From mboxrd@z Thu Jan 1 00:00:00 1970 Message-Id: <200304302219.h3UMJwx05738@zamenhof.cs.utwente.nl> To: 9fans@cse.psu.edu From: Axel Belinfante MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-ID: <5734.1051741197.1@zamenhof.cs.utwente.nl> Subject: [9fans] panic: D2B called on non-block 8067a168 (double-free?) Date: Thu, 1 May 2003 00:19:58 +0200 Topicbox-Message-UUID: 9c8a12fc-eacb-11e9-9e20-41e7f4b1d025 I got the following panic in a kernel I compiled at Feb 18 2003: panic: D2B called on non-block 8067a168 (double-free?) It happened when I was using classical and (I think) due to some clicking classicjuke probably puked and committed suicide (at least, before the panic it had done so several times -- each time I just restarted it). Below follows the result of runnning the src commands generated from the trace by ktrace through acid. When I tried with 'ktrace -i' it asked for (one) more memory location than was present in the trace. Axel. cpu% acid 9pcdisk 9pcdisk:386 plan 9 boot image /sys/lib/acid/port /sys/lib/acid/386 acid: src(0x8010675f); // dumpstack+0x10 /sys/src/9/pc/trap.c:509 504 /* restore pc to instruction that caused the trap */ 505 ureg->pc--; 506 sprint(buf, "sys: breakpoint"); 507 postnote(up, 1, buf, NDebug); 508 } >509 510 static void 511 fault386(Ureg* ureg, void*) 512 { 513 ulong addr; 514 int read, user, n, insyscall; acid: src(0x80139f07); // panic+0xeb /sys/src/9/port/devcons.c:224 219 spllo(); 220 prflush(); 221 putstrn(buf, n+1); 222 dumpstack(); 223 >224 exit(1); 225 } 226 227 void 228 _assert(char *fmt) 229 { acid: src(0x8019e609); // ppanic+0xb4 /sys/src/9/port/alloc.c:88 83 va_start(v, fmt); 84 vseprint(pv->msg+strlen(pv->msg), pv->msg+sizeof pv->msg, fmt, v); 85 va_end(v); 86 memmove(msg, pv->msg, sizeof msg); 87 iunlock(&pv->lk); >88 panic("%s", msg); 89 } 90 91 static void 92 plock(Pool *p) 93 { acid: src(0x801c50b5); // D2B+0x32 /sys/src/libc/port/pool.c:943 938 D2B(Pool *p, void *v) 939 { 940 Alloc *a; 941 a = _D2B(v); 942 if(a->magic != KEMPT_MAGIC) >943 p->panic(p, "D2B called on non-block %p (double-free?)", v); 944 return a; 945 } 946 947 /* poolallocl: attempt to allocate block to hold dsize user bytes; assumes lock held */ 948 static void* acid: src(0x801c54de); // poolfreel+0x20 /sys/src/libc/port/pool.c:1064 1059 Bhdr *back, *fwd; 1060 1061 if(v == nil) /* for ANSI */ 1062 return; 1063 >1064 ab = D2B(p, v); 1065 blockcheck(p, ab); 1066 1067 if(p->flags&POOL_NOREUSE){ 1068 int n; 1069 acid: src(0x801c58d3); // poolfree+0x41 /sys/src/libc/port/pool.c:1174 1169 poolcheckl(p); 1170 } 1171 verbosity { 1172 pooldumpl(p); 1173 } >1174 poolfreel(p, v); 1175 paranoia { 1176 poolcheckl(p); 1177 } 1178 verbosity { 1179 pooldumpl(p); acid: src(0x8019e8fb); // free+0x23 /sys/src/9/port/alloc.c:223 218 219 void 220 free(void *v) 221 { 222 if(v != nil) >223 poolfree(mainmem, (ulong*)v-Npadlong); 224 } 225 226 void* 227 realloc(void *v, ulong size) 228 { acid: src(0x801a63ff); // mountfree+0x37 /sys/src/9/port/pgrp.c:248 243 while(m) { 244 f = m->next; 245 cclose(m->to); 246 m->mountid = 0; 247 free(m->spec); >248 free(m); 249 m = f; 250 } 251 } 252 253 void acid: src(0x801a5f93); // closepgrp+0x95 /sys/src/9/port/pgrp.c:87 82 e = &p->mnthash[MNTHASH]; 83 for(h = p->mnthash; h < e; h++) { 84 for(f = *h; f; f = next) { 85 wlock(&f->lock); 86 cclose(f->from); >87 mountfree(f->mount); 88 f->mount = nil; 89 next = f->hash; 90 wunlock(&f->lock); 91 putmhead(f); 92 } acid: src(0x801a8156); // pexit+0x136 /sys/src/9/port/proc.c:806 801 p->rendval = ~0; 802 l = &REND(p->rgrp, p->rendtag); 803 for(d = *l; d; d = d->rendhash) { 804 if(d == p) { 805 *l = p->rendhash; >806 break; 807 } 808 l = &d->rendhash; 809 } 810 ready(p); 811 } acid: src(0x801b1e0a); // sysexits+0x7f /sys/src/9/port/sysproc.c:582 577 poperror(); 578 579 } 580 pexit(status, 1); 581 return 0; /* not reached */ >582 } 583 584 long 585 sys_wait(ulong *arg) 586 { 587 int pid; acid: src(0x80106ade); // syscall+0x16c /sys/src/9/pc/trap.c:604 599 if(up->nerrlab){ 600 print("bad errstack [%uld]: %d extra\n", scallnr, up->nerrlab); 601 for(i = 0; i < NERR; i++) 602 print("sp=%lux pc=%lux\n", 603 up->errlab[i].sp, up->errlab[i].pc); >604 panic("error stack"); 605 } 606 607 up->insyscall = 0; 608 up->psstate = 0; 609 acid: src(0x80100982); // _syscallintr+0x18 /sys/src/9/pc/plan9l.s:45 40 MOVW AX, DS 41 MOVW AX, ES 42 PUSHL SP 43 CALL syscall(SB) 44 >45 POPL AX 46 POPAL 47 POPL GS 48 POPL FS 49 POPL ES 50 POPL DS acid: