panic: Memory modified after free

My ARM server crashed while running "make installworld installkernel". The message is panic: Memory modified after free 0xa6305e60 (16, malloc-16, devbuf) + 0 = deadc0dedeadc006 The stack trace goes through tmpfs, which could be an innocent victim. The other filesystems are Z

Re: head -r356109 on 32-bit powerpc (old PowerMac): Memory modified after free during late-stage of boot, most recently used by bus-sc

On 2019-Dec-29, at 14:04, Hans Petter Selasky wrote: > On 2019-12-29 22:53, Mark Millard via freebsd-hackers wrote: >> 0xd2630510: at uma_zalloc_arg+0x1b4 >> 0xd2630540: at malloc+0xfc >> 0xd2630580: at alloc_bounce_pages+0x7c >> 0xd26305c0: at bus_dmamap_create+0x1e8 > > Do you know what dri

Re: head -r356109 on 32-bit powerpc (old PowerMac): Memory modified after free during late-stage of boot, most recently used by bus-sc

On Sun, 2019-12-29 at 23:04 +0100, Hans Petter Selasky wrote: > On 2019-12-29 22:53, Mark Millard via freebsd-hackers wrote: > > 0xd2630510: at uma_zalloc_arg+0x1b4 > > 0xd2630540: at malloc+0xfc > > 0xd2630580: at alloc_bounce_pages+0x7c > > 0xd26305c0: at bus_dmamap_create+0x1e8 > > Do you know

Re: head -r356109 on 32-bit powerpc (old PowerMac): Memory modified after free during late-stage of boot, most recently used by bus-sc

On 2019-12-29 22:53, Mark Millard via freebsd-hackers wrote: 0xd2630510: at uma_zalloc_arg+0x1b4 0xd2630540: at malloc+0xfc 0xd2630580: at alloc_bounce_pages+0x7c 0xd26305c0: at bus_dmamap_create+0x1e8 Do you know what drivers are using bounce pages? --HPS _

head -r356109 on 32-bit powerpc (old PowerMac): Memory modified after free during late-stage of boot, most recently used by bus-sc

possible at the db> prompt) . . . . . . Root mount waiting for: CAM usbus0 usbus1 ugen1.2: at usbus1 uhub4 on uhub0 uhub4: on ubus1 Memory modified after free 0x1e4d180(28) val=1e5a9c0 0 0x1e4d190 panic: Most recently used by bus-sc cpuid = 0 time = 2 KDB: stack backtrace: 0xd2630390:

vnet_alloc: panic: Memory modified after free 0xfffffe002efc8ed0(8) val=deadc0df

I wonder if people are aware of this issue and if anyone is looking into it. I got notified about it by Jenkins after an unrelated commit (ichwd). panic: Memory modified after free 0xfe002efc8ed0(8) val=deadc0df @ 0xfe002efc8ed0 11:51:33 cpuid = 0 11:51:33 time = 1544788293 11:51:33

Re: Memory modified after free in "MAP ENTRY" zone (vm_map_entry_t->read_ahead)

On 19/02/2016 10:38, Andriy Gapon wrote: > On 18/02/2016 17:13, Konstantin Belousov wrote: >> So this is arguably a fallout from r188331. >> The following is somewhat non-insistent attempt to fix the problem. > > Kostik, > > thank you very much, I am testing the patch. The patch holds good so fa

Re: Memory modified after free in "MAP ENTRY" zone (vm_map_entry_t->read_ahead)

On 18/02/2016 17:13, Konstantin Belousov wrote: > So this is arguably a fallout from r188331. > The following is somewhat non-insistent attempt to fix the problem. Kostik, thank you very much, I am testing the patch. > diff --git a/sys/vm/vm_fault.c b/sys/vm/vm_fault.c > index a7e3d37..cddf1eb 1

Re: Memory modified after free in "MAP ENTRY" zone (vm_map_entry_t->read_ahead)

On Mon, Feb 15, 2016 at 11:07:11AM +0200, Andriy Gapon wrote: > On 15/02/2016 00:27, Alan Cox wrote: > > > > On Sun, Feb 14, 2016 at 8:09 AM, Andriy Gapon > > wrote: > > > > On 10/02/2016 23:28, Andriy Gapon wrote: > > > > > > Over a span of approximately 3 w

Re: Memory modified after free in "MAP ENTRY" zone (vm_map_entry_t->read_ahead)

On 15/02/2016 00:27, Alan Cox wrote: > > On Sun, Feb 14, 2016 at 8:09 AM, Andriy Gapon > wrote: > > On 10/02/2016 23:28, Andriy Gapon wrote: > > > > Over a span of approximately 3 weeks I have got two slightly different > panics of > > the same kind. T

