Date: Fri, 26 Apr 2002 00:54:45 -0400 (EDT) From: Robert Watson <rwatson@FreeBSD.org> To: current@FreeBSD.org Subject: free: address 0x3ce000(0x3ce000) has not been allocated. Message-ID: <Pine.NEB.3.96L.1020426004956.64976x-100000@fledge.watson.org>
index | next in thread | raw e-mail
This from the trustedbsd_mac branch -- malloc is largely untouched (except
for a patch I sent to Jeff from Brian Feldman that re-introduces memory
trashing on free), and specfs is untouched, so probably also applies to
recent -CURRENT. This could well be the malloc debugging panic some
others have referred to, but it's the first time I've bumped into it, so
figured I'd mention it. I'm in the process of integ'ing the branch to see
if that cleans things up some.
Robert N M Watson FreeBSD Core Team, TrustedBSD Project
robert@fledge.watson.org NAI Labs, Safeport Network Services
n/dev/md0c: 4096 isectors in 1 cylcinders of 1 trac:ks, 4096 sectors
free: address 0x3ce000(0x3ce000) has not been allocated.
cpuid = 1; lapic.id = 01000000
Debugger("panic")
Stopped at Debugger+0x41: xorl %eax,%eax
db> trace
Debugger(c03dfcfa) at Debugger+0x41
panic(c03ddee0,3ce000,3ce000,1,c8eed1c1) at panic+0xd8
free(3ce000,c04416c0,1,c8eed1c1,c93f5a08) at free+0x55
free_ds_label(c8eed1c1,1) at free_ds_label+0x21
dsgone(c93c64d8) at dsgone+0x1b
dsopen(c93a2100,2000,0,c93c64d8,c93c64dc) at dsopen+0x71
diskopen(c93a2100,3,2000,c93bc100,c93f5ae0) at diskopen+0xc4
spec_open(c93f5ae0,c93f5b04,c033b7ce,c93f5ae0,c045ee80) at spec_open+0x12b
spec_vnoperate(c93f5ae0,c045ee80,c8f2f690,0,c3f75a00) at
spec_vnoperate+0x15
ffs_mountfs(c8f2f690,c93cea00,c93bc100,c045ede0,c045ee80) at
ffs_mountfs+0x1aa
ffs_mount(c93cea00,c93f7580,bfbff1a4,c93f5c18,c93bc100) at ffs_mount+0x5f6
vfs_mount(c93bc100,c8f33020,c93f7580,0,bfbff1a4) at vfs_mount+0x6e6
mount(c93bc100,c93f5d20,0,0,0) at mount+0x6a
syscall(2f,2f,2f,0,0) at syscall+0x223
syscall_with_err_pushed() at syscall_with_err_pushed+0x1b
--- syscall (21, FreeBSD ELF, mount), eip = 0x804bcef, esp = 0xbfbff148,
ebp = 0xbfbff214 ---
Remote debugging using /dev/cuaa0
Debugger (msg=0xc03dfcfa "panic") at machine/atomic.h:227
227 ATOMIC_STORE_LOAD(int, "cmpxchgl %0,%1", "xchgl %1,%0")
(kgdb) up
#1 0xc02538d8 in panic (
fmt=0xc03ddee0 "free: address %p(%p) has not been allocated.\n")
at ../../../kern/kern_shutdown.c:477
477 Debugger ("panic");
(kgdb) up
#2 0xc024abc5 in free (addr=0x3ce000, type=0xc04416c0)
at ../../../kern/kern_malloc.c:238
(kgdb) up
#3 0xc02639c1 in free_ds_label (ssp=0xc8eed1c1, slice=1)
at ../../../kern/subr_diskslice.c:858
858 free(lp, M_DEVBUF);
(kgdb) list
853
854 sp = &ssp->dss_slices[slice];
855 lp = sp->ds_label;
856 if (lp == NULL)
857 return;
858 free(lp, M_DEVBUF);
859 set_ds_label(ssp, slice, (struct disklabel *)NULL);
860 }
861
862
(kgdb) inspect ssp
$2 = (struct diskslices *) 0xc8eed1c1
(kgdb) inspect slice
$3 = 1
(kgdb) inspect *ssp
$4 = {dss_cdevsw = 0xdeadc0de, dss_first_bsd_slice = 0, dss_nslices = 2,
dss_oflags = 0, dss_secmult = 1, dss_secshift = 0, dss_secsize = 512,
dss_slices = {{ds_offset = 0, ds_size = 4096, ds_type = 0, ds_label =
0x0,
ds_openmask = 0 '\000', ds_wlabel = 0 '\000'}, {ds_offset = 0,
ds_size = 4096, ds_type = 0, ds_label = 0x3ce000,
ds_openmask = 0 '\000', ds_wlabel = 0 '\000'}, {ds_offset =
117440512,
ds_size = 0, ds_type = 12629504, ds_label = 0xc0b601,
ds_openmask = 2 '\002', ds_wlabel = 182 '¶'}, {ds_offset = 12629507,
ds_size = 12629508, ds_type = 12629509, ds_label = 0xc0b609,
ds_openmask = 7 '\a', ds_wlabel = 182 '¶'}, {ds_offset = 12629512,
