-current on laptop: panic: m_free detected a mbuf double free

From: Andreas Klemm <andreas_at_freebsd.org>
Date: Sun, 21 Sep 2003 13:10:22 +0200
Update the status now on -current.

I downloaded the last recent snapshot of 2003-09-20 from current.freebsd.org.

Made a test ftp session using the live CDROM. Same like a week before.
Panic if I download something big from my FreeBSD ftp server.
5.1 on my normal PIII PC works fine. This seems to be PCMCIA
related.

db> trace
Debugger(...
panic(...
m_free(...
m_freem(...
ip_input(...
swi_net(...
ithread_loop(...
fork_exit(...
fork_trampoline(...



On Sun, Sep 14, 2003 at 09:46:47PM +0200, Andreas Klemm wrote:
> On Sat, Sep 13, 2003 at 08:35:06PM -0400, Matthew N. Dodd wrote:
> > On Sun, 14 Sep 2003, Andreas Klemm wrote:
> > > It works for me, xl0 card is recognized.
> > 
> > Great!
> > 
> > > But during heavy ftp network traffic the LAPTOP panics.
> 
> machine paniced 2 times
> A) one time after transferring ~90 MB of a ~300 MB large ISO image
> B) 2nd time after transferring ~ 8 MB of same large file
> C) 3rd time after transferring ~ 6 MB of same large file
> 
> In DDB I see using where, that the machine always crashes within
> the same functions. DDB tells me:
> 
> to B) panic: m_free detected a mbuf double-free
> Debugger("panic")
> Stopped at   Debugger+0x54:    xchgl   %ebx,in_Debugger.0
> db> where
> Debugger
> panic
> m_free
> m_freem
> ip_input <---------- happens at different functions
> ...
> db> panic
> ...
> 
> to C) panic: m_free detected a mbuf double-free
> Debugger("panic")
> Stopped at   Debugger+0x54:    xchgl   %ebx,in_Debugger.0
> db> where
> Debugger
> panic
> m_free
> m_freem
> xl_txeof <----------- happens at different functions
> xl_intr
> cbb_intr
> ithread_loop
> fork_exit
> fork_trampoline
> --- trap 0x1, eip = 0, esp = 0xcb042d7c, ebp = 0 ---
> db> panic
> panic: from debugger
> Uptime: 2m55s
> Dumping 191M
> Dump complete
> 
> 
> Let's see what gdb tells me, from panic "B)"
> Sorry for case "C)" I didn't have enough space :-(
> 
> (kgdb) where
> 
> #0 doadump
> #1 0x... in boot (howto=260) at ../../../kern/kern_shutdown.c: 372
> #2 0x... in panic () at ../../../kern/kern_shutdown.c: 550
> #3 0x... in db_panic () at ../../../ddb/db_command.c: 450
> #4 0x... in db_command (...) at ../../../ddb/db_command.c: 346
> #5 0x... in db_command_loop () at ../../../ddb/db_command.c: 472
> #6 0x... in db_trap (type=3, code=0) at ../../../ddb/db_trap.c: 73
> #7 0x... in kdb_trap (type=3, code=0, regs=0xcb027bc6)
>    at ../../../i386/i386/db_interface.c: 171
> #8 0x... in trap (frame=
>       {tf_fs = 24, tf_es = -1039597552, tf_ds = 16, tf_edi = 1, tf_esi ) -1070431840, tf_ebp = -889029704, tf_isp = -889029736, tf_ebx = 0, tf_edx = 0, tf_ecx = 32, tf_eax = 18, tf_trapno = 3, tf_err = 0, tf_eip = -1070703196, tf_cs = 8, tf_eflags = 642, tf_esp = -1070363254, tf_ss = -1070440292})
>    at ../../../i386/i386/trap.c: 577
> #9 0x... in calltrap () at {standard input}: 102
> #10 0x... in panic (fmt=0xc03281a0 "m_free detected a mbuf double-freeze")
>    at ../../../kern/kern_shutdown.c: 534
> #11 0x... in m_free (mb=0xc0d4fe00) at ../../../kern/subr_mbuf.c: 1368
> #12 0x... in m_freem (mb=0x0) at ../../../kern/subr_mbuf.c: 1403
> #13 0x... in ip_input (mb=0xc0d4fe00) at ../../../netinet/ip_input.c: 963
> #14 0x... in swi_net (dummy=0x0) at ../../../net/net_isr.c: 236
> #15 0x... in ithread_loop (arg=0xc0d33200)
>     at ../../../kern/kern_intr.c: 534
> #16 0x... in fork_exit (callout=0xc01b3900 <ithread_loop>, arg=0x0,
>     frame=0x0) at ../../../kern/kern_fork.c: 796
> 
> (kgdb) up 8
> #8 0x... in trap (frame=
>       {tf_fs = 24, tf_es = -1039597552, tf_ds = 16, tf_edi = 1, tf_esi ) -1070431840, tf_ebp = -889029704, tf_isp = -889029736, tf_ebx = 0, tf_edx = 0, tf_ecx = 32, tf_eax = 18, tf_trapno = 3, tf_err = 0, tf_eip = -1070703196, tf_cs = 8, tf_eflags = 642, tf_esp = -1070363254, tf_ss = -1070440292})
> 577                     if (kbd_trap (type, 0, &frame)
> 
> (kgdb) frame frame->tf_ebp frame->tf_eip
> 
> Too many args in frame specification ...
> hmmmm "/&%"(/&%(" does the developer handbook need and update ? ;-)
> 
> http://www.freebsd.org/doc/en_US.ISO8859-1/books/developers-handbook/kerneldebug.html#KERNELDEBUG-GDB
> 
> Here it ends , have no clue how to select correct frames ... :-)
> 
> 
> 	Andreas ///
> 
> -- 
> Andreas Klemm - Powered by FreeBSD 5.1-CURRENT
> Need a magic printfilter today ? -> http://www.apsfilter.org/
> _______________________________________________
> freebsd-mobile_at_freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-mobile
> To unsubscribe, send any mail to "freebsd-mobile-unsubscribe_at_freebsd.org"






	Andreas ///

-- 
Andreas Klemm - Powered by FreeBSD 5.1-CURRENT
Need a magic printfilter today ? -> http://www.apsfilter.org/
Received on Sun Sep 21 2003 - 02:15:14 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:37:23 UTC