From owner-freebsd-current@FreeBSD.ORG Fri May 28 07:28:48 2004 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0906616A4CE for ; Fri, 28 May 2004 07:28:48 -0700 (PDT) Received: from freebee.digiware.nl (dsl390.iae.nl [212.61.63.138]) by mx1.FreeBSD.org (Postfix) with ESMTP id B20A743D45 for ; Fri, 28 May 2004 07:28:46 -0700 (PDT) (envelope-from wjw@withagen.nl) Received: from dual (dual [212.61.27.71]) by freebee.digiware.nl (8.12.10/8.12.10) with SMTP id i4SEOM67091539 for ; Fri, 28 May 2004 16:24:23 +0200 (CEST) (envelope-from wjw@withagen.nl) Message-ID: <079001c444bf$830965d0$471b3dd4@dual> From: "Willem Jan Withagen" To: References: <074501c44449$3ab41bc0$471b3dd4@dual><20040528011551.GB48226@xor.obsecurity.org> <077001c44486$ddd75640$471b3dd4@dual> Date: Fri, 28 May 2004 16:24:39 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1409 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409 Subject: Re: Possible bug in malloc-code X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 28 May 2004 14:28:48 -0000 > ----- Original Message ----- > From: "Kris Kennaway" > On Fri, May 28, 2004 at 02:17:57AM +0200, Willem Jan Withagen wrote: > > > > The bad thing is that calling free() at this point will freeze the box.... > > > > amd64 seems to have a bug that causes it to pause while accessing > > swap. Make sure this isn't what you're seeing - i.e. wait a few > > minutes before hitting the reset button. > > Interesting point. > I'll run the box and go to the gym... > That should give it enough time to recover. > > And we'll see. > > I'did see such behaviour, but that was more like stalling for a > 1-2 sec period, Which I atributed to zeroing 500Mb of RAM. Didn't really work: The process itself: Alloc: n = 335544320, ADR = 0x00000000485D7000 Alloc: n = 402653184, ADR = 0x000000005C5D7000 Alloc: n = 469762048, ADR = 0x00000000745D7000 Alloc: n = 536870912, ADR = 0xFFFFFFFF905D7000 Free: n = 536870912, ADR = 0xFFFFFFFF905D7000 rMemoryDrv in free(): error: junk pointer, too high to make sense On the console: panic: ffs_write: uio->uio_resid < 0 at line 602 in file /home2/src/sys/ufs/ffs/ffs_vnops.c cpuid = 1; Stack backtrace: backtrace() at backtrace+0x17 __panic() at __panic+0x1e4 ffs_write() at ffs_write+0x162 vn_rdwr() at vn_rdwr+0x164 vn_rdwr_inchunks() at vn_rdwr_inchunks+0x80 elf64_coredump() at elf64_coredump+0x113 coredump() at coredump+0x586 sigexit() at sigexit+0x72 postsig() at postsig+0x1be ast() at ast+0x417 Xfast_syscall() at Xfast_syscall+0xdd --- syscall (0), rip = 0x20067c8ec, rsp = 0x7fffffffe878, rbp = 0x2006df6c0 --- So what next.... It is VERY reproduceable, so with guidance on what to look at. I'm more than willing to up my skills and get to the bottom of this. If amd64-owners want to have a go at it, and see what they get: cd /usr/ports/devel/cocktail/ make cd work/cocktail-9309/reuse/m2c make test ./rMemoryDrv --WjW