ds_size = 12629513, ds_type = 12629514, ds_label = 0xc0b60b,
ds_openmask = 12 '\f', ds_wlabel = 182 '¶'}, {ds_offset = 12629517,
ds_size = 12629518, ds_type = -1597983217, ds_label = 0xc8ef6b,
ds_openmask = 0 '\000', ds_wlabel = 0 '\000'}, {ds_offset = 0,
ds_size = 3288334336, ds_type = 13163892, ds_label = 0x0,
ds_openmask = 0 '\000', ds_wlabel = 0 '\000'}, {ds_offset = 0,
ds_size = 0, ds_type = 0, ds_label = 0x0, ds_openmask = 0 '\000',
ds_wlabel = 0 '\000'}, {ds_offset = 0, ds_size = 0, ds_type =
8388608,
ds_label = 0x0, ds_openmask = 241 'ñ', ds_wlabel = 181 'µ'}, {
ds_offset = 12629489, ds_size = 12629490, ds_type = 12629491,
ds_label = 0xc0b5f4, ds_openmask = 245 'õ', ds_wlabel = 181 'µ'}, {
ds_offset = 12629494, ds_size = 12629495, ds_type = 12629496,
ds_label = 0xc0b5f9, ds_openmask = 250 'ú', ds_wlabel = 181 'µ'}, {
ds_offset = 12629499, ds_size = 12629500, ds_type = 12629501,
ds_label = 0xc0b5fe, ds_openmask = 255 'ÿ', ds_wlabel = 181 'µ'}, {
ds_offset = 155668, ds_size = 0, ds_type = 0, ds_label = 0x0,
ds_openmask = 0 '\000', ds_wlabel = 0 '\000'}, {ds_offset = 0,
ds_size = 0, ds_type = 0, ds_label = 0x0, ds_openmask = 0 '\000',
ds_wlabel = 0 '\000'}, {ds_offset = 0, ds_size = 0, ds_type = 0,
ds_label = 0x18000000, ds_openmask = 211 'Ó', ds_wlabel = 238 'î'},
{
ds_offset = 805634303, ds_size = 13168339, ds_type = 0, ds_label =
0x0,
ds_openmask = 0 '\000', ds_wlabel = 0 '\000'}, {ds_offset =
63499990,
ds_size = 266240, ds_type = -1744830464, ds_label = 0xc8eed4,
ds_openmask = 211 'Ó', ds_wlabel = 238 'î'}, {ds_offset =
4294967295,
ds_size = 4294967295, ds_type = -1, ds_label = 0xffffff,
ds_openmask = 0 '\000', ds_wlabel = 0 '\000'}, {ds_offset = 0,
ds_size = 0, ds_type = 0, ds_label = 0x0, ds_openmask = 0 '\000',
ds_wlabel = 0 '\000'}, {ds_offset = 0, ds_size = 0, ds_type = 0,
ds_label = 0x0, ds_openmask = 0 '\000', ds_wlabel = 0 '\000'}, {
ds_offset = 0, ds_size = 0, ds_type = 0, ds_label = 0x0,
ds_openmask = 0 '\000', ds_wlabel = 0 '\000'}, {ds_offset =
13107686,
---Type <return> to continue, or q <return> to quit---
ds_size = 67108864, ds_type = 482929854, ds_label = 0x1c,
ds_openmask = 0 '\000', ds_wlabel = 0 '\000'}, {ds_offset = 327808,
ds_size = 0, ds_type = 0, ds_label = 0x0, ds_openmask = 0 '\000',
ds_wlabel = 0 '\000'}, {ds_offset = 4294967295, ds_size = 16777215,
ds_type = 0, ds_label = 0x0, ds_openmask = 0 '\000',
ds_wlabel = 0 '\000'}, {ds_offset = 0, ds_size = 0, ds_type =
-16777216,
ds_label = 0xffffffff, ds_openmask = 255 'ÿ', ds_wlabel = 255 'ÿ'},
{
ds_offset = 0, ds_size = 50331648, ds_type = 16777216, ds_label =
0x0,
ds_openmask = 0 '\000', ds_wlabel = 0 '\000'}, {ds_offset = 0,
ds_size = 0, ds_type = 0, ds_label = 0x0, ds_openmask = 0 '\000',
ds_wlabel = 0 '\000'}, {ds_offset = 0, ds_size = 469762048,
ds_type = 28, ds_label = 0xfe000000, ds_openmask = 128 '\200',
ds_wlabel = 0 '\000'}, {ds_offset = 0, ds_size = 0, ds_type = 65536,
ds_label = 0x36000000, ds_openmask = 18 '\022', ds_wlabel = 5
'\005'}, {
ds_offset = 0, ds_size = 0, ds_type = 0, ds_label = 0x0,
ds_openmask = 0 '\000', ds_wlabel = 0 '\000'}, {ds_offset = 0,
ds_size = 0, ds_type = 0, ds_label = 0x0, ds_openmask = 0 '\000',
ds_wlabel = 0 '\000'}, {ds_offset = 0, ds_size = 0, ds_type = 0,
ds_label = 0x0, ds_openmask = 0 '\000', ds_wlabel = 0 '\000'}}}
(kgdb) inspect ssp->dss_slices[slice]
$5 = {ds_offset = 0, ds_size = 4096, ds_type = 0, ds_label = 0x3ce000,
ds_openmask = 0 '\000', ds_wlabel = 0 '\000'}
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message
help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1020426004956.64976x-100000>