kern/133289: DEBUG_MEMGUARD with vm.memguard.desc="devbuf" panics the kernel

Eugene M. Kim 20080111.freebsd.org at ab.ote.we.lv
Wed Apr 1 16:50:02 PDT 2009


>Number:         133289
>Category:       kern
>Synopsis:       DEBUG_MEMGUARD with vm.memguard.desc="devbuf" panics the kernel
>Confidential:   no
>Severity:       critical
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Apr 01 23:50:01 UTC 2009
>Closed-Date:
>Last-Modified:
>Originator:     Eugene M. Kim <20080111.freebsd.org at ab.ote.we.lv>
>Release:        FreeBSD 7.1-RELEASE i386
>Organization:
>Environment:
System: FreeBSD paperboy.dev.p2p.nttmcl.com 7.1-RELEASE FreeBSD 7.1-RELEASE #1 r190573: Wed Apr  1 15:00:45 PDT 2009 root at burrito.p2p.nttmcl.com:/usr/obj/usr/src7/sys/PAPERBOY

Hardware: Dell PowerEdge R300 with:

-- Intel Xeon E3110 - dual-core, 3.0GHz
-- 4GB memory (3326MB visible to the non-PAE kernel)
-- PCI-X riser card
-- Broadcom BCM95821SSN PCI-X cryptographic accelerator card

Kernel configuration:

--- BEGIN src/sys/i386/conf/PAPERBOY ---
include 	GENERIC

ident		PAPERBOY

makeoptions	DEBUG=-g

options 	KDB
options 	KDB_TRACE
options 	DDB
options 	GDB
options 	BREAK_TO_DEBUGGER
#options 	ALT_BREAK_TO_DEBUGGER
options 	INVARIANTS
options 	INVARIANT_SUPPORT
options 	DEBUG_MEMGUARD

options 	IPSEC

device		crypto
device		cryptodev
device		ubsec
options 	UBSEC_DEBUG

--- END src/sys/i386/conf/PAPERBOY ---

>Description:
A kernel with DEBUG_MEMGUARD and vm.memguard.desc="devbuf" set in
/boot/loader.conf panics upon a null pointer dereference in memguard_free().

