On Sun, Oct 21, 2012 at 09:28:06PM +0300, Alexander Motin wrote: > ... > I am curious, how to interpret phrase "42=94966796 bytes allocated" in > log. May be it is just corrupted output, but the number still seems > quite big, especially for i386 system, making me think about some > integer overflow. David, could you write down that part once more? > > Having few more lines of "Allocation backtrace:" could also be useful. > > Could you show your kernel config? I can try to run it on my tests > system, hoping to reproduce the problem. > ...
I was unable to get serial console to work, even with the USB<=>serial
dongle.
However, I did find that the ddb "dump" command appears to have operated
appropriately, and so I now have a dump. That, as well as the core.txt
and additinal copies of the kernel config ("CANARY") and dmesg.boot have
been copied, and are now accessible from
<http://www.catwhisker.org/~david/FreeBSD/stable_9/>.
For a quick reality check, here's the stuff (cut/pasted from core.txt.4)
that I had hand-written in my initial message:
<118>Starting devd.
REDZONE: Buffer underflow detected. 1 byte corrupted before 0xced40080
(4294966796 bytes allocated).
Allocation backtrace:
#0 0xc0ceaa8f at redzone_setup+0xcf
#1 0xc0a5d5c9 at malloc+0x1d9
#2 0xc0a9ead0 at devctl_queue_data_f+0x40
#3 0xc0aa3fba at devaddq+0x20a
#4 0xc0aa098d at device_probe+0xad
#5 0xc0aa1c9f at bus_generic_attach+0x1f
#6 0xc07bcb1a at vga_pci_attach+0x4a
#7 0xc0aa0de4 at device_attach+0x3b4
#8 0xc0aa1cab at bus_generic_attach+0x2b
#9 0xc0531865 at acpi_pci_attach+0x185
#10 0xc0aa0de4 at device_attach+0x3b4
#11 0xc0aa1cab at bus_generic_attach+0x2b
#12 0xc05339c2 at acpi_pcib_attach+0x262
#13 0xc0534cbf at acpi_pcib_pci_attach+0x9f
#14 0xc0aa0de4 at device_attach+0x3b4
#15 0xc0aa1cab at bus_generic_attach+0x2b
#16 0xc0531865 at acpi_pci_attach+0x185
#17 0xc0aa0de4 at device_attach+0x3b4
Free backtrace:
#0 0xc0cead4a at redzone_check+0x1ca
#1 0xc0a5d618 at free+0x38
#2 0xc0a9e956 at devread+0x1a6
#3 0xc0a28807 at giant_read+0x87
#4 0xc09710c6 at devfs_read_f+0xc6
#5 0xc0aba8d9 at dofileread+0x99
#6 0xc0aba4f8 at sys_read+0x98
#7 0xc0ddf977 at syscall+0x387
#8 0xc0dc87d1 at Xint0x80_syscall+0x21
REDZONE: Buffer overflow detected. 16 bytes corrupted after 0xced3fe8c
(4294966796 bytes allocated).
Allocation backtrace:
#0 0xc0ceaa8f at redzone_setup+0xcf
#1 0xc0a5d5c9 at malloc+0x1d9
#2 0xc0a9ead0 at devctl_queue_data_f+0x40
#3 0xc0aa3fba at devaddq+0x20a
#4 0xc0aa098d at device_probe+0xad
#5 0xc0aa1c9f at bus_generic_attach+0x1f
#6 0xc07bcb1a at vga_pci_attach+0x4a
#7 0xc0aa0de4 at device_attach+0x3b4
#8 0xc0aa1cab at bus_generic_attach+0x2b
#9 0xc0531865 at acpi_pci_attach+0x185
#10 0xc0aa0de4 at device_attach+0x3b4
#11 0xc0aa1cab at bus_generic_attach+0x2b
#12 0xc05339c2 at acpi_pcib_attach+0x262
#13 0xc0534cbf at acpi_pcib_pci_attach+0x9f
#14 0xc0aa0de4 at device_attach+0x3b4
#15 0xc0aa1cab at bus_generic_attach+0x2b
#16 0xc0531865 at acpi_pci_attach+0x185
#17 0xc0aa0de4 at device_attach+0x3b4
Free backtrace:
#0 0xc0ceae92 at redzone_check+0x312
#1 0xc0a5d618 at free+0x38
#2 0xc0a9e956 at devread+0x1a6
#3 0xc0a28807 at giant_read+0x87
#4 0xc09710c6 at devfs_read_f+0xc6
#5 0xc0aba8d9 at dofileread+0x99
#6 0xc0aba4f8 at sys_read+0x98
#7 0xc0ddf977 at syscall+0x387
#8 0xc0dc87d1 at Xint0x80_syscall+0x21
panic: free: address 0xced3f080(0xced3f000) has not been allocated.
