Date: Sat, 22 Dec 2012 13:08:10 +0200 From: Andriy Gapon <avg@FreeBSD.org> To: Garrett Cooper <yanegomi@gmail.com> Cc: freebsd-net@FreeBSD.org, FreeBSD Current <freebsd-current@FreeBSD.org> Subject: Fatal trap 1 [Was: "Memory modified after free" - by whom?] Message-ID: <50D5949A.1060505@FreeBSD.org> In-Reply-To: <CAGH67wQ8L5R8H7G7s%2B6b%2BiKaAz54es8scnASUQ8Env10x1iqzg@mail.gmail.com> References: <CAGH67wQKUDLQmL8cnWwgzQpWAN2OhKLu0AemPNuy7EOC-i1p9g@mail.gmail.com> <CAJ-Vmo=MsSV3DhAVEP36d%2BFccHDdQz7%2By7v5xTjYKyBP0PfQoQ@mail.gmail.com> <CAMBSHm96ZEiF4mOhUyk-aDS%2BGs%2BhDsh_dMsd-WFcmZ%2BSm6Zk%2BA@mail.gmail.com> <CAGH67wQ8L5R8H7G7s%2B6b%2BiKaAz54es8scnASUQ8Env10x1iqzg@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
on 22/12/2012 02:21 Garrett Cooper said the following: > Fatal trap 1: privileged instruction fault while in kernel mode > Fatal trap 1: privileged instruction fault while in kernel mode Unrelated to the original topic - this looks very weird. I mean all the CPUs getting this unusual trap... Could you please do 'disassemble 0xffffffff80af5099' in kgdb with the same kernel. Or if you have a different kernel now, please use "instruction pointer" value from a trap with that kernel. > Memory modified after free 0xffffff800040d000(9216) val=5a5a5a5a @ > 0xffffff800040d000 > Fatal trap 1: privileged instruction fault while in kernel mode > cpuid = 3; > cpuid = 1; > apic id = 02 > cpuid = 0; apic id = 06 > apic id = 00 > instruction pointer = 0x20:0xffffffff80af5099 > instruction pointer = 0x20:0xffffffff80af5099 > instruction pointer = 0x20:0xffffffff80af5099 > Fatal trap 1: privileged instruction fault while in kernel mode > stack pointer = 0x28:0xffffff8496fff880 > stack pointer = 0x28:0xffffff8496fe1880 > cpuid = 2; frame pointer = 0x28:0xffffff8496fff8b0 > frame pointer = 0x28:0xffffff8496fe18b0 > stack pointer = 0x28:0xffffff849705d880 > code segment = base 0x0, limit 0xfffff, type 0x1b > frame pointer = 0x28:0xffffff849705d8b0 > apic id = 04 > code segment = base 0x0, limit 0xfffff, type 0x1b > code segment = base 0x0, limit 0xfffff, type 0x1b > = DPL 0, pres 1, long 1, def32 0, gran 1 > = DPL 0, pres 1, long 1, def32 0, gran 1 > instruction pointer = 0x20:0xffffffff80af5099 > processor eflags = = DPL 0, pres 1, long > 1, def32 0, gran 1 > interrupt enabled, processor eflags = stack pointer = > 0x28:0xffffff8497067880 > interrupt enabled, resume, resume, frame pointer = > 0x28:0xffffff84970678b0 > IOPL = 0 > code segment = base 0x0, limit 0xfffff, type 0x1b > current process = = DPL 0, pres 1, long > 1, def32 0, gran 1 > processor eflags = 12 (irq280: ix0:que 3) > ilock order reversal: (Giant after non-sleepable) > 1st 0xfffffe0078148b38 ix0:rx(3) (ix0:rx(3)) @ > /usr/src/sys/modules/ixgbe/../../dev/ixgbe/ixgbe.c:4296 > 2nd 0xffffffff814457b8 Giant (Giant) @ /usr/src/sys/dev/usb/input/ukbd.c:1946 > KDB: stack backtrace: > db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xffffff8496fff320 > kdb_backtrace() at kdb_backtrace+0x39/frame 0xffffff8496fff3d0 > witness_checkorder() at witness_checkorder+0xc47/frame 0xffffff8496fff450 > __mtx_lock_flags() at __mtx_lock_flags+0x89/frame 0xffffff8496fff490 > ukbd_poll() at ukbd_poll+0x28/frame 0xffffff8496fff4b0 > kbdmux_poll() at kbdmux_poll+0x5b/frame 0xffffff8496fff4d0 > cngrab() at cngrab+0x35/frame 0xffffff8496fff4f0 > kdb_trap() at kdb_trap+0x124/frame 0xffffff8496fff550 > trap_fatal() at trap_fatal+0x345/frame 0xffffff8496fff5b0 > trap() at trap+0x836/frame 0xffffff8496fff7c0 > calltrap() at calltrap+0x8/frame 0xffffff8496fff7c0 > --- trap 0x1, rip = 0xffffffff80af5099, rsp = 0xffffff8496fff880, rbp > = 0xffffff8496fff8b0 --- > uma_find_refcnt() at uma_find_refcnt+0x79/frame 0xffffff8496fff8b0 -- Andriy Gapon
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?50D5949A.1060505>