Kernel dmesg buffer with the panic message:
--- BEGIN dmesg-buffer ---
Copyright (c) 1992-2009 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
	The Regents of the University of California. All rights reserved.
FreeBSD is a registered trademark of The FreeBSD Foundation.
FreeBSD 7.1-RELEASE #1 r190573: Wed Apr  1 15:00:45 PDT 2009
    root at burrito.p2p.nttmcl.com:/usr/obj/usr/src7/sys/PAPERBOY
MEMGUARD DEBUGGING ALLOCATOR INITIALIZED:
	MEMGUARD map base: 0xc671e000
	MEMGUARD map limit: 0xc871f000
	MEMGUARD map size: 33558528 (Bytes)
Timecounter "i8254" frequency 1193182 Hz quality 0
CPU: Intel(R) Xeon(R) CPU           E3110  @ 3.00GHz (3000.23-MHz 686-class CPU)
  Origin = "GenuineIntel"  Id = 0x10676  Stepping = 6
  Features=0xbfebfbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CLFLUSH,DTS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE>
  Features2=0x8e3fd<SSE3,DTES64,MON,DS_CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1>
  AMD Features=0x20100000<NX,LM>
  AMD Features2=0x1<LAHF>
  Cores per package: 2
real memory  = 3488292864 (3326 MB)
avail memory = 3408990208 (3251 MB)
ACPI APIC Table: <DELL   PE_SC3  >
FreeBSD/SMP: Multiprocessor System Detected: 2 CPUs
 cpu0 (BSP): APIC ID:  0
 cpu1 (AP): APIC ID:  1
ioapic0: Changing APIC ID to 2
ioapic1: Changing APIC ID to 3
ioapic0 <Version 2.0> irqs 0-23 on motherboard
ioapic1 <Version 2.0> irqs 32-55 on motherboard
kbd1 at kbdmux0
ath_hal: 0.9.20.3 (AR5210, AR5211, AR5212, RF5111, RF5112, RF2413, RF5413)
cryptosoft0: <software crypto> on motherboard
acpi0: <DELL PE_SC3> on motherboard
acpi0: [ITHREAD]
acpi0: Power Button (fixed)
Timecounter "ACPI-fast" frequency 3579545 Hz quality 1000
acpi_timer0: <24-bit timer at 3.579545MHz> port 0x808-0x80b on acpi0
acpi_hpet0: <High Precision Event Timer> iomem 0xfed00000-0xfed003ff on acpi0
Timecounter "HPET" frequency 14318180 Hz quality 900
pcib0: <ACPI Host-PCI bridge> port 0xcf8-0xcff on acpi0
pci0: <ACPI PCI bus> on pcib0
pcib1: <ACPI PCI-PCI bridge> irq 16 at device 1.0 on pci0
pci1: <ACPI PCI bus> on pcib1
mpt0: <LSILogic SAS/SATA Adapter> port 0xec00-0xecff mem 0xdfbec000-0xdfbeffff,0xdfbf0000-0xdfbfffff irq 16 at device 0.0 on pci1
mpt0: [ITHREAD]
mpt0: MPI Version=1.5.14.0
mpt0: Capabilities: ( RAID-0 RAID-1E RAID-1 )
mpt0: 1 Active Volume (2 Max)
mpt0: 2 Hidden Drive Members (14 Max)
pcib2: <ACPI PCI-PCI bridge> irq 16 at device 28.0 on pci0
pci2: <ACPI PCI bus> on pcib2
pcib3: <ACPI PCI-PCI bridge> at device 0.0 on pci2
pci3: <ACPI PCI bus> on pcib3
ubsec0 mem 0xdfcf0000-0xdfcfffff irq 35 at device 2.0 on pci3
ubsec0: [ITHREAD]
ubsec0: Broadcom 5821
pcib4: <ACPI PCI-PCI bridge> irq 16 at device 28.4 on pci0
pci4: <ACPI PCI bus> on pcib4
bge0: <Broadcom NetXtreme Gigabit Ethernet Controller, ASIC rev. 0x4201> mem 0xdfdf0000-0xdfdfffff irq 16 at device 0.0 on pci4
miibus0: <MII bus> on bge0
brgphy0: <BCM5750 10/100/1000baseTX PHY> PHY 1 on miibus0
brgphy0:  10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, 1000baseT, 1000baseT-FDX, auto
bge0: Ethernet address: 00:1e:c9:bb:a0:a1
bge0: [ITHREAD]
pcib5: <ACPI PCI-PCI bridge> irq 17 at device 28.5 on pci0
pci5: <ACPI PCI bus> on pcib5
bge1: <Broadcom NetXtreme Gigabit Ethernet Controller, ASIC rev. 0x4201> mem 0xdfef0000-0xdfefffff irq 17 at device 0.0 on pci5
miibus1: <MII bus> on bge1
brgphy1: <BCM5750 10/100/1000baseTX PHY> PHY 1 on miibus1
brgphy1:  10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, 1000baseT, 1000baseT-FDX, auto
bge1: Ethernet address: 00:1e:c9:bb:a0:a2
bge1: [ITHREAD]
uhci0: <UHCI (generic) USB controller> port 0xcc60-0xcc7f irq 21 at device 29.0 on pci0
uhci0: [GIANT-LOCKED]
uhci0: [ITHREAD]
usb0: <UHCI (generic) USB controller> on uhci0
usb0: USB revision 1.0
uhub0: <Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1> on usb0
uhub0: 2 ports with 2 removable, self powered
uhci1: <UHCI (generic) USB controller> port 0xcc80-0xcc9f irq 20 at device 29.1 on pci0
