On 2015/08/29 13:23, [email protected] wrote:
> panic: free: size too large 18446744073708503040 > 32 (0xffff80000052eb40)
> type
> memdesc
> Stopped at Debugger+09: leave
> RUN ...
> ddb{0}> trace
> Debuggger() at Debugger+0x9
> panic() at panic+0xfe
> free() at free+0xc9
> mem_ioctl() at mem_ioctl+0x149
> VOP_IOCTL() at VOP_IOCTL+0x44
> vn_ioctl() at vn_ioctl+0x77
> sys_ioctl() at sys_ioctl+0x18b
> syscall() at syscall+0x358
> --- syscall (number 54) ---
> This must be due to a commit from between 3PM UTC on Aug 27 (kernel
> built from then boots fine) and 5PM UTC on Aug 28 (kernel panics).
> I can try to bisect the precise commit sometime tomorrow.
sys/arch/amd64/amd64/mem.c r1.26
I think this will fix it.
Index: mem.c
===================================================================
RCS file: /cvs/src/sys/arch/amd64/amd64/mem.c,v
retrieving revision 1.26
diff -u -p -r1.26 mem.c
--- mem.c 28 Aug 2015 00:03:53 -0000 1.26
+++ mem.c 29 Aug 2015 11:35:55 -0000
@@ -299,7 +299,7 @@ mem_ioctl(dev_t dev, u_long cmd, caddr_t
md->mr_owner[sizeof(md->mr_owner) - 1] = 0;
if (error == 0)
error = mem_range_attr_set(md, &mo->mo_arg[0]);
- free(md, M_MEMDESC, nd * sizeof(struct mem_range_desc));
+ free(md, M_MEMDESC, sizeof(struct mem_range_desc));
break;
}
return (error);
