From doconnor@gsoft.com.au  Wed Sep 30 22:06:54 1998
Received: from cain.gsoft.com.au (genesi.lnk.telstra.net [139.130.136.161])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id WAA13034
          for <FreeBSD-gnats-submit@freebsd.org>; Wed, 30 Sep 1998 22:06:51 -0700 (PDT)
          (envelope-from doconnor@gsoft.com.au)
Received: (from doconnor@localhost) by cain.gsoft.com.au (8.8.8/8.6.9) id OAA16445; Thu, 1 Oct 1998 14:36:29 +0930 (CST)
Message-Id: <199810010506.OAA16445@cain.gsoft.com.au>
Date: Thu, 1 Oct 1998 14:36:29 +0930 (CST)
From: "Daniel O'Connor" <doconnor@gsoft.com.au>
Reply-To: doconnor@gsoft.com.au
To: FreeBSD-gnats-submit@freebsd.org
Subject: 2.2.7 + CAM system panics removing shared memory
X-Send-Pr-Version: 3.2

>Number:         8112
>Category:       kern
>Synopsis:       2.2.7 + CAM system panics removing shared memory
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    ken
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Sep 30 22:10:00 PDT 1998
>Closed-Date:    Mon Apr 26 11:33:36 PDT 1999
>Last-Modified:  Mon Apr 26 11:33:56 PDT 1999
>Originator:     Daniel O'Connor
>Release:        FreeBSD 2.2.7-STABLE i386
>Organization:
Genesis Software
>Environment:
This is a 2.2.7 source tree with the CAM patches applied.

>Description:
Running cdda2wav creates shared memory segments, if I patch cdda2wav to not remove
them, the system doesn't crash. Trying to remove the segments by hand causes 
the same problem though.

It only seems to crash if there are 2 shared memory segments are present and they are
both removed. 

The trace is as follows ->
test2# gdb -k kernel.1 vmcore.1
GDB is free software and you are welcome to distribute copies of it
 under certain conditions; type "show copying" to see the conditions.
There is absolutely no warranty for GDB; type "show warranty" for details.
GDB 4.16 (i386-unknown-freebsd),
Copyright 1996 Free Software Foundation, Inc...
IdlePTD a27000
current pcb at 21005c
panic: vm_page_free: freeing busy page
#0  boot (howto=260) at ../../kern/kern_shutdown.c:266
266                                     dumppcb.pcb_cr3 = rcr3();
(kgdb) where
#0  boot (howto=260) at ../../kern/kern_shutdown.c:266
#1  0xf01319b3 in panic (fmt=0xf0113489 "from debugger")
    at ../../kern/kern_shutdown.c:400
#2  0xf01134a5 in db_panic (dummy1=-266537335, dummy2=0, dummy3=-1,
    dummy4=0xefbffd38 "") at ../../ddb/db_command.c:440
#3  0xf0113395 in db_command (last_cmdp=0xf02011e4, cmd_table=0xf0201034,
    aux_cmd_tablep=0xf021d64c) at ../../ddb/db_command.c:337
#4  0xf0113512 in db_command_loop () at ../../ddb/db_command.c:462
#5  0xf0115c    at ../../i386/i386/db_interface.c:126
#7  0xf01d8ea4 in trap (frame={tf_es = 16, tf_ds = 16, tf_edi = -272629864,
      tf_esi = -266580190, tf_ebp = -272630164, tf_isp = -272630192,
      tf_ebx = 256, tf_edx = -266537391, tf_ecx = 2000, tf_eax = 18,
      tf_trapno = 3, tf_err = 0, tf_eip = -266537335, tf_cs = 8,
      tf_eflags = 582, tf_esp = -266537407, tf_ss = -267183800})
    at ../../i386/i386/trap.c:416
#8  0xf01cf689 in Debugger (msg=0xf0131948 "panic")
    at ../../i386/i386/db_interface.c:254
#9  0xf01319aa in panic (fmt=0xf01c4f22 "vm_page_free: freeing busy page")
    at ../../kern/kern_shutdown.c:398
#10 0xf01c4fe6 in vm_page_freechk_and_unqueue (m=0xf0abd1a4)
    at ../../vm/vm_page.c:948
#11 0xf01c506a in vm_page_free (m=0xf0abd1a4) at ../../vm/vm_page.c:1014
#12 0xf01c29c6 in vm_object_terminate (object=0xf1228f80)
    at ../../vm/vm_object.c:409
#13 0xf01c2817 in vm_object_deallocate (object=0xf1228f80)
    at ../../vm/v#17 0xf01d9923 in syscall (frame={tf_es = 39, tf_ds = 39, tf_edi = 0,
      tf_esi = 262144, tf_ebp = -272638820, tf_isp = -272629788,
      tf_ebx = 537383008, tf_edx = 0, tf_ecx = 0, tf_eax = 171,
      tf_trapno = 12, tf_err = 7, tf_eip = 537122097, tf_cs = 31,
      tf_eflags = 646, tf_esp = -272638844, tf_ss = 39})
    at ../../i386/i386/trap.c:920
#18 0x2003d531 in ?? ()
#19 0x16d6 in ?? ()
#20 0x197d in ?? ()
#21 0x1095 in ?? ()


>How-To-Repeat:

Compile cdda2wav (I hacked it for CAM)

./cdda2wav -B 
[ ... ]
[ Program exits ]

panic..

>Fix:
	

>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->ken 
Responsible-Changed-By: steve 
Responsible-Changed-When: Wed Dec 9 18:38:13 PST 1998 
Responsible-Changed-Why:  
Ken is one of our CAM experts. 
State-Changed-From-To: open->feedback 
State-Changed-By: ken 
State-Changed-When: Wed Dec 16 10:07:45 PST 1998 
State-Changed-Why:  
Daniel -- I don't know if you're running -current or not, but if you are, 
could you try out the change I made in revision 1.7 of sys/cam/cam_periph.c? 

I believe it will fix the problem you were seeing with cdda2wav. 
State-Changed-From-To: feedback->closed 
State-Changed-By: ken 
State-Changed-When: Mon Apr 26 11:33:36 PDT 1999 
State-Changed-Why:  
Never got any response, but I'm pretty sure this problem is fixed. 
>Unformatted:
