Date: Wed, 6 Aug 2003 09:49:02 +0000 From: Bosko Milekic <bmilekic@technokratis.com> To: Tim Robbins <tjr@freebsd.org> Cc: current@freebsd.org Subject: Re: Memory modified after free / most recently used by GEOM Message-ID: <20030806094902.GA41318@technokratis.com> In-Reply-To: <20030806022722.GA57992@dilbert.robbins.dropbear.id.au> References: <20030806022722.GA57992@dilbert.robbins.dropbear.id.au>
next in thread | previous in thread | raw e-mail | index | archive | help
Hmmmm. Can you look at the contents of memory starting at 0xc13f7600 and going to 0xc13f7600 + 252 bytes? If GEOM is the offender then maybe phk can more easily recognize what could possibly be trashing a freed malloc()'d buffer 252-bytes in size. Sorry for the top-post. -Bosko On Wed, Aug 06, 2003 at 12:27:22PM +1000, Tim Robbins wrote: > While trying to reproduce the "wdrain" problems ru@ reported in the "MSDOSFS > woes" thread, I kept running into this panic. I've also seen a similar one > but didn't keep the vmcore for it where a LOR is detected between Giant and > filedesc, then a page fault occurs. The backtrace for that one shows that the > fault occurred in the file desc code, and traces down to an ioctl() syscall > issued by the shell (ksh). > > Kernel is trimmed down -current as of ~13:30 GMT on Aug 5 w/ obsolete drivers > (pcvt, gsc, etc.) deleted, but with no other significant changes. > > > Memory modified after free 0xc13f7600(252) > panic: Most recently used by GEOM > > panic: from debugger > Uptime: 5m33s > Dumping 64 MB > ata0: resetting devices .. > done > 16 32 48 > --- > #0 doadump () at /home/tim/p4/freebsd/sys/kern/kern_shutdown.c:240 > 240 dumping++; > (kgdb) bt > #0 doadump () at /home/tim/p4/freebsd/sys/kern/kern_shutdown.c:240 > #1 0xc01a19ac in boot (howto=260) at > /home/tim/p4/freebsd/sys/kern/kern_shutdown.c:372 > #2 0xc01a1d37 in panic () at > /home/tim/p4/freebsd/sys/kern/kern_shutdown.c:550 > #3 0xc0127042 in db_panic () at /home/tim/p4/freebsd/sys/ddb/db_command.c:450 > #4 0xc0126fa2 in db_command (last_cmdp=0xc031f780, cmd_table=0x0, > aux_cmd_tablep=0xc02fadc0, aux_cmd_tablep_end=0xc02fadc4) > at /home/tim/p4/freebsd/sys/ddb/db_command.c:346 > #5 0xc01270e5 in db_command_loop () at > /home/tim/p4/freebsd/sys/ddb/db_command.c:472 > #6 0xc012a0e5 in db_trap (type=3, code=0) at > /home/tim/p4/freebsd/sys/ddb/db_trap.c:73 > #7 0xc02b23ec in kdb_trap (type=3, code=0, regs=0xc5f69b68) at > /home/tim/p4/freebsd/sys/i386/i386/db_interface.c:172 > #8 0xc02c2eda in trap (frame= > {tf_fs = 24, tf_es = 16, tf_ds = 16, tf_edi = 1, tf_esi = -1070640529, > tf_ebp = -973694028, tf_isp = -973694060, tf_ebx = 0, tf_edx = 0, tf_ecx = 32, > tf_eax = 18, tf_trapno = 3, tf_err = 0, tf_eip = -1070913874, tf_cs = 8, > tf_eflags = 646, tf_esp = -1070632808, tf_ss = -1070709550}) at > /home/tim/p4/freebsd/sys/i386/i386/trap.c:580 > #9 0xc02b3de8 in calltrap () at {standard input}:102 > #10 0xc01a1cc5 in panic (fmt=0xc02f526f "Most recently used by %s\n") at > /home/tim/p4/freebsd/sys/kern/kern_shutdown.c:534 > #11 0xc0292c5d in mtrash_ctor (mem=0xc13f7600, size=0, arg=0x0) at > /home/tim/p4/freebsd/sys/vm/uma_dbg.c:137 > #12 0xc0291434 in uma_zalloc_arg (zone=0xc083ab60, udata=0x0, flags=2) at > /home/tim/p4/freebsd/sys/vm/uma_core.c:1385 > #13 0xc0196463 in malloc (size=3229854560, type=0xc0305560, flags=2) at > /home/tim/p4/freebsd/sys/vm/uma.h:229 > #14 0xc0184cea in fdcopy (fdp=0xc1218200) at > /home/tim/p4/freebsd/sys/kern/kern_descrip.c:1309 > #15 0xc018de0e in fork1 (td=0xc0a0d390, flags=20, pages=0, procp=0xc5f69cd8) > at /home/tim/p4/freebsd/sys/kern/kern_fork.c:424 > #16 0xc018d61b in fork (td=0xc0a0d390, uap=0xc5f69d10) at > /home/tim/p4/freebsd/sys/kern/kern_fork.c:102 > #17 0xc02c37c3 in syscall (frame= > {tf_fs = 47, tf_es = 47, tf_ds = 47, tf_edi = 0, tf_esi = 135299072, > tf_ebp = -1077937224, tf_isp = -973693580, tf_ebx = 0, tf_edx = 135295016, > tf_ecx = -1, tf_eax = 2, tf_trapno = 12, tf_err = 2, tf_eip = 134725423, tf_cs > = 31, tf_eflags = 582, tf_esp = -1077937268, tf_ss = 47}) at > /home/tim/p4/freebsd/sys/i386/i386/trap.c:1008 > #18 0xc02b3e3d in Xint0x80_syscall () at {standard input}:144 > ---Can't read userspace from dump, or kernel process--- -- Bosko Milekic * bmilekic@technokratis.com * bmilekic@FreeBSD.org TECHNOkRATIS Consulting Services * http://www.technokratis.com/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030806094902.GA41318>