i386/62374: kernel panic: free: multiple frees

roberto at redix.it roberto at redix.it
Wed Feb 18 06:30:27 PST 2004 

The following reply was made to PR i386/62374; it has been noted by GNATS.

From: roberto at redix.it
To: freebsd-gnats-submit at FreeBSD.org
Cc:  
Subject: Re: i386/62374: kernel panic: free: multiple frees
Date: Wed, 18 Feb 2004 15:24:30 +0100 (CET)

 Here a debuggin kernel core session:
 -------------------------------------------
 # gdb -k kernel.0 vmcore.0
 GNU gdb 4.18 (FreeBSD)
 Copyright 1998 Free Software Foundation, Inc.
 GDB is free software, covered by the GNU General Public License, and you are
 welcome to change it and/or distribute copies of it under certain conditions.
 Type "show copying" to see the conditions.
 There is absolutely no warranty for GDB.  Type "show warranty" for details.
 This GDB was configured as "i386-unknown-freebsd"...Deprecated bfd_read
 called at
 /usr/src/gnu/usr.bin/binutils/gdb/../../../../contrib/gdb/gdb/dbxread.c
 line 2627 in elfstab_build_psymtabs
 Deprecated bfd_read called at
 /usr/src/gnu/usr.bin/binutils/gdb/../../../../contrib/gdb/gdb/dbxread.c
 line 933 in fill_symbuf
 
 IdlePTD at phsyical address 0x00566000
 initial pcb at physical address 0x0048b160
 panicstr: free: multiple frees
 panic messages:
 ---
 panic: free: multiple frees
 
 syncing disks... 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1
 giving up on 1 buffers
 Uptime: 26m10s
 
 dumping to dev #ad/0x20011, offset 1114112
 dump ata1: resetting devices .. done
 56 55 54 53 52 51 50 49 48 47 46 45 44 43 42 41 40 39 38 37 36 35 34 33 32
 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6
 5 4 3 2 1
 ---
 #0  dumpsys () at ../../kern/kern_shutdown.c:487
 487             if (dumping++) {
 (kgdb) add-symbol-file
 /usr/src/sys/compile/GENERIC-DEBUG/modules/usr/src/sys/modules/ipfilter/ipl.ko
 0xc0a92e20
 add symbol table from file
 "/usr/src/sys/compile/GENERIC-DEBUG/modules/usr/src/sys/modules/ipfilter/ipl.ko"
 at text_addr = 0xc0a92e20?
 (y or n) y
 
 Reading symbols from
 /usr/src/sys/compile/GENERIC-DEBUG/modules/usr/src/sys/modules/ipfilter/ipl.ko...done.
 (kgdb) add-symbol-file
 /usr/src/sys/compile/GENERIC-DEBUG/modules/usr/src/sys/modules/bridge/bridge.ko
 0xc053f51c
 add symbol table from file
 "/usr/src/sys/compile/GENERIC-DEBUG/modules/usr/src/sys/modules/bridge/bridge.ko"
 at text_addr = 0xc053f51c?
 (y or n) y
 
 Reading symbols from
 /usr/src/sys/compile/GENERIC-DEBUG/modules/usr/src/sys/modules/bridge/bridge.ko...done.
 (kgdb) bt
 #0  dumpsys () at ../../kern/kern_shutdown.c:487
 #1  0xc02294d3 in boot (howto=256) at ../../kern/kern_shutdown.c:316
 #2  0xc02298f8 in poweroff_wait (junk=0xc03ef7ff, howto=-1061711872)
     at ../../kern/kern_shutdown.c:595
 #3  0xc0224fbb in free (addr=0xc0b79000, type=0xc044d0a0)
     at ../../kern/kern_malloc.c:385
 #4  0xc0a98c3e in fr_delstate (is=0xc0b79000)
     at
 /usr/src/sys/modules/ipfilter/../../contrib/ipfilter/netinet/ip_state.c:1710
 #5  0xc0a97088 in fr_state_flush (which=2, proto=0)
     at
 /usr/src/sys/modules/ipfilter/../../contrib/ipfilter/netinet/ip_state.c:269
 #6  0xc0a98d0e in fr_timeoutstate ()
     at
 /usr/src/sys/modules/ipfilter/../../contrib/ipfilter/netinet/ip_state.c:1766
 #7  0xc0a96e8d in ipfr_fragexpire ()
     at
 /usr/src/sys/modules/ipfilter/../../contrib/ipfilter/netinet/ip_frag.c:554
 #8  0xc022f5a9 in softclock () at ../../kern/kern_timeout.c:131
 #9  0xc03907a3 in doreti_swi ()
 (kgdb)
 (kgdb) list
 380             freep->type = type;
 381     #endif /* INVARIANTS */
 382             kup->ku_freecnt++;
 383             if (kup->ku_freecnt >= kbp->kb_elmpercl) {
 384                     if (kup->ku_freecnt > kbp->kb_elmpercl)
 385                             panic("free: multiple frees");
 386                     else if (kbp->kb_totalfree > kbp->kb_highwat)
 387                             kbp->kb_couldfree++;
 388             }
 389             kbp->kb_totalfree++;
 (kgdb) print kup
 $60 = (struct kmemusage *) 0xc06e1250
 (kgdb) print *kup
 $61 = {ku_indx = 8, ku_un = {freecnt = 17, pagecnt = 17}}
 (kgdb) print type
 $62 = (struct malloc_type *) 0xc044d0a0
 (kgdb) print *type
 $63 = {ks_next = 0xc044d040, ks_memuse = 428192, ks_limit = 8775680,
   ks_size = 57328, ks_inuse = 1841, ks_calls = 1883428, ks_maxused = 1120288,
   ks_magic = 877983977, ks_shortdesc = 0xc03ef740 "temp", ks_limblocks = 0,
   ks_mapblocks = 0}
 (kgdb) print size
 $64 = 256
 (kgdb) print *kbp
 $65 = {kb_next = 0x65657266cannot read proc at 0
 (kgdb) print kbp
 $66 = (struct kmembuckets *) 0xc03ef7ff
 (kgdb) print s
 $67 = 6422528
 (kgdb) print alloc
 No symbol "alloc" in current context.
 (kgdb) print freep
 $68 = (struct freelist *) 0xc0b79000
 (kgdb) print *freep
 $69 = {next = 0xc0b79000 ""}
 (kgdb) print struct kmembuckets
 Attempt to use a type name as an expression
 (kgdb) print struct kmembuckets*
 Attempt to use a type name as an expression
 (kgdb) print (struct kmembuckets)*
 A syntax error in expression, near `'.
 (kgdb) print kbp
 $70 = (struct kmembuckets *) 0xc03ef7ff
 (kgdb) print (struct kmembuckets *) 0xc03ef7ff
 $71 = (struct kmembuckets *) 0xc03ef7ff
 (kgdb) print *((struct kmembuckets *) 0xc03ef7ff)
 $72 = {kb_next = 0x65657266cannot read proc at 0
 (kgdb)

More information about the freebsd-i386 mailing list