From owner-freebsd-current Sun Jul 9 7: 4:31 2000 Delivered-To: freebsd-current@freebsd.org Received: from frmug.org (frmug-gw.frmug.org [193.56.58.252]) by hub.freebsd.org (Postfix) with ESMTP id 15FF037B883 for ; Sun, 9 Jul 2000 07:04:25 -0700 (PDT) (envelope-from roberto@keltia.freenix.fr) Received: (from uucp@localhost) by frmug.org (8.9.3/frmug-2.7/nospam) with UUCP id QAA09349; Sun, 9 Jul 2000 16:04:21 +0200 (CEST) (envelope-from roberto@keltia.freenix.fr) Received: by keltia.freenix.fr (Postfix, from userid 101) id CFEF18899; Sun, 9 Jul 2000 15:51:46 +0200 (CEST) Date: Sun, 9 Jul 2000 15:51:46 +0200 From: Ollivier Robert To: "FreeBSD Current Users' list" Cc: mckusick@mckusick.com Subject: Multiple free panic on SMP Message-ID: <20000709155146.A30086@keltia.freenix.fr> Mail-Followup-To: FreeBSD Current Users' list , mckusick@mckusick.com Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2i X-Operating-System: FreeBSD 5.0-CURRENT/ELF AMD-K6/200 & 2x PPro/200 SMP Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG After updating to the very latest current code, I get a multiple free panic on my SMP machine. It always happen during buildworld in libc_r. Important note : I have the snapshot code from Kirk. The panic is in random_read which does a free. Here is the trace. panic: free: multiple freed item 0xc0e92d00 mp_lock = 00000003; cpuid = 0; lapic.id = 00000000 panic: from debugger mp_lock = 00000004; cpuid = 0; lapic.id = 00000000 boot() called on cpu#0 Uptime: 41m7s #0 boot (howto=260) at ../../kern/kern_shutdown.c:303 #1 0xc017819d in panic (fmt=0xc029dc34 "from debugger") at ../../kern/kern_shutdown.c:553 #2 0xc0133435 in db_panic (addr=-1071169600, have_addr=0, count=-1, modif=0xc667bc38 "") at ../../ddb/db_command.c:433 #3 0xc01333d5 in db_command (last_cmdp=0xc02d9db4, cmd_table=0xc02d9c14, aux_cmd_tablep=0xc031a8f4) at ../../ddb/db_command.c:333 #4 0xc013349a in db_command_loop () at ../../ddb/db_command.c:455 #5 0xc0135657 in db_trap (type=3, code=0) at ../../ddb/db_trap.c:71 #6 0xc0273d05 in kdb_trap (type=3, code=0, regs=0xc667bd48) at ../../i386/i386/db_interface.c:158 #7 0xc028590c in trap (frame={tf_fs = -1070399464, tf_es = -1070399472, tf_ds = -966328304, tf_edi = 128, tf_esi = 256, tf_ebp = -966279792, tf_isp = -966279820, tf_ebx = -1070954959, tf_edx = 0, tf_ecx = 32, tf_eax = 18, tf_trapno = 3, tf_err = 0, tf_eip = -1071169600, tf_cs = 8, tf_eflags = 524886, tf_esp = -1070814813, tf_ss = -1070951182}) at ../../i386/i386/trap.c:552 #8 0xc0273fc0 in Debugger (msg=0xc02a94f2 "panic") at machine/cpufunc.h:64 #9 0xc0178194 in panic (fmt=0xc02a8631 "free: multiple freed item %p") at ../../kern/kern_shutdown.c:551 #10 0xc0173d43 in free (addr=0xc0e92d00, type=0xc03035e0) at ../../kern/kern_malloc.c:336 #11 0xc0144340 in random_read (dev=0xc031e3c8, uio=0xc667bed8, flag=131072) at ../../dev/randomdev/randomdev.c:100 #12 0xc01b1e67 in spec_read (ap=0xc667be6c) at ../../miscfs/specfs/spec_vnops.c:262 #13 0xc0252774 in ufsspec_read (ap=0xc667be6c) at ../../ufs/ufs/ufs_vnops.c:1830 #14 0xc0252ca1 in ufs_vnoperatespec (ap=0xc667be6c) at ../../ufs/ufs/ufs_vnops.c:2308 #15 0xc01af0e8 in vn_read (fp=0xc1135d40, uio=0xc667bed8, cred=0xc0d9a780, flags=0, p=0xc6580820) at vnode_if.h:334 #16 0xc0188db5 in dofileread (p=0xc6580820, fp=0xc1135d40, fd=3, buf=0xbfbff064, nbyte=116, offset=-1, flags=0) at ../../sys/file.h:141 #17 0xc0188cab in read (p=0xc6580820, uap=0xc667bf80) at ../../kern/sys_generic.c:110 #18 0xc0286335 in syscall2 (frame={tf_fs = 47, tf_es = 47, tf_ds = 47, tf_edi = 1717986919, tf_esi = 3, tf_ebp = -1077940008, tf_isp = -966279212, tf_ebx = 672082468, tf_edx = 63956, tf_ecx = 672148482, tf_eax = 3, tf_trapno = 12, tf_err = 2, tf_eip = 672042240, tf_cs = 31, tf_eflags = 643, tf_esp = -1077940196, tf_ss = 47}) at ../../i386/i386/trap.c:1126 #19 0xc02746cb in Xint0x80_syscall () (kgdb) up 10 #10 0xc0173d43 in free (addr=0xc0e92d00, type=0xc03035e0) at ../../kern/kern_malloc.c:336 336 panic("free: multiple freed item %p", addr); (kgdb) print addr $1 = (void *) 0xc0e92d00 (kgdb) print *addr Attempt to dereference a generic pointer. (kgdb) up #11 0xc0144340 in random_read (dev=0xc031e3c8, uio=0xc667bed8, flag=131072) at ../../dev/randomdev/randomdev.c:100 warning: Source file is more recent than executable. 100 ret = read_random(random_buf, c); (kgdb) list 95 void *random_buf; 96 97 c = min(uio->uio_resid, PAGE_SIZE); 98 random_buf = (void *)malloc(c, M_TEMP, M_WAITOK); 99 while (uio->uio_resid > 0 && error == 0) { 100 ret = read_random(random_buf, c); 101 error = uiomove(random_buf, ret, uio); 102 } 103 free(random_buf, M_TEMP); 104 return error; (kgdb) print random_buf $2 = (void *) 0xc0e92d00 (kgdb) print uio $3 = (struct uio *) 0xc667bed8 (kgdb) print *uio $4 = {uio_iov = 0xc667beb0, uio_iovcnt = 1, uio_offset = 116, uio_resid = 0, uio_segflg = UIO_USERSPACE, uio_rw = UIO_READ, uio_procp = 0xc6580820} More details if needed of course. -- Ollivier ROBERT -=- FreeBSD: The Power to Serve! -=- roberto@keltia.freenix.fr FreeBSD keltia.freenix.fr 5.0-CURRENT #80: Sun Jun 4 22:44:19 CEST 2000 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message