cpuid = 1
KDB: stack backtrace:
db_trace_self_wrapper(c0f99230,c09710c6,c0aba8d9,c0734d37,c1131d40,...) at
0xc051d25e = db_trace_self_wrapper+0x2e
kdb_backtrace(c0fd3355,1,c0f94756,f7231ae8,c0aa1cab,...) at 0xc0aa7eda =
kdb_backtrace+0x2a
panic(c0f94756,ced3f080,ced3f000,cebe4400,ced40080,...) at 0xc0a73bd4 =
panic+0x1a4
free(ced40080,c10c3660,f7231c0c,c0b1e30d,ce7ef000,...) at 0xc0a5d6f9 =
free+0x119
devread(ce8c2d00,f7231c0c,0,c0b1e4f0,d279ca48,...) at 0xc0a9e956 = devread+0x1a6
giant_read(ce8c2d00,f7231c0c,0,400,0,...) at 0xc0a28807 = giant_read+0x87
devfs_read_f(d279ca48,f7231c0c,ce84b680,0,d2797000,...) at 0xc09710c6 =
devfs_read_f+0xc6
dofileread(d279ca48,f7231c0c,ffffffff,ffffffff,0,...) at 0xc0aba8d9 =
dofileread+0x99
sys_read(d2797000,f7231ccc,c0a7c784,d2797000,0,...) at 0xc0aba4f8 =
sys_read+0x98
syscall(f7231d08) at 0xc0ddf977 = syscall+0x387
Xint0x80_syscall() at 0xc0dc87d1 = Xint0x80_syscall+0x21
--- syscall (3, FreeBSD ELF32, sys_read), eip = 0x808f14b, esp = 0xbfbfd92c,
ebp = 0xbfbfde58 ---
KDB: enter: panic
...
(kgdb) #0 doadump (textdump=Variable "textdump" is not available.
) at pcpu.h:249
#1 0xc051b353 in db_dump (dummy=-148694992, dummy2=-148694992,
dummy3=-148694992, dummy4=0xf7231830 "")
at /usr/src/sys/ddb/db_command.c:538
#2 0xc051ae45 in db_command (cmd_table=Variable "cmd_table" is not available.
) at /usr/src/sys/ddb/db_command.c:449
#3 0xc051abd0 in db_command_loop () at /usr/src/sys/ddb/db_command.c:502
#4 0xc051d3be in db_trap (type=Unhandled dwarf expression opcode 0xc0
) at /usr/src/sys/ddb/db_main.c:231
#5 0xc0aa8464 in kdb_trap (tf=Unhandled dwarf expression opcode 0xc0
) at /usr/src/sys/kern/subr_kdb.c:649
#6 0xc0ddebde in trap (frame=Variable "frame" is not available.
) at /usr/src/sys/i386/i386/trap.c:715
#7 0xc0dc876c in calltrap () at /tmp/exception-ceSooo.s:94
#8 0xc0aa7cdd in kdb_enter (why=Variable "why" is not available.
) at cpufunc.h:71
#9 0xc0a73bf4 in panic (fmt=Unhandled dwarf expression opcode 0xc0
) at /usr/src/sys/kern/kern_shutdown.c:627
#10 0xc0a5d6f9 in free (addr=Unhandled dwarf expression opcode 0xc0
) at /usr/src/sys/kern/kern_malloc.c:545
#11 0xc0a9e956 in devread (dev=0xf7231b14, uio=Variable "uio" is not available.
)
at /usr/src/sys/kern/subr_bus.c:473
#12 0xc0a28807 in giant_read (dev=Variable "dev" is not available.
) at /usr/src/sys/kern/kern_conf.c:443
#13 0xc09710c6 in devfs_read_f (fp=Variable "fp" is not available.
)
at /usr/src/sys/fs/devfs/devfs_vnops.c:1177
#14 0xc0aba8d9 in dofileread (td=Variable "td" is not available.
) at file.h:286
#15 0xc0aba4f8 in sys_read (td=Variable "td" is not available.
) at /usr/src/sys/kern/sys_generic.c:250
#16 0xc0ddf977 in syscall (frame=Variable "frame" is not available.
) at subr_syscall.c:135
#17 0xc0dc87d1 in Xint0x80_syscall () at /tmp/exception-ceSooo.s:134
#18 0x00000033 in ?? ()
Previous frame inner to this frame (corrupt stack?)
Current language: auto; currently minimal
(kgdb)
Anyway: all that (and more!) is available from
<http://www.catwhisker.org/~david/FreeBSD/stable_9/>; I cite the
above mostly as evidence that I might not have been hallucinating.
:-}
Peace,
david
--
David H. Wolfskill da...@catwhisker.org
Taliban: Evil men with guns afraid of truth from a 14-year old girl.
See http://www.catwhisker.org/~david/publickey.gpg for my public key.
pgpCnrvHda8Qu.pgp
Description: PGP signature
