 (786368K bytes)
Nov  5 14:16:38 www /kernel: avail memory = 780779520 (762480K bytes)
Nov  5 14:16:38 www /kernel: Programming 24 pins in IOAPIC #0
Nov  5 14:16:38 www /kernel: IOAPIC #0 intpin 2 -> irq 0
Nov  5 14:16:38 www /kernel: FreeBSD/SMP: Multiprocessor motherboard
Nov  5 14:16:38 www /kernel: cpu0 (BSP): apic id:  0, version: 0x00040011, at 0xfee00000
Nov  5 14:16:38 www /kernel: cpu1 (AP):  apic id:  1, version: 0x00040011, at 0xfee00000
Nov  5 14:16:38 www /kernel: io0 (APIC): apic id:  2, version: 0x00170011, at 0xfec00000
Nov  5 14:16:38 www /kernel: Preloaded elf kernel "kernel" at 0xc02de000.
Nov  5 14:16:38 www /kernel: Pentium Pro MTRR support enabled
Nov  5 14:16:38 www /kernel: md0: Malloc disk
Nov  5 14:16:38 www /kernel: Using $PIR table, 9 entries at 0xc00fa1c0
Nov  5 14:16:38 www /kernel: npx0: <math processor> on motherboard
Nov  5 14:16:38 www /kernel: npx0: INT 16 interface
Nov  5 14:16:38 www /kernel: pcib0: <Host to PCI bridge> on motherboard
Nov  5 14:16:38 www /kernel: IOAPIC #0 intpin 18 -> irq 2
Nov  5 14:16:38 www /kernel: IOAPIC #0 intpin 19 -> irq 16
Nov  5 14:16:38 www /kernel: pci0: <PCI bus> on pcib0
Nov  5 14:16:38 www /kernel: pcib2: <VIA 82C598MVP (Apollo MVP3) PCI-PCI (AGP) bridge> at device 1.0 on pci0
Nov  5 14:16:38 www /kernel: pci1: <PCI bus> on pcib2
Nov  5 14:16:38 www /kernel: pci1: <ATI model 5446 graphics accelerator> at 0.0 irq 17
Nov  5 14:16:38 www /kernel: isab0: <VIA 82C686 PCI-ISA bridge> at device 7.0 on pci0
Nov  5 14:16:38 www /kernel: isa0: <ISA bus> on isab0
Nov  5 14:16:38 www /kernel: pci0: <VIA Apollo ATA controller> at 7.1
Nov  5 14:16:38 www /kernel: pci0: <unknown card> (vendor=0x1106, dev=0x3057) at 7.4
Nov  5 14:16:38 www /kernel: fxp0: <Intel Pro 10/100B/100+ Ethernet> port 0x8c00-0x8c3f mem 0x88300000-0x883fffff,0x88200000-0x88200fff irq 2 at device 13.0 on pci0
Nov  5 14:16:38 www /kernel: fxp0: Ethernet address 00:00:e2:40:07:39
Nov  5 14:16:38 www /kernel: inphy0: <i82555 10/100 media interface> on miibus0
Nov  5 14:16:38 www /kernel: inphy0:  10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
Nov  5 14:16:38 www /kernel: ahc0: <Adaptec aic7899 Ultra160 SCSI adapter> port 0x8400-0x84ff mem 0x80201000-0x80201fff irq 16 at device 15.0 on pci0
Nov  5 14:16:38 www /kernel: aic7899: Ultra160 Wide Channel A, SCSI Id=7, 32/253 SCBs
Nov  5 14:16:38 www /kernel: ahc1: <Adaptec aic7899 Ultra160 SCSI adapter> port 0x8800-0x88ff mem 0x80202000-0x80202fff irq 16 at device 15.1 on pci0
Nov  5 14:16:38 www /kernel: aic7899: Ultra160 Wide Channel B, SCSI Id=7, 32/253 SCBs
Nov  5 14:16:38 www /kernel: pcib1: <Host to PCI bridge> on motherboard
Nov  5 14:16:38 www /kernel: pci2: <PCI bus> on pcib1
Nov  5 14:16:38 www /kernel: orm0: <Option ROMs> at iomem 0xc0000-0xc7fff,0xe0000-0xe5fff on isa0
Nov  5 14:16:38 www /kernel: fdc0: <NEC 72065B or clone> at port 0x3f0-0x3f5,0x3f7 irq 6 drq 2 on isa0
Nov  5 14:16:38 www /kernel: fdc0: FIFO enabled, 8 bytes threshold
Nov  5 14:16:38 www /kernel: fd0: <1440-KB 3.5" drive> on fdc0 drive 0
Nov  5 14:16:38 www /kernel: atkbdc0: <Keyboard controller (i8042)> at port 0x60,0x64 on isa0
Nov  5 14:16:38 www /kernel: atkbd0: <AT Keyboard> flags 0x1 irq 1 on atkbdc0
Nov  5 14:16:38 www /kernel: kbd0 at atkbd0
Nov  5 14:16:38 www /kernel: vga0: <Generic ISA VGA> at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0
Nov  5 14:16:38 www /kernel: sc0: <System console> at flags 0x100 on isa0
Nov  5 14:16:38 www /kernel: sc0: VGA <16 virtual consoles, flags=0x300>
