kern/71431: [panic fix] [patch] geom_uzip.ko caused panic
daichi
daichi at freebsd.org
Tue Sep 14 00:02:49 PDT 2004
> I can't reproduce this.
> geom uzip load does not work.
> kldload geom_uzip works perfectly.
>
> Can you provide stack trace?
> Can you reproduce the problem on recent -CURRENT?
> You can try this patch instead (but I doubt that it will change anything
> for you):
I tried 5.3-BETA 9/9 and that did not get panic. And I tried
6-current 9/9 and that did get panic. The stack trace is follow:
---------------------
panic: malloc(9)/free(9) confusion.
Probably freeing with wrong type, but maybe not here.
cpuid = 0
KDB: enter: panic
[thread 100026]
Stopped at kdb_enter+0x2b: nop
db> trace
kdb_enter(c07f0204) at kdb_enter+0x2b
panic(c07ee89b,c07ee865,c1f180c0,c1efcc80,c1d4dd40) at panic+0x127
free(c1e55000,c1f18040,d4225c8c,c05f7a0c,c0847004) at free+0x29
g_uzip_taste(c1f180c0,c1b42680,0,c0846ea0,c1efca80) at g_uzip_taste+0x5cf
g_load_class(c1ad6830,0,66666667,d4225d04,c05d0139) at g_load_class+0x127
one_event(d4225d1c,c05d1605,3c,28,c19c68c0) at one_event+0x14f
g_run_events(3c,28,c19c68c0,c05d15c8,d4225d34) at g_run_events+0x9
g_event_procbody(0,d4225d48,0,c05d15c8,0) at g_event_procbody+0x3d
fork_exit(c05d15c8,0,d4225d48) at fork_exit+0xa4
fork_trampoline() at fork_trampoline+0x8
--- trap 0x1, eip=0, esp = 0xd4225d7c, ebp = 0 ---
db>
---------------------
I think this problem depends on malloc/free confusion.
In shortly, next code is bad I think.
void * buf = malloc(size, M_GEOM, M_WAITOK);
free(buf, M_GEOM_UZIP);
In for_loop of g_uzip_taste, malloced area gets free
with M_GEOM_UZIP flag. But the area is malloced with
M_GEOM flag. I think this causes problem.
--
Daichi GOTO, http://people.freebsd.org/~daichi
More information about the freebsd-geom
mailing list