Date: Sat, 23 Jun 2007 14:46:40 +1000 From: David Cecil <david.cecil@nokia.com> To: freebsd-geom@freebsd.org Subject: Duplicate free Message-ID: <467CA5B0.4090508@nokia.com>
next in thread | raw e-mail | index | archive | help
Hi, I've encountered a duplicate free in 6.1-RELEASE-based code. I have noticed that the same stack trace was reported about two years ago on a number of occasions, and some code was added to try and help debug the situation. However, I don't see any resolution. Does anyone have any more information on this before I try and debug it further? Any hints for trying to find who freed it first? Maybe I should add the KTR debug that went into 1.66 of geom_io.c. db> bt Tracing pid 17 tid 100016 td 0x86badaf0 kdb_enter(80750631) at kdb_enter+0x2b panic(807786cd,8a778d80,81856780,80747d25,807786b1,...) at panic+0x137 uma_dbg_free(81856780,0,8a778d80) at uma_dbg_free+0x110 uma_zfree_arg(81856780,8a778d80,0) at uma_zfree_arg+0x66 g_destroy_bio(8a778d80,805319b4,8a778d80,e1ca3c60,805c9620,...) at g_destroy_bio+0x13 g_disk_done(8a778d80) at g_disk_done+0x62 biodone(8a778d80) at biodone+0x58 ad_done(88042840) at ad_done+0x2a ata_completed(88042840,0,86c38cdc,0,80753b6d,...) at ata_completed+0x504 taskqueue_run(86c38cc0,e1ca3cec,8056999a,0,0,...) at taskqueue_run+0x86 taskqueue_swi_run(0) at taskqueue_swi_run+0xe ithread_execute_handlers(86c14000,86c29280) at ithread_execute_handlers+0xfa ithread_loop(86c534f0,e1ca3d38,86c534f0,80569a10,0,...) at ithread_loop+0x76 fork_exit(80569a10,86c534f0,e1ca3d38) at fork_exit+0xa0 fork_trampoline() at fork_trampoline+0x8 --- trap 0x1, eip = 0, esp = 0xe1ca3d6c, ebp = 0 --- The panic string is: Duplicate free of item 0x8a778d80 from zone 0x81856780(g_bio) Thanks, Dave
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?467CA5B0.4090508>