Date: Wed, 18 Feb 2004 18:18:43 -0500 From: Jesse Guardiani <jesse@wingnet.net> To: Steve Kargl <sgk@troutmask.apl.washington.edu> Cc: freebsd-current@freebsd.org Subject: Re: 5.2.1-RC2 debug kernel PANIC "Memory modified after free" Message-ID: <200402181818.43959.jesse@wingnet.net> In-Reply-To: <20040218220443.GA76951@troutmask.apl.washington.edu> References: <c0vsqa$su0$1@sea.gmane.org> <20040218220443.GA76951@troutmask.apl.washington.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wednesday 18 February 2004 17:04, Steve Kargl wrote: > On Wed, Feb 18, 2004 at 09:28:26AM -0500, Jesse Guardiani wrote: > > GEOM: create disk ad0 dp=0xc3b45560 > > ad0: 45780MB <IC25T048ATDA05-0> [93015/16/63] at ata0-master UDMA100 > > ata1-slave: FAILURE - ATAPI_IDENTIFY no interrupt > > Feb 18 09:16:24 david su: BAD SU jesse to root on /dev/ttyv1 > > ata1-slave: FAILURE - ATAPI_IDENTIFY no interrupt > > acd0: DVDROM <HL-DT-STDVD-ROM GDR8081N> at ata1-master UDMA33 > > Mounting root from ufs:/dev/ad0s3a > > Memory modified after free 0xc3b41a00(508) val=ff70ff70 @ 0xc3b41a00 > > > > > > Fatal trap 12: page fault while in kernel mode > > fault virtual address = 0xff70ff90 > > fault code = supervisor read, page not present > > instruction pointer = 0x8:0xc06691bd > > stack pointer = 0x10:0xe38a3934 > > frame pointer = 0x10:0xe38a3950 > > code segment = base 0x0, limit 0xfffff, type 0x1b > > = DPL 0, pres 1, def32 1, gran 1 > > processor eflags = interrupt enabled, resume, IOPL = 0 > > current process = 56 (sh) > > kernel: type 12 trap, code=0 > > Stopped at mtrash_ctor+0x4d: movl 0x20(%eax),%eax > > db> > > db> trace > > mtrash_ctor(c3b41a00,200,0,579,c3b41a00) at mtrash_ctor+0x4d > > uma_zalloc_arg(c103bcc0,0,2,e38a39a8,c0547970) at uma_zalloc_arg+0x1cb > > malloc(188,c0711be0,2,1,c06dcb5e) at malloc+0xd3 > > elf32_load_file(c3a678d4,c3ab6000,e38a3a9c,e38a3bc8,1000) at > > elf32_load_file+0x5 1 > > exec_elf32_imgact(e38a3b8c,0,c06db142,fe,c0740eb8) at > > exec_elf32_imgact+0x45d kern_execve(c3a65140,81078e0,8107938,8107948,0) > > at kern_execve+0x38c execve(c3a65140,e38a3d14,c06f68f1,3ee,3) at > > execve+0x30 > > syscall(2f,2f,2f,81078e0,8107938) at syscall+0x2c0 > > Xint0x80_syscall() at Xint0x80_syscall+0x1d > > --- syscall (59, FreeBSD ELF32, execve), eip = 0x807c22f, esp = > > 0xbfbfe62c, ebp = 0xbfbfe648 --- > > db> > > This is a known panic. You can try disabling ACPI by adding > hin.acpi.0.disbled="1" to /boot/loader.conf hint.acpi.0.disabled=1 was already set when the above panic took place. I can get you the top half of the dmesg if you're interested. > or setting it in > the loader. The other workaround was proposed by Maxim. You > need to change line 570 in dev/ata/ata-all.c from > request->retries = -1; > to > request->retries = 3; Since I'm not using ACPI, are you sure about that? -- Jesse Guardiani, Systems Administrator WingNET Internet Services, P.O. Box 2605 // Cleveland, TN 37320-2605 423-559-LINK (v) 423-559-5145 (f) http://www.wingnet.net
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200402181818.43959.jesse>