uhci1: [GIANT-LOCKED]
uhci1: [ITHREAD]
usb1: <UHCI (generic) USB controller> on uhci1
usb1: USB revision 1.0
uhub1: <Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1> on usb1
uhub1: 2 ports with 2 removable, self powered
uhci2: <UHCI (generic) USB controller> port 0xcca0-0xccbf irq 21 at device 29.2 on pci0
uhci2: [GIANT-LOCKED]
uhci2: [ITHREAD]
usb2: <UHCI (generic) USB controller> on uhci2
usb2: USB revision 1.0
uhub2: <Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1> on usb2
uhub2: 2 ports with 2 removable, self powered
ehci0: <EHCI (generic) USB 2.0 controller> mem 0xdf9ffc00-0xdf9fffff irq 21 at device 29.7 on pci0
ehci0: [GIANT-LOCKED]
ehci0: [ITHREAD]
usb3: EHCI version 1.0
usb3: companion controllers, 2 ports each: usb0 usb1 usb2
usb3: <EHCI (generic) USB 2.0 controller> on ehci0
usb3: USB revision 2.0
uhub3: <Intel EHCI root hub, class 9/0, rev 2.00/1.00, addr 1> on usb3
uhub3: 6 ports with 6 removable, self powered
uhub4: <vendor 0x04b4 product 0x6560, class 9/0, rev 2.00/0.0b, addr 2> on uhub3
uhub4: multiple transaction translators
uhub4: 4 ports with 4 removable, self powered
pcib6: <ACPI PCI-PCI bridge> at device 30.0 on pci0
pci6: <ACPI PCI bus> on pcib6
vgapci0: <VGA-compatible display> port 0xdc00-0xdcff mem 0xd0000000-0xd7ffffff,0xdfff0000-0xdfffffff irq 19 at device 5.0 on pci6
isab0: <PCI-ISA bridge> at device 31.0 on pci0
isa0: <ISA bus> on isab0
atapci0: <Intel ICH9 SATA300 controller> port 0xcc30-0xcc37,0xcc28-0xcc2b,0xcc38-0xcc3f,0xcc2c-0xcc2f,0xcc40-0xcc4f,0xcc50-0xcc5f irq 23 at device 31.2 on pci0
atapci0: [ITHREAD]
ata2: <ATA channel 0> on atapci0
ata2: [ITHREAD]
ata3: <ATA channel 1> on atapci0
ata3: [ITHREAD]
fdc0: <floppy drive controller> port 0x3f0-0x3f5,0x3f7 irq 6 drq 2 on acpi0
fdc0: does not respond
device_attach: fdc0 attach returned 6
sio0: <16550A-compatible COM port> port 0x3f8-0x3ff irq 4 flags 0x90 on acpi0
sio0: type 16550A
sio0: [FILTER]
sio1: configured irq 3 not in bitmap of probed irqs 0
sio1: port may not be enabled
atkbdc0: <Keyboard controller (i8042)> port 0x60,0x64 irq 1 on acpi0
atkbd0: <AT Keyboard> irq 1 on atkbdc0
kbd0 at atkbd0
atkbd0: [GIANT-LOCKED]
atkbd0: [ITHREAD]
psm0: <PS/2 Mouse> irq 12 on atkbdc0
psm0: [GIANT-LOCKED]
psm0: [ITHREAD]
psm0: model IntelliMouse, device ID 3
cpu0: <ACPI CPU> on acpi0
est0: <Enhanced SpeedStep Frequency Control> on cpu0
p4tcc0: <CPU Frequency Thermal Control> on cpu0
cpu1: <ACPI CPU> on acpi0
est1: <Enhanced SpeedStep Frequency Control> on cpu1
p4tcc1: <CPU Frequency Thermal Control> on cpu1
fdc0: <floppy drive controller> port 0x3f0-0x3f5,0x3f7 irq 6 drq 2 on acpi0
fdc0: does not respond
device_attach: fdc0 attach returned 6
sio1: configured irq 3 not in bitmap of probed irqs 0
sio1: port may not be enabled
pmtimer0 on isa0
orm0: <ISA Option ROMs> at iomem 0xc0000-0xc8fff,0xc9000-0xc9fff,0xca000-0xcb7ff,0xec000-0xeffff pnpid ORM0000 on isa0
ata0 at port 0x1f0-0x1f7,0x3f6 irq 14 on isa0
ata0: [ITHREAD]
ata1 at port 0x170-0x177,0x376 irq 15 on isa0
ata1: [ITHREAD]
ppc0: parallel port not found.
sc0: <System console> at flags 0x100 on isa0
sc0: VGA <16 virtual consoles, flags=0x300>
sio1: configured irq 3 not in bitmap of probed irqs 0
sio1: port may not be enabled
vga0: <Generic ISA VGA> at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0
Timecounters tick every 1.000 msec
IPsec: Initialized Security Association Processing.
mpt0:vol0(mpt0:0:0): Settings ( Member-WCE Hot-Plug-Spares High-Priority-ReSync )
mpt0:vol0(mpt0:0:0): Using Spare Pool: 0
mpt0:vol0(mpt0:0:0): 2 Members:
      (mpt0:1:8:0): Primary Online
      (mpt0:1:1:0): Secondary Online
mpt0:vol0(mpt0:0:0): RAID-1 - Optimal
mpt0:vol0(mpt0:0:0): Status ( Enabled )
(mpt0:vol0:1): Physical (mpt0:0:1:0), Pass-thru (mpt0:1:0:0)
(mpt0:vol0:1): Online
(mpt0:vol0:0): Physical (mpt0:0:8:0), Pass-thru (mpt0:1:1:0)
(mpt0:vol0:0): Online
acd0: DVDROM <TEAC DVD-ROM DV28SV/D.0E> at ata2-slave SATA150


