Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 23 May 2024 08:12:39 +0000
From:      bugzilla-noreply@freebsd.org
To:        bugs@FreeBSD.org
Subject:   [Bug 279243] panic: Memory modified after free, Most recently used by solaris
Message-ID:  <bug-279243-227@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D279243

            Bug ID: 279243
           Summary: panic: Memory modified after free, Most recently used
                    by solaris
           Product: Base System
           Version: 14.0-STABLE
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: kern
          Assignee: bugs@FreeBSD.org
          Reporter: avg@FreeBSD.org

This happens on every other boot for me.
When it happens it always happens when loading nvidia driver.

<118>Mounting local filesystems:.
<118>Mounting ZFS filesystems: (354/354)
<118>Loading kernel modules:
nvidia0: <NVIDIA GeForce GTX 1660> on vgapci0
vgapci0: child nvidia0 requested pci_enable_io
vgapci0: child nvidia0 requested pci_enable_io
<6>nvidia-modeset: Loading NVIDIA Kernel Mode Setting Driver for UNIX platf=
orms
 550.54.14  Thu Feb 22 01:05:40 UTC 2024
sysctl_warn_reuse: can't re-use a leaf (hw.dri.debug)!
<6>[drm] [nvidia-drm] [GPU ID 0x00000100] Loading driver
Memory modified after free 0xfffff800207cf900(376) val=3D1010000 @
0xfffff800207cf900
panic: Most recently used by solaris

cpuid =3D 2
time =3D 1716443221
KDB: stack backtrace:
db_trace_self_wrapper() at 0xffffffff80614c2b =3D
db_trace_self_wrapper+0x2b/frame 0xfffffe01985cc060
kdb_backtrace() at 0xffffffff8094a037 =3D kdb_backtrace+0x37/frame
0xfffffe01985cc110
vpanic() at 0xffffffff808fba29 =3D vpanic+0x169/frame 0xfffffe01985cc250
panic() at 0xffffffff808fb803 =3D panic+0x43/frame 0xfffffe01985cc2b0
mtrash_ctor() at 0xffffffff80bb25ee =3D mtrash_ctor+0x7e/frame 0xfffffe0198=
5cc2d0
item_ctor() at 0xffffffff80bb1818 =3D item_ctor+0x108/frame 0xfffffe01985cc=
320
uma_zalloc_arg() at 0xffffffff80baac3b =3D uma_zalloc_arg+0x10b/frame
0xfffffe01985cc360
malloc() at 0xffffffff808d4f60 =3D malloc+0x70/frame 0xfffffe01985cc3a0
os_alloc_mem() at 0xffffffff857de5f7 =3D os_alloc_mem+0x37/frame
0xfffffe01985cc3c0
_nv013606rm() at 0xffffffff854fc874 =3D _nv013606rm+0x34/frame 0xfffffe01a3=
22fc00
Uptime: 42s

"Most recently used by solaris" makes me think that the problem is in ZFS.
Also, because the module loading happens right after mounting ZFS filesyste=
ms.

The zone is "malloc-384".
24 initial bytes are affected:

(kgdb) x/48a item
0xfffff800207cf900:     0x1010000       0x0
0xfffff800207cf910:     0x0     0xdeadc0dedeadc0de
0xfffff800207cf920:     0xdeadc0dedeadc0de      0xdeadc0dedeadc0de
0xfffff800207cf930:     0xdeadc0dedeadc0de      0xdeadc0dedeadc0de
0xfffff800207cf940:     0xdeadc0dedeadc0de      0xdeadc0dedeadc0de
0xfffff800207cf950:     0xdeadc0dedeadc0de      0xdeadc0dedeadc0de
0xfffff800207cf960:     0xdeadc0dedeadc0de      0xdeadc0dedeadc0de
0xfffff800207cf970:     0xdeadc0dedeadc0de      0xdeadc0dedeadc0de
0xfffff800207cf980:     0xdeadc0dedeadc0de      0xdeadc0dedeadc0de
0xfffff800207cf990:     0xdeadc0dedeadc0de      0xdeadc0dedeadc0de
0xfffff800207cf9a0:     0xdeadc0dedeadc0de      0xdeadc0dedeadc0de
0xfffff800207cf9b0:     0xdeadc0dedeadc0de      0xdeadc0dedeadc0de
0xfffff800207cf9c0:     0xdeadc0dedeadc0de      0xdeadc0dedeadc0de
0xfffff800207cf9d0:     0xdeadc0dedeadc0de      0xdeadc0dedeadc0de
0xfffff800207cf9e0:     0xdeadc0dedeadc0de      0xdeadc0dedeadc0de
0xfffff800207cf9f0:     0xdeadc0dedeadc0de      0xdeadc0dedeadc0de
0xfffff800207cfa00:     0xdeadc0dedeadc0de      0xdeadc0dedeadc0de
0xfffff800207cfa10:     0xdeadc0dedeadc0de      0xdeadc0dedeadc0de
0xfffff800207cfa20:     0xdeadc0dedeadc0de      0xdeadc0dedeadc0de
0xfffff800207cfa30:     0xdeadc0dedeadc0de      0xdeadc0dedeadc0de
0xfffff800207cfa40:     0xdeadc0dedeadc0de      0xdeadc0dedeadc0de
0xfffff800207cfa50:     0xdeadc0dedeadc0de      0xdeadc0dedeadc0de
0xfffff800207cfa60:     0xdeadc0dedeadc0de      0xdeadc0dedeadc0de
0xfffff800207cfa70:     0xdeadc0dedeadc0de      0xffffffff8121a800 <M_SOLAR=
IS>

--=20
You are receiving this mail because:
You are the assignee for the bug.=

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-279243-227>