Date: Mon, 28 May 2001 09:07:37 +0200 From: Tor.Egge@fast.no To: DougB@DougBarton.net Cc: peter.jeremy@alcatel.com.au, kris@obsecurity.org, current@FreeBSD.ORG Subject: Re: freelist corruption Message-ID: <200105280707.JAA01656@midten.fast.no> In-Reply-To: Your message of "Sun, 27 May 2001 21:32:43 -0700" References: <3B11D4EB.18663F7E@DougBarton.net>
next in thread | previous in thread | raw e-mail | index | archive | help
----Next_Part(Mon_May_28_09:07:36_2001)--
Content-Type: Text/Plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
> Peter Jeremy wrote:
> >
> > On 2001-May-27 20:36:54 -0700, Kris Kennaway <kris@obsecurity.org> wrote:
> > >I've been getting rather a lot of these tonight..any ideas?
> > >
> > >May 27 18:52:06 xor /boot/kernel/kernel: Data modified on freelist: word 2 of object 0xc1a60100 size 64 previous type pagedep (0xd6adc0de != 0xdeadc0de)
> >
> > If this isn't an ECC system
>
> I got one of these on my ECC system:
>
> May 25 01:16:20 <kern.crit> Master /boot/kernel/kernel: Data modified on
> freelist: word 2 of object 0xc1a58dc0 size 52 previous type vfscache
> (0xd6adc0de != 0xdeadc0de)
I'm using the following experimental patch to avoid system crashes and
the freelist corruption message. The softupdate code seems to free
pagedeps structures with the NEWBLOCK flag set (which indicates that a
newdirblk structure is currently pointing to the pagedep structure).
When the newdirblk structure is freed later on, it clears the NEWBLOCK
flag, changing 0xdeadc0de to 0xd6adc0de. If the memory for the
pagedep structure has been reused for something else, the system might
crash. free_newdirblk will typically be on the ddb stack backtrace
- Tor Egge
----Next_Part(Mon_May_28_09:07:36_2001)--
Content-Type: Text/Plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Index: sys/ufs/ffs/ffs_softdep.c
===================================================================
RCS file: /home/ncvs/src/sys/ufs/ffs/ffs_softdep.c,v
retrieving revision 1.97
diff -u -r1.97 ffs_softdep.c
--- sys/ufs/ffs/ffs_softdep.c 2001/05/19 19:24:26 1.97
+++ sys/ufs/ffs/ffs_softdep.c 2001/05/24 01:48:22
@@ -1932,6 +1932,11 @@
WORKLIST_INSERT(&inodedep->id_bufwait,
&dirrem->dm_list);
}
+ if ((pagedep->pd_state & NEWBLOCK) != 0) {
+ FREE_LOCK(&lk);
+ panic("deallocate_dependencies: "
+ "active pagedep");
+ }
WORKLIST_REMOVE(&pagedep->pd_list);
LIST_REMOVE(pagedep, pd_hash);
WORKITEM_FREE(pagedep, D_PAGEDEP);
@@ -3930,8 +3935,12 @@
* is written back to disk.
*/
if (LIST_FIRST(&pagedep->pd_pendinghd) == 0) {
- LIST_REMOVE(pagedep, pd_hash);
- WORKITEM_FREE(pagedep, D_PAGEDEP);
+ if ((pagedep->pd_state & NEWBLOCK) != 0) {
+ printf("handle_written_filepage: active pagedep\n");
+ } else {
+ LIST_REMOVE(pagedep, pd_hash);
+ WORKITEM_FREE(pagedep, D_PAGEDEP);
+ }
}
return (0);
}
----Next_Part(Mon_May_28_09:07:36_2001)----
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200105280707.JAA01656>