FreeBSD Mail Archives

Date:      Fri, 5 Apr 1996 17:34:48 -0500 (EST)
From:      "Marc G. Fournier" <scrappy@ki.net>
To:        FreeBSD-gnats-submit@freebsd.org
Subject:   kern/1117: panic: rlist_free: free end overlaps already freed area
Message-ID:  <199604052234.RAA00875@freebsd.ki.net>
Resent-Message-ID: <199604052240.OAA18315@freefall.freebsd.org>

next in thread | raw e-mail | index | archive | help


>Number:         1117
>Category:       kern
>Synopsis:       panic: rlist_free: free end overlaps already freed area
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    freebsd-bugs
>State:          open
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Apr  5 14:40:05 PST 1996
>Last-Modified:
>Originator:     Marc G. Fournier
>Organization:
>Release:        FreeBSD 2.2-CURRENT i386
>Environment:

FreeBSD 2.2-CURRENT #35: Tue Apr  2 01:38:50 EST 1996
    scrappy@freebsd.ki.net:/usr/src/sys/compile/freebsd
CPU: i486DX (486-class CPU)
real memory  = 16777216 (16384K bytes)
avail memory = 14716928 (14372K bytes)
DEVFS: ready for devices
Probing for devices on the ISA bus:
vt0 at 0x60-0x6f irq 1 on motherboard
vt0: mda, mono, 8 scr, mf2-kbd, [R3.20-b24]
ed0 at 0x280-0x29f irq 5 maddr 0xd8000 msize 16384 on isa
ed0: address 00:00:c0:b7:91:71, type WD8013EPC (16 bit) 
aha0 at 0x330-0x333 irq 11 drq 5 on isa
(aha0:0:0): "UNISYS U0531 ST3600N 8374" type 0 fixed SCSI 2
sd0(aha0:0:0): Direct-Access 500MB (1025920 512 byte sectors)
(aha0:3:0): "CONNER CFA540S 13B0" type 0 fixed SCSI 2
sd1(aha0:3:0): Direct-Access 515MB (1056708 512 byte sectors)
fdc0 at 0x3f0-0x3f7 irq 6 drq 2 on isa
fdc0: NEC 72065B
fd0: 1.44MB 3.5in
npx0 on motherboard
npx0: INT 16 interface
sctarg0(noadapter::): Processor Target 
devfs ready to run

>Description:

	After 2days, 16hrs uptime, in order to install a new -current
kernel, I typed 'reboot' as root at the prompt, at which point she 
panic'd (I swear, i was being gentle with her *grin*)

	I *think* I'm getting the hang of gdb, but if I'm missing some
data that I could have gotten out of gdb, please let me know and I'll
add that in :)

DDB Output:

panic: rlist_free: free end overlaps already freed area

rlist_free+0x9d
swap_pager_freeswapspace+0x1b
swap_pager_free_swap+0xbb
swap_pager_dealloc+0x9c
vm_pager_deallocate+0x16
vm_object_terminate+0x13b
vm_object_deallocate+0x1a3
vm_map_entry_delete+0x50
vm_map_delete+0x0x13e
vm_map_remove+0x60
exit1+0xc5
exit+0x14
syscall+0x129
Xsyscall+0x35
--- syscall 1, eip = 0x8159a5d, ebp = 0xefbfdb40 ---


GDB Output:

Script started on Fri Apr  5 17:24:24 1996
gdbfreebsd# gdb -k /usr/debug/kernel-sym.35 vmcore.5
GDB is free software and you are welcome to distribute copies of it
 under certain conditions; type "show copying" to see the conditions.
There is absolutely no warranty for GDB; type "show warranty" for details.
GDB 4.13 (i386-unknown-freebsd), 
Copyright 1994 Free Software Foundation, Inc...
IdlePTD 20d000
current pcb at 1dabc8
panic: rlist_free: free end overlaps already freed area
#0  boot (howto=260) at ../../i386/i386/machdep.c:942
Source file is more recent than executable.
942					dumppcb.pcb_ptd = rcr3();
(kgdb) where
#0  boot (howto=260) at ../../i386/i386/machdep.c:942
#1  0xf0113727 in panic (fmt=0xf01011f8 "from debugger")
    at ../../kern/subr_prf.c:133
#2  0xf0101215 in db_panic (dummy1=-266739549, dummy2=0, dummy3=-1, 
    dummy4=0xefbffcb0 "") at ../../ddb/db_command.c:395
#3  0xf01010fe in db_command (last_cmdp=0xf01cab34, cmd_table=0xf01ca994)
    at ../../ddb/db_command.c:288
#4  0xf010127d in db_command_loop () at ../../ddb/db_command.c:417
#5  0xf01035e8 in db_trap (type=3, code=0) at ../../ddb/db_trap.c:73
#6  0xf019de7a in kdb_trap (type=3, code=0, regs=0xefbffdac)
    at ../../i386/i386/db_interface.c:136
#7  0xf01a59ec in trap (frame={tf_es = 16, tf_ds = 16, tf_edi = -191131724, 
      tf_esi = -267302978, tf_ebp = -272630288, tf_isp = -272630316, 
      tf_ebx = 256, tf_edx = -266739595, tf_ecx = 1920, tf_eax = 18, 
      tf_trapno = 3, tf_err = 0, tf_eip = -266739549, tf_cs = -272695288, 
      tf_eflags = 582, tf_esp = -266739611, tf_ss = -267307330})
    at ../../i386/i386/trap.c:399
#8  0xf019e6f1 in calltrap ()
#9  0xf011371e in panic (
    fmt=0xf01147be "rlist_free: free end overlaps already freed area")
    at ../../kern/subr_prf.c:129
#10 0xf0114901 in rlist_free (rlh=0xf01e5ed0, start=8912, end=8935)
    at ../../kern/subr_rlist.c:157
#11 0xf018bf77 in swap_pager_freeswapspace (object=0xf0935880, from=8912, 
    to=8935) at ../../vm/swap_pager.c:408
#12 0xf018c167 in swap_pager_free_swap (object=0xf0935880)
    at ../../vm/swap_pager.c:485
#13 0xf018c6b8 in swap_pager_dealloc (object=0xf0935880)
    at ../../vm/swap_pager.c:721
#14 0xf019861a in vm_pager_deallocate (object=0xf0935880)
    at ../../vm/vm_pager.c:178
#15 0xf01942b7 in vm_object_terminate (object=0xf0935880)
    at ../../vm/vm_object.c:416
#16 0xf019410b in vm_object_deallocate (object=0xf0935880)
    at ../../vm/vm_object.c:356
#17 0xf019227c in vm_map_entry_delete (map=0xf0937300, entry=0xf0924740)
    at ../../vm/vm_map.c:1620
#18 0xf01923ce in vm_map_delete (map=0xf0937300, start=0, end=4022329344)
    at ../../vm/vm_map.c:1715
#19 0xf019244c in vm_map_remove (map=0xf0937300, start=0, end=4022329344)
    at ../../vm/vm_map.c:1740
#20 0xf0108c89 in exit1 (p=0xf0937400, rv=0) at ../../kern/kern_exit.c:161
#21 0xf0108b84 in exit (p=0xf0937400, uap=0xefbfff94, retval=0xefbfff84)
    at ../../kern/kern_exit.c:97
#22 0xf01a646d in syscall (frame={tf_es = 39, tf_ds = 39, tf_edi = 0, 
      tf_esi = -1, tf_ebp = -272639168, tf_isp = -272629788, 
      tf_ebx = 135680096, tf_edx = 0, tf_ecx = 1, tf_eax = 1, tf_trapno = 7, 
      tf_err = 7, tf_eip = 135633501, tf_cs = 31, tf_eflags = 658, 
      tf_esp = -272639188, tf_ss = 39}) at ../../i386/i386/trap.c:904
---Type <return> to continue, or q <return> to quit---qQuit
(kgdb) up 10
#10 0xf0114901 in rlist_free (rlh=0xf01e5ed0, start=8912, end=8935)
    at ../../kern/subr_rlist.c:157
157				panic("rlist_free: free end overlaps already freed area");
(kgdb) list
152		}
153	
154		if (cur_rlp != NULL) {
155	
156			if (end >= cur_rlp->rl_start)
157				panic("rlist_free: free end overlaps already freed area");
158	
159			if (prev_rlp) {
160				if (start <= prev_rlp->rl_end)
161					panic("rlist_free: free start overlaps already freed area");
(kgdb) print end
$1 = 8935
(kgdb) print cur_rlp->rl_start
$2 = 8920
(kgdb) print cur_rlp
$3 = (struct rlist *) 0xf49ba450
(kgdb) print prev_rlp
$4 = (struct rlist *) 0xf49b8fb4
(kgdb) print start
$5 = 8912
(kgdb) print prev_rlp->rl_end
$6 = 8911
(kgdb) quit
freebsd# exit
exit

Script done on Fri Apr  5 17:25:50 1996
>How-To-Repeat:

	

>Fix:
	
	

>Audit-Trail:
>Unformatted:

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199604052234.RAA00875>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation