Subject: kern/4025: kernel panic: extent_free: region not found
To: None <gnats-bugs@gnats.netbsd.org>
From: John Kohl <jtk@kolvir.arlington-heights.ma.us>
List: netbsd-bugs
Date: 08/22/1997 22:07:09
>Number: 4025
>Category: kern
>Synopsis: kernel panic: extent_free: region not found
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: kern-bug-people (Kernel Bug People)
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Fri Aug 22 19:20:03 1997
>Last-Modified:
>Originator: John Kohl
>Organization:
NetBSD Kernel Hackers `R` Us
>Release: NetBSD-current, 1997/08/18
>Environment:
System: NetBSD pattern.arlington-heights.ma.us 1.2G NetBSD 1.2G (PATTERN) #34: Fri Jul 25 07:28:09 EDT 1997 jtk@pattern.arlington-heights.ma.us:/u4/sandbox/src/sys/arch/i386/compile/PATTERN i386
cpu0: family 5 model 2 step 5
cpu0: Intel Pentium (P54C) (586-class)
real mem = 33153024
avail mem = 29057024
using 430 buffers containing 1761280 bytes of memory
mainbus0 (root)
pci0 at mainbus0 bus 0: configuration mode 1
pchb0 at pci0 dev 0 function 0
pchb0: Intel 82437FX (Triton) PCI, Cache, and DRAM Controller (rev. 0x01)
Intel 82471FB (Triton) PCI-ISA Bridge (ISA bridge, revision 0x02) at pci0 dev 7 function 0 not configured
>Description:
kernel panics under moderate load
>How-To-Repeat:
run recent kernel sources
kernel msgbuf ends with this extent debug:
extent `swap0x0000' (0x8 - 0x18000), flags = 0x1
0xa8 - 0x9a7
0x8 - 0x27
0x8 - 0x27
0x8 - 0x27
0x8 - 0x27
0x8 - 0x27
0x8 - 0x47
0x8 - 0x27
0x8 - 0x27
0x8 - 0x27
0x8 - 0x27
0x8 - 0x27
0x8 - 0x27
0x8 - 0x27
0x8 - 0x27
0x8 - 0x27
0x8 - 0x27
extent_free: start 0x8, end 0x27
panic: extent_free: region not found
% gdb -k /u4/sandbox/src/sys/arch/i386/compile/PATTERN/netbsd.gdb netbsd.11.core
GDB is free software and you are welcome to distribute copies of it
under certain conditions; type "show copying" to see the conditions.
There is absolutely no warranty for GDB; type "show warranty" for details.
GDB 4.11 (i386-netbsd), Copyright 1993 Free Software Foundation, Inc...
panic: extent_free: region not found
#0 0xf81aee24 in cpu_reboot (howto=256, bootstr=0x0)
at ../../../../arch/i386/i386/machdep.c:1045
1045 {
(kgdb) where
#0 0xf81aee24 in cpu_reboot (howto=256, bootstr=0x0)
at ../../../../arch/i386/i386/machdep.c:1045
#1 0xf81211a2 in panic (fmt=0xf8120a4e "extent_free: region not found")
at ../../../../kern/subr_prf.c:150
#2 0xf8120bc0 in extent_free (ex=0xf881c000, start=8, size=4169274080,
flags=16) at ../../../../kern/subr_extent.c:838
#3 0xf81a9ad5 in swap_free (size=32, addr=9) at ../../../../vm/vm_swap.c:750
#4 0xf81a15f2 in swap_pager_remove (pager=0x2, from=4169691312, to=4294967291)
at ../../../../vm/swap_pager.c:1132
#5 0xf81a8b13 in vm_pager_remove (pager=0x0, from=40960, to=45056)
at ../../../../vm/vm_pager.c:185
#6 0xf81a6f1c in vm_object_remove_from_pager (object=0xf8898300, from=40960,
to=45056) at ../../../../vm/vm_object.c:1102
#7 0xf81a70b9 in vm_object_overlay (object=0xf8817880)
at ../../../../vm/vm_object.c:1272
#8 0xf81a7457 in vm_object_collapse (object=0xf8817880)
at ../../../../vm/vm_object.c:1604
#9 0xf81a1d99 in vm_fault (map=0xf88a4d00, vaddr=1074733056, fault_type=3,
change_wiring=0) at ../../../../vm/vm_fault.c:525
#10 0xf81b2e0c in trap (frame={tf_es = 31, tf_ds = 31, tf_edi = 3024,
tf_esi = 3600, tf_ebp = -138424716, tf_ebx = 1074663520, tf_edx = 3024,
tf_ecx = 18, tf_eax = 1074736032, tf_trapno = 6, tf_err = 7,
tf_eip = 1074492930, tf_cs = 23, tf_eflags = 66183, tf_esp = -138424836,
---Type <return> to continue, or q <return> to quit---
tf_ss = 31, tf_vm86_es = 0, tf_vm86_ds = 0, tf_vm86_fs = 0,
tf_vm86_gs = 0}) at ../../../../arch/i386/i386/trap.c:417
(kgdb)
Inside swap_pager.c:swap_pager_remove(), we have:
(kgdb) print *swb
$8 = {swb_mask = 0, swb_block = 9}
(kgdb) print/x mask
$9 = 0xfffffffb
the map which vm_fault() was manipulating is:
$18 = {pmap = 0xf8a48540, lock = {lk_interlock = {lock_data = 0},
lk_flags = 0, lk_sharecount = 1, lk_waitcount = 0, lk_exclusivecount = 0,
lk_prio = 4, lk_wmesg = 0xf81a3761 "thrd_sleep", lk_timo = 0,
lk_lockholder = -1}, header = {prev = 0xf889f580, next = 0xf8950c80,
start = 0, end = 4160614400, object = {vm_object = 0x0, share_map = 0x0,
sub_map = 0x0}, offset = 0, is_a_map = 0, is_sub_map = 0,
copy_on_write = 0, needs_copy = 0, protection = 0, max_protection = 0,
inheritance = 0, wired_count = 0}, nentries = 23, size = 50929664,
is_main_map = 1, ref_count = 1, ref_lock = {lock_data = 0},
hint = 0xf894c1c0, hint_lock = {lock_data = 0}, first_free = 0xf88a4d24,
entries_pageable = 1, timestamp = 24}
I can provide copies of this kernel and core file and gdb that can read
it, if you like.
% ps alxw -M netbsd.11.core -N netbsd.11
UID PID PPID CPU PRI NI VSZ RSS WCHAN STAT TT TIME COMMAND
0 0 28896 0 -18 0 0 0 - RLs ?? 0:00.02 (swapper)
0 1 28896 0 10 0 236 0 wait Ss ?? 0:00.25 /sbin/init
0 2 28896 0 -18 0 0 0 thrd_s DL ?? 0:00.21 (pagedaemon)
0 878 28896 0 10 0 10624 0 mfsidl Ss ?? 0:00.26 mfs -s 20480 /dev/sd0b /tmp (mount_mfs)
0 959 28896 0 2 0 76 0 - Rs ?? 0:00.16 syslogd
0 963 28896 0 2 0 260 0 select IWs ?? 0:00.22 named
0 966 28896 0 2 0 48 0 select IWs ?? 0:00.02 portmap
0 976 28896 0 2 0 104 0 select IWs ?? 0:00.02 mountd
0 979 28896 0 2 0 28 0 netcon IWs ?? 0:00.02 nfsd: master (nfsd)
0 981 28896 0 2 0 16 0 nfsd IW ?? 0:00.01 nfsd: server (nfsd)
0 982 28896 0 2 0 16 0 nfsd IW ?? 0:00.01 nfsd: server (nfsd)
0 983 28896 0 2 0 16 0 nfsd IW ?? 0:00.01 nfsd: server (nfsd)
0 984 28896 0 2 0 16 0 nfsd IW ?? 0:00.02 nfsd: server (nfsd)
0 989 28896 0 10 0 16 0 nfsidl IW ?? 0:00.00 nfsiod -n 4
0 990 28896 0 10 0 16 0 nfsidl IW ?? 0:00.01 nfsiod -n 4
0 991 28896 0 10 0 16 0 nfsidl IW ?? 0:00.01 nfsiod -n 4
0 992 28896 0 10 0 16 0 nfsidl IW ?? 0:00.01 nfsiod -n 4
0 1026 28896 2 18 0 12 0 pause Ss ?? 0:00.40 update 30
0 1028 28896 0 18 0 264 0 pause IWs ?? 0:00.04 cron
0 1041 28896 36 18 -12 300 0 pause S<s ?? 0:00.08 xntpd -p /var/run/xntpd.pid
