freebsd-ia64 Digest, Vol 355, Issue 2
freebsd-ia...@freebsd.org
freebs...@freebsd.org
To subscribe or unsubscribe via the World Wide Web, visit
http://lists.freebsd.org/mailman/listinfo/freebsd-ia64
or, via email, send a message with subject or body 'help' to
freebsd-ia...@freebsd.org
You can reach the person managing the list at
freebsd-i...@freebsd.org
When replying, please edit your Subject line so it is more specific
than "Re: Contents of freebsd-ia64 digest..."
Today's Topics:
1. Re: kern/145211: Memory modified after free (Anton Shterenlikht)
2. ia64 -> panic: ffs_blkfree: freeing free frag
(Anton Shterenlikht)
----------------------------------------------------------------------
Message: 1
Date: Wed, 31 Mar 2010 20:05:26 +0100
From: Anton Shterenlikht <me...@bristol.ac.uk>
Subject: Re: kern/145211: Memory modified after free
To: Nathaniel W Filardo <n...@cs.jhu.edu>, freebs...@freebsd.org
Cc: bug-fo...@freebsd.org
Message-ID: <20100331190...@mech-cluster241.men.bris.ac.uk>
Content-Type: text/plain; charset=us-ascii
On Wed, Mar 31, 2010 at 06:50:12PM +0000, Nathaniel W Filardo wrote:
> The following reply was made to PR sparc64/145211; it has been noted by GNATS.
>
> From: Nathaniel W Filardo <n...@cs.jhu.edu>
> To: bug-fo...@freebsd.org
> Cc:
> Subject: Re: kern/145211: Memory modified after free
> Date: Wed, 31 Mar 2010 14:49:40 -0400
>
> It occurs to me to add that at least the second crash was correlated with a
> burst of traffic on bge2, which usually sits idle. FWIW, bge0 and bge3 are
> typically busy, and bge1 is not connected. Is it possible that this is a
> bge bug? I'll be recreating the busy-bge2 scenario to test other things
> anyway and will report should it trigger a panic again.
FWIW I've had this twice on ia64 -current.
It also seems to follow bge activity,
but not sure about the "bursts":
http://seis.bris.ac.uk/~mexas/freebsd/ia64/rx2600/tzav/messages
--
Anton Shterenlikht
Room 2.6, Queen's Building
Mech Eng Dept
Bristol University
University Walk, Bristol BS8 1TR, UK
Tel: +44 (0)117 331 5944
Fax: +44 (0)117 929 4423
------------------------------
Message: 2
Date: Wed, 31 Mar 2010 21:56:06 +0100
From: Anton Shterenlikht <me...@bristol.ac.uk>
Subject: ia64 -> panic: ffs_blkfree: freeing free frag
To: freebs...@freebsd.org, freebsd...@freebsd.org
Message-ID: <2010033120...@mech-cluster241.men.bris.ac.uk>
Content-Type: text/plain; charset=us-ascii
on r205976M ia64 with gmirror, see dmesg here:
http://seis.bris.ac.uk/~mexas/freebsd/ia64/rx2600/tzav/dmesg.boot
I got this panic:
) at syscall+0x3b0
epc_syscall_return() at epc_syscall_return
Mar 31 19:51:51 mech-cluster241 su: mexas to root on /dev/pts/9
dev = mirror/usr, block = 15150194, fs = /usr
panic: ffs_blkfree: freeing free frag
cpuid = 1
KDB: enter: panic
[ thread pid 19 tid 100054 ]
Stopped at kdb_enter+0x92: [I2] addl r14=0xffffffffffe1e628,gp ;;
db>
bt
Tracing pid 19 tid 100054 td 0xe000000011105880
kdb_enter(0xe000000004783670, 0xe000000004783670, 0xe00000000439bb40, 0x793) at kdb_enter+0x92
panic(0xe0000000047abda8, 0xe0000000115c96e0, 0xe72c72, 0xe0000000115888d4, 0xe0000000046382a0, 0xa1a) at panic+0x2f0
ffs_blkfree(0xe0000000115c9200, 0xe000000011588800, 0xe00000001168e000, 0xe72c72, 0x800, 0xa00000009a952c28) at ffs_blkfree+0xbc0
handle_workitem_freeblocks(0xe00000001c9d6e00, 0x0, 0x800, 0xe00000001c9d6e48, 0x0) at handle_workitem_freeblocks+0x4e0
process_worklist_item(0xe00000001c9d6e1a, 0xe0000000115c92c4, 0xe00000001c9d6e00, 0x0) at process_worklist_item+0x440
softdep_process_worklist(0xe0000000116982f8, 0xe0000000048cbeb8, 0xe0000000048cf030, 0x1, 0x0) at softdep_process_worklist+0xe0
softdep_flush(0xe0000000116982f8, 0xe000000011698000, 0x0, 0xe0000000047acf70) at softdep_flush+0x430
fork_exit(0xe0000000047c41c0, 0x0, 0xa0000000bd435550) at fork_exit+0x110
enter_userland() at enter_userland
db>
After fixing all filsytem inconsitensies with fsck
I got this panic:
# shutdown -r now
Shutdown NOW!
shutdown: [pid 89]
# /usr/bin/wall: not found
Mar 31 22:47:28 shutdown: reboot by root:
System shutdown time has arrived
Writing entropy file:/etc/rc.shutdown: WARNING: write failed (read-only fs?)
Terminated
.
GEOM_MIRROR: Device usr: rebuilding provider da0p6 stopped.
GEOM_MIRROR: Device tmp: provider mirror/tmp destroyed.
GEOM_MIRROR: Device usr: provider mirror/usr destroyed.
fatal kernel trap (cpu 1):
trap vector = 0x14 (Page Not Present)
cr.iip = 0xe000000004380960
cr.ipsr = 0x1210080a6018 (ac,mfl,ic,i,dt,dfh,rt,cpl=0,it,ri=1,bn)
cr.isr = 0xa0400000000 (code=0,vector=0,r,ei=1,ed)
cr.ifa = 0x98
curthread = 0xe000000010caa380
pid = 3, comm = g_up
[ thread pid 3 tid 100009 ]
Stopped at _mtx_lock_flags+0x51: [M1] ld8.acq r14=[r14]
db>
db> bt
Tracing pid 3 tid 100009 td 0xe000000010caa380
_mtx_lock_flags(0x80, 0x0, 0xe000000004bb9668, 0x3e3) at _mtx_lock_flags+0x51
g_mirror_sync_done(0xe00000001158d878, 0x0, 0x80, 0xe000000004493190) at g_mirror_sync_done+0xa0
biodone(0xe00000001158d878, 0xe00000001087a810, 0xe0000000048453f0, 0xe0000000047927a8, 0xe0000000042eb530) at biodone+0x130
g_io_schedule_up(0x100, 0xe00000001158d878, 0xe0000000048dd6c8, 0xe0000000048dd700) at g_io_schedule_up+0x280
g_up_procbody(0xe0000000047788f0, 0xe000000010caa380, 0xe00000000434bdd0, 0x40c) at g_up_procbody+0xc0
fork_exit(0xe0000000047c2bf0, 0x0, 0xa0000000bcbf9550) at fork_exit+0x110
enter_userland() at enter_userland
db>
--
Anton Shterenlikht
Room 2.6, Queen's Building
Mech Eng Dept
Bristol University
University Walk, Bristol BS8 1TR, UK
Tel: +44 (0)117 331 5944
Fax: +44 (0)117 929 4423
------------------------------
End of freebsd-ia64 Digest, Vol 355, Issue 2
********************************************