From owner-freebsd-current@FreeBSD.ORG Mon Jul 21 08:20:55 2014 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id DD2FBE61; Mon, 21 Jul 2014 08:20:55 +0000 (UTC) Received: from thebighonker.lerctr.org (thebighonker.lerctr.org [IPv6:2001:470:1f0f:3ad:223:7dff:fe9e:6e8a]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "thebighonker.lerctr.org", Issuer "COMODO RSA Domain Validation Secure Server CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id B062324F5; Mon, 21 Jul 2014 08:20:55 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lerctr.org; s=lerami; h=In-Reply-To:Content-Type:MIME-Version:References:Message-ID:Subject:To:From:Date; bh=G5pxcuhK285keeFtVNTZsky+9rjt1icstSAUsn/zMeM=; b=gPUqch0PeYAW3CCQO8KhGfP36BTPmcmssPdYSp1YQckTt10Sm5H81c8daFwSTWeORHoND0ZzvSpWD63bJXYgDeYkbLBI1+ntZOLkPnc/xGGMARLkVhU8WUmosmWq3TSPzQ8D5bmx4x1Pb/mRMXj94VjCNyUtzx/tCY1wt9kjmeQ=; Received: from 107-128-180-255.lightspeed.austtx.sbcglobal.net ([107.128.180.255]:43785 helo=borg.lerctr.org) by thebighonker.lerctr.org with esmtpsa (TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256) (Exim 4.82_1-5b7a7c0-XX (FreeBSD)) (envelope-from ) id 1X98q4-000Olv-UU; Mon, 21 Jul 2014 03:20:55 -0500 Date: Mon, 21 Jul 2014 03:20:41 -0500 From: Larry Rosenman To: freebsd-current@freebsd.org, freebsd-emulation@freebsd.org Subject: Re: [PANIC][vboxdrv] use afer free/iprtheap Message-ID: <20140721082041.GB1365@borg.lerctr.org> References: <20140721081748.GA1365@borg.lerctr.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20140721081748.GA1365@borg.lerctr.org> User-Agent: Mutt/1.5.23 (2014-03-12) X-Spam-Score: -2.9 (--) X-LERCTR-Spam-Score: -2.9 (--) X-Spam-Report: SpamScore (-2.9/5.0) ALL_TRUSTED=-1, BAYES_00=-1.9, TVD_RCVD_IP=0.001 X-LERCTR-Spam-Report: SpamScore (-2.9/5.0) ALL_TRUSTED=-1, BAYES_00=-1.9, TVD_RCVD_IP=0.001 X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 21 Jul 2014 08:20:55 -0000 Ignore previous, here's the right core: borg.lerctr.org dumped core - see /var/crash/vmcore.6 Mon Jul 21 03:13:37 CDT 2014 FreeBSD borg.lerctr.org 11.0-CURRENT FreeBSD 11.0-CURRENT #54 r268932M: Sun Jul 20 19:26:23 CDT 2014 root@borg.lerctr.org:/usr/obj/usr/src/sys/VT-LER amd64 panic: Most recently used by iprtheap GNU gdb 6.1.1 [FreeBSD] Copyright 2004 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "amd64-marcel-freebsd"... Unread portion of the kernel message buffer: Memory modified after free 0xfffff8056da02d00(120) val=e69eedef @ 0xfffff8056da02d10 panic: Most recently used by iprtheap cpuid = 2 KDB: stack backtrace: db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe100c947360 kdb_backtrace() at kdb_backtrace+0x39/frame 0xfffffe100c947410 vpanic() at vpanic+0x126/frame 0xfffffe100c947450 panic() at panic+0x43/frame 0xfffffe100c9474b0 mtrash_ctor() at mtrash_ctor+0x8a/frame 0xfffffe100c9474e0 uma_zalloc_arg() at uma_zalloc_arg+0x4d1/frame 0xfffffe100c947550 malloc() at malloc+0x194/frame 0xfffffe100c9475a0 rtR0MemAllocEx() at rtR0MemAllocEx+0xd2/frame 0xfffffe100c947600 RTMemAllocZTag() at RTMemAllocZTag+0x14/frame 0xfffffe100c947620 rtR0MemObjNew() at rtR0MemObjNew+0x2f/frame 0xfffffe100c947650 rtR0MemObjFreeBSDAllocPhysPages() at rtR0MemObjFreeBSDAllocPhysPages+0x31/frame 0xfffffe100c9476a0 rtR0MemObjNativeAllocPhysNC() at rtR0MemObjNativeAllocPhysNC+0x2e/frame 0xfffffe100c9476c0 g_aUnits() at g_aUnits+0x58d9/frame 0xfffffe100c947720 g_aUnits() at g_aUnits+0x266a/frame 0xfffffe100c9477a0 g_aUnits() at g_aUnits+0x1f9f/frame 