DragonFlyBSD

:
:nmalloc trips an assertion 'z->z_NFree' in _slaballoc(); the situation appears to
:be that an uninitialized zone or a zone whose header has been zeroed has found its
:way onto the slab roots array. There is a core of leaf's gdb in my homedir on
:leaf, in the malloc_bugp directory.
:
:----------
:messages: 8954
:nosy: vsrinivas
:status: unread
:title: 'assertion z->z_NFree > 0' abort in nmalloc

This one should be fixed now.

-Matt

A hint!

(gdb) print /x SLGlobalData.ZoneAry¹
$17 = {z_Magic = 0x736c6162, z_NFree = 0x27d, z_Next = 0x0, z_NMax = 0xff9,
z_BasePtr = 0x74c60070, z_UIndex = 0xd7e, z_UEndIndex = 0x0,
z_ChunkSize = 0x10, z_FirstFreePg = 0xd, z_ZoneIndex = 0x1, z_Flags = 0x0,
z_PageAry = {0x0 <repeats 13 times>, 0x74c6d820, 0x0, 0x0}}
(gdb) list
1159 /
1160 * Zone case. Figure out the zone based on the fact that it is
1161 * ZoneSize aligned.
1162 */
1163 z = (slzone_t)((uintptr_t)ptr & ~(uintptr_t)ZoneMask);
1164 MASSERT;
1165
1166 size = z->z_ChunkSize;
1167 zi = z->z_ZoneIndex;
1168
(gdb) print zone_magazine
$18 = {nextmagazine = {sle_next = 0x0}, flags = 0, capacity = 64, rounds = 3,
burst_factor = 1, low_factor = 32, objects = {0x29910000, 0x29980000,
0x299c0000, 0x29940000, 0x29960000, 0x29970000, 0x29990000, 0x299a0000,
0x299b0000, 0x299d0000, 0x299f0000, 0x29a10000, 0x29a30000,
0x0 <repeats 51 times>}}
(gdb) bt
#0 0x280d9373 in kill () from /usr/lib/libc.so.7
#1 0x2814e438 in raise () from /usr/lib/libc.so.7
#2 0x2814dd62 in abort () from /usr/lib/libc.so.7
#3 0x0804a7c6 in _mpanic (ctl=0x804a998 "assertion: %s in %s") at
mmm/nmalloc.c:1647
#4 0x08049d1c in _slabfree (ptr=0x29980200, flags=0, rbigp=0x0) at
mmm/nmalloc.c:1164
#5 0x080493f5 in free (ptr=0x29980200) at mmm/nmalloc.c:763
#6 0x08048b3f in main () at i_hate_malloc.c:16
(gdb) print z
$19 = (slzone_t) 0x29980000
(gdb)

Uhoh - a slab is in the zone cache, but it still has a live buffer.

Commit 7b033ca7afcd5ded9c4102c353b86dfbe297a043 should fix this problem.