From fortinde@dmr.ca Mon Jan 22 06:46:29 1996 Received: from poterne.mtl.dmr.ca (poterne.mtl.dmr.ca [198.168.83.201]) by freefall.freebsd.org (8.7.3/8.7.3) with SMTP id GAA17206 for ; Mon, 22 Jan 1996 06:46:24 -0800 (PST) Received: (from fortinde@localhost) by poterne.mtl.dmr.ca (8.6.11/8.6.6a) id JAA02908; Mon, 22 Jan 1996 09:46:13 -0500 Message-Id: <199601221446.JAA02908@poterne.mtl.dmr.ca> Date: Mon, 22 Jan 1996 09:46:13 -0500 From: Denis.Fortin@dmr.ca Reply-To: fortin@zap.qc.ca To: FreeBSD-gnats-submit@freebsd.org Subject: 2.0.5 daily crash: multiple frees in if_ppp.c X-Send-Pr-Version: 3.2 >Number: 965 >Category: kern >Synopsis: 2.0.5: system crashes daily because of "multiple frees" in if_ppp.c >Confidential: no >Severity: critical >Priority: high >Responsible: bde >State: closed >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Mon Jan 22 06:50:01 PST 1996 >Closed-Date: Sat Apr 11 03:41:08 PDT 1998 >Last-Modified: Sat Apr 11 03:41:32 PDT 1998 >Originator: Denis Fortin >Release: FreeBSD 2.0-BUILT-19950603 i386 >Organization: DMR Group Inc, +1 (514) 877-3301 >Environment: Internet gateway used daily by 250 people for PPP and SLIP connections connections (about 150 connections/day). System has 8 modems available on a BocaBoard BB-2016 multi-port board, and the connections traffic is regular (i.e. people keep coming and going constantly). System is a 80486 @ 33MHz with 64MB RAM and 2 GB disk space; here is the output from 'dmesg': --->>> CUT HERE <<<--- FreeBSD 2.0.5-RELEASE #0: Wed Jan 3 09:39:27 EST 1996 fortinde@poterne.mtl.dmr.ca:/usr/src/sys/compile/DMR CPU: i486DX (486-class CPU) real memory = 66715648 (16288 pages) avail memory = 63037440 (15390 pages) Probing for devices on the ISA bus: sc0 at 0x60-0x6f irq 1 on motherboard sc0: VGA color <16 virtual consoles, flags=0x0> ed0 at 0x280-0x29f irq 10 on isa ed0: address 00:00:1b:4a:89:27, type NE2000 (16 bit) ed1 at 0x300-0x30f irq 5 maddr 0xd8000 msize 8192 on isa ed1: address 02:60:8c:45:44:e7, type 3c503 (8 bit) sio0 at 0x3f8-0x3ff irq 4 on isa sio0: type 16550A sio1 at 0x2f8-0x2ff irq 3 on isa sio1: type 16550A sio2 at 0x100-0x107 flags 0x1105 on isa sio2: type 16550A (multiport) sio3 at 0x108-0x10f flags 0x1105 on isa sio3: type 16550A (multiport) sio4 at 0x110-0x117 flags 0x1105 on isa sio4: type 16550A (multiport) sio5 at 0x118-0x11f flags 0x1105 on isa sio5: type 16550A (multiport) sio6 at 0x120-0x127 flags 0x1105 on isa sio6: type 16550A (multiport) sio7 at 0x128-0x12f flags 0x1105 on isa sio7: type 16550A (multiport) sio8 at 0x130-0x137 flags 0x1105 on isa sio8: type 16550A (multiport) sio9 at 0x138-0x13f flags 0x1105 on isa sio9: type 16550A (multiport) sio10 at 0x140-0x147 flags 0x1105 on isa sio10: type 16550A (multiport) sio11 at 0x148-0x14f flags 0x1105 on isa sio11: type 16550A (multiport) sio12 at 0x150-0x157 flags 0x1105 on isa sio12: type 16550A (multiport) sio13 at 0x158-0x15f flags 0x1105 on isa sio13: type 16550A (multiport) sio14 at 0x160-0x167 flags 0x1105 on isa sio14: type 16550A (multiport) sio15 at 0x168-0x16f flags 0x1105 on isa sio15: type 16550A (multiport) sio16 at 0x170-0x177 flags 0x1105 on isa sio16: type 16550A (multiport) sio17 at 0x178-0x17f irq 12 flags 0x1105 on isa sio17: type 16550A (multiport master) lpt0 at 0x378-0x37f irq 7 on isa lpt0: Interrupt-driven port lp0: TCP/IP capable interface lpt1 at 0x278-0x27f on isa lpt2 not found at 0xffffffff fdc0 at 0x3f0-0x3f7 irq 6 drq 2 on isa fdc0: NEC 72065B fd0: 1.44MB 3.5in wdc0 not found at 0x1f0 ahb0: reading board settings, int=11 ahb0 at 0x1000-0x10ff irq 11 on eisa slot 1 ahb0 waiting for scsi devices to settle (ahb0:0:0): "MICROP 1598-15MD1066701 DD24" type 0 fixed SCSI 1 sd0(ahb0:0:0): Direct-Access 991MB (2031554 512 byte sectors) (ahb0:1:0): "MICROP 1598-15MD1066701 DD24" type 0 fixed SCSI 1 sd1(ahb0:1:0): Direct-Access 991MB (2031554 512 byte sectors) (ahb0:2:0): "TANDBERG TDC 3800 -03:" type 1 removable SCSI 1 st0(ahb0:2:0): Sequential-Access density code 0x0, drive empty scd0 not found at 0x230 npx0 on motherboard npx0: INT 16 interface changing root device to sd0a --->>> CUT HERE <<<--- >Description: System crashes a few times a week (2-5) and reboots. This is Most Annoying since the BB-2016 then seems to require a manual "shutdown -r" about 50% of the time or it isn't properly reset (i.e. the machine stops answering the phone). Finally got a crashdump and produced the following traceback info --->>> CUT HERE <<<--- GDB is free software and you are welcome to distribute copies of it under certain conditions; type "show copying" to see the conditions. There is absolutely no warranty for GDB; type "show warranty" for details. GDB 4.13 (i386-unknown-freebsd), Copyright 1994 Free Software Foundation, Inc... IdlePTD 1f0000 current pcb at 1c3f70 panic: free: multiple frees #0 boot (arghowto=256) at ../../i386/i386/machdep.c:870 870 dumppcb.pcb_ptd = rcr3(); (kgdb) bt #0 boot (arghowto=256) at ../../i386/i386/machdep.c:870 #1 0xf0112843 in panic (fmt=0xf010b9b2 "free: multiple frees") at ../../kern/subr_prf.c:128 #2 0xf010ba93 in free (addr=0xf1520180, type=1) at ../../kern/kern_malloc.c:337 #3 0xf013582e in pppstart (tp=0xf01c23e4) at ../../net/if_ppp.c:1028 #4 0xf01a84fc in siopoll () at ../../i386/isa/sio.c:1569 #5 0xf018e667 in doreti_swi () #6 0xf019688c in cpu_switch () (kgdb) up #1 0xf0112843 in panic (fmt=0xf010b9b2 "free: multiple frees") at ../../kern/subr_prf.c:128 128 boot(bootopt); (kgdb) up #2 0xf010ba93 in free (addr=0xf1520180, type=1) at ../../kern/kern_malloc.c:337 337 panic("free: multiple frees"); (kgdb) l 332 #endif /* DIAGNOSTIC */ 333 #ifdef KMEMSTATS 334 kup->ku_freecnt++; 335 if (kup->ku_freecnt >= kbp->kb_elmpercl) 336 if (kup->ku_freecnt > kbp->kb_elmpercl) 337 panic("free: multiple frees"); 338 else if (kbp->kb_totalfree > kbp->kb_highwat) 339 kbp->kb_couldfree++; 340 kbp->kb_totalfree++; 341 ksp->ks_memuse -= size; (kgdb) info locals kbp = (struct kmembuckets *) 0xf01dc65c kup = (struct kmemusage *) 0xf0f34794 freep = (struct freelist *) 0xf1520180 size = 0 s = -1073676288 ksp = (struct kmemstats *) 0xf01dd114 (kgdb) quit --->>> CUT HERE <<<--- >How-To-Repeat: Just letting the system run seems to produce the problem almost daily (but not quite). >Fix: No workaround known. Now that I know that the problem is in if_ppp.c, I might try looking around in there. >Release-Note: >Audit-Trail: From: Nate Williams To: fortin@zap.qc.ca Cc: FreeBSD-gnats-submit@FreeBSD.org Subject: Re: kern/965: 2.0.5 daily crash: multiple frees in if_ppp.c Date: Mon, 22 Jan 1996 10:34:29 -0700 > >Number: 965 > >Category: kern > >Synopsis: 2.0.5: system crashes daily because of "multiple frees" in if_ppp.c Can you upgrade this box to 2.1? I'm running a 2.1 box with 2 full-time PPP connections (one incoming, one outgoing) and it had a 30+ day uptime until I rebooted it to install the arp-patch Bill Fenner made Friday. 2.1 has worked very well for me, but I'm also not seeing the kind of loads you're seeing. Nate From: Bruce Evans To: Denis.Fortin@dmr.ca, FreeBSD-gnats-submit@freebsd.org Cc: Subject: Re: kern/965: 2.0.5 daily crash: multiple frees in if_ppp.c Date: Tue, 23 Jan 1996 08:24:24 +1100 > System crashes a few times a week (2-5) and reboots. This is Most This may be fixed in rev.1.12 (1995/10/30) of spl.h which is in -stable. See also PR 798. > Annoying since the BB-2016 then seems to require a manual "shutdown -r" > about 50% of the time or it isn't properly reset (i.e. the machine > stops answering the phone). This is probably caused by some of the devices on the BB being active at crash time and warm boots not resetting them. The UART IRQs are ORed together, so they must all be inactive or all except one must be disconnected for that one to be probed. Since they aren't disconnected until they are probed, the probes sometimes fail. This was fixed for some multiport boards (probably for BB's and not for AST's) in rev.1.123 (1995/11/29) of sio.c but isn't fixed in -stable. Possible workaround: Repeat all probes by duplicating the block of 16 BB config lines in your kernel config file. Bruce State-Changed-From-To: open->analyzed State-Changed-By: pst State-Changed-When: Wed Feb 7 16:05:33 PST 1996 State-Changed-Why: Bruce, your comment is that this hasn't made it into stable. Should it be placed in stable? What about fixing AST cards? Responsible-Changed-From-To: freebsd-bugs->bde Responsible-Changed-By: pst Responsible-Changed-When: Wed Feb 7 16:05:33 PST 1996 Responsible-Changed-Why: State-Changed-From-To: analyzed->closed State-Changed-By: phk State-Changed-When: Sat Apr 11 03:41:08 PDT 1998 State-Changed-Why: dead PR. >Unformatted: