Date: Sat, 1 Mar 2003 08:20:03 -0800 (PST) From: Eugene Grosbein <eugen@grosbein.pp.ru> To: freebsd-bugs@FreeBSD.org Subject: Re: kern/48808: uhid(4)-related repeatable kernel panic in Message-ID: <200303011620.h21GK3xs096344@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR kern/48808; it has been noted by GNATS.
From: Eugene Grosbein <eugen@grosbein.pp.ru>
To: bug-followup@freebsd.org
Cc:
Subject: Re: kern/48808: uhid(4)-related repeatable kernel panic in
Date: Sat, 1 Mar 2003 22:57:57 +0700
Hi!
I've compiled the kernel with options INVARIANTS,
now it panices right after I unplug control cable
with message "free: multiple freed item". Here is gdb output:
Script started on Sat Mar 1 22:50:52 2003
GNU gdb 4.18 (FreeBSD)
Copyright 1998 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain condition=
s.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i386-unknown-freebsd"...Deprecated bfd_read cal=
led at /usr/local/src/gnu/usr.bin/binutils/gdb/../../../../contrib/gdb/gdb/=
dbxread.c line 2627 in elfstab_build_psymtabs
Deprecated bfd_read called at /usr/local/src/gnu/usr.bin/binutils/gdb/../..=
/../../contrib/gdb/gdb/dbxread.c line 933 in fill_symbuf
IdlePTD at phsyical address 0x003bd000
initial pcb at physical address 0x00314dc0
panicstr: free: multiple freed item 0xc13e66b0
panic messages:
---
panic: free: multiple freed item 0xc13e66b0
syncing disks...=20
done
Uptime: 43s
dumping to dev #ad/0x20011, offset 128
dump ata1: resetting devices .. ad2: invalidating queued requests
done
319 318 317 316 315 314 313 312 311 310 309 308 307 306 305 304 303 302 301=
300 299 298 297 296 295 294 293 292 291 290 289 288 287 286 285 284 283 28=
2 281 280 279 278 277 276 275 274 273 272 271 270 269 268 267 266 265 264 2=
63 262 261 260 259 258 257 256 255 254 253 252 251 250 249 248 247 246 245 =
244 243 242 241 240 239 238 237 236 235 234 233 232 231 230 229 228 227 226=
225 224 223 222 221 220 219 218 217 216 215 214 213 212 211 210 209 208 20=
7 206 205 204 203 202 201 200 199 198 197 196 195 194 193 192 191 190 189 1=
88 187 186 185 184 183 182 181 180 179 178 177 176 175 174 173 172 171 170 =
169 168 167 166 165 164 163 162 161 160 159 158 157 156 155 154 153 152 151=
150 149 148 147 146 145 144 143 142 141 140 139 138 137 136 135 134 133 13=
2 131 130 129 128 127 126 125 124 123 122 121 120 119 118 117 116 115 114 1=
13 112 111 110 109 108 107 106 105 104 103 102 101 100 99 98 97 96 95 94 93=
92 91 90 89 88 87 86 85 84 83 82 81 80 79 78 77 76 75 74 73 72 71 70 69 68=
67 66 65 64 63 62 61 60 59 58 57 56 55 54 53 52 51 50 49 48 47 46 45 44 43=
42 41 40 39 38 37 36 35 34 33 32 31 30 29 28 27 26 25 24 23 22 21 20 19 18=
17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0=20
---
#0 dumpsys () at /usr/local/src/sys/kern/kern_shutdown.c:487
487 if (dumping++) {
(kgdb) where
#0 dumpsys () at /usr/local/src/sys/kern/kern_shutdown.c:487
#1 0xc015fed4 in boot (howto=3D256)
at /usr/local/src/sys/kern/kern_shutdown.c:316
#2 0xc0160321 in panic (fmt=3D0xc0294251 "free: multiple freed item %p")
at /usr/local/src/sys/kern/kern_shutdown.c:595
#3 0xc015b6f3 in free (addr=3D0xc13e66b0, type=3D0xc02e72a0)
at /usr/local/src/sys/kern/kern_malloc.c:366