Fatal trap 12: page fault while in kernel mode
cpuid = 0; apic id = 00
fault virtual address	= 0x8
fault code		= supervisor read, page not present
instruction pointer	= 0x20:0xc09e5c14
stack pointer	        = 0x28:0xe6dbfa54
frame pointer	        = 0x28:0xe6dbfa88
code segment		= base 0x0, limit 0xfffff, type 0x1b
			= DPL 0, pres 1, def32 1, gran 1
processor eflags	= interrupt enabled, resume, IOPL = 0
current process		= 20 (swi2: cambio)
--- END dmesg-buffer ---

The following stack trace was obtained via a remote kgdb session.

--- BEGIN stack trace ---
#0  memguard_free (addr=Variable "addr" is not available.
) at /usr/src7/sys/vm/memguard.c:286
#1  0xc078cf21 in free (addr=0xc894a000, mtp=0xc0c28f80)
    at /usr/src7/sys/kern/kern_malloc.c:431
#2  0xc0475731 in probedone (periph=0xc87f7700, done_ccb=0xc8ad4400)
    at /usr/src7/sys/cam/cam_xpt.c:6175
#3  0xc04714af in camisr_runqueue (V_queue=Variable "V_queue" is not available.
)
    at /usr/src7/sys/cam/cam_xpt.c:7316
#4  0xc04715ea in camisr (dummy=0x0) at /usr/src7/sys/cam/cam_xpt.c:7216
#5  0xc077dd45 in ithread_loop (arg=0xc8865c80)
    at /usr/src7/sys/kern/kern_intr.c:1088
#6  0xc077b0d8 in fork_exit (callout=0xc077db80 <ithread_loop>, 
    arg=0xc8865c80, frame=0xe6dbfd38) at /usr/src7/sys/kern/kern_fork.c:804
#7  0xc0ab1f40 in fork_trampoline () at /usr/src7/sys/i386/i386/exception.s:264
--- END stack trace ---

>How-To-Repeat:
Compile DEBUG_MEMGUARD into the kernel; set vm.memguard.desc="devbuf" in
/boot/loader.conf; reboot.

>Fix:
None known.
>Release-Note:
>Audit-Trail:
>Unformatted:


More information about the freebsd-bugs mailing list