Re: Memory modified after free in "MAP ENTRY" zone (vm_map_entry_t->read_ahead)

at's biting you. > Some details from the panic caused by the assertion can be found here: > http://dpaste.com/39BYV7S.txt > > > > 1 === > > Unread portion of the kernel message buffer: > > panic: Memory modified after free 0xfff

Re: Memory modified after free in "MAP ENTRY" zone (vm_map_entry_t->read_ahead)

y the assertion can be found here: http://dpaste.com/39BYV7S.txt > 1 === > Unread portion of the kernel message buffer: > panic: Memory modified after free 0xf8008c15ac80(128) val=adc0de @ > 0xf8008c15acdc >

Memory modified after free in "MAP ENTRY" zone (vm_map_entry_t->read_ahead)

the kernel message buffer: panic: Memory modified after free 0xf80176692680(128) val=adc0de @ 0xf801766926dc KDB: stack backtrace: db_trace_self_wrapper() at 0x8041e90b = db_trace_self_wrapper+0x2b/frame 0xfe04f507c5a0 kdb_backtrace() at 0x80669a09 = kdb_backtrace+0x39

Re: Memory modified after free, seemingly geli related

On 6 August 2015 at 03:11, Pawel Jakub Dawidek wrote: >> >> I'm seeing it too. I tracked it down to ZFS. The bio was last owned by >> the ZFS::VDEV GEOM class, which is modyfing bio_error on freed bio. I'm >> investigating further and will let you know here once I find the >> cause. > > Ok. It was

Re: Memory modified after free, seemingly geli related

On Thu, Aug 06, 2015 at 04:06:40AM +0200, Pawel Jakub Dawidek wrote: > On Wed, Aug 05, 2015 at 03:24:26AM +, Ed Maste wrote: > > I've encountered a few memory modified after free panics recently, > > which seem to be from geli. I don't yet have any debugging to > &g

Re: Memory modified after free, seemingly geli related

On Thu, 6 Aug 2015 04:06:40 +0200 Pawel Jakub Dawidek wrote: > On Wed, Aug 05, 2015 at 03:24:26AM +, Ed Maste wrote: > > I've encountered a few memory modified after free panics recently, > > which seem to be from geli. I don't yet have any debugging to > &g

Re: Memory modified after free, seemingly geli related

On Wed, Aug 05, 2015 at 03:24:26AM +, Ed Maste wrote: > I've encountered a few memory modified after free panics recently, > which seem to be from geli. I don't yet have any debugging to > completely confirm it's geli, but it has not happened on my other test &

Re: Memory modified after free, seemingly geli related

Ed Maste wrote this message on Wed, Aug 05, 2015 at 03:24 +: > I've encountered a few memory modified after free panics recently, > which seem to be from geli. I don't yet have any debugging to > completely confirm it's geli, but it has not happened on my other test &

Memory modified after free, seemingly geli related

I've encountered a few memory modified after free panics recently, which seem to be from geli. I don't yet have any debugging to completely confirm it's geli, but it has not happened on my other test laptop which configured similarly but without geli. This has a few local pat

Memory modified after free & Kernel panic with current (r278031)

Hallo, I'm still fighting with MinnowBoard... When I set the network interface I get a bunch of "Memory modified after free" messages. If I wait long enough (a couple of minutes) I get a kernel panic. Here an example with the dmesg (https://pastebin.mozilla.org/8657938) I

Re: r247144 panics on boot with "memory modified after free" on VBox

Hello, Lev. You wrote 22 февраля 2013 г., 15:45:31: LS> $subj LS> GENERIC kernel (with WITNESS and other debug stuff), typical VBox LS> virtual machine with AHCI disks and CD. LS> Two "Most recently used by" variants: "cd" and "GEOM". Removing virtual PATA CD from configuration allows me

r247144 panics on boot with "memory modified after free" on VBox

Hello, freebsd-current. $subj GENERIC kernel (with WITNESS and other debug stuff), typical VBox virtual machine with AHCI disks and CD. Two "Most recently used by" variants: "cd" and "GEOM". -- // Black Lion AKA Lev Serebryakov ___ freebs

Re: Fatal trap 1 [Was: "Memory modified after free" - by whom?]

RT triggering the next line, you see this improvement. > > Memory modified after free 0xff800040d000(9216) val=5a5a5a5a @ > > 0xff800040d000 > > Fatal trap 1: privileged instruction fault while in kernel mode > > cpuid = 3; > > cpuid = 1; > > apic id =

Fatal trap 1 [Was: "Memory modified after free" - by whom?]

l trap... Could you please do 'disassemble 0x80af5099' in kgdb with the same kernel. Or if you have a different kernel now, please use "instruction pointer" value from a trap with that kernel. > Memory modified after free 0xff800040d000(9216) val=5a5a5a5a @ > 0

Re: "Memory modified after free" - by whom?

