Hi, Just got a panic on a 6-CURRENT (Thu Nov 18 16:36:35 GMT 2004) machine, while copying a large amount of data around. Seems to be an ACPI related reuse-after-free. As far as I can tell, 20 bytes into the acpi_task structure is (int)ta_flags within the embedded struct task, but I can't see use of this field in the ACPI code so ACPI may be a red herring. Sadly, I don't have a core dump as the machine double faulted during the attempt. Gavin # cp -Rp /usr/* /var/usr [about 10 minutes later] Memory modified after free 0xc44a8420(28) val=0 _at_ 0xc44a8434 panic: Most recently used by acpitask cpuid = 1 KDB: enter: panic [thread 100103] Stopped at kdb_enter+0x2c: leave db> tr kdb_enter(c081145f,100,c3929480,1c,c44a843c) at kdb_enter+0x2c panic(c082b121,c0a312d0,c082b0f2,c44a8420,1c) at panic+0x17f mtrash_ctor(c44a8420,20,0,502) at mtrash_ctor+0x5f uma_zalloc_arg(c1052420,0,502) at uma_zalloc_arg+0x3d8 malloc(20,c08a80c0,502,0,0) at malloc+0x6b softdep_setup_directory_add(d7583cb0,c5379348,28,0,f769f) at softdep_setup_directory_add+0x61 ufs_direnter(c5e9dac8,c58aa78c,ecc95924,ecc95c0c,0,c53e4834,ecc95c0c,ecc95924) at ufs_direnter+0x6ff ufs_makeinode(ecc95bf8,ecc95c0c,ecc95a6c,ecc95b2c,c0668f16) at ufs_makeinode+0x267 ufs_create(ecc95a70) at ufs_create+0x25 vn_open_cred(ecc95be4,ecc95ce4,16d,c3480780,4) at vn_open_cred+0x49a vn_open(ecc95be4,ecc95ce4,16d,4,c08d2040,8,c081a444,3bc) at vn_open+0x1e kern_open(c3929480,804b868,0,602,816d) at kern_open+0xd6 open(c3929480,ecc95d14,3,1015d,286) at open+0x18 syscall(804002f,2f,bfbf002f,804b89d,1) at syscall+0x128 Xint0x80_syscall() at Xint0x80_syscall+0x1f --- syscall (5, FreeBSD ELF32, open), eip = 0x280c1bdf, esp = 0xbfbfeb3c, ebp = 0xbfbfeb88 --- GavinReceived on Wed Nov 24 2004 - 15:07:38 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:23 UTC