kern/138537: [panic] Memory modified after free

Jonathan Hanna jhanna at pangolin-systems.com
Fri Sep 4 17:50:02 UTC 2009 

>Number:         138537
>Category:       kern
>Synopsis:       [panic] Memory modified after free
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Sep 04 17:50:02 UTC 2009
>Closed-Date:
>Last-Modified:
>Originator:     Jonathan Hanna
>Release:        FreeBSD 9.0-CURRENT i386
>Organization:
>Environment:

9.0-CURRENT r196798

>Description:

Panic, while reading one DVD and writing another, in case it matters.

#0  doadump () at pcpu.h:246
246     pcpu.h: No such file or directory.
        in pcpu.h
(kgdb) #0  doadump () at pcpu.h:246
#1  0xc08a538f in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:416
#2  0xc08a5672 in panic (fmt=Variable "fmt" is not available.
) at /usr/src/sys/kern/kern_shutdown.c:579
#3  0xc0b23347 in mtrash_ctor (mem=0xcb546920, size=16, arg=0x0, flags=258)
    at /usr/src/sys/vm/uma_dbg.c:137
#4  0xc0b22899 in uma_zalloc_arg (zone=0xc188c700, udata=0x0, flags=258)
    at /usr/src/sys/vm/uma_core.c:1997
#5  0xc0891854 in malloc (size=4, mtp=0xc6c97118, flags=258) at uma.h:305
#6  0xc6ba4e10 in zfs_kmem_alloc () from /boot/kernel/zfs.ko
#7  0xc6bc07d8 in dmu_buf_hold_array_by_dnode () from /boot/kernel/zfs.ko
#8  0xc6bc0f85 in dmu_buf_hold_array () from /boot/kernel/zfs.ko
#9  0xc6bc11b3 in dmu_read_uio () from /boot/kernel/zfs.ko
#10 0xc6c390e8 in zfs_freebsd_read () from /boot/kernel/zfs.ko
#11 0xc0c0e03a in VOP_READ_APV (vop=0x0, a=0xc34d5048) at vnode_if.c:887
#12 0xc0b3ea4b in vnode_pager_generic_getpages (vp=0xd17bd218, m=0xf5f02bbc,
    bytecount=4096, reqpage=0) at vnode_if.h:384
#13 0xc09220e9 in vop_stdgetpages (ap=0xf5f02ac4)
    at /usr/src/sys/kern/vfs_default.c:658
#14 0xc0c0c97b in VOP_GETPAGES_APV (vop=0xc0dc8060, a=0xf5f02ac4)
    at vnode_if.c:2603
#15 0xc0b3dac4 in vnode_pager_getpages (object=0xd078bc38, m=0xf5f02bbc,
    count=1, reqpage=0) at vnode_if.h:1134
#16 0xc0b2531f in vm_fault (map=0xcc84b910, vaddr=879652864,
    fault_type=1 '\001', fault_flags=Variable "fault_flags" is not available.
) at vm_pager.h:131
#17 0xc0c007d9 in trap_pfault (frame=0xf5f02d38, usermode=1, eva=879652864)
    at /usr/src/sys/i386/i386/trap.c:823
#18 0xc0c0112e in trap (frame=0xf5f02d38) at /usr/src/sys/i386/i386/trap.c:396
#19 0xc0be3aab in calltrap () at /usr/src/sys/i386/i386/exception.s:165
#20 0x080496d3 in ?? ()
Previous frame inner to this frame (corrupt stack?)
(kgdb)


Demsg from core:

...
acd0: FAILURE - READ_TOC ILLEGAL REQUEST asc=0x24 ascq=0x00
acd0: FAILURE - READ_TOC ILLEGAL REQUEST asc=0x24 ascq=0x00
acd0: FAILURE - READ_TOC ILLEGAL REQUEST asc=0x24 ascq=0x00
(cd0:ata0:0:0:0): READ TOC/PMA/ATIP. CDB: 43 0 0 0 0 0 0 0 4 0
(cd0:ata0:0:0:0): CAM Status: SCSI Status Error
(cd0:ata0:0:0:0): SCSI Status: Check Condition
(cd0:ata0:0:0:0): ILLEGAL REQUEST asc:24,0
(cd0:ata0:0:0:0): Invalid field in CDB
(cd0:ata0:0:0:0): Unretryable error
acd0: FAILURE - unknown CMD (0x03) ILLEGAL REQUEST asc=0x24 ascq=0x00
acd1: FAILURE - READ_TOC ILLEGAL REQUEST asc=0x24 ascq=0x00
acd1: FAILURE - READ_TOC ILLEGAL REQUEST asc=0x24 ascq=0x00
acd1: FAILURE - READ_TOC ILLEGAL REQUEST asc=0x24 ascq=0x00
(cd1:ata1:0:0:0): READ TOC/PMA/ATIP. CDB: 43 0 0 0 0 0 0 0 4 0
(cd1:ata1:0:0:0): CAM Status: SCSI Status Error
(cd1:ata1:0:0:0): SCSI Status: Check Condition
(cd1:ata1:0:0:0): ILLEGAL REQUEST asc:24,0
(cd1:ata1:0:0:0): Invalid field in CDB
(cd1:ata1:0:0:0): Unretryable error
acd1: WARNING - TEST_UNIT_READY taskqueue timeout - completing request directly
acd1: WARNING - TEST_UNIT_READY freeing taskqueue zombie request
acd1: WARNING - TEST_UNIT_READY taskqueue timeout - completing request directly
acd1: WARNING - TEST_UNIT_READY freeing taskqueue zombie request
acd1: WARNING - unknown CMD (0x4a) taskqueue timeout - completing request directly
acd1: WARNING - unknown CMD (0x4a) freeing taskqueue zombie request
Memory modified after free 0xcb546920(12) val=5e040600 @ 0xcb546920
panic: Most recently used by ata_generic


>How-To-Repeat:
>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-bugs mailing list