Nov  5 14:16:38 www /kernel: sio0 at port 0x3f8-0x3ff irq 4 flags 0x10 on isa0
Nov  5 14:16:38 www /kernel: sio0: type 16550A
Nov  5 14:16:38 www /kernel: sio1 at port 0x2f8-0x2ff irq 3 on isa0
Nov  5 14:16:38 www /kernel: sio1: type 16550A
Nov  5 14:16:38 www /kernel: ppc0: <Parallel port> at port 0x378-0x37f irq 7 on isa0
Nov  5 14:16:38 www /kernel: ppc0: Generic chipset (EPP/NIBBLE) in COMPATIBLE mode
Nov  5 14:16:38 www /kernel: lpt0: <Printer> on ppbus0
Nov  5 14:16:38 www /kernel: lpt0: Interrupt-driven port
Nov  5 14:16:38 www /kernel: RTC BIOS diagnostic error 20<config_unit>
Nov  5 14:16:38 www /kernel: APIC_IO: Testing 8254 interrupt delivery
Nov  5 14:16:38 www /kernel: APIC_IO: routing 8254 via IOAPIC #0 intpin 2
Nov  5 14:16:38 www /kernel: IP packet filtering initialized, divert disabled, rule-based forwarding enabled, default to deny, logging limited to 10 packets/entry by default
Nov  5 14:16:38 www /kernel: Waiting 15 seconds for SCSI devices to settle
Nov  5 14:16:38 www /kernel: SMP: AP CPU #1 Launched!
Nov  5 14:16:38 www /kernel: Mounting root from ufs:/dev/da0s1a
Nov  5 14:16:38 www /kernel: da0 at ahc0 bus 0 target 0 lun 0
Nov  5 14:16:38 www /kernel: da0: <IBM DDYS-T18350N S96H> Fixed Direct Access SCSI-3 device
Nov  5 14:16:38 www /kernel: da0: 160.000MB/s transfers (80.000MHz, offset 63, 16bit), Tagged Queueing Enabled
Nov  5 14:16:38 www /kernel: da0: 17501MB (35843670 512 byte sectors: 255H 63S/T 2231C)
Nov  5 14:16:39 www /kernel: da1 at ahc0 bus 0 target 1 lun 0
Nov  5 14:16:39 www /kernel: da1: <IBM DDYS-T18350N S96H> Fixed Direct Access SCSI-3 device
Nov  5 14:16:39 www /kernel: da1: 160.000MB/s transfers (80.000MHz, offset 63, 16bit), Tagged Queueing Enabled
Nov  5 14:16:39 www /kernel: da1: 17501MB (35843670 512 byte sectors: 255H 63S/T 2231C)
Nov  5 14:16:39 www /kernel: da2 at ahc0 bus 0 target 2 lun 0
Nov  5 14:16:39 www /kernel: da2: <IBM DDYS-T18350N S96H> Fixed Direct Access SCSI-3 device
Nov  5 14:16:39 www /kernel: da2: 160.000MB/s transfers (80.000MHz, offset 63, 16bit), Tagged Queueing Enabled
Nov  5 14:16:39 www /kernel: da2: 17501MB (35843670 512 byte sectors: 255H 63S/T 2231C)
Nov  5 14:16:39 www /kernel: WARNING: / was not properly dismounted
Nov  5 14:16:39 www savecore: reboot after panic: vm_page_free: freeing wired page
Nov  5 14:16:39 www savecore: /var/crash/bounds: No such file or directory
Nov  5 14:16:39 www savecore: writing core to /var/crash/vmcore.0
Nov  5 14:17:26 www savecore: writing kernel to /var/crash/kernel.0
Nov  5 14:17:26 www named[106]: starting (/etc/namedb/named.conf).  named 8.3.3-REL Sat Oct 19 17:09:44 CEST 2002       heiko@www.terminmarktwelt.de:/usr/obj/usr/src/usr.sbin/named
Nov  5 14:17:26 www named[107]: Ready to answer queries.
Nov  5 14:17:27 www ntpd[109]: ntpd 4.1.0-a Sat Oct 19 17:09:25 CEST 2002 (1)
Nov  5 14:17:27 www ntpd[109]: kernel time discipline status 2040
Nov  5 14:20:54 www ntpd[109]: time reset 10.127668 s
Nov  5 14:20:54 www ntpd[109]: kernel time discipline status change 2041
Nov  5 14:22:05 www named[107]: reloading nameserver
Nov  5 14:22:05 www named[107]: forwarder '127.0.0.1' ignored, my address
Nov  5 14:22:05 www named[107]: couldn't create pid file '/var/run/named.pid'
Nov  5 14:22:05 www named[107]: Ready to answer queries.

Ask me, if you need more infos.

>How-To-Repeat:

>Fix:
      
>Release-Note:
>Audit-Trail:
>Unformatted:

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message