(clipping off mdf and adrian so they don't get directly spammed :)..) Crud. Continuing the processor after panic didn't work, so it might be a case of cxgbe "shot the sheriff" or something else in the stack is doing something wonky: db> c Memory modified after free

Re: "Memory modified after free" - by whom?

nic when the memory >> is touched after free. > > Tada (dang, that's nifty stuff)! > > # sysctl vm.memguard.desc=mbuf_jumbo_9k > vm.memguard.descM: -> mbuf_jumboem_9k > # ory modified after free 0xff8000401000(9216) val=0 @ 0xff8000401000 > Memory modified a

Re: "Memory modified after free" - by whom?

ctl vm.memguard.desc=mbuf_jumbo_9k vm.memguard.descM: -> mbuf_jumboem_9k # ory modified after free 0xff8000401000(9216) val=0 @ 0xff8000401000 Memory modified after free 0xff8000405000(9216) val=0 @ 0xff8000405000 Memory modified after free 0xff8000409000(9216) val=5a5a5a5a @ 0x

Re: "Memory modified after free" - by whom?

On Mon, Dec 10, 2012 at 03:18:45PM -0800, m...@freebsd.org wrote: m> On Mon, Dec 10, 2012 at 3:10 PM, Adrian Chadd wrote: m> > 9216 sounds like a jumbo frame mbuf. So the NIC is writing to an mbuf m> > after it's finalised/freed. m> > m> > I have a similar bug showing up on ath(4) RX. :( m> m> Co

Re: "Memory modified after free" - by whom?

On Mon, Dec 10, 2012 at 05:37:17PM -0800, Garrett Cooper wrote: > On Mon, Dec 10, 2012 at 3:21 PM, Adrian Chadd wrote: > > On 10 December 2012 15:18, wrote: > >> On Mon, Dec 10, 2012 at 3:10 PM, Adrian Chadd wrote: > >>> 9216 sounds like a jumbo frame mbuf. So the NIC is writing to an mbuf > >>

Re: "Memory modified after free" - by whom?

On Mon, Dec 10, 2012 at 3:21 PM, Adrian Chadd wrote: > On 10 December 2012 15:18, wrote: >> On Mon, Dec 10, 2012 at 3:10 PM, Adrian Chadd wrote: >>> 9216 sounds like a jumbo frame mbuf. So the NIC is writing to an mbuf >>> after it's finalised/freed. >>> >>> I have a similar bug showing up on a

Re: "Memory modified after free" - by whom?

On 10 December 2012 15:18, wrote: > On Mon, Dec 10, 2012 at 3:10 PM, Adrian Chadd wrote: >> 9216 sounds like a jumbo frame mbuf. So the NIC is writing to an mbuf >> after it's finalised/freed. >> >> I have a similar bug showing up on ath(4) RX. :( > > Compile with DEBUG_MEMGUARD in the kernel co

Re: "Memory modified after free" - by whom?

state changed to UP >> Dec 10 14:03:36 wf158 kernel: em0: link state changed to UP >> Dec 10 14:03:36 wf158 dhclient: New IP Address (em0): 10.7.169.89 >> Dec 10 14:03:36 wf158 dhclient: New Subnet Mask (em0): 255.255.240.0 >> Dec 10 14:03:36 wf158 dhclient: N

Re: "Memory modified after free" - by whom?

03:36 wf158 dhclient: New Subnet Mask (em0): 255.255.240.0 > Dec 10 14:03:36 wf158 dhclient: New Broadcast Address (em0): 10.7.175.255 > Dec 10 14:03:36 wf158 dhclient: New Routers (em0): 10.7.160.1 > Dec 10 14:05:34 wf158 kernel: Memory modified after free > 0xff81c016d000(9216

"Memory modified after free" - by whom?

): 10.7.175.255 Dec 10 14:03:36 wf158 dhclient: New Routers (em0): 10.7.160.1 Dec 10 14:05:34 wf158 kernel: Memory modified after free 0xff81c016d000(9216) val= @ 0xff81c016d000 Dec 10 14:05:35 wf158 kernel: Memory modified after free 0xff81b5cdc000(9216) val= @ 0xff81b5

Kernel panic -- Memory modified after free

I upgraded my kernel yesterday, after testing alc@'s patch for mmu_oea (PowerPC 32-bit, AIM), and now I'm seeing the kernel panic in the subject. Unfortunately, I didn't keep my knonw-good working kernel from prior to testing alc@'s patch, so the most recent kernel I have that works is from over a

Memory modified after free

Hi, got this one over the night: --- cut --- Memory modified after free 0xc3a58a00(124) val=deadc0dd @ 0xc3a58a1c panic: Most recently used by soname Debugger("panic") Stopped at Debugger+0x45: xchgl %ebx,in_Debugger.0 db> show reg cs 0x8 ds

