From owner-freebsd-bugs@FreeBSD.ORG Mon Sep 6 13:30:13 2004 Return-Path: Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2CB7816A4D1 for ; Mon, 6 Sep 2004 13:30:13 +0000 (GMT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 13D8E43D60 for ; Mon, 6 Sep 2004 13:30:12 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.11/8.12.11) with ESMTP id i86DUCun021779 for ; Mon, 6 Sep 2004 13:30:12 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.12.11/8.12.11/Submit) id i86DUCZR021775; Mon, 6 Sep 2004 13:30:12 GMT (envelope-from gnats) Resent-Date: Mon, 6 Sep 2004 13:30:12 GMT Resent-Message-Id: <200409061330.i86DUCZR021775@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Daichi GOTO Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0EE2616A4CE; Mon, 6 Sep 2004 13:22:51 +0000 (GMT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0034F43D3F; Mon, 6 Sep 2004 13:22:50 +0000 (GMT) (envelope-from daichi@FreeBSD.org) Received: from freefall.freebsd.org (daichi@localhost [127.0.0.1]) i86DMogU021597; Mon, 6 Sep 2004 13:22:50 GMT (envelope-from daichi@freefall.freebsd.org) Received: (from daichi@localhost) by freefall.freebsd.org (8.12.11/8.12.11/Submit) id i86DMoMV021596; Mon, 6 Sep 2004 13:22:50 GMT (envelope-from daichi) Message-Id: <200409061322.i86DMoMV021596@freefall.freebsd.org> Date: Mon, 6 Sep 2004 13:22:50 GMT From: Daichi GOTO To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 cc: fjoe@FreeBSD.org Subject: kern/71431: [panic fix] [patch] geom_uzip.ko caused panic X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Daichi GOTO List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 Sep 2004 13:30:13 -0000 >Number: 71431 >Category: kern >Synopsis: [panic fix] [patch] geom_uzip.ko caused panic >Confidential: no >Severity: critical >Priority: high >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Mon Sep 06 13:30:12 GMT 2004 >Closed-Date: >Last-Modified: >Originator: Daichi GOTO >Release: FreeBSD 4.10-STABLE i386 >Organization: >Environment: FreeBSD freebsd.ongs.co.jp 5.3-BETA3 FreeBSD 5.3-BETA3 #2: Sun Sep 5 01:45:47 JST 2004 root@freebsd.ongs.co.jp:/usr/obj/usr/src/sys/MITHOS i386 >Description: /boot/kernel/geom_uzip.ko causes panic. panic message: ----------------------------------- panic: malloc(9)/free(9) confusion. Probably freeing with wrong type, but maybe not here. cpuid = 0 KDB: enter: panic [thread 100031] Stopped at kdb_enter+0x2b: nop db> ----------------------------------- >How-To-Repeat: # kldload geom_uzip or # geom uzip load >Fix: I think that follow patch will fix :) --- sys/geom/uzip/g_uzip.c.orig Mon Aug 30 16:08:17 2004 +++ sys/geom/uzip/g_uzip.c Mon Aug 30 17:02:27 2004 @@ -91,10 +91,10 @@ gp->name, sc->req_total, sc->req_cached); } if (sc->offsets != NULL) - free(sc->offsets, M_GEOM_UZIP); + g_free(sc->offsets); mtx_destroy(&sc->last_mtx); - free(sc->last_buf, M_GEOM_UZIP); - free(sc, M_GEOM_UZIP); + g_free(sc->last_buf); + g_free(sc); } static void * @@ -102,14 +102,14 @@ { void *ptr; - ptr = malloc(type * size, M_GEOM_UZIP, M_NOWAIT); + ptr = g_malloc(type * size, M_NOWAIT | M_ZERO); return ptr; } static void z_free(void *nil, void *ptr) { - free(ptr, M_GEOM_UZIP); + g_free(ptr); } static void @@ -207,7 +207,7 @@ */ DPRINTF(("%s: done: (%d, %lld, %ld)\n", gp->name, bp2->bio_error, bp2->bio_completed, bp2->bio_resid)); - free(bp->bio_data, M_GEOM_UZIP); + g_free(bp->bio_data); g_destroy_bio(bp); g_io_deliver(bp2, bp2->bio_error); } @@ -285,7 +285,7 @@ bp->bio_offset, bp->bio_length, sc->offsets[start_blk], sc->offsets[end_blk] - sc->offsets[start_blk], bp2->bio_offset, bp2->bio_length)); - bp2->bio_data = malloc(bp2->bio_length, M_GEOM_UZIP, M_NOWAIT); + bp2->bio_data = g_malloc(bp2->bio_length, M_NOWAIT | M_ZERO); if (bp2->bio_data == NULL) { g_io_deliver(bp, ENOMEM); return; @@ -393,7 +393,7 @@ /* * Initialize softc and read offsets. */ - sc = malloc(sizeof(*sc), M_GEOM_UZIP, M_WAITOK); + sc = g_malloc(sizeof(*sc), M_WAITOK | M_ZERO); gp->softc = sc; sc->blksz = ntohl(header->blksz); sc->nblocks = ntohl(header->nblocks); @@ -413,8 +413,8 @@ gp->name, sc->nblocks); goto err; } - sc->offsets = malloc( - total_offsets * sizeof(uint64_t), M_GEOM_UZIP, M_WAITOK); + sc->offsets = g_malloc( + total_offsets * sizeof(uint64_t), M_WAITOK | M_ZERO); offsets_read = MIN(total_offsets, (pp->sectorsize - sizeof(*header)) / sizeof(uint64_t)); for (i = 0; i < offsets_read; i++) @@ -424,7 +424,7 @@ for (blk = 1; offsets_read < total_offsets; blk++) { uint32_t nread; - free(buf, M_GEOM_UZIP); + g_free(buf); buf = g_read_data( cp, blk * pp->sectorsize, pp->sectorsize, &error); if (buf == NULL || error != 0) @@ -442,7 +442,7 @@ DPRINTF(("%s: done reading offsets\n", gp->name)); mtx_init(&sc->last_mtx, "geom_uzip cache", NULL, MTX_DEF); sc->last_blk = -1; - sc->last_buf = malloc(sc->blksz, M_GEOM_UZIP, M_WAITOK); + sc->last_buf = g_malloc(sc->blksz, M_WAITOK | M_ZERO); sc->req_total = 0; sc->req_cached = 0; @@ -470,7 +470,7 @@ g_topology_lock(); g_access(cp, -1, 0, 0); if (buf != NULL) - free(buf, M_GEOM_UZIP); + g_free(buf); if (gp->softc != NULL) { g_uzip_softc_free(gp->softc, NULL); gp->softc = NULL; >Release-Note: >Audit-Trail: >Unformatted: