panic: Memory modified after free
Steve Kargl
sgk at troutmask.apl.washington.edu
Tue Jan 31 14:38:23 PST 2006
On Tue, Jan 31, 2006 at 04:33:32PM -0500, Kris Kennaway wrote:
> On Tue, Jan 31, 2006 at 01:22:09PM -0800, Steve Kargl wrote:
> > The system is a dual proc Tyan K8S Pro with 12 GB of memory.
> > The kernel is UP. This was recorded by hand. I have the crash dump.
> >
> > Memory modified after free 0xffffff02505e0c00(504) val=deadc0dd @
> > 0xffffff02505e0cd0
> >
> > panic: Most recently used by DEVFS1
>
> Set up memguard to watch this malloc type in order to obtain useful
> debugging.
>
memguard has made the situation even worse. The kernel never
makes to single user mode. I get
MEMGUARD DEBUGGING ALLOCATOR INITIALIZED
MEMGUARD map base: 0xffffffff8f1b2000
map limit: 0xffffffff919b3000
map size: 41947136 (Bytes)
Memory modified after free 0xffffff000005bd00(248) val=5 @ 0xffffff000005bdd0
kernel trap 9 wiith interrupts disabled
Fatal trap 9: general protection fault while in kernel mode
instruction pointer = 0x8:0xffffffff80306487
stack pointer = 0x10:0xffffffff807a1a20
frame pointer = 0x10:0xffffffff807a1a30
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags = resume, IOPL = 0
current process: = 0 ()
[thread pid 0 tid 0]
Stopped at strlen+0x7: cmpb $0,0(%rdi)
db> bt
Tracing pid 0 tid 0 td 0xffffffff8060ac40
strlen() at strlen+0x7
kvprintf() at kvprintf+0x987
vsnprintf() at vsnprintf+0x2e
panic() at panic+0xfa
mtrash_ctor() at mtrash_ctor+0x70
uma_zalloc_arg() at uma_zalloc_arg+0x170
malloc() at malloc+0x11e
init_dynamic_kenv() at init_dynamic_kenv+0x68
mi_startup() at mi_startup+0xb6
btext() at btext+0x2c
--
Steve
More information about the freebsd-current
mailing list