From owner-freebsd-current@FreeBSD.ORG Sun May 4 12:37:43 2003 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9167D37B401 for ; Sun, 4 May 2003 12:37:43 -0700 (PDT) Received: from heron.mail.pas.earthlink.net (heron.mail.pas.earthlink.net [207.217.120.189]) by mx1.FreeBSD.org (Postfix) with ESMTP id BD12343FB1 for ; Sun, 4 May 2003 12:37:42 -0700 (PDT) (envelope-from tlambert2@mindspring.com) Received: from pool0293.cvx40-bradley.dialup.earthlink.net ([216.244.43.38] helo=mindspring.com) by heron.mail.pas.earthlink.net with asmtp (SSLv3:RC4-MD5:128) (Exim 3.33 #1) id 19CPIj-0005r0-00; Sun, 04 May 2003 12:37:34 -0700 Message-ID: <3EB56BB0.32DC4347@mindspring.com> Date: Sun, 04 May 2003 12:36:16 -0700 From: Terry Lambert X-Mailer: Mozilla 4.79 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: Matt References: <49952.192.168.1.10.1052046537.squirrel@webmail.xtaz.co.uk> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-ELNK-Trace: b1a02af9316fbb217a47c185c03b154d40683398e744b8a4d0a637424fde5cc50af6f7d65c14671b666fa475841a1c7a350badd9bab72f9c350badd9bab72f9c cc: current@freebsd.org Subject: Re: m_freem detected a mbuf double-free : xl0 kernel panic X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 04 May 2003 19:37:43 -0000 Matt wrote: > Unfortunatly this machine does not have enough swap space to dump a panic > and I also do not have a serial console so there is no debug information, > but I am getting a 100% reproducable panic on a kernel built on sources > cvsup'd either an hour ago or yesterday morning (I've tried both). Sources > from friday are fine. makeoptions DEBUG=-g #Build kernel with gdb(1) debug symbols options DDB #Enable the kernel debugger > The important looking parts I scribbled down on some paper from ddb are > m_freem detected a mbuf double-free, kernel trap 12 with interrupts > disabled, current process int12: xl0. > > This happens the second my irc client tries to connect to an irc server > after booting the system. If I boot kernel.old (from friday) it works > fine. > > Hopefully somebody else with a nic using the xl driver has the same > problem and could offer some proper debug. If not I will try and add more > swap space so I can get a core file. Look elsewhere; the if_xl.c/if_xlreg.h hasn't been modified for over 13 days, so it's not an if_xl.c specific problem that came in last Friday. Probably you had not updated for a while (if it's really an if_xl problem -- and you need to tell us how old your tree was), or it's a problem that was introduced elsewhere, and happened to bite you in the if_xl.c code. I expect that this is the case. You should look for changed files. Actually, I think it's rev 1.47 of /src/sys/kern/subr_mbuf.c; I don't actually see where the M_FREELIST flag is ever cleared on allocation... might want to send an email to silby@. Alternately, if it is cleared on allocation somewhere I'm not seeing, it may be a revealed by in the if_xl driver... or some place else in the protocol stack, where it's freeing the mbuf, and then continuing to use it. I remember a case in the ipfw code, at one point, where it would do that on "reject" rules, and then corrupt the heck out of the kernel stack. 8-(. -- Terry