0xfffffe100c947820 g_aUnits() at 0xffffffff83257c35/frame 0xfffffe100c947870 g_aUnits() at 0xffffffff8325a0de/frame 0xfffffe100c9478b0 g_aUnits() at 0xffffffff83259c23/frame 0xfffffe100c9478f0 supdrvIOCtlInnerUnrestricted() at supdrvIOCtlInnerUnrestricted+0x5a1/frame 0xfffffe100c947970 VBoxDrvFreeBSDIOCtl() at VBoxDrvFreeBSDIOCtl+0x1e6/frame 0xfffffe100c9479d0 devfs_ioctl_f() at devfs_ioctl_f+0xfb/frame 0xfffffe100c947a30 kern_ioctl() at kern_ioctl+0x22b/frame 0xfffffe100c947a90 sys_ioctl() at sys_ioctl+0x13c/frame 0xfffffe100c947ae0 amd64_syscall() at amd64_syscall+0x25a/frame 0xfffffe100c947bf0 Xfast_syscall() at Xfast_syscall+0xfb/frame 0xfffffe100c947bf0 --- syscall (54, FreeBSD ELF64, sys_ioctl), rip = 0x80128f5ca, rsp = 0x7fffff8a5c58, rbp = 0x7fffff8a5c60 --- Uptime: 7h12m25s Dumping 7915 out of 64463 MB:..1%..11%..21%..31%..41%..51%..61%..71%..81%..91% Reading symbols from /boot/kernel/linux.ko.symbols...done. Loaded symbols for /boot/kernel/linux.ko.symbols Reading symbols from /boot/kernel/if_lagg.ko.symbols...done. Loaded symbols for /boot/kernel/if_lagg.ko.symbols Reading symbols from /boot/kernel/snd_envy24ht.ko.symbols...done. Loaded symbols for /boot/kernel/snd_envy24ht.ko.symbols Reading symbols from /boot/kernel/snd_spicds.ko.symbols...done. Loaded symbols for /boot/kernel/snd_spicds.ko.symbols Reading symbols from /boot/kernel/coretemp.ko.symbols...done. Loaded symbols for /boot/kernel/coretemp.ko.symbols Reading symbols from /boot/kernel/ichsmb.ko.symbols...done. Loaded symbols for /boot/kernel/ichsmb.ko.symbols Reading symbols from /boot/kernel/smbus.ko.symbols...done. Loaded symbols for /boot/kernel/smbus.ko.symbols Reading symbols from /boot/kernel/ichwd.ko.symbols...done. Loaded symbols for /boot/kernel/ichwd.ko.symbols Reading symbols from /boot/kernel/cpuctl.ko.symbols...done. Loaded symbols for /boot/kernel/cpuctl.ko.symbols Reading symbols from /boot/kernel/crypto.ko.symbols...done. Loaded symbols for /boot/kernel/crypto.ko.symbols Reading symbols from /boot/kernel/cryptodev.ko.symbols...done. Loaded symbols for /boot/kernel/cryptodev.ko.symbols Reading symbols from /boot/kernel/dtraceall.ko.symbols...done. Loaded symbols for /boot/kernel/dtraceall.ko.symbols Reading symbols from /boot/kernel/profile.ko.symbols...done. Loaded symbols for /boot/kernel/profile.ko.symbols Reading symbols from /boot/kernel/cyclic.ko.symbols...done. Loaded symbols for /boot/kernel/cyclic.ko.symbols Reading symbols from /boot/kernel/dtrace.ko.symbols...done. Loaded symbols for /boot/kernel/dtrace.ko.symbols Reading symbols from /boot/kernel/systrace_freebsd32.ko.symbols...done. Loaded symbols for /boot/kernel/systrace_freebsd32.ko.symbols Reading symbols from /boot/kernel/systrace.ko.symbols...done. Loaded symbols for /boot/kernel/systrace.ko.symbols Reading symbols from /boot/kernel/sdt.ko.symbols...done. Loaded symbols for /boot/kernel/sdt.ko.symbols Reading symbols from /boot/kernel/lockstat.ko.symbols...done. Loaded symbols for /boot/kernel/lockstat.ko.symbols Reading symbols from /boot/kernel/fasttrap.ko.symbols...done. Loaded symbols for /boot/kernel/fasttrap.ko.symbols Reading symbols from /boot/kernel/fbt.ko.symbols...done. Loaded symbols for /boot/kernel/fbt.ko.symbols Reading symbols from /boot/kernel/dtnfscl.ko.symbols...done. Loaded symbols for /boot/kernel/dtnfscl.ko.symbols Reading symbols from /boot/kernel/dtmalloc.ko.symbols...done. Loaded symbols for /boot/kernel/dtmalloc.ko.symbols Reading