#4 0xc021bb7d in uhidclose (dev=3D0xc13eca00, flag=3D4, mode=3D8192, p=3D0=
xcddd6100)
at /usr/local/src/sys/dev/usb/uhid.c:444
#5 0xc019b0c3 in spec_close (ap=3D0xcf5c5c18)
at /usr/local/src/sys/miscfs/specfs/spec_vnops.c:591
#6 0xc01ffe4e in ufsspec_close (ap=3D0xcf5c5c18)
at /usr/local/src/sys/ufs/ufs/ufs_vnops.c:1854
#7 0xc0200431 in ufs_vnoperatespec (ap=3D0xcf5c5c18)
at /usr/local/src/sys/ufs/ufs/ufs_vnops.c:2394
#8 0xc019005d in vclean (vp=3D0xcef8d0c0, flags=3D8, p=3D0xcddd6100)
at vnode_if.h:218
#9 0xc0190238 in vgonel (vp=3D0xcef8d0c0, p=3D0xcddd6100)
at /usr/local/src/sys/kern/vfs_subr.c:2037
#10 0xc01901fe in vgone (vp=3D0xcef8d0c0)
at /usr/local/src/sys/kern/vfs_subr.c:2010
#11 0xc01901b2 in vop_revoke (ap=3D0xcf5c5cac)
at /usr/local/src/sys/kern/vfs_subr.c:1971
#12 0xc018c8d1 in vop_defaultop (ap=3D0xcf5c5cac)
---Type <return> to continue, or q <return> to quit--- =08 =08
at /usr/local/src/sys/kern/vfs_default.c:152
#13 0xc019a8fd in spec_vnoperate (ap=3D0xcf5c5cac)
at /usr/local/src/sys/miscfs/specfs/spec_vnops.c:119
#14 0xc0200431 in ufs_vnoperatespec (ap=3D0xcf5c5cac)
at /usr/local/src/sys/ufs/ufs/ufs_vnops.c:2394
#15 0xc021b970 in uhid_detach (self=3D0xc13ecb80) at vnode_if.h:500
#16 0xc01222ee in DEVICE_DETACH (dev=3D0xc13ecb80) at device_if.c:73
#17 0xc01681cc in device_detach (dev=3D0xc13ecb80)
at /usr/local/src/sys/kern/subr_bus.c:1192
#18 0xc01679af in device_delete_child (dev=3D0xc13e5100, child=3D0xc13ecb80)
at /usr/local/src/sys/kern/subr_bus.c:699
#19 0xc0219528 in usb_disconnect_port (up=3D0xc13e50c0, parent=3D0xc13e5100)
at /usr/local/src/sys/dev/usb/usb_subr.c:1267
#20 0xc021c6c1 in uhub_explore (dev=3D0xc13e5280)
at /usr/local/src/sys/dev/usb/uhub.c:405
#21 0xc02163db in usb_discover (sc=3D0xc13e7cc0)
at /usr/local/src/sys/dev/usb/usb.c:588
#22 0xc0216139 in usbioctl (devt=3D0xc13ec980, cmd=3D536892675,=20
data=3D0xcf5c5eb4 "=D0=FC=BF=BF", flag=3D3, p=3D0xcddd6100)
at /usr/local/src/sys/dev/usb/usb.c:432
#23 0xc019abec in spec_ioctl (ap=3D0xcf5c5df0)
at /usr/local/src/sys/miscfs/specfs/spec_vnops.c:306
#24 0xc019a8fd in spec_vnoperate (ap=3D0xcf5c5df0)
at /usr/local/src/sys/miscfs/specfs/spec_vnops.c:119
---Type <return> to continue, or q <return> to quit---
#25 0xc0200431 in ufs_vnoperatespec (ap=3D0xcf5c5df0)
at /usr/local/src/sys/ufs/ufs/ufs_vnops.c:2394
#26 0xc019705b in vn_ioctl (fp=3D0xc14d6b00, com=3D536892675,=20
data=3D0xcf5c5eb4 "=D0=FC=BF=BF", p=3D0xcddd6100) at vnode_if.h:429
#27 0xc016fef2 in ioctl (p=3D0xcddd6100, uap=3D0xcf5c5f80)
at /usr/local/src/sys/sys/file.h:178
#28 0xc026f6f1 in syscall2 (frame=3D{tf_fs =3D 47, tf_es =3D 47, tf_ds =3D =
47,=20
tf_edi =3D 1, tf_esi =3D 0, tf_ebp =3D -1077936944, tf_isp =3D -81602=
9740,=20
tf_ebx =3D 0, tf_edx =3D -1077937252, tf_ecx =3D 3, tf_eax =3D 54,=20
tf_trapno =3D 7, tf_err =3D 2, tf_eip =3D 671750088, tf_cs =3D 31,=20
tf_eflags =3D 663, tf_esp =3D -1077937324, tf_ss =3D 47})
at /usr/local/src/sys/i386/i386/trap.c:1175
#29 0xc02624c5 in Xint0x80_syscall ()
#30 0x8048c66 in ?? ()
(kgdb) quit
Script done on Sat Mar 1 22:54:40 2003
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200303011620.h21GK3xs096344>