On Sat, Aug 29, 2015 at 12:36:10PM +0100, Stuart Henderson wrote: > On 2015/08/29 13:23, [email protected] wrote: > > panic: free: size too large 18446744073708503040 > 32 (0xffff80000052eb40) > > type > > memdesc > > Stopped at Debugger+09: leave > > RUN ... > > ddb{0}> trace > > Debuggger() at Debugger+0x9 > > panic() at panic+0xfe > > free() at free+0xc9 > > mem_ioctl() at mem_ioctl+0x149 > > VOP_IOCTL() at VOP_IOCTL+0x44 > > vn_ioctl() at vn_ioctl+0x77 > > sys_ioctl() at sys_ioctl+0x18b > > syscall() at syscall+0x358 > > --- syscall (number 54) --- > > > This must be due to a commit from between 3PM UTC on Aug 27 (kernel > > built from then boots fine) and 5PM UTC on Aug 28 (kernel panics). > > I can try to bisect the precise commit sometime tomorrow. > > sys/arch/amd64/amd64/mem.c r1.26 > > I think this will fix it.
Wow, that was quick! :) Indeed, this fixes the panic. Thanks a lot. > > Index: mem.c > =================================================================== > RCS file: /cvs/src/sys/arch/amd64/amd64/mem.c,v > retrieving revision 1.26 > diff -u -p -r1.26 mem.c > --- mem.c 28 Aug 2015 00:03:53 -0000 1.26 > +++ mem.c 29 Aug 2015 11:35:55 -0000 > @@ -299,7 +299,7 @@ mem_ioctl(dev_t dev, u_long cmd, caddr_t > md->mr_owner[sizeof(md->mr_owner) - 1] = 0; > if (error == 0) > error = mem_range_attr_set(md, &mo->mo_arg[0]); > - free(md, M_MEMDESC, nd * sizeof(struct mem_range_desc)); > + free(md, M_MEMDESC, sizeof(struct mem_range_desc)); > break; > } > return (error); >
