From owner-freebsd-i386@FreeBSD.ORG Wed Feb 18 06:30:27 2004 Return-Path: Delivered-To: freebsd-i386@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C20A016A4D3 for ; Wed, 18 Feb 2004 06:30:27 -0800 (PST) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id B9C9943D1F for ; Wed, 18 Feb 2004 06:30:27 -0800 (PST) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) i1IEUPbv043996 for ; Wed, 18 Feb 2004 06:30:25 -0800 (PST) (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.12.10/8.12.10/Submit) id i1IEUPBh043995; Wed, 18 Feb 2004 06:30:25 -0800 (PST) (envelope-from gnats) Date: Wed, 18 Feb 2004 06:30:25 -0800 (PST) Message-Id: <200402181430.i1IEUPBh043995@freefall.freebsd.org> To: freebsd-i386@FreeBSD.org From: roberto@redix.it Subject: Re: i386/62374: kernel panic: free: multiple frees X-BeenThere: freebsd-i386@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: roberto@redix.it List-Id: I386-specific issues for FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Feb 2004 14:30:27 -0000 The following reply was made to PR i386/62374; it has been noted by GNATS. From: roberto@redix.it To: freebsd-gnats-submit@FreeBSD.org Cc: Subject: Re: i386/62374: kernel panic: free: multiple frees Date: Wed, 18 Feb 2004 15:24:30 +0100 (CET) Here a debuggin kernel core session: ------------------------------------------- # gdb -k kernel.0 vmcore.0 GNU gdb 4.18 (FreeBSD) Copyright 1998 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "i386-unknown-freebsd"...Deprecated bfd_read called at /usr/src/gnu/usr.bin/binutils/gdb/../../../../contrib/gdb/gdb/dbxread.c line 2627 in elfstab_build_psymtabs Deprecated bfd_read called at /usr/src/gnu/usr.bin/binutils/gdb/../../../../contrib/gdb/gdb/dbxread.c line 933 in fill_symbuf IdlePTD at phsyical address 0x00566000 initial pcb at physical address 0x0048b160 panicstr: free: multiple frees panic messages: --- panic: free: multiple frees syncing disks... 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 giving up on 1 buffers Uptime: 26m10s dumping to dev #ad/0x20011, offset 1114112 dump ata1: resetting devices .. done 56 55 54 53 52 51 50 49 48 47 46 45 44 43 42 41 40 39 38 37 36 35 34 33 32 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 --- #0 dumpsys () at ../../kern/kern_shutdown.c:487 487 if (dumping++) { (kgdb) add-symbol-file /usr/src/sys/compile/GENERIC-DEBUG/modules/usr/src/sys/modules/ipfilter/ipl.ko 0xc0a92e20 add symbol table from file "/usr/src/sys/compile/GENERIC-DEBUG/modules/usr/src/sys/modules/ipfilter/ipl.ko" at text_addr = 0xc0a92e20? (y or n) y Reading symbols from /usr/src/sys/compile/GENERIC-DEBUG/modules/usr/src/sys/modules/ipfilter/ipl.ko...done. (kgdb) add-symbol-file /usr/src/sys/compile/GENERIC-DEBUG/modules/usr/src/sys/modules/bridge/bridge.ko 0xc053f51c add symbol table from file "/usr/src/sys/compile/GENERIC-DEBUG/modules/usr/src/sys/modules/bridge/bridge.ko" at text_addr = 0xc053f51c? (y or n) y Reading symbols from /usr/src/sys/compile/GENERIC-DEBUG/modules/usr/src/sys/modules/bridge/bridge.ko...done. (kgdb) bt #0 dumpsys () at ../../kern/kern_shutdown.c:487 #1 0xc02294d3 in boot (howto=256) at ../../kern/kern_shutdown.c:316 #2 0xc02298f8 in poweroff_wait (junk=0xc03ef7ff, howto=-1061711872) at ../../kern/kern_shutdown.c:595 #3 0xc0224fbb in free (addr=0xc0b79000, type=0xc044d0a0) at ../../kern/kern_malloc.c:385 #4 0xc0a98c3e in fr_delstate (is=0xc0b79000) at /usr/src/sys/modules/ipfilter/../../contrib/ipfilter/netinet/ip_state.c:1710 #5 0xc0a97088 in fr_state_flush (which=2, proto=0) at /usr/src/sys/modules/ipfilter/../../contrib/ipfilter/netinet/ip_state.c:269 #6 0xc0a98d0e in fr_timeoutstate () at /usr/src/sys/modules/ipfilter/../../contrib/ipfilter/netinet/ip_state.c:1766 #7 0xc0a96e8d in ipfr_fragexpire () at /usr/src/sys/modules/ipfilter/../../contrib/ipfilter/netinet/ip_frag.c:554 #8 0xc022f5a9 in softclock () at ../../kern/kern_timeout.c:131 #9 0xc03907a3 in doreti_swi () (kgdb) (kgdb) list 380 freep->type = type; 381 #endif /* INVARIANTS */ 382 kup->ku_freecnt++; 383 if (kup->ku_freecnt >= kbp->kb_elmpercl) { 384 if (kup->ku_freecnt > kbp->kb_elmpercl) 385 panic("free: multiple frees"); 386 else if (kbp->kb_totalfree > kbp->kb_highwat) 387 kbp->kb_couldfree++; 388 } 389 kbp->kb_totalfree++; (kgdb) print kup $60 = (struct kmemusage *) 0xc06e1250 (kgdb) print *kup $61 = {ku_indx = 8, ku_un = {freecnt = 17, pagecnt = 17}} (kgdb) print type $62 = (struct malloc_type *) 0xc044d0a0 (kgdb) print *type $63 = {ks_next = 0xc044d040, ks_memuse = 428192, ks_limit = 8775680, ks_size = 57328, ks_inuse = 1841, ks_calls = 1883428, ks_maxused = 1120288, ks_magic = 877983977, ks_shortdesc = 0xc03ef740 "temp", ks_limblocks = 0, ks_mapblocks = 0} (kgdb) print size $64 = 256 (kgdb) print *kbp $65 = {kb_next = 0x65657266cannot read proc at 0 (kgdb) print kbp $66 = (struct kmembuckets *) 0xc03ef7ff (kgdb) print s $67 = 6422528 (kgdb) print alloc No symbol "alloc" in current context. (kgdb) print freep $68 = (struct freelist *) 0xc0b79000 (kgdb) print *freep $69 = {next = 0xc0b79000 ""} (kgdb) print struct kmembuckets Attempt to use a type name as an expression (kgdb) print struct kmembuckets* Attempt to use a type name as an expression (kgdb) print (struct kmembuckets)* A syntax error in expression, near `'. (kgdb) print kbp $70 = (struct kmembuckets *) 0xc03ef7ff (kgdb) print (struct kmembuckets *) 0xc03ef7ff $71 = (struct kmembuckets *) 0xc03ef7ff (kgdb) print *((struct kmembuckets *) 0xc03ef7ff) $72 = {kb_next = 0x65657266cannot read proc at 0 (kgdb)