Date: Mon, 01 Aug 2016 09:16:09 +0200 From: Harald Schmalzbauer <h.schmalzbauer@omnilan.de> To: FreeBSD Stable <freebsd-stable@freebsd.org> Subject: 11-BETA3 Panic: Memory modified after free Message-ID: <579EF739.1040705@omnilan.de>
next in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig4861C3470A331AC7955F7409
Content-Type: text/plain; charset=ISO-8859-15
Content-Transfer-Encoding: quoted-printable
Hello,
11-BETA3 crashes spontaniously with this:
Unread portion of the kernel message buffer:
panic: Memory modified after free 0xfffff8000709f400(1024) val=3Ddedeadc0=
@ 0xfffff8000709f400
cpuid =3D 2
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame
0xfffffe007a2e8540
vpanic() at vpanic+0x182/frame 0xfffffe007a2e85c0
panic() at panic+0x43/frame 0xfffffe007a2e8620
trash_ctor() at trash_ctor+0x4b/frame 0xfffffe007a2e8630
uma_zalloc_arg() at uma_zalloc_arg+0x504/frame 0xfffffe007a2e8690
namei() at namei+0xe4/frame 0xfffffe007a2e8750
kern_statat() at kern_statat+0xa8/frame 0xfffffe007a2e8900
sys_stat() at sys_stat+0x2d/frame 0xfffffe007a2e89a0
amd64_syscall() at amd64_syscall+0x2db/frame 0xfffffe007a2e8ab0
Xfast_syscall() at Xfast_syscall+0xfb/frame 0xfffffe007a2e8ab0
--- syscall (188, FreeBSD ELF64, sys_stat), rip =3D 0x800e4f48a, rsp =3D
0x7fffffffde58, rbp =3D 0x7fffffffdfb0 ---
KDB: enter: panic
#0 doadump (textdump=3D2049867776) at pcpu.h:221
221 __asm("movq %%gs:%1,%0" : "=3Dr" (td)
(kgdb) tr
trace command requires an argument
(kgdb) backtrace
#0 doadump (textdump=3D2049867776) at pcpu.h:221
#1 0xffffffff80393346 in db_fncall (dummy1=3D<value optimized out>,
dummy2=3D<value optimized out>, dummy3=3D<value optimized out>,
dummy4=3D<value optimized out>)
at /usr/local/share/deploy-tools/RELENG_11/src/sys/ddb/db_command.c:5=
68
#2 0xffffffff80392de9 in db_command (cmd_table=3D<value optimized out>)
at /usr/local/share/deploy-tools/RELENG_11/src/sys/ddb/db_command.c:440
#3 0xffffffff80392b44 in db_command_loop () at
/usr/local/share/deploy-tools/RELENG_11/src/sys/ddb/db_command.c:493
#4 0xffffffff80395a7b in db_trap (type=3D<value optimized out>,
code=3D<value optimized out>) at
/usr/local/share/deploy-tools/RELENG_11/src/sys/ddb/db_main.c:251
#5 0xffffffff80a96133 in kdb_trap (type=3D<value optimized out>,
code=3D<value optimized out>, tf=3D<value optimized out>)
at /usr/local/share/deploy-tools/RELENG_11/src/sys/kern/subr_kdb.c:65=
4
#6 0xffffffff80ec5a4d in trap (frame=3D0xfffffe007a2e8470) at
/usr/local/share/deploy-tools/RELENG_11/src/sys/amd64/amd64/trap.c:556
#7 0xffffffff80ea6161 in calltrap () at
/usr/local/share/deploy-tools/RELENG_11/src/sys/amd64/amd64/exception.S:2=
36
#8 0xffffffff80a957db in kdb_enter (why=3D0xffffffff813f055e "panic",
msg=3D0x80 <Address 0x80 out of bounds>) at cpufunc.h:63
#9 0xffffffff80a562df in vpanic (fmt=3D<value optimized out>,
ap=3D0xfffffe007a2e8600) at
/usr/local/share/deploy-tools/RELENG_11/src/sys/kern/kern_shutdown.c:752
#10 0xffffffff80a56343 in panic (fmt=3D0xffffffff82890250 "\004") at
/usr/local/share/deploy-tools/RELENG_11/src/sys/kern/kern_shutdown.c:690
#11 0xffffffff80d349eb in trash_ctor (mem=3D<value optimized out>,
size=3D<value optimized out>, arg=3D<value optimized out>, flags=3D<value=
optimized out>)
at /usr/local/share/deploy-tools/RELENG_11/src/sys/vm/uma_dbg.c:80
#12 0xffffffff80d308f4 in uma_zalloc_arg (zone=3D<value optimized out>,
udata=3D0x0, flags=3D<value optimized out>)
at /usr/local/share/deploy-tools/RELENG_11/src/sys/vm/uma_core.c:2156=
#13 0xffffffff80b09384 in namei (ndp=3D0xfffffe007a2e8810) at uma.h:336
#14 0xffffffff80b20168 in kern_statat (td=3D0xfffff800078ee000,
flag=3D<value optimized out>, fd=3D-100, path=3D0x1a1e <Address 0x1a1e ou=
t of
bounds>,
pathseg=3D<value optimized out>, sbp=3D<value optimized out>,
hook=3D0x8014161e0) at
/usr/local/share/deploy-tools/RELENG_11/src/sys/kern/vfs_syscalls.c:2160
#15 0xffffffff80b2009d in sys_stat (td=3D0xffffffff82890250,
uap=3D0xfffffe007a2e8a40) at
/usr/local/share/deploy-tools/RELENG_11/src/sys/kern/vfs_syscalls.c:2115
#16 0xffffffff80ec6b2b in amd64_syscall (td=3D0xfffff800078ee000,
traced=3D0) at subr_syscall.c:135
#17 0xffffffff80ea644b in Xfast_syscall () at
/usr/local/share/deploy-tools/RELENG_11/src/sys/amd64/amd64/exception.S:3=
96
#18 0x0000000800e4f48a in ?? ()
Previous frame inner to this frame (corrupt stack?)
Thanks for any help, tell me if I can help narrow it down. A wild guess i=
s it's related to unionfs?
-Harry
--------------enig4861C3470A331AC7955F7409
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.18 (FreeBSD)
iEYEARECAAYFAlee9z8ACgkQLDqVQ9VXb8iFrgCfTfjInN7kacX9YiPrL1YoiiDd
dwEAoIx3doy4Eo7nWG63rzvj8h5BkrNw
=4+II
-----END PGP SIGNATURE-----
--------------enig4861C3470A331AC7955F7409--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?579EF739.1040705>