symbols from /boot/modules/vboxdrv.ko...done. Loaded symbols for /boot/modules/vboxdrv.ko Reading symbols from /boot/modules/nvidia.ko...done. Loaded symbols for /boot/modules/nvidia.ko Reading symbols from /boot/kernel/ipmi.ko.symbols...done. Loaded symbols for /boot/kernel/ipmi.ko.symbols Reading symbols from /boot/kernel/ipmi_linux.ko.symbols...done. Loaded symbols for /boot/kernel/ipmi_linux.ko.symbols Reading symbols from /boot/kernel/radeonkms.ko.symbols...done. Loaded symbols for /boot/kernel/radeonkms.ko.symbols Reading symbols from /boot/kernel/iicbb.ko.symbols...done. Loaded symbols for /boot/kernel/iicbb.ko.symbols Reading symbols from /boot/kernel/iicbus.ko.symbols...done. Loaded symbols for /boot/kernel/iicbus.ko.symbols Reading symbols from /boot/kernel/iic.ko.symbols...done. Loaded symbols for /boot/kernel/iic.ko.symbols Reading symbols from /boot/kernel/drm2.ko.symbols...done. Loaded symbols for /boot/kernel/drm2.ko.symbols Reading symbols from /boot/kernel/radeonkmsfw_R100_cp.ko.symbols...done. Loaded symbols for /boot/kernel/radeonkmsfw_R100_cp.ko.symbols Reading symbols from /boot/kernel/fdescfs.ko.symbols...done. Loaded symbols for /boot/kernel/fdescfs.ko.symbols Reading symbols from /boot/kernel/linprocfs.ko.symbols...done. Loaded symbols for /boot/kernel/linprocfs.ko.symbols Reading symbols from /boot/kernel/uhid.ko.symbols...done. Loaded symbols for /boot/kernel/uhid.ko.symbols Reading symbols from /boot/modules/vboxnetflt.ko...done. Loaded symbols for /boot/modules/vboxnetflt.ko Reading symbols from /boot/kernel/netgraph.ko.symbols...done. Loaded symbols for /boot/kernel/netgraph.ko.symbols Reading symbols from /boot/kernel/ng_ether.ko.symbols...done. Loaded symbols for /boot/kernel/ng_ether.ko.symbols Reading symbols from /boot/modules/vboxnetadp.ko...done. Loaded symbols for /boot/modules/vboxnetadp.ko #0 doadump (textdump=1) at pcpu.h:219 219 pcpu.h: No such file or directory. in pcpu.h (kgdb) #0 doadump (textdump=1) at pcpu.h:219 #1 0xffffffff80a055d7 in kern_reboot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:445 #2 0xffffffff80a05b15 in vpanic (fmt=, ap=) at /usr/src/sys/kern/kern_shutdown.c:744 #3 0xffffffff80a05b63 in panic (fmt=0x0) at /usr/src/sys/kern/kern_shutdown.c:673 #4 0xffffffff80c83aaa in mtrash_ctor (mem=, size=, arg=, flags=) at /usr/src/sys/vm/uma_dbg.c:138 #5 0xffffffff80c7fbe1 in uma_zalloc_arg (zone=0xfffff80ffffc9680, udata=0x0, flags=257) at /usr/src/sys/vm/uma_core.c:2164 #6 0xffffffff809ed0b4 in malloc (size=, mtp=0xffffffff81fd3b70, flags=) at uma.h:336 #7 0xffffffff81fc2232 in rtR0MemAllocEx () from /boot/modules/vboxdrv.ko #8 0xffffffff81fc0904 in RTMemAllocZTag () from /boot/modules/vboxdrv.ko #9 0xffffffff81fc0d3f in rtR0MemObjNew () from /boot/modules/vboxdrv.ko #10 0xffffffff81fc27b1 in rtR0MemObjFreeBSDAllocPhysPages () from /boot/modules/vboxdrv.ko #11 0xffffffff81fc28ae in rtR0MemObjNativeAllocPhysNC () from /boot/modules/vboxdrv.ko #12 0xffffffff83242799 in ?? () #13 0xfffffe0559b32010 in ?? () #14 0x000000780000002b in ?? () #15 0xfffffe100977d7c8 in ?? () #16 0xffffffff8324287e in ?? () #17 0x0000000000000000 in ?? () Current language: auto; currently minimal (kgdb) virtualbox-ose-4.3.12_1 A general-purpose full virtualizer for x86 hardware virtualbox-ose-kmod-4.3.12 VirtualBox kernel module for FreeBSD Ideas? -- Larry Rosenman http://www.lerctr.org/~ler Phone: +1 214-642-9640 E-Mail: ler@lerctr.org US Mail: 108 Turvey Cove, Hutto, TX 78634-5688