The usual setup: dual process -CURRENT box (crash2) from an hour or two
ago, network booted using pxeboot, with an NFS root.  System boots, builds
a kernel, and reboots, repeating until panic.  Doesn't take long :-). 
This one is weird, as with many of them I suppose, and could mean possible
memory corruption, or a malloc/free bug.  In essence, it appears to be
freeing the imgp->auxargs argument, which as far as I can tell shouldn't
get NULL'd, and yet free() indicates that it's not allocated.

Robert N M Watson             FreeBSD Core Team, TrustedBSD Project
[EMAIL PROTECTED]      NAI Labs, Safeport Network Services

APIC_IO: Testing 8254 interrupt delivery
APIC_IO: Broken MP table detected: 8254 is not connected to IOAPIC #0
intpin 2
APIC_IO: routing 8254 via 8259 and IOAPIC #0 intpin 0
ad0: 19458MB <ST320420A> [39535/16/63] at ata0-master UDMA33
acd0: CDROM <MATSHITA CR-176> at ata1-master PIO4
doSuMnPt:i nAgP  rCoPoUt  #f1r oLma unnfcsh:e
ray irq 10
panic: free: address 0xc93a8a80(0xc93a8000) has not been allocated.

cpuid = 0; = 00000000
Stopped at      Debugger+0x41:  xorl    %eax,%eax
db> trace
Debugger(c03cda9a) at Debugger+0x41
panic(c03cbc80,c93a8a80,c93a8000,bfbffe64,c93a8a80) at panic+0xd8
free(c93a8a80,c04271a0,1,0,c8710ba4) at free+0x76
elf_freebsd_fixup(c8710b30,c8710ba4,bfbfffe4,bfbffff2,c042474a) at
at execve+0x3de
start_init(0,c8710d48,c8709100,c0230e50,0) at start_init+0x349
fork_exit(c0230e50,0,c8710d48) at fork_exit+0x88
fork_trampoline() at fork_trampoline+0x37

Debugger (msg=0xc03cda9a "panic") at machine/atomic.h:227
227     ATOMIC_STORE_LOAD(int,  "cmpxchgl %0,%1",  "xchgl %1,%0")

(kgdb) bt
#0  Debugger (msg=0xc03cda9a "panic") at machine/atomic.h:227
#1  0xc024c094 in panic (
    fmt=0xc03cbc80 "free: address %p(%p) has not been allocated.\n")
    at ../../../kern/kern_shutdown.c:477
#2  0xc0243472 in free (addr=0xc93a8a80, type=0xc04271a0)
    at ../../../kern/kern_malloc.c:222
#3  0xc02300a3 in elf_freebsd_fixup (stack_base=0xc8710b30,
    at ../../../kern/imgact_elf.c:711
#4  0xc0239fbe in execve (td=0xc8709100, uap=0xc8710d10)
    at ../../../kern/kern_exec.c:278
#5  0xc0231199 in start_init (dummy=0x0) at ../../../kern/init_main.c:610
#6  0xc023d5d8 in fork_exit (callout=0xc0230e50 <start_init>, arg=0x0,
    frame=0xc8710d48) at ../../../kern/kern_fork.c:808

(kgdb) up
#1  0xc024c094 in panic (
    fmt=0xc03cbc80 "free: address %p(%p) has not been allocated.\n")
    at ../../../kern/kern_shutdown.c:477
477                     Debugger ("panic");
(kgdb) up
#2  0xc0243472 in free (addr=0xc93a8a80, type=0xc04271a0)
    at ../../../kern/kern_malloc.c:222
222                     panic("free: address %p(%p) has not been
(kgdb) up
#3  0xc02300a3 in elf_freebsd_fixup (stack_base=0xc8710b30,
    at ../../../kern/imgact_elf.c:711
711             free(imgp->auxargs, M_TEMP);
(kgdb) inspect imgp
$1 = (struct image_params *) 0xc8710ba4
(kgdb) inspect *imgp
$2 = {proc = 0xc8709000, uap = 0xc8710d10, vp = 0xc93a51e0, attr =
  image_header = 0xc7f08000 "\177ELF\001\001\001\t",
  stringbase = 0xc7ef8000 "/sbin/init", stringp = 0xc7ef800e "",
  endargs = 0xc7ef800e "", stringspace = 65522, argc = 2, envc = 0,
  argv0 = 0x0, entry_addr = 134513216, vmspace_destroyed = 1 '\001',
  interpreted = 0 '\000',
  interpreter_name =
221p\xc8\002%$\xc0\000\xf0\xbf\xbf\214\f", auxargs = 0xc93a8a80, firstpage
= 0xc
  fname = 0xbfbffff2 "\xbf\xbf\002", ps_strings = 0, auxarg_size = 30}

To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message

Reply via email to