Re: panic: Memory modified after free

Thanks again for looking at this problem Doug White wrote: > On Thu, 23 Oct 2003, othermark wrote: > Onboard fiber? What kind of system is this? They're wired to the board. I'd probably break the connector if I remove it. This box has custom hardware attached, I don't expect any of the driv

Re: panic: Memory modified after free

On Thu, 23 Oct 2003, othermark wrote: > these are fibre 1000 base sx connections. They don't attach correctly in > the 5.0-release kernel as well (with the exact same error), but it does > continue to boot correctly. These are hardwired into the bus, and I'm > unable to disable them. :( Onboard

Re: panic: Memory modified after free

Hi, thanks for taking a gander at my problem. The original panic can be reviewed here: http://article.gmane.org/gmane.os.freebsd.current/31913 now to answer your query... Doug Rabson wrote: > On Thu, 2003-10-23 at 22:45, othermark wrote: >> I wrote: >> > I will try seeing how far I can go up the

Re: panic: Memory modified after free

On Thu, 2003-10-23 at 22:45, othermark wrote: > I wrote: > > I will try seeing how far I can go up the list of snapshots until I > > encounter the first boot -s panic. > > Well I walked up the available snapshots and the first panic occurs with > the snapshot from the 17th of October. Reviewing t

Re: panic: Memory modified after free

I wrote: > I will try seeing how far I can go up the list of snapshots until I > encounter the first boot -s panic. Well I walked up the available snapshots and the first panic occurs with the snapshot from the 17th of October. Reviewing the commit logs between the 16th and the 17th I note the fo

Re: panic: Memory modified after free

panic: Memory modified after free 0xc4987800(2044) val=c4986800 @ 0xc4987950 panic: Most recently used by bus Debugger("panic") Stopped at Debugger+0x54: xchgl %ebx,in_Debugger.0 db> where Debugger(c083db04,c08ffbc0,c0855049,d782662c,100) at Debugger+0x54 panic(c0855049,c081f6e0,7fc,

Re: panic: Memory modified after free

y problems. Slow bios memcheck at startup is good. > Here is the panic again: > >> Memory modified after free 0xc4758800(2044) val=c4756800 @ 0xc47589dc >> panic: Most recently used by bus-sc this seems similar to: http://www.freebsd.org/cgi/query-pr.cgi?pr=kern/53566 excep

Re: panic: Memory modified after free

otherboard?): > em0: mem > 0xfebe-0xf > ebf irq 9 at device 1.0 on pci2 > em0: [MPSAFE] > em0: Hardware Initialization Failedem0: Unable to initialize the hardware > device_probe_and_attach: em0 attach returned 5 Here is the panic again: > Memory modified aft

panic: Memory modified after free

npbios: handle 0 device ID PNP0c01 (010cd041) PNP: adding io range 0x20-0x21, size=0x2, align=0x1 PNP0000: adding io range 0xa0-0xa1, size=0x2, align=0x1 PNP: adding irq mask 0x4 Memory modified after free 0xc4758800(2044) val=c4756800 @ 0xc47589dc panic: Most recently used by bus-sc Debugg

Re: Memory modified after free / most recently used by GEOM

lete drivers > (pcvt, gsc, etc.) deleted, but with no other significant changes. > > > Memory modified after free 0xc13f7600(252) > panic: Most recently used by GEOM > > panic: from debugger > Uptime: 5m33s > Dumping 64 MB > ata0: resetting devices .. > done &

Memory modified after free / most recently used by GEOM

e backtrace for that one shows that the fault occurred in the file desc code, and traces down to an ioctl() syscall issued by the shell (ksh). Kernel is trimmed down -current as of ~13:30 GMT on Aug 5 w/ obsolete drivers (pcvt, gsc, etc.) deleted, but with no other significant changes. Memory modi

Re: Panic: memory modified after free

n > > using the console, but lasts upto 10 minutes when in use over ssh) > > Running "make deinstall" triggered this panic: > > > > Memory modified after free 0xc1891c00(1020) > > panic: Most recently used by none > > Update: I re-cvsupped (to 19 Dec 14:0

Re: Panic: memory modified after free

onsole, but lasts upto 10 minutes when in use over ssh) > Running "make deinstall" triggered this panic: > > Memory modified after free 0xc1891c00(1020) > panic: Most recently used by none >[snip backtrace] > The machine seems perfectly stable in single user mode. It

Panic: memory modified after free

nning "make deinstall" triggered this panic: Memory modified after free 0xc1891c00(1020) panic: Most recently used by none #10 0xc0204cfb in panic (fmt=0x0) at /usr/src/sys/kern/kern_shutdown.c:503 #11 0xc032c7dd in mtrash_ctor (mem=0xc1891c00, size=0, arg=0x0) at /usr/src/sys/vm/um