From owner-freebsd-geom@FreeBSD.ORG  Tue Sep 14 07:02:49 2004
Return-Path: <owner-freebsd-geom@FreeBSD.ORG>
Delivered-To: freebsd-geom@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id BACFD16A4CF
	for <freebsd-geom@FreeBSD.org>; Tue, 14 Sep 2004 07:02:49 +0000 (GMT)
Received: from ongs.co.jp (ns.ongs.co.jp [202.216.232.58])
	by mx1.FreeBSD.org (Postfix) with SMTP id E093E43D41
	for <freebsd-geom@FreeBSD.org>; Tue, 14 Sep 2004 07:02:48 +0000 (GMT)
	(envelope-from daichi@freebsd.org)
Received: (qmail 6382 invoked from network); 14 Sep 2004 06:56:48 -0000
Received: from unknown (HELO parancell.ongs.co.jp) (202.216.232.62)
  by ns.ongs.co.jp with SMTP; 14 Sep 2004 06:56:48 -0000
Date: Tue, 14 Sep 2004 16:02:45 +0900
From: daichi <daichi@freebsd.org>
To: Max Khon <fjoe@FreeBSD.org>
Message-Id: <20040914160245.7db7d1e0.daichi@freebsd.org>
In-Reply-To: <200409090607.i89674F3039635@freefall.freebsd.org>
References: <200409090607.i89674F3039635@freefall.freebsd.org>
Organization: FreeBSD Project
X-Mailer: Sylpheed version 0.9.12 (GTK+ 1.2.10; i386-portbld-freebsd5.2)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
cc: fjoe@FreeBSD.org
cc: freebsd-geom@FreeBSD.org
Subject: Re: kern/71431: [panic fix] [patch] geom_uzip.ko caused panic
X-BeenThere: freebsd-geom@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: GEOM-specific discussions and implementations
	<freebsd-geom.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-geom>,
	<mailto:freebsd-geom-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-geom>
List-Post: <mailto:freebsd-geom@freebsd.org>
List-Help: <mailto:freebsd-geom-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-geom>,
	<mailto:freebsd-geom-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Sep 2004 07:02:49 -0000

> I can't reproduce this.
> geom uzip load does not work.
> kldload geom_uzip works perfectly.
> 
> Can you provide stack trace?
> Can you reproduce the problem on recent -CURRENT?
> You can try this patch instead (but I doubt that it will change anything
> for you):

I tried 5.3-BETA 9/9 and that did not get panic. And I tried 
6-current 9/9 and that did get panic. The stack trace is follow:

---------------------
panic: malloc(9)/free(9) confusion.
Probably freeing with wrong type, but maybe not here.
cpuid = 0
KDB: enter: panic
[thread 100026]
Stopped at	kdb_enter+0x2b: nop
db> trace
kdb_enter(c07f0204) at kdb_enter+0x2b
panic(c07ee89b,c07ee865,c1f180c0,c1efcc80,c1d4dd40) at panic+0x127
free(c1e55000,c1f18040,d4225c8c,c05f7a0c,c0847004) at free+0x29
g_uzip_taste(c1f180c0,c1b42680,0,c0846ea0,c1efca80) at g_uzip_taste+0x5cf
g_load_class(c1ad6830,0,66666667,d4225d04,c05d0139) at g_load_class+0x127
one_event(d4225d1c,c05d1605,3c,28,c19c68c0) at one_event+0x14f
g_run_events(3c,28,c19c68c0,c05d15c8,d4225d34) at g_run_events+0x9
g_event_procbody(0,d4225d48,0,c05d15c8,0) at g_event_procbody+0x3d
fork_exit(c05d15c8,0,d4225d48) at fork_exit+0xa4
fork_trampoline() at fork_trampoline+0x8
--- trap 0x1, eip=0, esp = 0xd4225d7c, ebp = 0 ---
db>
---------------------

I think this problem depends on malloc/free confusion.
In shortly, next code is bad I think.

 void * buf = malloc(size, M_GEOM, M_WAITOK);
 free(buf, M_GEOM_UZIP);

In for_loop of g_uzip_taste, malloced area gets free
with M_GEOM_UZIP flag. But the area is malloced with 
M_GEOM flag. I think this causes problem.

--
  Daichi GOTO, http://people.freebsd.org/~daichi