From owner-freebsd-current@FreeBSD.ORG  Mon Sep 26 21:55:55 2005
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
X-Original-To: current@freebsd.org
Delivered-To: freebsd-current@FreeBSD.ORG
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 123E716A41F
	for <current@freebsd.org>; Mon, 26 Sep 2005 21:55:55 +0000 (GMT)
	(envelope-from pawel.worach@gmail.com)
Received: from qproxy.gmail.com (qproxy.gmail.com [72.14.204.201])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 7EBC643D53
	for <current@freebsd.org>; Mon, 26 Sep 2005 21:55:54 +0000 (GMT)
	(envelope-from pawel.worach@gmail.com)
Received: by qproxy.gmail.com with SMTP id p36so466426qba
	for <current@freebsd.org>; Mon, 26 Sep 2005 14:55:53 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com;
	h=received:message-id:date:from:reply-to:to:subject:mime-version:content-type;
	b=l0Y6fUQMOh/1JTaKDbnmuefKGrB2XPaZz2IPukfVsujk5Q/UViWseyS7IxuEWiW4S5OZ/yVc+cmAqK8waiKusgs+U3LscRuDGkvjZv6DjeWQM/sNy+Rz7ZZGrFspzrS/vnKvRdHpMDC/uRSg1hYELZYZROCE/O1STiDxUzGQsEY=
Received: by 10.65.138.4 with SMTP id q4mr561012qbn;
	Mon, 26 Sep 2005 14:55:53 -0700 (PDT)
Received: by 10.65.121.4 with HTTP; Mon, 26 Sep 2005 14:55:53 -0700 (PDT)
Message-ID: <d227e09e0509261455347a9aca@mail.gmail.com>
Date: Mon, 26 Sep 2005 23:55:53 +0200
From: Pawel Worach <pawel.worach@gmail.com>
To: current@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
X-Content-Filtered-By: Mailman/MimeDel 2.1.5
Cc: 
Subject: [releng_6] mpt(4) Memory modified after free panic
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: Pawel Worach <pawel.worach@gmail.com>
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>, 
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 26 Sep 2005 21:55:55 -0000

Trying to use a mpt controller with only one disk attached so it's not
possible to configure a RAID-1 volume.
Trying to boot 6.0-BETA1 install cd results in this panic. Should it
possible to use a single disk behind an mpt(4) with the updated driver? Thi=
s
configuration works fine on 5.4.

GDB: no debug ports present
KDB: debugger backends: ddb
KDB: current backend: ddb
Copyright (c) 1992-2005 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
The Regents of the University of California. All rights reserved.
FreeBSD 6.0-BETA1 #0: Tue Jul 12 18:05:55 UTC 2005
root@x64.samsco.home:/usr/obj/usr/src/sys/GENERIC
WARNING: WITNESS option enabled, expect reduced performance.
ACPI APIC Table: <IBM SERONYXP>
Timecounter "i8254" frequency 1193182 Hz quality 0
CPU: Intel(R) Xeon(TM) CPU 2.80GHz (2793.90-MHz 686-class CPU)
Origin =3D "GenuineIntel" Id =3D 0xf27 Stepping =3D 7
Features=3D0xbfebfbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,=
MCA,C
MOV,PAT,PSE36,CLFLUSH,DTS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE>
Features2=3D0x4400<CNTX-ID,<b14>>
Hyperthreading: 2 logical CPUs
...
mpt0: <LSILogic 1030 Ultra4 Adapter> port 0x2700-0x27ff mem
0xf9ff0000-0xf9fffff
f,0xf9fe0000-0xf9feffff irq 27 at device 7.0 on pci8
mpt0: [GIANT-LOCKED]
mpt0: MPI Version=3D1.2.15.0 <http://1.2.15.0>
mpt0: Unhandled Event Notify Frame. Event 0xa.
mpt0: Capabilities: ( RAID-1 SAFTE )
mpt0: 0 Active Volumes (1 Max)
mpt0: 0 Hidden Drive Members (6 Max)
mpt1: <LSILogic 1030 Ultra4 Adapter> port 0x2800-0x28ff mem
0xf9fd0000-0xf9fdfff
f,0xf9fc0000-0xf9fcffff irq 28 at device 7.1 on pci8
mpt1: [GIANT-LOCKED]
mpt1: MPI Version=3D1.2.15.0 <http://1.2.15.0>
mpt1: Unhandled Event Notify Frame. Event 0xa.
mpt1: Capabilities: ( RAID-1 SAFTE )
mpt1: 0 Active Volumes (1 Max)
mpt1: 0 Hidden Drive Members (6 Max)
Memory modified after free 0xc28a5710(12) val=3D0 @ 0xc28a5710
panic: Most recently used by bus

cpuid =3D 0
KDB: enter: panic
[thread pid 0 tid 0 ]
Stopped at kdb_enter+0x2b: nop
db> tr
Tracing pid 0 tid 0 td 0xc091bca0
kdb_enter(c0854b84) at kdb_enter+0x2b
panic(c086f463,c08328ac,c086f434,c28a5710,c) at panic+0x127
mtrash_ctor(c28a5710,10,0,1) at mtrash_ctor+0x4d
uma_zalloc_arg(c145a420,0,1) at uma_zalloc_arg+0x10f
malloc(8,c08b79e0,1,1030200,c28b6000) at malloc+0xae
mpt_read_config_info_ioc(c28b6000) at mpt_read_config_info_ioc+0x464
mpt_configure_ioc(c28b6000,c0897a80,0,c1020b28,c05639f2) at
mpt_configure_ioc+0x
2ea
mpt_core_attach(c28b6000,c289d780,c28b6000,c289d680,c1020b58) at
mpt_core_attach
+0xb6
mpt_attach(c28b6000) at mpt_attach+0x2a
mpt_pci_attach(c289d680) at mpt_pci_attach+0x4c9
device_attach(c289d680,c26b8700,c289d680,c289d780,0) at device_attach+0x58
device_probe_and_attach(c289d680) at device_probe_and_attach+0xe0
bus_generic_attach(c289d780,6,c26b8700,1,c0ee0258) at
bus_generic_attach+0x16
acpi_pci_attach(c289d780) at acpi_pci_attach+0xd0
device_attach(c289d780,c2807b78,c289d780,0,c275ea00) at device_attach+0x58
device_probe_and_attach(c289d780) at device_probe_and_attach+0xe0
bus_generic_attach(c275ea00,c275ea00,0,c26b8700,c28a6100) at
bus_generic_attach+
0x16
acpi_pcib_attach(c275ea00,c28a6114,8,c06456a5,c275d180) at
acpi_pcib_attach+0x13
0
acpi_pcib_acpi_attach(c275ea00) at acpi_pcib_acpi_attach+0xcf
device_attach(c275ea00,c2832280,c275ea00,c2833ac0,c275d180) at
device_attach+0x5
8
device_probe_and_attach(c275ea00) at device_probe_and_attach+0xe0
bus_generic_attach(c275d180,ffffffff,fec00000,c2820288,3) at
bus_generic_attach+
0x16
acpi_attach(c275d180) at acpi_attach+0x631
device_attach(c275d180,0,c275d180,c275d880,0) at device_attach+0x58
device_probe_and_attach(c275d180) at device_probe_and_attach+0xe0
bus_generic_attach(c275d880,c275d880,c275d880,c1020d40,c06461a8) at
bus_generic_
attach+0x16
nexus_attach(c275d880) at nexus_attach+0x13
device_attach(c275d880,c06293fa,c275d880,c08f3d90,1028000) at
device_attach+0x58
device_probe_and_attach(c275d880) at device_probe_and_attach+0xe0
root_bus_configure(c1020d88,c060adc6,0,101ec00,101e000) at
root_bus_configure+0x
16
configure(0,101ec00,101e000,0,c04453b5) at configure+0x9
mi_startup() at mi_startup+0x96
begin() at begin+0x2c

(kgdb) l *mpt_read_config_info_ioc+0x464
0xc05631bc is in mpt_read_config_info_ioc (/usr/src/sys/dev/mpt/mpt.c:1558)=
.
1553 hdr.PageVersion, hdr.PageLength, hdr.PageNumber, hdr.PageType);
1554
1555 if (mpt->ioc_page3 !=3D NULL)
1556 free(mpt->ioc_page3, M_DEVBUF);
1557 len =3D hdr.PageLength * sizeof(uint32_t);
1558 mpt->ioc_page3 =3D malloc(len, M_DEVBUF, M_NOWAIT);
1559 if (mpt->ioc_page3 =3D=3D NULL)
1560 return (-1);
1561 memset(mpt->ioc_page3, 0, sizeof(*mpt->ioc_page3));
1562 memcpy(&mpt->ioc_page3->Header, &hdr, sizeof(hdr));

--
Pawel