Re: panic: Memory modified after free

From: Steve Kargl <sgk_at_troutmask.apl.washington.edu>
Date: Tue, 31 Jan 2006 14:38:16 -0800
On Tue, Jan 31, 2006 at 04:33:32PM -0500, Kris Kennaway wrote:
> On Tue, Jan 31, 2006 at 01:22:09PM -0800, Steve Kargl wrote:
> > The system is a dual proc Tyan K8S Pro with 12 GB of memory.
> > The kernel is UP.  This was recorded by hand. I have the crash dump.
> > 
> > Memory modified after free 0xffffff02505e0c00(504) val=deadc0dd _at_
> > 0xffffff02505e0cd0
> > 
> > panic: Most recently used by DEVFS1
> 
> Set up memguard to watch this malloc type in order to obtain useful
> debugging.
> 

memguard has made the situation even worse.  The kernel never
makes to single user mode.  I get

MEMGUARD DEBUGGING ALLOCATOR INITIALIZED
MEMGUARD map base: 0xffffffff8f1b2000
         map limit: 0xffffffff919b3000
         map size: 41947136 (Bytes)

Memory modified after free 0xffffff000005bd00(248) val=5 _at_ 0xffffff000005bdd0
kernel trap 9 wiith interrupts disabled

Fatal trap 9: general protection fault while in kernel mode
instruction pointer    = 0x8:0xffffffff80306487
stack pointer          = 0x10:0xffffffff807a1a20
frame pointer          = 0x10:0xffffffff807a1a30
code segment           = base 0x0, limit 0xfffff, type 0x1b
                       = DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags       = resume, IOPL = 0
current process:       = 0 ()

[thread pid 0 tid 0]
Stopped at strlen+0x7:  cmpb $0,0(%rdi)

db> bt
Tracing pid 0 tid 0 td 0xffffffff8060ac40
strlen() at strlen+0x7
kvprintf() at kvprintf+0x987
vsnprintf() at vsnprintf+0x2e
panic() at panic+0xfa
mtrash_ctor() at mtrash_ctor+0x70
uma_zalloc_arg() at uma_zalloc_arg+0x170
malloc() at malloc+0x11e
init_dynamic_kenv() at init_dynamic_kenv+0x68
mi_startup() at mi_startup+0xb6
btext() at btext+0x2c





-- 
Steve
Received on Tue Jan 31 2006 - 21:38:23 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:51 UTC