5.2.1-RC2 debug kernel PANIC "Memory modified after free"

From: Jesse Guardiani <jesse_at_wingnet.net>
Date: Wed, 18 Feb 2004 09:28:26 -0500
Howdy list,

I've experienced two seemingly random kernel panics since
upgrading from 5.2-RELEASE to 5.2.1-RC2. Unfortunately,
5.2.1-RC2 doesn't come with a debug kernel, so I compiled
my own hoping to get an informative backtrace.

However, upon booting my debug kernel, I get this via serial
console:

GEOM: create disk ad0 dp=0xc3b45560
ad0: 45780MB <IC25T048ATDA05-0> [93015/16/63] at ata0-master UDMA100
ata1-slave: FAILURE - ATAPI_IDENTIFY no interrupt
Feb 18 09:16:24 david su: BAD SU jesse to root on /dev/ttyv1
ata1-slave: FAILURE - ATAPI_IDENTIFY no interrupt
acd0: DVDROM <HL-DT-STDVD-ROM GDR8081N> at ata1-master UDMA33
Mounting root from ufs:/dev/ad0s3a
Memory modified after free 0xc3b41a00(508) val=ff70ff70 _at_ 0xc3b41a00


Fatal trap 12: page fault while in kernel mode
fault virtual address   = 0xff70ff90
fault code              = supervisor read, page not present
instruction pointer     = 0x8:0xc06691bd
stack pointer           = 0x10:0xe38a3934
frame pointer           = 0x10:0xe38a3950
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, def32 1, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 56 (sh)
kernel: type 12 trap, code=0
Stopped at      mtrash_ctor+0x4d:       movl    0x20(%eax),%eax
db>
db> trace
mtrash_ctor(c3b41a00,200,0,579,c3b41a00) at mtrash_ctor+0x4d
uma_zalloc_arg(c103bcc0,0,2,e38a39a8,c0547970) at uma_zalloc_arg+0x1cb
malloc(188,c0711be0,2,1,c06dcb5e) at malloc+0xd3
elf32_load_file(c3a678d4,c3ab6000,e38a3a9c,e38a3bc8,1000) at elf32_load_file+0x5
1
exec_elf32_imgact(e38a3b8c,0,c06db142,fe,c0740eb8) at exec_elf32_imgact+0x45d
kern_execve(c3a65140,81078e0,8107938,8107948,0) at kern_execve+0x38c
execve(c3a65140,e38a3d14,c06f68f1,3ee,3) at execve+0x30
syscall(2f,2f,2f,81078e0,8107938) at syscall+0x2c0
Xint0x80_syscall() at Xint0x80_syscall+0x1d
--- syscall (59, FreeBSD ELF32, execve), eip = 0x807c22f, esp = 0xbfbfe62c, ebp
= 0xbfbfe648 ---
db>

I'd panic the kernel and do a core dump and get a proper trace from gdb,
but the kernel hasn't mounted /var yet.

uname -a on the stock kernel:

FreeBSD trevarthan.int.wingnet.net 5.2.1-RC2 FreeBSD 5.2.1-RC2 #0: Thu Feb 12 16:28:31 GMT 2004     root_at_wv1u.btc.adaptec.com:/usr/obj/usr/src/sys/GENERIC  i386

Any ideas?

-- 
Jesse Guardiani, Systems Administrator
WingNET Internet Services,
P.O. Box 2605 // Cleveland, TN 37320-2605
423-559-LINK (v)  423-559-5145 (f)
http://www.wingnet.net
Received on Wed Feb 18 2004 - 05:28:30 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:37:43 UTC