NetBSD Problem Report #38631

From kardel@pip.acrys.com  Sun May 11 18:32:26 2008
Return-Path: <kardel@pip.acrys.com>
Received: from mail.netbsd.org (mail.netbsd.org [204.152.190.11])
	by narn.NetBSD.org (Postfix) with ESMTP id 4740D63B293
	for <gnats-bugs@gnats.NetBSD.org>; Sun, 11 May 2008 18:32:26 +0000 (UTC)
Message-Id: <200805111832.m4BIWK6t009849@pip.acrys.com>
Date: Sun, 11 May 2008 20:32:20 +0200 (MEST)
From: kardel@netbsd.org
Reply-To: kardel@netbsd.org
To: gnats-bugs@gnats.NetBSD.org
Subject: panic: free: addr %p not within kmem_map
X-Send-Pr-Version: 3.95

>Number:         38631
>Category:       kern
>Synopsis:       panic: free: addr %p not within kmem_map
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    kern-bug-people
>State:          closed
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sun May 11 18:35:01 +0000 2008
>Closed-Date:    Wed Mar 29 10:10:58 +0000 2017
>Last-Modified:  Wed Mar 29 10:10:58 +0000 2017
>Originator:     Frank Kardel
>Release:        NetBSD 4.99.62-20080511164000
>Organization:
>Environment:
System: NetBSD pip.kardel.name 4.99.62 NetBSD 4.99.62 (PIP) #4: Sun May 11 19:51:19 MEST 2008 kardel@pip.kardel.name:/fs/raid1a/src/NetBSD/current/src/sys/arch/i386/compile/obj.i386/PIP i386
Architecture: i386
Machine: i386
>Description:
	start mrouted with only one vif available - panic
	free: addr %p not within kmem_map on close.

	Stacktrace:

	#0  0xc05b1442 in cpu_reboot (howto=260, bootstr=0x0)
	    at /fs/raid1a/src/NetBSD/current/src/sys/arch/i386/i386/machdep.c:891
	#1  0xc0200748 in db_reboot_cmd (addr=-1061788467, have_addr=false, 
	    count=-1061788480, modif=0xcfc1e7a0 "ÐçÁÏËd¶ÀÌd¶À4")
	    at /fs/raid1a/src/NetBSD/current/src/sys/ddb/db_command.c:1295
	#2  0xc0200258 in db_command (last_cmdp=0xc0ae039c)
	    at /fs/raid1a/src/NetBSD/current/src/sys/ddb/db_command.c:921
	#3  0xc020059f in db_command_loop ()
	    at /fs/raid1a/src/NetBSD/current/src/sys/ddb/db_command.c:566
	#4  0xc02034b0 in db_trap (type=1, code=0)
	    at /fs/raid1a/src/NetBSD/current/src/sys/ddb/db_trap.c:101
	#5  0xc05ac420 in kdb_trap (type=1, code=0, regs=0xcfc1e9cc)
	    at /fs/raid1a/src/NetBSD/current/src/sys/arch/i386/i386/db_interface.c:231
	#6  0xc05b42f8 in trap (frame=0xcfc1e9cc)
	    at /fs/raid1a/src/NetBSD/current/src/sys/arch/i386/i386/trap.c:346
	#7  0xc010cf1f in calltrap ()
	#8  0xc05aab4c in breakpoint ()
	#9  0xc04fa1ad in panic (fmt=0xc0a7cd24 "free: addr %p not within kmem_map")
	    at /fs/raid1a/src/NetBSD/current/src/sys/kern/subr_prf.c:257
	#10 0xc04c73c4 in free (addr=0xcd2b1f9c, ksp=0xc0aec180)
	    at /fs/raid1a/src/NetBSD/current/src/sys/kern/kern_malloc.c:556
	#11 0xc0151a49 in ip_mrouter_done ()
	    at /fs/raid1a/src/NetBSD/current/src/sys/netinet/ip_mroute.c:691
	#12 0xc015801a in rip_usrreq (so=0xc3905128, req=1, m=0x0, nam=0x0, 
	    control=0x0, l=0x0)
	    at /fs/raid1a/src/NetBSD/current/src/sys/netinet/raw_ip.c:581
	#13 0xc014b071 in rip_usrreq_wrapper (a=0xc3905128, b=1, c=0x0, d=0x0, e=0x0, 
	    f=0x0) at /fs/raid1a/src/NetBSD/current/src/sys/netinet/in_proto.c:155
	#14 0xc052558e in soclose (so=0xc3905128)
	    at /fs/raid1a/src/NetBSD/current/src/sys/kern/uipc_socket.c:682
	#15 0xc050d39b in soo_close (fp=0xcf2f4a80)
	    at /fs/raid1a/src/NetBSD/current/src/sys/kern/sys_socket.c:246
	#16 0xc04b63bd in closef (fp=0xcf2f4a80)
	    at /fs/raid1a/src/NetBSD/current/src/sys/kern/kern_descrip.c:750
	#17 0xc04b6584 in fd_close (fd=4)
	    at /fs/raid1a/src/NetBSD/current/src/sys/kern/kern_descrip.c:641
	#18 0xc04b67a8 in fd_free ()
	    at /fs/raid1a/src/NetBSD/current/src/sys/kern/kern_descrip.c:1484
	#19 0xc04bd59a in exit1 (l=0xcfbfc160, rv=256)
	    at /fs/raid1a/src/NetBSD/current/src/sys/kern/kern_exit.c:272
	#20 0xc04bdd5d in sys_exit (l=0xcfbfc160, uap=0xcfc1ed00, retval=0xcfc1ed28)
	    at /fs/raid1a/src/NetBSD/current/src/sys/kern/kern_exit.c:176
	#21 0xc05b3ba1 in syscall (frame=0xcfc1ed48)
	    at /fs/raid1a/src/NetBSD/current/src/sys/arch/i386/i386/syscall.c:102
	#22 0xc010056d in syscall1 ()
>How-To-Repeat:
	start mrouted with only one vif - watch -current crash on exit()
>Fix:
	make sure mrouted doesn't exit :-(.

>Release-Note:

>Audit-Trail:

State-Changed-From-To: open->closed
State-Changed-By: kardel@NetBSD.org
State-Changed-When: Wed, 29 Mar 2017 10:10:58 +0000
State-Changed-Why:
timeout - not seen for a while - closed by submitter (me)


>Unformatted:

Home	PR Database Search