0 1047 28896 2 2 0 104 0 select IWs ?? 0:00.12 lpd
0 1072 28896 0 2 0 480 0 netcon IWs ?? 0:00.02 sendmail: accepting connections on port 25 (sendmail)
0 1081 28896 0 2 0 92 0 select IWs ?? 0:00.09 inetd
66 1084 28896 45 39 0 480 0 - Rs ?? 0:00.14 /usr/local/sbin/faxq
0 1087 28896 76 2 0 280 0 netcon IWs ?? 0:02.07 /usr/local/sbin/sshd
0 1130 28896 0 18 0 380 0 pause IWs ?? 0:00.01 /usr/vice/etc/afsd -nosettime
0 1162 28896 0 2 0 136 0 netio IW ?? 0:00.02 /etc/athena/zhm
0 1171 28896 6 2 0 172 0 select IW ?? 0:00.19 /usr/X11R6/bin/xdm -nodaemon ttyv7
66 1173 28896 0 2 0 580 0 select S ?? 0:00.16 /usr/local/libexec/faxgetty -d tty02
0 1178 28896 3 2 0 3092 0 - Rs ?? 0:04.21 /usr/X11R6/bin/X -terminate vt8 -auth /usr/X11R6/lib/X11/xdm/auth
0 1183 28896 0 10 0 232 0 wait IWs ?? 0:00.16 -:0 (xdm)
0 2149 28896 4 2 0 372 0 select IWs ?? 0:00.53 xterm -e /u1/users/jtk/lib/scripts/xinitrc
5509 2156 28896 0 2 0 144 0 select S ?? 0:00.01 ssh-agent xterm -iconic -xrm *Foreground:cyan -xrm *Background:bl
5509 2211 28896 0 18 0 28 0 pause IWs ?? 0:00.05 /usr/local/libexec/emacs/19.30/i386-unknown-netbsd1.1/wakeup 60
0 2273 28896 0 2 0 392 0 select Ss ?? 0:00.00 /sbin/dhclient de0
5509 2158 28896 23 3 0 560 0 ttyin IWs+ p1 0:00.59 -usr/local/bin/tcsh
5509 2177 28896 0 18 0 348 0 pause IW p1 0:00.01 /bin/csh -f /u1/users/jtk/lib/scripts/xinitrc
5509 2179 28896 0 2 0 364 0 select S p1 0:00.35 vtwm
5509 2182 28896 0 2 0 144 0 - RW p1 0:00.21 xconsole
5509 2183 28896 0 2 0 2616 0 select S p1 0:02.31 emacs
0 2184 28896 0 2 0 1616 0 select S p1 0:00.94 xterm
5509 2186 28896 0 2 0 144 0 select S p1 0:00.21 xbiff
5509 2191 28896 0 18 0 572 0 pause IWs p2 0:00.40 -csh (tcsh)
0 2214 28896 0 3 0 592 0 ttyin S+ p2 0:00.50 -tcsh (tcsh)
5509 2209 28896 3 2 0 36 0 select IWs+ p3 0:00.06 /usr/local/libexec/emacs/19.30/i386-unknown-netbsd1.1/gnuserv
0 1172 28896 0 3 0 52 0 ttyin IWs+ 00 0:00.04 /usr/libexec/getty std.9600 tty00
0 1111 28896 0 -2 0 292 0 afs DW v0- 0:00.02 /usr/vice/etc/afsd -nosettime
0 1112 28896 0 -3 0 292 0 8e9da4 D v0- 0:00.01 /usr/vice/etc/afsd -nosettime
0 1113 28896 0 -2 0 292 0 afs DW v0- 0:00.01 /usr/vice/etc/afsd -nosettime
0 1114 28896 0 -2 0 292 0 afs DW v0- 0:00.01 /usr/vice/etc/afsd -nosettime
0 1115 28896 0 -2 0 292 0 afs DW v0- 0:00.01 /usr/vice/etc/afsd -nosettime
0 1116 28896 0 -2 0 292 0 afs DW v0- 0:00.01 /usr/vice/etc/afsd -nosettime
0 1164 28896 1 3 0 48 0 ttyin IWs+ v0 0:00.04 /usr/libexec/getty console ttyv0
0 1165 28896 0 3 0 48 0 ttyin IWs+ v1 0:00.04 /usr/libexec/getty console ttyv1
0 1166 28896 1 3 0 48 0 ttyin IWs+ v2 0:00.04 /usr/libexec/getty console ttyv2
0 1167 28896 0 3 0 48 0 ttyin IWs+ v3 0:00.04 /usr/libexec/getty console ttyv3
0 1168 28896 0 3 0 48 0 ttyin IWs+ v4 0:00.04 /usr/libexec/getty console ttyv4
0 1169 28896 0 3 0 48 0 ttyin IWs+ v5 0:00.04 /usr/libexec/getty console ttyv5
0 1170 28896 0 3 0 48 0 ttyin IWs+ v6 0:00.04 /usr/libexec/getty console ttyv6
>Fix:
>Audit-Trail:
>Unformatted: