Date: Fri, 2 May 2003 21:36:00 +0100 From: Michael McGoldrick <michael@mcgoldrick.org> To: current@freebsd.org Subject: Re: mbuf double-free panic Message-ID: <20030502203559.GA658@uriel.mcgoldrick.org> In-Reply-To: <20030502203621.GA792@uriel.mcgoldrick.org> References: <20030502203621.GA792@uriel.mcgoldrick.org>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --]
Oooops, attached the wrong file. Ahh, the delights of embarassing yourself on
a public forum.
--
Michael McGoldrick: mmcgoldrick@linuxdriven.net
[-- Attachment #2 --]
Script started on Fri May 2 21:21:59 2003
GNU gdb 5.2.1 (FreeBSD)
Copyright 2002 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i386-undermydesk-freebsd"...
panic: m_free detected a mbuf double-free
panic messages:
---
panic: m_free detected a mbuf double-free
syncing disks, buffers remaining... 1407 1407 1401 1398 1398 1398 1398 1398 1397 1397 1397
sio1: 1 more silo overflow (total 26)
1397 1397 1397 1397 1397 1397 1397 1397 1397 1397 1397 1397 1397 1397 1397 1397 1397
giving up on 428 buffers
Uptime: 22m48s
Dumping 127 MB
ata1: resetting devices ..
done
[CTRL-C to abort] [CTRL-C to abort] [CTRL-C to abort] 16 32 48 64 80 96 112
---
Reading symbols from /usr/obj/usr/src/sys/URIEL/modules/usr/src/sys/modules/linux/linux.ko.debug...done.
Loaded symbols for /usr/obj/usr/src/sys/URIEL/modules/usr/src/sys/modules/linux/linux.ko.debug
Reading symbols from /usr/obj/usr/src/sys/URIEL/modules/usr/src/sys/modules/acpi/acpi.ko.debug...done.
Loaded symbols for /usr/obj/usr/src/sys/URIEL/modules/usr/src/sys/modules/acpi/acpi.ko.debug
Reading symbols from /usr/obj/usr/src/sys/URIEL/modules/usr/src/sys/modules/linprocfs/linprocfs.ko.debug...done.
Loaded symbols for /usr/obj/usr/src/sys/URIEL/modules/usr/src/sys/modules/linprocfs/linprocfs.ko.debug
Reading symbols from /usr/obj/usr/src/sys/URIEL/modules/usr/src/sys/modules/ipfw/ipfw.ko.debug...done.
Loaded symbols for /usr/obj/usr/src/sys/URIEL/modules/usr/src/sys/modules/ipfw/ipfw.ko.debug
Reading symbols from /boot/kernel/logo_saver.ko...done.
Loaded symbols for /boot/kernel/logo_saver.ko
#0 doadump () at /usr/src/sys/kern/kern_shutdown.c:238
238 dumping++;
(kgdb) bt
#0 doadump () at /usr/src/sys/kern/kern_shutdown.c:238
#1 0xc023a7aa in boot (howto=256) at /usr/src/sys/kern/kern_shutdown.c:370
#2 0xc023aafb in panic () at /usr/src/sys/kern/kern_shutdown.c:543
#3 0xc0256352 in m_free (mb=0xc0bbcf00) at /usr/src/sys/kern/subr_mbuf.c:1392
#4 0xc02a8993 in tunread (dev=0x0, uio=0xce8a6c7c, flag=8323072)
at /usr/src/sys/net/if_tun.c:679
#5 0xc01fe3ae in spec_read (ap=0xce8a6be0)
at /usr/src/sys/fs/specfs/spec_vnops.c:271
#6 0xc01fdf38 in spec_vnoperate (ap=0x0)
at /usr/src/sys/fs/specfs/spec_vnops.c:123
#7 0xc02991e2 in vn_read (fp=0xc256099c, uio=0xce8a6c7c,
active_cred=0xc235b900, flags=0, td=0xc2674390) at vnode_if.h:383
#8 0xc025cd12 in dofileread (td=0xc2674390, fp=0xc256099c, fd=0,
buf=0xbfbfee40, nbyte=0, offset=0, flags=0) at file.h:227
#9 0xc025cb7b in read (td=0xc2674390, uap=0xce8a6d10)
at /usr/src/sys/kern/sys_generic.c:106
#10 0xc038ecfe in syscall (frame=
{tf_fs = 47, tf_es = -1078001617, tf_ds = -1078001617, tf_edi = 134883872, tf_esi = 134996480, tf_ebp = -1077938584, tf_isp = -829788812, tf_ebx = 134969308, tf_edx = 135049216, tf_ecx = 7, tf_eax = 3, tf_trapno = 0, tf_err = 2, tf_eip = 673638227, tf_cs = 31, tf_eflags = 514, tf_esp = -1077940724, tf_ss = 47})
at /usr/src/sys/i386/i386/trap.c:1021
#11 0xc037ec0d in Xint0x80_syscall () at {standard input}:138
---Can't read userspace from dump, or kernel process---
(kgdb) up 3
#3 0xc0256352 in m_free (mb=0xc0bbcf00) at /usr/src/sys/kern/subr_mbuf.c:1392
1392 MEXT_REM_REF(mb);
(kgdb) l
1387 #endif
1388 if ((mb->m_flags & M_PKTHDR) != 0)
1389 m_tag_delete_chain(mb, NULL);
1390 nb = mb->m_next;
1391 if ((mb->m_flags & M_EXT) != 0) {
1392 MEXT_REM_REF(mb);
1393 if (atomic_cmpset_int(mb->m_ext.ref_cnt, 0, 1)) {
1394 if (mb->m_ext.ext_type == EXT_CLUSTER) {
1395 mb_free(&mb_list_clust,
1396 (caddr_t)mb->m_ext.ext_buf, MT_NOTMBUF,
(kgdb) print md b
$1 = (struct mbuf *) 0xc0bbcf00
(kgdb) print *mb
$2 = {m_hdr = {mh_next = 0x0, mh_nextpkt = 0x0, mh_data = 0xc0bbcf3c "",
mh_len = 44, mh_flags = 16386, mh_type = 2}, M_dat = {MH = {MH_pkthdr = {
rcvif = 0x0, len = 44, header = 0x2, csum_flags = 0, csum_data = 16,
tags = {slh_first = 0x0}}, MH_dat = {MH_ext = {
ext_buf = 0xc105f000 "5\020\004", ext_free = 0, ext_args = 0x0,
ext_size = 33554432, ref_cnt = 0x28000045, ext_type = 7684},
MH_databuf = "\0ð\005Á", '\0' <repeats 11 times>, "\002E\0\0(\004\036\0\0@\006p«QN\r/Ã\\ä-À\025\0P·\205\037\004³ðdßP\020\0\0ú\r\0\0\001\001\b\n\0\001\005\023Q\n|ý\002\0\0\0\0\0\0\0L\001\005\0\025\0 \0\021\0 \0\021\08\001 1.3A\001\b\0\025\0 \0\031\0 \0\021\0-\001\005\0\0\0\0\0\f\0ûÿ\0\0\0\0ôÿ\004\030\0\0@\001\vÂQN\r/Øï3c\b\0ÕÊü\002\001¶%Ͳ>am\0\0\b\t\n\v\f\r\016\017\020\021\022\023\024\025\026\027\030\031\032\e\034\035\036\037 !\"#$%&'()*+,-./0"...}},
M_databuf = "\0\0\0\0,\0\0\0\002\0\0\0\0\0\0\0\020\0\0\0\0\0\0\0\0ð\005Á", '\0' <repeats 11 times>, "\002E\0\0(\004\036\0\0@\006p«QN\r/Ã\\ä-À\025\0P·\205\037\004³ðdßP\020\0\0ú\r\0\0\001\001\b\n\0\001\005\023Q\n|ý\002\0\0\0\0\0\0\0L\001\005\0\025\0 \0\021\0 \0\021\08\001 1.3A\001\b\0\025\0 \0\031\0 \0\021\0-\001\005\0\0\0\0\0\f\0ûÿ\0\0\0\0ôÿ\004\030\0\0@\001\vÂQN\r/Øï3c\b\0ÕÊü\002\001¶%Ͳ>am\0\0\b\t\n\v\f\r\016\017\020\021\022\023\024\025\026\027\030"...}}
(kgdb) up 1
#4 0xc02a8993 in tunread (dev=0x0, uio=0xce8a6c7c, flag=8323072)
at /usr/src/sys/net/if_tun.c:679
679 m = m_free(m);
(kgdb) l
674
675 while (m && uio->uio_resid > 0 && error == 0) {
676 len = min(uio->uio_resid, m->m_len);
677 if (len != 0)
678 error = uiomove(mtod(m, void *), len, uio);
679 m = m_free(m);
680 }
681
682 if (m) {
683 TUNDEBUG("%s%d: Dropping mbuf\n", ifp->if_name, ifp->if_unit);
(kgdb)
Script done on Fri May 2 21:25:41 2003
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030502203559.GA658>