[email protected] (Petri Laakso) writes:
>On Fri, 31 Oct 2014, Maxime Villard wrote: >> That's KMEM_SIZE. Great. >> It means that it caught a memory corruption somewhere. >> That being said, I don't think I can help without a trace... >Here's backtrace and steps how I ended up with panic. This was in >single user mode after fresh 7.0_BETA install (sources from last night) >http://www.asd.fi/~petri/tmp/rpi_bt.jpg >Petri malloc considered useful: allocation in ffs_mountfs: bsize = fs->fs_cssize; if (fs->fs_contigsumsize > 0) bsize += fs->fs_ncg * sizeof(int32_t); bsize += fs->fs_ncg * sizeof(*fs->fs_contigdirs); allocsbsize = bsize; space = kmem_alloc((u_long)allocsbsize, KM_SLEEP); fs->fs_csp = space; deallocation in ffs_unmount: bsize = fs->fs_cssize; if (fs->fs_contigsumsize > 0) bsize += fs->fs_ncg * sizeof(int32_t); bsize += fs->fs_ncg * sizeof(*fs->fs_contigdirs); kmem_free(fs->fs_csp, bsize); allocsbsize only exists to handle some error paths, but since it is not stored globally, the value is recalculated, assuming that the underlying values do not change. Apparently that's not true after the resize of the filesystem. The other question is, does anyone use the fs->fs_csp buffer and assumes it is calculated for the updated values before it is freed?
