On 2015/08/29 13:23, t...@math.ethz.ch wrote: > panic: free: size too large 18446744073708503040 > 32 (0xffff80000052eb40) > type > memdesc > Stopped at Debugger+09: leave > RUN ... > ddb{0}> trace > Debuggger() at Debugger+0x9 > panic() at panic+0xfe > free() at free+0xc9 > mem_ioctl() at mem_ioctl+0x149 > VOP_IOCTL() at VOP_IOCTL+0x44 > vn_ioctl() at vn_ioctl+0x77 > sys_ioctl() at sys_ioctl+0x18b > syscall() at syscall+0x358 > --- syscall (number 54) ---
> This must be due to a commit from between 3PM UTC on Aug 27 (kernel > built from then boots fine) and 5PM UTC on Aug 28 (kernel panics). > I can try to bisect the precise commit sometime tomorrow. sys/arch/amd64/amd64/mem.c r1.26 I think this will fix it. Index: mem.c =================================================================== RCS file: /cvs/src/sys/arch/amd64/amd64/mem.c,v retrieving revision 1.26 diff -u -p -r1.26 mem.c --- mem.c 28 Aug 2015 00:03:53 -0000 1.26 +++ mem.c 29 Aug 2015 11:35:55 -0000 @@ -299,7 +299,7 @@ mem_ioctl(dev_t dev, u_long cmd, caddr_t md->mr_owner[sizeof(md->mr_owner) - 1] = 0; if (error == 0) error = mem_range_attr_set(md, &mo->mo_arg[0]); - free(md, M_MEMDESC, nd * sizeof(struct mem_range_desc)); + free(md, M_MEMDESC, sizeof(struct mem_range_desc)); break; } return (error);