From owner-freebsd-current@FreeBSD.ORG Wed Aug 6 06:49:07 2003 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id ED9D437B401; Wed, 6 Aug 2003 06:49:06 -0700 (PDT) Received: from godel.mtl.distributel.net (nat.MTL.distributel.NET [66.38.181.24]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3ED4643F93; Wed, 6 Aug 2003 06:49:06 -0700 (PDT) (envelope-from bmilekic@technokratis.com) Received: from godel.mtl.distributel.net (localhost [127.0.0.1]) h769n2XJ041478; Wed, 6 Aug 2003 09:49:02 GMT (envelope-from bmilekic@technokratis.com) Received: (from bmilekic@localhost) by godel.mtl.distributel.net (8.12.9/8.12.9/Submit) id h769n2Jh041477; Wed, 6 Aug 2003 09:49:02 GMT X-Authentication-Warning: godel.mtl.distributel.net: bmilekic set sender to bmilekic@technokratis.com using -f Date: Wed, 6 Aug 2003 09:49:02 +0000 From: Bosko Milekic To: Tim Robbins Message-ID: <20030806094902.GA41318@technokratis.com> References: <20030806022722.GA57992@dilbert.robbins.dropbear.id.au> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20030806022722.GA57992@dilbert.robbins.dropbear.id.au> User-Agent: Mutt/1.4.1i cc: current@freebsd.org Subject: Re: Memory modified after free / most recently used by GEOM X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Aug 2003 13:49:07 -0000 Hmmmm. Can you look at the contents of memory starting at 0xc13f7600 and going to 0xc13f7600 + 252 bytes? If GEOM is the offender then maybe phk can more easily recognize what could possibly be trashing a freed malloc()'d buffer 252-bytes in size. Sorry for the top-post. -Bosko On Wed, Aug 06, 2003 at 12:27:22PM +1000, Tim Robbins wrote: > While trying to reproduce the "wdrain" problems ru@ reported in the "MSDOSFS > woes" thread, I kept running into this panic. I've also seen a similar one > but didn't keep the vmcore for it where a LOR is detected between Giant and > filedesc, then a page fault occurs. The backtrace for that one shows that the > fault occurred in the file desc code, and traces down to an ioctl() syscall > issued by the shell (ksh). > > Kernel is trimmed down -current as of ~13:30 GMT on Aug 5 w/ obsolete drivers > (pcvt, gsc, etc.) deleted, but with no other significant changes. > > > Memory modified after free 0xc13f7600(252) > panic: Most recently used by GEOM > > panic: from debugger > Uptime: 5m33s > Dumping 64 MB > ata0: resetting devices .. > done > 16 32 48 > --- > #0 doadump () at /home/tim/p4/freebsd/sys/kern/kern_shutdown.c:240 > 240 dumping++; > (kgdb) bt > #0 doadump () at /home/tim/p4/freebsd/sys/kern/kern_shutdown.c:240 > #1 0xc01a19ac in boot (howto=260) at > /home/tim/p4/freebsd/sys/kern/kern_shutdown.c:372 > #2 0xc01a1d37 in panic () at > /home/tim/p4/freebsd/sys/kern/kern_shutdown.c:550 > #3 0xc0127042 in db_panic () at /home/tim/p4/freebsd/sys/ddb/db_command.c:450 > #4 0xc0126fa2 in db_command (last_cmdp=0xc031f780, cmd_table=0x0, > aux_cmd_tablep=0xc02fadc0, aux_cmd_tablep_end=0xc02fadc4) > at /home/tim/p4/freebsd/sys/ddb/db_command.c:346 > #5 0xc01270e5 in db_command_loop () at > /home/tim/p4/freebsd/sys/ddb/db_command.c:472 > #6 0xc012a0e5 in db_trap (type=3, code=0) at > /home/tim/p4/freebsd/sys/ddb/db_trap.c:73 > #7 0xc02b23ec in kdb_trap (type=3, code=0, regs=0xc5f69b68) at > /home/tim/p4/freebsd/sys/i386/i386/db_interface.c:172 > #8 0xc02c2eda in trap (frame= > {tf_fs = 24, tf_es = 16, tf_ds = 16, tf_edi = 1, tf_esi = -1070640529, > tf_ebp = -973694028, tf_isp = -973694060, tf_ebx = 0, tf_edx = 0, tf_ecx = 32, > tf_eax = 18, tf_trapno = 3, tf_err = 0, tf_eip = -1070913874, tf_cs = 8, > tf_eflags = 646, tf_esp = -1070632808, tf_ss = -1070709550}) at > /home/tim/p4/freebsd/sys/i386/i386/trap.c:580 > #9 0xc02b3de8 in calltrap () at {standard input}:102 > #10 0xc01a1cc5 in panic (fmt=0xc02f526f "Most recently used by %s\n") at > /home/tim/p4/freebsd/sys/kern/kern_shutdown.c:534 > #11 0xc0292c5d in mtrash_ctor (mem=0xc13f7600, size=0, arg=0x0) at > /home/tim/p4/freebsd/sys/vm/uma_dbg.c:137 > #12 0xc0291434 in uma_zalloc_arg (zone=0xc083ab60, udata=0x0, flags=2) at > /home/tim/p4/freebsd/sys/vm/uma_core.c:1385 > #13 0xc0196463 in malloc (size=3229854560, type=0xc0305560, flags=2) at > /home/tim/p4/freebsd/sys/vm/uma.h:229 > #14 0xc0184cea in fdcopy (fdp=0xc1218200) at > /home/tim/p4/freebsd/sys/kern/kern_descrip.c:1309 > #15 0xc018de0e in fork1 (td=0xc0a0d390, flags=20, pages=0, procp=0xc5f69cd8) > at /home/tim/p4/freebsd/sys/kern/kern_fork.c:424 > #16 0xc018d61b in fork (td=0xc0a0d390, uap=0xc5f69d10) at > /home/tim/p4/freebsd/sys/kern/kern_fork.c:102 > #17 0xc02c37c3 in syscall (frame= > {tf_fs = 47, tf_es = 47, tf_ds = 47, tf_edi = 0, tf_esi = 135299072, > tf_ebp = -1077937224, tf_isp = -973693580, tf_ebx = 0, tf_edx = 135295016, > tf_ecx = -1, tf_eax = 2, tf_trapno = 12, tf_err = 2, tf_eip = 134725423, tf_cs > = 31, tf_eflags = 582, tf_esp = -1077937268, tf_ss = 47}) at > /home/tim/p4/freebsd/sys/i386/i386/trap.c:1008 > #18 0xc02b3e3d in Xint0x80_syscall () at {standard input}:144 > ---Can't read userspace from dump, or kernel process--- -- Bosko Milekic * bmilekic@technokratis.com * bmilekic@FreeBSD.org TECHNOkRATIS Consulting Services * http://www.technokratis.com/