Date: Wed, 18 Feb 2004 06:30:25 -0800 (PST) From: roberto@redix.it To: freebsd-i386@FreeBSD.org Subject: Re: i386/62374: kernel panic: free: multiple frees Message-ID: <200402181430.i1IEUPBh043995@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR i386/62374; it has been noted by GNATS. From: roberto@redix.it To: freebsd-gnats-submit@FreeBSD.org Cc: Subject: Re: i386/62374: kernel panic: free: multiple frees Date: Wed, 18 Feb 2004 15:24:30 +0100 (CET) Here a debuggin kernel core session: ------------------------------------------- # gdb -k kernel.0 vmcore.0 GNU gdb 4.18 (FreeBSD) Copyright 1998 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "i386-unknown-freebsd"...Deprecated bfd_read called at /usr/src/gnu/usr.bin/binutils/gdb/../../../../contrib/gdb/gdb/dbxread.c line 2627 in elfstab_build_psymtabs Deprecated bfd_read called at /usr/src/gnu/usr.bin/binutils/gdb/../../../../contrib/gdb/gdb/dbxread.c line 933 in fill_symbuf IdlePTD at phsyical address 0x00566000 initial pcb at physical address 0x0048b160 panicstr: free: multiple frees panic messages: --- panic: free: multiple frees syncing disks... 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 giving up on 1 buffers Uptime: 26m10s dumping to dev #ad/0x20011, offset 1114112 dump ata1: resetting devices .. done 56 55 54 53 52 51 50 49 48 47 46 45 44 43 42 41 40 39 38 37 36 35 34 33 32 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 --- #0 dumpsys () at ../../kern/kern_shutdown.c:487 487 if (dumping++) { (kgdb) add-symbol-file /usr/src/sys/compile/GENERIC-DEBUG/modules/usr/src/sys/modules/ipfilter/ipl.ko 0xc0a92e20 add symbol table from file "/usr/src/sys/compile/GENERIC-DEBUG/modules/usr/src/sys/modules/ipfilter/ipl.ko" at text_addr = 0xc0a92e20? (y or n) y Reading symbols from /usr/src/sys/compile/GENERIC-DEBUG/modules/usr/src/sys/modules/ipfilter/ipl.ko...done. (kgdb) add-symbol-file /usr/src/sys/compile/GENERIC-DEBUG/modules/usr/src/sys/modules/bridge/bridge.ko 0xc053f51c add symbol table from file "/usr/src/sys/compile/GENERIC-DEBUG/modules/usr/src/sys/modules/bridge/bridge.ko" at text_addr = 0xc053f51c? (y or n) y Reading symbols from /usr/src/sys/compile/GENERIC-DEBUG/modules/usr/src/sys/modules/bridge/bridge.ko...done. (kgdb) bt #0 dumpsys () at ../../kern/kern_shutdown.c:487 #1 0xc02294d3 in boot (howto=256) at ../../kern/kern_shutdown.c:316 #2 0xc02298f8 in poweroff_wait (junk=0xc03ef7ff, howto=-1061711872) at ../../kern/kern_shutdown.c:595 #3 0xc0224fbb in free (addr=0xc0b79000, type=0xc044d0a0) at ../../kern/kern_malloc.c:385 #4 0xc0a98c3e in fr_delstate (is=0xc0b79000) at /usr/src/sys/modules/ipfilter/../../contrib/ipfilter/netinet/ip_state.c:1710 #5 0xc0a97088 in fr_state_flush (which=2, proto=0) at /usr/src/sys/modules/ipfilter/../../contrib/ipfilter/netinet/ip_state.c:269 #6 0xc0a98d0e in fr_timeoutstate () at /usr/src/sys/modules/ipfilter/../../contrib/ipfilter/netinet/ip_state.c:1766 #7 0xc0a96e8d in ipfr_fragexpire () at /usr/src/sys/modules/ipfilter/../../contrib/ipfilter/netinet/ip_frag.c:554 #8 0xc022f5a9 in softclock () at ../../kern/kern_timeout.c:131 #9 0xc03907a3 in doreti_swi () (kgdb) (kgdb) list 380 freep->type = type; 381 #endif /* INVARIANTS */ 382 kup->ku_freecnt++; 383 if (kup->ku_freecnt >= kbp->kb_elmpercl) { 384 if (kup->ku_freecnt > kbp->kb_elmpercl) 385 panic("free: multiple frees"); 386 else if (kbp->kb_totalfree > kbp->kb_highwat) 387 kbp->kb_couldfree++; 388 } 389 kbp->kb_totalfree++; (kgdb) print kup $60 = (struct kmemusage *) 0xc06e1250 (kgdb) print *kup $61 = {ku_indx = 8, ku_un = {freecnt = 17, pagecnt = 17}} (kgdb) print type $62 = (struct malloc_type *) 0xc044d0a0 (kgdb) print *type $63 = {ks_next = 0xc044d040, ks_memuse = 428192, ks_limit = 8775680, ks_size = 57328, ks_inuse = 1841, ks_calls = 1883428, ks_maxused = 1120288, ks_magic = 877983977, ks_shortdesc = 0xc03ef740 "temp", ks_limblocks = 0, ks_mapblocks = 0} (kgdb) print size $64 = 256 (kgdb) print *kbp $65 = {kb_next = 0x65657266cannot read proc at 0 (kgdb) print kbp $66 = (struct kmembuckets *) 0xc03ef7ff (kgdb) print s $67 = 6422528 (kgdb) print alloc No symbol "alloc" in current context. (kgdb) print freep $68 = (struct freelist *) 0xc0b79000 (kgdb) print *freep $69 = {next = 0xc0b79000 ""} (kgdb) print struct kmembuckets Attempt to use a type name as an expression (kgdb) print struct kmembuckets* Attempt to use a type name as an expression (kgdb) print (struct kmembuckets)* A syntax error in expression, near `'. (kgdb) print kbp $70 = (struct kmembuckets *) 0xc03ef7ff (kgdb) print (struct kmembuckets *) 0xc03ef7ff $71 = (struct kmembuckets *) 0xc03ef7ff (kgdb) print *((struct kmembuckets *) 0xc03ef7ff) $72 = {kb_next = 0x65657266cannot read proc at 0 (kgdb)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200402181430.i1IEUPBh043995>