From owner-freebsd-current@FreeBSD.ORG Tue Aug 5 19:27:43 2003 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8387D37B401 for ; Tue, 5 Aug 2003 19:27:43 -0700 (PDT) Received: from smtp01.syd.iprimus.net.au (smtp01.syd.iprimus.net.au [210.50.30.52]) by mx1.FreeBSD.org (Postfix) with ESMTP id F148943FA3 for ; Tue, 5 Aug 2003 19:27:42 -0700 (PDT) (envelope-from tim@robbins.dropbear.id.au) Received: from mail.robbins.dropbear.id.au (210.50.203.15) by smtp01.syd.iprimus.net.au (7.0.018) id 3F146D0A00508A7E for current@freebsd.org; Wed, 6 Aug 2003 12:27:41 +1000 Received: by mail.robbins.dropbear.id.au (Postfix, from userid 1000) id CFF09C91A; Wed, 6 Aug 2003 12:27:22 +1000 (EST) Date: Wed, 6 Aug 2003 12:27:22 +1000 From: Tim Robbins To: current@freebsd.org Message-ID: <20030806022722.GA57992@dilbert.robbins.dropbear.id.au> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4.1i Subject: Memory modified after free / most recently used by GEOM X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Aug 2003 02:27:43 -0000 While trying to reproduce the "wdrain" problems ru@ reported in the "MSDOSFS woes" thread, I kept running into this panic. I've also seen a similar one but didn't keep the vmcore for it where a LOR is detected between Giant and filedesc, then a page fault occurs. The backtrace for that one shows that the fault occurred in the file desc code, and traces down to an ioctl() syscall issued by the shell (ksh). Kernel is trimmed down -current as of ~13:30 GMT on Aug 5 w/ obsolete drivers (pcvt, gsc, etc.) deleted, but with no other significant changes. Memory modified after free 0xc13f7600(252) panic: Most recently used by GEOM panic: from debugger Uptime: 5m33s Dumping 64 MB ata0: resetting devices .. done 16 32 48 --- #0 doadump () at /home/tim/p4/freebsd/sys/kern/kern_shutdown.c:240 240 dumping++; (kgdb) bt #0 doadump () at /home/tim/p4/freebsd/sys/kern/kern_shutdown.c:240 #1 0xc01a19ac in boot (howto=260) at /home/tim/p4/freebsd/sys/kern/kern_shutdown.c:372 #2 0xc01a1d37 in panic () at /home/tim/p4/freebsd/sys/kern/kern_shutdown.c:550 #3 0xc0127042 in db_panic () at /home/tim/p4/freebsd/sys/ddb/db_command.c:450 #4 0xc0126fa2 in db_command (last_cmdp=0xc031f780, cmd_table=0x0, aux_cmd_tablep=0xc02fadc0, aux_cmd_tablep_end=0xc02fadc4) at /home/tim/p4/freebsd/sys/ddb/db_command.c:346 #5 0xc01270e5 in db_command_loop () at /home/tim/p4/freebsd/sys/ddb/db_command.c:472 #6 0xc012a0e5 in db_trap (type=3, code=0) at /home/tim/p4/freebsd/sys/ddb/db_trap.c:73 #7 0xc02b23ec in kdb_trap (type=3, code=0, regs=0xc5f69b68) at /home/tim/p4/freebsd/sys/i386/i386/db_interface.c:172 #8 0xc02c2eda in trap (frame= {tf_fs = 24, tf_es = 16, tf_ds = 16, tf_edi = 1, tf_esi = -1070640529, tf_ebp = -973694028, tf_isp = -973694060, tf_ebx = 0, tf_edx = 0, tf_ecx = 32, tf_eax = 18, tf_trapno = 3, tf_err = 0, tf_eip = -1070913874, tf_cs = 8, tf_eflags = 646, tf_esp = -1070632808, tf_ss = -1070709550}) at /home/tim/p4/freebsd/sys/i386/i386/trap.c:580 #9 0xc02b3de8 in calltrap () at {standard input}:102 #10 0xc01a1cc5 in panic (fmt=0xc02f526f "Most recently used by %s\n") at /home/tim/p4/freebsd/sys/kern/kern_shutdown.c:534 #11 0xc0292c5d in mtrash_ctor (mem=0xc13f7600, size=0, arg=0x0) at /home/tim/p4/freebsd/sys/vm/uma_dbg.c:137 #12 0xc0291434 in uma_zalloc_arg (zone=0xc083ab60, udata=0x0, flags=2) at /home/tim/p4/freebsd/sys/vm/uma_core.c:1385 #13 0xc0196463 in malloc (size=3229854560, type=0xc0305560, flags=2) at /home/tim/p4/freebsd/sys/vm/uma.h:229 #14 0xc0184cea in fdcopy (fdp=0xc1218200) at /home/tim/p4/freebsd/sys/kern/kern_descrip.c:1309 #15 0xc018de0e in fork1 (td=0xc0a0d390, flags=20, pages=0, procp=0xc5f69cd8) at /home/tim/p4/freebsd/sys/kern/kern_fork.c:424 #16 0xc018d61b in fork (td=0xc0a0d390, uap=0xc5f69d10) at /home/tim/p4/freebsd/sys/kern/kern_fork.c:102 #17 0xc02c37c3 in syscall (frame= {tf_fs = 47, tf_es = 47, tf_ds = 47, tf_edi = 0, tf_esi = 135299072, tf_ebp = -1077937224, tf_isp = -973693580, tf_ebx = 0, tf_edx = 135295016, tf_ecx = -1, tf_eax = 2, tf_trapno = 12, tf_err = 2, tf_eip = 134725423, tf_cs = 31, tf_eflags = 582, tf_esp = -1077937268, tf_ss = 47}) at /home/tim/p4/freebsd/sys/i386/i386/trap.c:1008 #18 0xc02b3e3d in Xint0x80_syscall () at {standard input}:144 ---Can't read userspace from dump, or kernel process---