From owner-freebsd-current@FreeBSD.ORG Wed Feb 18 14:04:43 2004 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A558E16A4CE for ; Wed, 18 Feb 2004 14:04:43 -0800 (PST) Received: from troutmask.apl.washington.edu (troutmask.apl.washington.edu [128.208.78.105]) by mx1.FreeBSD.org (Postfix) with ESMTP id 78AAA43D1D for ; Wed, 18 Feb 2004 14:04:43 -0800 (PST) (envelope-from sgk@troutmask.apl.washington.edu) Received: from troutmask.apl.washington.edu (localhost [127.0.0.1]) i1IM4hTA077362; Wed, 18 Feb 2004 14:04:43 -0800 (PST) (envelope-from sgk@troutmask.apl.washington.edu) Received: (from sgk@localhost)i1IM4h2T077361; Wed, 18 Feb 2004 14:04:43 -0800 (PST) (envelope-from sgk) Date: Wed, 18 Feb 2004 14:04:43 -0800 From: Steve Kargl To: Jesse Guardiani Message-ID: <20040218220443.GA76951@troutmask.apl.washington.edu> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4.1i cc: freebsd-current@freebsd.org Subject: Re: 5.2.1-RC2 debug kernel PANIC "Memory modified after free" X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Feb 2004 22:04:43 -0000 On Wed, Feb 18, 2004 at 09:28:26AM -0500, Jesse Guardiani wrote: > > GEOM: create disk ad0 dp=0xc3b45560 > ad0: 45780MB [93015/16/63] at ata0-master UDMA100 > ata1-slave: FAILURE - ATAPI_IDENTIFY no interrupt > Feb 18 09:16:24 david su: BAD SU jesse to root on /dev/ttyv1 > ata1-slave: FAILURE - ATAPI_IDENTIFY no interrupt > acd0: DVDROM at ata1-master UDMA33 > Mounting root from ufs:/dev/ad0s3a > Memory modified after free 0xc3b41a00(508) val=ff70ff70 @ 0xc3b41a00 > > > Fatal trap 12: page fault while in kernel mode > fault virtual address = 0xff70ff90 > fault code = supervisor read, page not present > instruction pointer = 0x8:0xc06691bd > stack pointer = 0x10:0xe38a3934 > frame pointer = 0x10:0xe38a3950 > code segment = base 0x0, limit 0xfffff, type 0x1b > = DPL 0, pres 1, def32 1, gran 1 > processor eflags = interrupt enabled, resume, IOPL = 0 > current process = 56 (sh) > kernel: type 12 trap, code=0 > Stopped at mtrash_ctor+0x4d: movl 0x20(%eax),%eax > db> > db> trace > mtrash_ctor(c3b41a00,200,0,579,c3b41a00) at mtrash_ctor+0x4d > uma_zalloc_arg(c103bcc0,0,2,e38a39a8,c0547970) at uma_zalloc_arg+0x1cb > malloc(188,c0711be0,2,1,c06dcb5e) at malloc+0xd3 > elf32_load_file(c3a678d4,c3ab6000,e38a3a9c,e38a3bc8,1000) at elf32_load_file+0x5 > 1 > exec_elf32_imgact(e38a3b8c,0,c06db142,fe,c0740eb8) at exec_elf32_imgact+0x45d > kern_execve(c3a65140,81078e0,8107938,8107948,0) at kern_execve+0x38c > execve(c3a65140,e38a3d14,c06f68f1,3ee,3) at execve+0x30 > syscall(2f,2f,2f,81078e0,8107938) at syscall+0x2c0 > Xint0x80_syscall() at Xint0x80_syscall+0x1d > --- syscall (59, FreeBSD ELF32, execve), eip = 0x807c22f, esp = 0xbfbfe62c, ebp > = 0xbfbfe648 --- > db> > This is a known panic. You can try disabling ACPI by adding hin.acpi.0.disbled="1" to /boot/loader.conf or setting it in the loader. The other workaround was proposed by Maxim. You need to change line 570 in dev/ata/ata-all.c from request->retries = -1; to request->retries = 3; -- Steve