Re: 5.2.1-RC2 debug kernel PANIC "Memory modified after free"

From: Steve Kargl <sgk_at_troutmask.apl.washington.edu>
Date: Wed, 18 Feb 2004 14:04:43 -0800
On Wed, Feb 18, 2004 at 09:28:26AM -0500, Jesse Guardiani wrote:
> 
> GEOM: create disk ad0 dp=0xc3b45560
> ad0: 45780MB <IC25T048ATDA05-0> [93015/16/63] at ata0-master UDMA100
> ata1-slave: FAILURE - ATAPI_IDENTIFY no interrupt
> Feb 18 09:16:24 david su: BAD SU jesse to root on /dev/ttyv1
> ata1-slave: FAILURE - ATAPI_IDENTIFY no interrupt
> acd0: DVDROM <HL-DT-STDVD-ROM GDR8081N> at ata1-master UDMA33
> Mounting root from ufs:/dev/ad0s3a
> Memory modified after free 0xc3b41a00(508) val=ff70ff70 _at_ 0xc3b41a00
> 
> 
> Fatal trap 12: page fault while in kernel mode
> fault virtual address   = 0xff70ff90
> fault code              = supervisor read, page not present
> instruction pointer     = 0x8:0xc06691bd
> stack pointer           = 0x10:0xe38a3934
> frame pointer           = 0x10:0xe38a3950
> code segment            = base 0x0, limit 0xfffff, type 0x1b
>                         = DPL 0, pres 1, def32 1, gran 1
> processor eflags        = interrupt enabled, resume, IOPL = 0
> current process         = 56 (sh)
> kernel: type 12 trap, code=0
> Stopped at      mtrash_ctor+0x4d:       movl    0x20(%eax),%eax
> db>
> db> trace
> mtrash_ctor(c3b41a00,200,0,579,c3b41a00) at mtrash_ctor+0x4d
> uma_zalloc_arg(c103bcc0,0,2,e38a39a8,c0547970) at uma_zalloc_arg+0x1cb
> malloc(188,c0711be0,2,1,c06dcb5e) at malloc+0xd3
> elf32_load_file(c3a678d4,c3ab6000,e38a3a9c,e38a3bc8,1000) at elf32_load_file+0x5
> 1
> exec_elf32_imgact(e38a3b8c,0,c06db142,fe,c0740eb8) at exec_elf32_imgact+0x45d
> kern_execve(c3a65140,81078e0,8107938,8107948,0) at kern_execve+0x38c
> execve(c3a65140,e38a3d14,c06f68f1,3ee,3) at execve+0x30
> syscall(2f,2f,2f,81078e0,8107938) at syscall+0x2c0
> Xint0x80_syscall() at Xint0x80_syscall+0x1d
> --- syscall (59, FreeBSD ELF32, execve), eip = 0x807c22f, esp = 0xbfbfe62c, ebp
> = 0xbfbfe648 ---
> db>
> 


This is a known panic.  You can try disabling ACPI by adding
hin.acpi.0.disbled="1" to /boot/loader.conf or setting it in
the loader.  The other workaround was proposed by Maxim.  You 
need to change line 570 in dev/ata/ata-all.c from 
   request->retries = -1;
to
   request->retries = 3;

-- 
Steve
Received on Wed Feb 18 2004 - 13:04:43 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:37:43 UTC